Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/6a9cf9-c0cc-4011-860e-4685782ac2c3/1/Vwjb9a9BFLFwbM6AugTS3gUck30.roa
File:                     Vwjb9a9BFLFwbM6AugTS3gUck30.roa (raw, json)
Hash identifier:          4fdOglCHkt5idADTy7QsOmDxNqbTCf3LdJYjLvSvlFk=
Subject key identifier:   57:08:DB:F5:AF:41:14:B1:70:6C:CE:80:BA:04:D2:DE:05:1C:93:7D
Certificate issuer:       /CN=753d476db96de1e58623119a70b9d7b00b676da0
Certificate serial:       018CC4250E0C7ADF6AF04D672A02C0348799
Authority key identifier: 75:3D:47:6D:B9:6D:E1:E5:86:23:11:9A:70:B9:D7:B0:0B:67:6D:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dT1Hbblt4eWGIxGacLnXsAtnbaA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/6a9cf9-c0cc-4011-860e-4685782ac2c3/1/Vwjb9a9BFLFwbM6AugTS3gUck30.roa
Signing time:             Mon 01 Jan 2024 08:30:11 +0000
ROA not before:           Mon 01 Jan 2024 08:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20980
IP address blocks:        193.108.8.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/6a9cf9-c0cc-4011-860e-4685782ac2c3/1/dT1Hbblt4eWGIxGacLnXsAtnbaA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/6a9cf9-c0cc-4011-860e-4685782ac2c3/1/dT1Hbblt4eWGIxGacLnXsAtnbaA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dT1Hbblt4eWGIxGacLnXsAtnbaA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:0e:0c:7a:df:6a:f0:4d:67:2a:02:c0:34:87:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=753d476db96de1e58623119a70b9d7b00b676da0
        Validity
            Not Before: Jan  1 08:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5708dbf5af4114b1706cce80ba04d2de051c937d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ae:49:71:6f:42:e1:be:c1:4b:52:75:31:cf:
                    f9:d5:9b:e7:b3:66:82:61:dd:e9:e3:5a:02:c1:d0:
                    a4:2f:ab:45:40:0a:43:e5:94:df:6f:2a:50:64:d9:
                    3d:7a:50:35:eb:da:b1:b2:07:d0:d2:2b:d0:f8:52:
                    84:60:9d:df:6e:25:41:7a:b5:66:fe:3f:0f:d0:9c:
                    a4:70:99:8f:2e:d8:e6:07:2e:f3:49:28:77:6b:77:
                    0b:72:da:b6:40:c6:a8:57:31:70:f1:a1:b1:20:0f:
                    9f:50:5d:8a:a3:6b:a1:36:8e:3e:4f:fb:e6:cd:47:
                    3e:a2:2d:38:49:b8:87:ab:db:c2:f4:af:23:97:1b:
                    10:28:6a:69:9b:75:c5:e3:38:6e:10:42:f0:b7:cd:
                    bc:17:1e:28:c3:ff:91:48:3c:0c:0d:b7:98:8d:d0:
                    2f:4b:d4:9d:b4:33:a8:94:17:7d:8a:0a:ef:92:7b:
                    dd:ec:4e:b6:d8:ff:d5:d2:2d:89:06:4d:88:0c:f1:
                    fb:9b:6d:fe:f8:bc:3a:63:6c:16:c3:75:21:8f:6e:
                    52:ec:6e:d0:10:41:be:98:f8:39:81:a7:75:12:20:
                    53:59:34:0e:e8:be:a0:f3:26:29:21:c2:52:2f:45:
                    87:3b:76:24:37:2b:53:47:c6:e7:10:a0:8d:8f:5d:
                    7b:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:08:DB:F5:AF:41:14:B1:70:6C:CE:80:BA:04:D2:DE:05:1C:93:7D
            X509v3 Authority Key Identifier:
                keyid:75:3D:47:6D:B9:6D:E1:E5:86:23:11:9A:70:B9:D7:B0:0B:67:6D:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dT1Hbblt4eWGIxGacLnXsAtnbaA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/6a9cf9-c0cc-4011-860e-4685782ac2c3/1/Vwjb9a9BFLFwbM6AugTS3gUck30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/6a9cf9-c0cc-4011-860e-4685782ac2c3/1/dT1Hbblt4eWGIxGacLnXsAtnbaA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         5b:80:09:5d:40:19:a8:2e:bd:60:ef:55:ab:6f:26:80:4d:6f:
         f8:92:55:09:fe:8e:1a:39:41:37:ac:43:34:81:69:00:92:09:
         f1:a5:a4:cd:93:ff:fd:82:01:2d:76:20:34:ee:a8:bd:af:60:
         bf:26:6f:e3:f9:4e:02:50:11:4b:f6:e4:a2:42:ab:34:80:b0:
         2b:54:57:3e:df:0b:6c:c2:d3:46:42:96:53:d8:76:50:30:9e:
         aa:4f:d4:ef:3a:72:d8:55:ab:82:55:9c:e8:be:8f:0a:aa:4b:
         26:cb:80:82:0d:c2:e9:62:34:33:bb:be:5a:6a:bf:f0:44:9a:
         49:fc:fc:bc:87:b0:16:d4:f3:10:e3:af:c8:9e:55:95:3d:92:
         5b:09:2d:de:36:c7:a1:dd:f2:e6:a6:62:49:4f:88:8a:4a:d4:
         67:2a:9b:35:64:88:06:cf:b9:4a:be:27:97:e9:4e:74:38:1f:
         63:1b:8f:ec:f0:57:18:f1:64:f2:f0:d2:1d:88:8d:a5:46:3f:
         bc:1c:08:00:31:16:c3:5c:2a:58:5a:ae:fa:70:cc:e2:bb:8f:
         c7:fa:ed:7f:45:15:50:1b:4c:90:e1:c4:b3:fb:2c:4f:58:2a:
         1f:82:b0:5e:31:62:64:76:81:eb:28:d3:91:29:5e:8f:51:6c:
         1c:67:18:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJQ4Met9q8E1nKgLANIeZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1M2Q0NzZkYjk2ZGUxZTU4NjIzMTE5YTcwYjlkN2IwMGI2
NzZkYTAwHhcNMjQwMTAxMDgzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzA4ZGJmNWFmNDExNGIxNzA2Y2NlODBiYTA0ZDJkZTA1MWM5MzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAua5JcW9C4b7BS1J1Mc/51Zvns2aC
Yd3p41oCwdCkL6tFQApD5ZTfbypQZNk9elA169qxsgfQ0ivQ+FKEYJ3fbiVBerVm
/j8P0JykcJmPLtjmBy7zSSh3a3cLctq2QMaoVzFw8aGxIA+fUF2Ko2uhNo4+T/vm
zUc+oi04SbiHq9vC9K8jlxsQKGppm3XF4zhuEELwt828Fx4ow/+RSDwMDbeYjdAv
S9SdtDOolBd9igrvknvd7E622P/V0i2JBk2IDPH7m23++Lw6Y2wWw3Uhj25S7G7Q
EEG+mPg5gad1EiBTWTQO6L6g8yYpIcJSL0WHO3YkNytTR8bnEKCNj117uwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFcI2/WvQRSxcGzOgLoE0t4FHJN9MB8GA1UdIwQY
MBaAFHU9R225beHlhiMRmnC517ALZ22gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFQxSGJibHQ0ZVdHSXhHYWNMblhzQXRuYmFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi82YTljZjktYzBjYy00MDExLTg2MGUt
NDY4NTc4MmFjMmMzLzEvVndqYjlhOUJGTEZ3Yk02QXVnVFMzZ1VjazMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi82YTljZjktYzBjYy00MDExLTg2MGUtNDY4NTc4MmFjMmMz
LzEvZFQxSGJibHQ0ZVdHSXhHYWNMblhzQXRuYmFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwWwIMA0G
CSqGSIb3DQEBCwUAA4IBAQBbgAldQBmoLr1g71WrbyaATW/4klUJ/o4aOUE3rEM0
gWkAkgnxpaTNk//9ggEtdiA07qi9r2C/Jm/j+U4CUBFL9uSiQqs0gLArVFc+3wts
wtNGQpZT2HZQMJ6qT9TvOnLYVauCVZzovo8Kqksmy4CCDcLpYjQzu75aar/wRJpJ
/Py8h7AW1PMQ46/InlWVPZJbCS3eNseh3fLmpmJJT4iKStRnKps1ZIgGz7lKvieX
6U50OB9jG4/s8FcY8WTy8NIdiI2lRj+8HAgAMRbDXCpYWq76cMziu4/H+u1/RRVQ
G0yQ4cSz+yxPWCofgrBeMWJkdoHrKNORKV6PUWwcZxiQ
-----END CERTIFICATE-----