Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/a8a5f8-f018-40c9-bef7-34e9cc3d56d4/1/j18evNiItZIPLrpiP1DLpEuDwHE.roa
File:                     j18evNiItZIPLrpiP1DLpEuDwHE.roa (raw, json)
Hash identifier:          1gyuPGOhigzvauqPrR4D/FmUr7bnOnsq09Ny/E4IieE=
Subject key identifier:   8F:5F:1E:BC:D8:88:B5:92:0F:2E:BA:62:3F:50:CB:A4:4B:83:C0:71
Certificate issuer:       /CN=84891f8db08c110d9b5b5eb4c5a9579e4133c816
Certificate serial:       018D5EC9F93CF8FB4A3914EC56DEB827FBF3
Authority key identifier: 84:89:1F:8D:B0:8C:11:0D:9B:5B:5E:B4:C5:A9:57:9E:41:33:C8:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hIkfjbCMEQ2bW160xalXnkEzyBY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/a8a5f8-f018-40c9-bef7-34e9cc3d56d4/1/j18evNiItZIPLrpiP1DLpEuDwHE.roa
Signing time:             Wed 31 Jan 2024 09:11:51 +0000
ROA not before:           Wed 31 Jan 2024 09:11:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41236
IP address blocks:        193.33.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/a8a5f8-f018-40c9-bef7-34e9cc3d56d4/1/hIkfjbCMEQ2bW160xalXnkEzyBY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/a8a5f8-f018-40c9-bef7-34e9cc3d56d4/1/hIkfjbCMEQ2bW160xalXnkEzyBY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hIkfjbCMEQ2bW160xalXnkEzyBY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5e:c9:f9:3c:f8:fb:4a:39:14:ec:56:de:b8:27:fb:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84891f8db08c110d9b5b5eb4c5a9579e4133c816
        Validity
            Not Before: Jan 31 09:11:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f5f1ebcd888b5920f2eba623f50cba44b83c071
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:db:44:d4:d0:a1:52:9f:03:29:2f:82:d8:c8:
                    23:ea:a1:95:a3:d7:8b:a6:57:6b:13:fa:24:4c:5a:
                    24:02:5d:43:2e:41:58:23:5b:aa:e2:0b:f4:5e:45:
                    d5:fb:98:1d:d2:7e:5c:90:90:a0:e0:cf:9b:79:2c:
                    1b:bc:0f:be:2e:0c:bb:65:dc:59:6d:2b:1e:75:05:
                    bb:5d:48:da:68:a6:e9:ff:b0:30:38:c0:6b:cb:a9:
                    b9:f1:ad:4f:b0:26:af:d7:19:22:f4:51:8f:bc:14:
                    97:40:fb:ce:44:db:4f:a6:2f:c0:8e:1d:c4:8b:10:
                    53:85:4c:12:47:80:92:97:d4:e7:ac:02:41:53:34:
                    9a:6a:6f:dd:02:92:95:a5:c8:1e:6d:a8:45:8c:7d:
                    55:69:9e:03:0f:02:69:19:84:3d:04:58:49:84:7b:
                    39:5c:bb:36:bf:a2:50:2a:c2:a0:e2:a0:8c:09:48:
                    58:6f:db:41:5f:23:61:61:c0:38:4c:90:4c:cc:0f:
                    c9:42:96:bd:68:6f:fb:35:ea:b1:b8:f5:97:2f:05:
                    f4:c7:66:62:43:a2:8f:cb:92:ab:68:b6:67:da:2e:
                    95:ca:7e:49:96:00:f9:2c:2b:0d:99:5c:99:94:7e:
                    5a:84:a7:2a:7b:fb:9c:f5:c2:da:66:9f:c2:a4:04:
                    c2:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:5F:1E:BC:D8:88:B5:92:0F:2E:BA:62:3F:50:CB:A4:4B:83:C0:71
            X509v3 Authority Key Identifier:
                keyid:84:89:1F:8D:B0:8C:11:0D:9B:5B:5E:B4:C5:A9:57:9E:41:33:C8:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hIkfjbCMEQ2bW160xalXnkEzyBY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/a8a5f8-f018-40c9-bef7-34e9cc3d56d4/1/j18evNiItZIPLrpiP1DLpEuDwHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/a8a5f8-f018-40c9-bef7-34e9cc3d56d4/1/hIkfjbCMEQ2bW160xalXnkEzyBY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.33.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:95:60:af:d2:bc:84:3d:54:e4:fb:55:6e:81:a6:f9:eb:32:
         84:50:29:cb:07:52:39:09:ba:62:ff:1b:56:9d:77:f9:30:f1:
         67:08:38:f4:4e:b5:af:8c:e2:d0:c2:2d:e1:f4:89:ac:f3:b1:
         b2:32:2f:a9:4f:2d:00:2a:ea:d8:71:ab:f6:e7:c9:4f:ba:31:
         56:bc:a3:b6:e1:ec:e7:7e:94:3c:a4:ba:61:30:e5:cc:e9:31:
         16:83:58:a1:d1:cd:ee:75:6f:9e:d5:ca:c0:28:22:2f:23:b4:
         cd:c4:24:00:56:41:49:f1:8e:5c:0c:97:fc:79:39:28:bd:53:
         32:e2:ca:23:a6:cd:7f:48:8c:32:af:5e:23:7a:67:a3:4a:2b:
         ad:36:b5:c9:b0:3a:13:43:01:ab:d4:8a:25:ba:32:72:3c:4f:
         54:28:3e:4d:54:39:07:68:bd:a0:42:3e:a5:8d:6c:fe:d0:54:
         0a:55:25:71:e4:1d:fc:ca:d1:ad:53:d5:0c:0a:a6:fb:18:4b:
         bd:46:0c:e9:0c:38:b9:f8:5d:c9:6e:16:ea:f8:28:17:83:c3:
         fb:88:97:29:84:ef:4b:07:08:3a:49:42:0d:19:1f:43:23:ee:
         71:7a:f6:67:08:94:dc:56:7d:5e:cc:d2:da:52:8d:cf:b2:34:
         14:13:3d:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1eyfk8+PtKORTsVt64J/vzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0ODkxZjhkYjA4YzExMGQ5YjViNWViNGM1YTk1NzllNDEz
M2M4MTYwHhcNMjQwMTMxMDkxMTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjVmMWViY2Q4ODhiNTkyMGYyZWJhNjIzZjUwY2JhNDRiODNjMDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhdtE1NChUp8DKS+C2Mgj6qGVo9eL
pldrE/okTFokAl1DLkFYI1uq4gv0XkXV+5gd0n5ckJCg4M+beSwbvA++Lgy7ZdxZ
bSsedQW7XUjaaKbp/7AwOMBry6m58a1PsCav1xki9FGPvBSXQPvORNtPpi/Ajh3E
ixBThUwSR4CSl9TnrAJBUzSaam/dApKVpcgebahFjH1VaZ4DDwJpGYQ9BFhJhHs5
XLs2v6JQKsKg4qCMCUhYb9tBXyNhYcA4TJBMzA/JQpa9aG/7NeqxuPWXLwX0x2Zi
Q6KPy5KraLZn2i6Vyn5JlgD5LCsNmVyZlH5ahKcqe/uc9cLaZp/CpATCFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI9fHrzYiLWSDy66Yj9Qy6RLg8BxMB8GA1UdIwQY
MBaAFISJH42wjBENm1tetMWpV55BM8gWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaElrZmpiQ01FUTJiVzE2MHhhbFhua0V6eUJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9hOGE1ZjgtZjAxOC00MGM5LWJlZjct
MzRlOWNjM2Q1NmQ0LzEvajE4ZXZOaUl0WklQTHJwaVAxRExwRXVEd0hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9hOGE1ZjgtZjAxOC00MGM5LWJlZjctMzRlOWNjM2Q1NmQ0
LzEvaElrZmpiQ01FUTJiVzE2MHhhbFhua0V6eUJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSFpMA0G
CSqGSIb3DQEBCwUAA4IBAQBhlWCv0ryEPVTk+1Vugab56zKEUCnLB1I5Cbpi/xtW
nXf5MPFnCDj0TrWvjOLQwi3h9Ims87GyMi+pTy0AKurYcav258lPujFWvKO24ezn
fpQ8pLphMOXM6TEWg1ih0c3udW+e1crAKCIvI7TNxCQAVkFJ8Y5cDJf8eTkovVMy
4sojps1/SIwyr14jemejSiutNrXJsDoTQwGr1IolujJyPE9UKD5NVDkHaL2gQj6l
jWz+0FQKVSVx5B38ytGtU9UMCqb7GEu9RgzpDDi5+F3Jbhbq+CgXg8P7iJcphO9L
Bwg6SUINGR9DI+5xevZnCJTcVn1ezNLaUo3PsjQUEz2S
-----END CERTIFICATE-----