Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/6ffb0d-22c4-400a-8a23-3d113eb927bf/1/_HbJkomUqiRJCaXLwJSSvOyC6UM.roa
File:                     _HbJkomUqiRJCaXLwJSSvOyC6UM.roa (raw, json)
Hash identifier:          1OWTU9USo7DboPGpXIKT0Aylc7AYDyYIQSpp1/k+mLg=
Subject key identifier:   FC:76:C9:92:89:94:AA:24:49:09:A5:CB:C0:94:92:BC:EC:82:E9:43
Certificate issuer:       /CN=d65d9ac6bf1f2a38e2c172850eef7075aebce888
Certificate serial:       018CC500FDC762C969856BAA98358008BF9C
Authority key identifier: D6:5D:9A:C6:BF:1F:2A:38:E2:C1:72:85:0E:EF:70:75:AE:BC:E8:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1l2axr8fKjjiwXKFDu9wda686Ig.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/6ffb0d-22c4-400a-8a23-3d113eb927bf/1/_HbJkomUqiRJCaXLwJSSvOyC6UM.roa
Signing time:             Mon 01 Jan 2024 12:30:25 +0000
ROA not before:           Mon 01 Jan 2024 12:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212485
IP address blocks:        193.163.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/6ffb0d-22c4-400a-8a23-3d113eb927bf/1/1l2axr8fKjjiwXKFDu9wda686Ig.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/6ffb0d-22c4-400a-8a23-3d113eb927bf/1/1l2axr8fKjjiwXKFDu9wda686Ig.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1l2axr8fKjjiwXKFDu9wda686Ig.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:fd:c7:62:c9:69:85:6b:aa:98:35:80:08:bf:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d65d9ac6bf1f2a38e2c172850eef7075aebce888
        Validity
            Not Before: Jan  1 12:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc76c9928994aa244909a5cbc09492bcec82e943
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:e6:0a:f9:05:c4:c1:cb:6b:4f:ef:b5:61:44:
                    61:b3:d8:42:f2:c2:52:2b:03:9f:a2:46:d9:5e:57:
                    6d:6e:4f:b4:9b:7b:24:63:a6:e1:be:bf:b2:17:ce:
                    72:ad:09:04:6c:14:a3:6f:27:da:e8:ea:00:47:eb:
                    3c:96:19:b1:b4:24:09:01:37:1e:2f:12:8b:65:3c:
                    04:7c:6f:45:9a:49:c7:7b:d1:0d:f9:4e:6b:70:0a:
                    be:7f:9a:7e:6b:ea:bb:08:16:4f:dc:4f:7c:04:06:
                    96:c9:b7:77:0f:09:f8:6d:17:d4:17:1e:ac:8b:c7:
                    cd:4e:d2:87:5a:bc:c9:34:f4:a0:de:d7:b2:e3:b6:
                    b8:2b:a6:66:3d:b1:3a:39:b9:47:a8:57:cb:b3:be:
                    f0:28:6f:35:12:7a:b4:4e:d4:b5:b2:62:84:55:fb:
                    6d:14:f7:44:87:50:ee:8d:7a:76:c1:72:9e:40:70:
                    03:99:a3:e3:22:71:3b:73:95:b1:e5:6d:8c:7a:5d:
                    88:32:14:b9:be:97:87:37:1a:f0:1f:28:a5:24:36:
                    d3:8a:38:18:0e:a7:31:6b:47:48:5b:7b:81:d2:a6:
                    65:3e:3a:ff:29:4e:9b:f4:83:69:a4:ca:0d:9e:2d:
                    b2:b7:47:c4:67:2f:51:90:50:cb:c4:42:85:1a:f5:
                    09:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:76:C9:92:89:94:AA:24:49:09:A5:CB:C0:94:92:BC:EC:82:E9:43
            X509v3 Authority Key Identifier:
                keyid:D6:5D:9A:C6:BF:1F:2A:38:E2:C1:72:85:0E:EF:70:75:AE:BC:E8:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1l2axr8fKjjiwXKFDu9wda686Ig.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/6ffb0d-22c4-400a-8a23-3d113eb927bf/1/_HbJkomUqiRJCaXLwJSSvOyC6UM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/6ffb0d-22c4-400a-8a23-3d113eb927bf/1/1l2axr8fKjjiwXKFDu9wda686Ig.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:0f:7b:8f:2c:cd:57:62:c8:24:ba:33:64:f6:f2:99:70:06:
         3d:b7:43:c7:d6:e3:c0:87:a3:e2:6e:5c:36:30:3b:ad:b2:c0:
         b9:60:01:2c:b7:2f:8d:b0:c9:2d:9b:a4:75:e6:04:3a:50:69:
         0b:01:f5:05:5c:1f:79:3f:f0:85:98:2b:12:c3:ee:76:48:29:
         d5:f1:c1:d2:48:a2:5c:2f:50:81:67:9a:0a:06:2d:50:53:60:
         6b:72:dd:4d:13:bf:23:ac:5f:cc:f8:5a:b7:56:8a:b1:e5:cb:
         0e:67:c1:14:e2:b0:df:18:a9:71:87:24:23:3a:1e:97:a8:4b:
         d2:c2:92:0c:db:c3:55:d2:ac:aa:58:31:38:9b:c6:27:09:d0:
         f7:22:19:45:4b:18:1e:d4:e1:f7:d9:54:41:22:65:7a:b9:dc:
         d8:f1:11:b6:c7:13:c0:4e:c6:f5:16:b3:84:21:23:81:ea:51:
         3e:19:7d:5a:78:56:ab:89:88:d6:3b:a3:22:27:6f:3f:01:43:
         98:17:cf:94:b5:b5:9c:24:6a:d3:aa:ca:fe:d4:c6:82:c7:b9:
         c9:3c:36:c9:7d:1f:47:96:00:e0:ef:67:9c:2f:a1:07:62:7a:
         8d:cc:17:ca:d7:37:ba:71:85:3c:8f:4d:4f:bf:fd:53:75:e5:
         21:ec:4b:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAP3HYslphWuqmDWACL+cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2NWQ5YWM2YmYxZjJhMzhlMmMxNzI4NTBlZWY3MDc1YWVi
Y2U4ODgwHhcNMjQwMTAxMTIzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzc2Yzk5Mjg5OTRhYTI0NDkwOWE1Y2JjMDk0OTJiY2VjODJlOTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAneYK+QXEwctrT++1YURhs9hC8sJS
KwOfokbZXldtbk+0m3skY6bhvr+yF85yrQkEbBSjbyfa6OoAR+s8lhmxtCQJATce
LxKLZTwEfG9FmknHe9EN+U5rcAq+f5p+a+q7CBZP3E98BAaWybd3Dwn4bRfUFx6s
i8fNTtKHWrzJNPSg3tey47a4K6ZmPbE6OblHqFfLs77wKG81Enq0TtS1smKEVftt
FPdEh1DujXp2wXKeQHADmaPjInE7c5Wx5W2Mel2IMhS5vpeHNxrwHyilJDbTijgY
Dqcxa0dIW3uB0qZlPjr/KU6b9INppMoNni2yt0fEZy9RkFDLxEKFGvUJbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPx2yZKJlKokSQmly8CUkrzsgulDMB8GA1UdIwQY
MBaAFNZdmsa/Hyo44sFyhQ7vcHWuvOiIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWwyYXhyOGZLamppd1hLRkR1OXdkYTY4NklnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS82ZmZiMGQtMjJjNC00MDBhLThhMjMt
M2QxMTNlYjkyN2JmLzEvX0hiSmtvbVVxaVJKQ2FYTHdKU1N2T3lDNlVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS82ZmZiMGQtMjJjNC00MDBhLThhMjMtM2QxMTNlYjkyN2Jm
LzEvMWwyYXhyOGZLamppd1hLRkR1OXdkYTY4NklnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaMMMA0G
CSqGSIb3DQEBCwUAA4IBAQAoD3uPLM1XYsgkujNk9vKZcAY9t0PH1uPAh6Piblw2
MDutssC5YAEsty+NsMktm6R15gQ6UGkLAfUFXB95P/CFmCsSw+52SCnV8cHSSKJc
L1CBZ5oKBi1QU2Brct1NE78jrF/M+Fq3Voqx5csOZ8EU4rDfGKlxhyQjOh6XqEvS
wpIM28NV0qyqWDE4m8YnCdD3IhlFSxge1OH32VRBImV6udzY8RG2xxPATsb1FrOE
ISOB6lE+GX1aeFariYjWO6MiJ28/AUOYF8+UtbWcJGrTqsr+1MaCx7nJPDbJfR9H
lgDg72ecL6EHYnqNzBfK1ze6cYU8j01Pv/1TdeUh7Etz
-----END CERTIFICATE-----