Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/0b5860-cd57-4183-b9ae-e84785894838/1/fT8pC7SvGnoXyu_OqQdF1WPCTN0.roa
File:                     fT8pC7SvGnoXyu_OqQdF1WPCTN0.roa (raw, json)
Hash identifier:          JLniGaJUuB70eKeb2H2WuqVlpDeWVN08cRhj1kyf/Sc=
Subject key identifier:   7D:3F:29:0B:B4:AF:1A:7A:17:CA:EF:CE:A9:07:45:D5:63:C2:4C:DD
Certificate issuer:       /CN=ad0dc108b60f47b0d9772808e5fcc381eaa81c78
Certificate serial:       018CC64A1C2BD7EC10DA9F6BD38602F8CD00
Authority key identifier: AD:0D:C1:08:B6:0F:47:B0:D9:77:28:08:E5:FC:C3:81:EA:A8:1C:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rQ3BCLYPR7DZdygI5fzDgeqoHHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/0b5860-cd57-4183-b9ae-e84785894838/1/fT8pC7SvGnoXyu_OqQdF1WPCTN0.roa
Signing time:             Mon 01 Jan 2024 18:29:54 +0000
ROA not before:           Mon 01 Jan 2024 18:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43365
IP address blocks:        193.228.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/0b5860-cd57-4183-b9ae-e84785894838/1/rQ3BCLYPR7DZdygI5fzDgeqoHHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/0b5860-cd57-4183-b9ae-e84785894838/1/rQ3BCLYPR7DZdygI5fzDgeqoHHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rQ3BCLYPR7DZdygI5fzDgeqoHHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:1c:2b:d7:ec:10:da:9f:6b:d3:86:02:f8:cd:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad0dc108b60f47b0d9772808e5fcc381eaa81c78
        Validity
            Not Before: Jan  1 18:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d3f290bb4af1a7a17caefcea90745d563c24cdd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:8d:76:65:39:a5:67:e1:dc:e7:ff:4b:9f:61:
                    50:f6:aa:99:92:07:cc:42:13:9d:d8:eb:ef:1e:bb:
                    d8:7c:4d:0d:d6:9d:f7:ec:ba:76:1a:e4:81:5f:b1:
                    f9:1b:7e:09:ee:4b:a1:9a:06:f6:0e:97:2e:cc:a4:
                    00:f2:f0:c5:1f:f6:96:b7:2f:e7:da:6a:2f:22:0e:
                    3f:fb:13:9b:7d:57:a1:e7:81:bc:e7:fa:59:d0:c7:
                    12:36:29:02:16:92:cd:35:53:44:17:9e:a2:c6:9e:
                    2d:36:fc:94:a6:51:60:f2:2d:bb:02:30:63:e5:3a:
                    50:0d:aa:01:18:14:05:9d:1e:92:eb:49:2a:76:7c:
                    09:ba:f2:c9:bf:03:08:f0:1b:a1:d3:8c:48:54:93:
                    14:0b:79:33:8b:49:a0:d3:f1:36:b8:ec:bb:b0:88:
                    77:e0:e0:db:17:dc:a7:cc:cb:f7:ae:16:cf:be:ca:
                    a2:43:7e:d1:0e:79:c1:68:66:0f:d6:9a:ad:52:4d:
                    78:65:12:75:d1:e3:7b:b4:c2:8e:34:45:1a:8f:32:
                    3b:e2:ab:f3:d2:b7:f3:14:5d:fb:af:73:41:c8:05:
                    b0:98:5d:4a:56:4b:db:3e:e5:a3:c7:ee:3b:29:bb:
                    fb:05:b2:f4:9c:49:2d:b7:a7:f0:15:7d:a3:2f:d6:
                    f1:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:3F:29:0B:B4:AF:1A:7A:17:CA:EF:CE:A9:07:45:D5:63:C2:4C:DD
            X509v3 Authority Key Identifier:
                keyid:AD:0D:C1:08:B6:0F:47:B0:D9:77:28:08:E5:FC:C3:81:EA:A8:1C:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rQ3BCLYPR7DZdygI5fzDgeqoHHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/0b5860-cd57-4183-b9ae-e84785894838/1/fT8pC7SvGnoXyu_OqQdF1WPCTN0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/0b5860-cd57-4183-b9ae-e84785894838/1/rQ3BCLYPR7DZdygI5fzDgeqoHHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.228.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:be:1c:ca:e4:d1:c2:7f:cc:93:4e:f2:c3:b0:f9:d6:80:6b:
         0b:42:58:dc:f9:e5:ff:2b:b3:ae:56:b8:24:12:a2:d7:48:ff:
         30:49:b4:b8:30:88:57:a9:03:c2:10:ce:2d:dc:ad:f9:e8:db:
         11:3d:ea:f5:e6:cd:c2:b7:25:92:fb:ab:4a:16:c6:bf:f5:bb:
         b3:8b:98:2e:de:f7:19:24:fb:9d:5c:22:52:d9:b3:5b:f7:4b:
         2c:ce:d8:c4:17:f9:72:47:db:95:0b:5f:5d:af:54:30:72:e3:
         b5:6e:27:25:5c:32:6f:1f:bd:ee:70:1c:9c:e0:4a:c5:54:b0:
         5a:3b:45:22:58:3c:6e:25:a9:5c:d5:e4:53:05:e9:cf:44:23:
         6e:18:89:23:8a:b7:53:f3:ed:c5:5d:73:45:f1:f0:45:37:f7:
         e1:e6:20:96:94:ed:97:b8:a8:02:aa:c3:0d:56:5b:8e:0f:47:
         97:2b:df:22:3e:53:67:08:5a:35:d1:88:e9:dd:8a:54:e4:e7:
         0f:7c:17:24:1c:f6:c1:04:cc:c3:d9:1e:20:55:9e:89:c0:05:
         39:b1:69:bb:3a:2d:b4:98:f4:b1:aa:15:6d:ae:12:7e:8f:8b:
         4d:e9:c6:71:0f:51:09:45:e8:ba:bd:7e:4d:d9:e5:73:b2:53:
         7c:37:af:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGShwr1+wQ2p9r04YC+M0AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMGRjMTA4YjYwZjQ3YjBkOTc3MjgwOGU1ZmNjMzgxZWFh
ODFjNzgwHhcNMjQwMTAxMTgyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDNmMjkwYmI0YWYxYTdhMTdjYWVmY2VhOTA3NDVkNTYzYzI0Y2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAio12ZTmlZ+Hc5/9Ln2FQ9qqZkgfM
QhOd2OvvHrvYfE0N1p337Lp2GuSBX7H5G34J7kuhmgb2DpcuzKQA8vDFH/aWty/n
2movIg4/+xObfVeh54G85/pZ0McSNikCFpLNNVNEF56ixp4tNvyUplFg8i27AjBj
5TpQDaoBGBQFnR6S60kqdnwJuvLJvwMI8Buh04xIVJMUC3kzi0mg0/E2uOy7sIh3
4ODbF9ynzMv3rhbPvsqiQ37RDnnBaGYP1pqtUk14ZRJ10eN7tMKONEUajzI74qvz
0rfzFF37r3NByAWwmF1KVkvbPuWjx+47Kbv7BbL0nEktt6fwFX2jL9bxsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH0/KQu0rxp6F8rvzqkHRdVjwkzdMB8GA1UdIwQY
MBaAFK0NwQi2D0ew2XcoCOX8w4HqqBx4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclEzQkNMWVBSN0RaZHlnSTVmekRnZXFvSEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wYjU4NjAtY2Q1Ny00MTgzLWI5YWUt
ZTg0Nzg1ODk0ODM4LzEvZlQ4cEM3U3ZHbm9YeXVfT3FRZEYxV1BDVE4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wYjU4NjAtY2Q1Ny00MTgzLWI5YWUtZTg0Nzg1ODk0ODM4
LzEvclEzQkNMWVBSN0RaZHlnSTVmekRnZXFvSEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAweSaMA0G
CSqGSIb3DQEBCwUAA4IBAQCRvhzK5NHCf8yTTvLDsPnWgGsLQljc+eX/K7OuVrgk
EqLXSP8wSbS4MIhXqQPCEM4t3K356NsRPer15s3CtyWS+6tKFsa/9buzi5gu3vcZ
JPudXCJS2bNb90ssztjEF/lyR9uVC19dr1QwcuO1biclXDJvH73ucByc4ErFVLBa
O0UiWDxuJalc1eRTBenPRCNuGIkjirdT8+3FXXNF8fBFN/fh5iCWlO2XuKgCqsMN
VluOD0eXK98iPlNnCFo10Yjp3YpU5OcPfBckHPbBBMzD2R4gVZ6JwAU5sWm7Oi20
mPSxqhVtrhJ+j4tN6cZxD1EJRei6vX5N2eVzslN8N68h
-----END CERTIFICATE-----