Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/f663a3-684e-4779-88b9-14e6ec020bfa/1/rLtg0sbiz7K32b6gnIFuQS2yHMQ.roa
File:                     rLtg0sbiz7K32b6gnIFuQS2yHMQ.roa (raw, json)
Hash identifier:          4JJcPV2VdA/hBBctpqtw88ScATmrqZqDNyBi5mYlvHY=
Subject key identifier:   AC:BB:60:D2:C6:E2:CF:B2:B7:D9:BE:A0:9C:81:6E:41:2D:B2:1C:C4
Certificate issuer:       /CN=8c36ad879c645aee98ac4a89fc800b9a974e941f
Certificate serial:       018CCA2948F023760223E4F0A86F676325A5
Authority key identifier: 8C:36:AD:87:9C:64:5A:EE:98:AC:4A:89:FC:80:0B:9A:97:4E:94:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jDath5xkWu6YrEqJ_IALmpdOlB8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/f663a3-684e-4779-88b9-14e6ec020bfa/1/rLtg0sbiz7K32b6gnIFuQS2yHMQ.roa
Signing time:             Tue 02 Jan 2024 12:32:32 +0000
ROA not before:           Tue 02 Jan 2024 12:32:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209792
IP address blocks:        194.93.20.0/22 maxlen: 24
                          2a09:2280::/48 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/f663a3-684e-4779-88b9-14e6ec020bfa/1/jDath5xkWu6YrEqJ_IALmpdOlB8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/f663a3-684e-4779-88b9-14e6ec020bfa/1/jDath5xkWu6YrEqJ_IALmpdOlB8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jDath5xkWu6YrEqJ_IALmpdOlB8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:48:f0:23:76:02:23:e4:f0:a8:6f:67:63:25:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c36ad879c645aee98ac4a89fc800b9a974e941f
        Validity
            Not Before: Jan  2 12:32:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=acbb60d2c6e2cfb2b7d9bea09c816e412db21cc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:3d:ee:18:a1:74:25:1a:2c:8c:01:81:df:4a:
                    05:df:14:2b:69:7d:3d:22:13:02:18:48:ca:01:55:
                    7a:7f:a5:29:3b:df:b1:f0:8a:4e:83:76:a7:a6:38:
                    65:89:20:5f:10:5d:ea:71:fd:bb:82:40:49:54:d0:
                    9e:46:81:84:e8:e7:2a:47:6f:e1:93:f7:d5:51:02:
                    45:fe:16:4e:69:0a:6b:0d:cc:19:fa:82:23:1f:2e:
                    2f:3e:3e:40:c7:15:22:94:57:b1:55:72:07:f9:19:
                    90:c1:45:60:f7:ac:51:0c:a9:f9:d5:62:13:ac:0d:
                    6c:1b:d3:32:ed:3a:ea:27:69:ea:0b:68:82:56:8a:
                    a6:b6:50:48:d1:48:3a:cc:33:8c:8c:28:8c:1c:31:
                    fb:0b:aa:b6:e0:b4:3c:c7:14:b3:b8:bf:04:14:e9:
                    ff:47:d8:86:72:03:71:83:2e:e8:09:75:0d:54:1f:
                    55:d2:ca:d7:73:61:7c:c7:d8:5f:0c:4b:bf:97:07:
                    41:18:9e:07:7b:11:b7:3d:da:7f:d7:ba:d5:1a:1f:
                    9c:10:71:74:42:ae:15:70:1c:01:70:6e:01:1f:2e:
                    43:fb:ca:1c:19:7d:13:d7:6c:ac:51:52:e7:d9:56:
                    ee:c2:53:80:a6:e8:60:9b:cf:b3:c9:fb:4d:4f:74:
                    db:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:BB:60:D2:C6:E2:CF:B2:B7:D9:BE:A0:9C:81:6E:41:2D:B2:1C:C4
            X509v3 Authority Key Identifier:
                keyid:8C:36:AD:87:9C:64:5A:EE:98:AC:4A:89:FC:80:0B:9A:97:4E:94:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jDath5xkWu6YrEqJ_IALmpdOlB8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/f663a3-684e-4779-88b9-14e6ec020bfa/1/rLtg0sbiz7K32b6gnIFuQS2yHMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/f663a3-684e-4779-88b9-14e6ec020bfa/1/jDath5xkWu6YrEqJ_IALmpdOlB8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.93.20.0/22
                IPv6:
                  2a09:2280::/48

    Signature Algorithm: sha256WithRSAEncryption
         a7:31:d6:45:77:d2:0c:5e:7e:5b:88:78:08:d5:bc:20:7d:03:
         82:00:7d:64:85:d0:ad:47:b7:33:5f:89:07:33:ae:9e:e8:02:
         20:ec:11:c8:6e:3b:86:28:36:51:4f:15:9c:f8:8e:d1:30:bb:
         c8:4e:b0:82:cb:f8:44:66:a9:a2:ee:9c:4e:5a:e3:95:af:f6:
         e2:46:8b:ed:cb:64:d3:36:25:95:f3:55:ac:5a:b4:3d:2a:0d:
         eb:d4:0b:6a:b6:ea:92:2c:4d:e6:ec:36:78:25:04:56:ed:c3:
         e6:07:6c:52:b7:8a:56:3f:15:5b:db:f4:b1:4a:e7:54:59:5a:
         c8:eb:a6:f3:6d:91:13:e9:a6:7e:f5:ad:89:29:33:77:b9:6a:
         7f:f3:b1:ea:22:fe:45:16:44:ec:db:8e:8e:ac:49:b3:8a:26:
         8b:3d:aa:42:66:08:20:d9:74:07:a7:62:10:7d:52:85:14:d9:
         0b:20:00:28:bc:c7:2b:45:57:2d:41:81:71:c5:83:a9:f4:e7:
         f5:e9:5a:25:4b:7c:c4:d6:2f:b5:e9:c9:ea:f9:e2:20:18:00:
         63:b5:26:49:9e:b3:bd:18:b5:d8:da:b3:0f:08:79:fa:63:6f:
         ce:26:f2:aa:c3:ce:cc:2a:aa:2f:d5:6c:2c:4d:41:30:16:d0:
         52:79:44:46
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKKUjwI3YCI+TwqG9nYyWlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjMzZhZDg3OWM2NDVhZWU5OGFjNGE4OWZjODAwYjlhOTc0
ZTk0MWYwHhcNMjQwMTAyMTIzMjMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2JiNjBkMmM2ZTJjZmIyYjdkOWJlYTA5YzgxNmU0MTJkYjIxY2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1j3uGKF0JRosjAGB30oF3xQraX09
IhMCGEjKAVV6f6UpO9+x8IpOg3anpjhliSBfEF3qcf27gkBJVNCeRoGE6OcqR2/h
k/fVUQJF/hZOaQprDcwZ+oIjHy4vPj5AxxUilFexVXIH+RmQwUVg96xRDKn51WIT
rA1sG9My7TrqJ2nqC2iCVoqmtlBI0Ug6zDOMjCiMHDH7C6q24LQ8xxSzuL8EFOn/
R9iGcgNxgy7oCXUNVB9V0srXc2F8x9hfDEu/lwdBGJ4HexG3Pdp/17rVGh+cEHF0
Qq4VcBwBcG4BHy5D+8ocGX0T12ysUVLn2VbuwlOApuhgm8+zyftNT3Tb8QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKy7YNLG4s+yt9m+oJyBbkEtshzEMB8GA1UdIwQY
MBaAFIw2rYecZFrumKxKifyAC5qXTpQfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakRhdGg1eGtXdTZZckVxSl9JQUxtcGRPbEI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9mNjYzYTMtNjg0ZS00Nzc5LTg4Yjkt
MTRlNmVjMDIwYmZhLzEvckx0ZzBzYml6N0szMmI2Z25JRnVRUzJ5SE1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9mNjYzYTMtNjg0ZS00Nzc5LTg4YjktMTRlNmVjMDIwYmZh
LzEvakRhdGg1eGtXdTZZckVxSl9JQUxtcGRPbEI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCwl0UMA8E
AgACMAkDBwAqCSKAAAAwDQYJKoZIhvcNAQELBQADggEBAKcx1kV30gxefluIeAjV
vCB9A4IAfWSF0K1HtzNfiQczrp7oAiDsEchuO4YoNlFPFZz4jtEwu8hOsILL+ERm
qaLunE5a45Wv9uJGi+3LZNM2JZXzVaxatD0qDevUC2q26pIsTebsNnglBFbtw+YH
bFK3ilY/FVvb9LFK51RZWsjrpvNtkRPppn71rYkpM3e5an/zseoi/kUWROzbjo6s
SbOKJos9qkJmCCDZdAenYhB9UoUU2QsgACi8xytFVy1BgXHFg6n05/XpWiVLfMTW
L7Xpyer54iAYAGO1Jkmes70Ytdjasw8Iefpjb84m8qrDzswqqi/VbCxNQTAW0FJ5
REY=
-----END CERTIFICATE-----