Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/8060df-a6f7-4166-a929-a980bed33ab0/1/J-lq-YcoB-SA8AJwKmsHt-4Tn3c.roa
File:                     J-lq-YcoB-SA8AJwKmsHt-4Tn3c.roa (raw, json)
Hash identifier:          FOr8yU9gOGy0+JXHvqN2yq6FkW2Zi7BHi7kgWYWUttg=
Subject key identifier:   27:E9:6A:F9:87:28:07:E4:80:F0:02:70:2A:6B:07:B7:EE:13:9F:77
Certificate issuer:       /CN=dbb653bbd1704c47bada62ab6ce3502307f244b6
Certificate serial:       018CC64B0F5E77B1E713ECF6627519070EF7
Authority key identifier: DB:B6:53:BB:D1:70:4C:47:BA:DA:62:AB:6C:E3:50:23:07:F2:44:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/27ZTu9FwTEe62mKrbONQIwfyRLY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/8060df-a6f7-4166-a929-a980bed33ab0/1/J-lq-YcoB-SA8AJwKmsHt-4Tn3c.roa
Signing time:             Mon 01 Jan 2024 18:30:57 +0000
ROA not before:           Mon 01 Jan 2024 18:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8412
IP address blocks:        193.186.86.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/8060df-a6f7-4166-a929-a980bed33ab0/1/27ZTu9FwTEe62mKrbONQIwfyRLY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/8060df-a6f7-4166-a929-a980bed33ab0/1/27ZTu9FwTEe62mKrbONQIwfyRLY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/27ZTu9FwTEe62mKrbONQIwfyRLY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:0f:5e:77:b1:e7:13:ec:f6:62:75:19:07:0e:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbb653bbd1704c47bada62ab6ce3502307f244b6
        Validity
            Not Before: Jan  1 18:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=27e96af9872807e480f002702a6b07b7ee139f77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:d5:46:15:70:30:a4:ab:8b:6c:f1:b1:ea:3a:
                    c9:be:2e:00:31:dd:41:76:3b:62:cc:31:dc:e0:9c:
                    09:6c:d2:2d:ee:82:c8:ac:a9:a8:86:86:6b:93:80:
                    33:10:ee:8b:08:39:83:44:d1:a1:7d:63:91:5b:a2:
                    a6:a4:ae:db:46:d2:da:ed:3c:43:86:ec:b9:e1:34:
                    77:ba:7c:0f:c1:2b:96:a6:c9:b4:f8:f4:95:aa:f2:
                    e2:15:06:92:23:3b:cb:86:24:fc:65:db:e1:fd:1a:
                    d1:24:e9:3c:54:3d:f3:22:50:fd:c2:19:23:15:58:
                    cf:fb:c2:e4:30:32:99:3d:fd:1b:24:47:56:de:74:
                    60:97:24:25:4f:a6:3b:43:d4:dd:d9:24:0b:1a:66:
                    3c:93:ca:57:c7:99:79:d1:9c:f5:9b:c2:42:99:32:
                    c6:39:2b:d8:01:3d:ca:e7:7d:62:89:ce:31:ba:3d:
                    94:c9:67:19:3a:8f:6f:db:33:7d:fa:01:17:43:c2:
                    ed:f3:ff:20:c4:5b:b2:2d:db:e5:0f:ad:71:5c:92:
                    bc:c4:28:04:38:72:d7:39:3c:38:b3:1f:85:42:7f:
                    43:91:9e:54:ff:d7:ed:57:05:e4:9f:8c:9f:59:1b:
                    62:32:59:fd:f7:00:f3:71:da:a5:10:78:38:3a:56:
                    fc:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:E9:6A:F9:87:28:07:E4:80:F0:02:70:2A:6B:07:B7:EE:13:9F:77
            X509v3 Authority Key Identifier:
                keyid:DB:B6:53:BB:D1:70:4C:47:BA:DA:62:AB:6C:E3:50:23:07:F2:44:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/27ZTu9FwTEe62mKrbONQIwfyRLY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/8060df-a6f7-4166-a929-a980bed33ab0/1/J-lq-YcoB-SA8AJwKmsHt-4Tn3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/8060df-a6f7-4166-a929-a980bed33ab0/1/27ZTu9FwTEe62mKrbONQIwfyRLY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.186.86.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0d:a5:71:5e:a0:1e:a7:5a:3b:26:90:7a:85:fb:1f:56:3e:20:
         00:74:6a:48:e2:c3:a6:f9:37:01:a8:9d:73:5a:a8:f2:00:a5:
         5e:e5:07:3d:53:99:62:9d:23:47:08:42:f0:2d:f9:86:55:e4:
         45:1a:31:c7:45:a8:9d:a0:c7:68:8b:8b:9a:ca:14:47:a4:83:
         b7:75:1e:59:12:87:f8:a4:ef:c9:c2:cc:ce:7d:e4:85:28:43:
         0f:95:c6:34:dd:0e:49:f4:44:7a:f7:63:02:ec:06:fa:38:54:
         8f:49:13:12:e0:6a:a0:71:39:e5:25:17:7b:1b:02:0b:77:46:
         ac:7a:9f:a6:e1:25:b9:9c:0e:55:00:f6:1a:8d:dc:20:35:01:
         56:39:8c:f3:10:36:bd:04:d7:6b:72:49:12:23:2d:13:43:db:
         05:13:9f:2c:20:48:ad:19:97:05:94:b5:36:d9:10:98:be:7a:
         3b:cb:9a:9b:46:ed:68:9d:a2:61:0a:a2:1c:3c:36:d2:a9:f6:
         6e:47:0e:b2:d0:b8:46:0f:8e:03:45:8a:30:e8:02:71:0a:e3:
         73:5e:8f:2c:12:fa:73:f9:ce:f5:41:62:15:49:ff:40:8c:a6:
         43:01:c0:70:14:12:5d:93:68:49:db:95:76:7f:33:1b:41:0a:
         10:1a:60:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSw9ed7HnE+z2YnUZBw73MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYjY1M2JiZDE3MDRjNDdiYWRhNjJhYjZjZTM1MDIzMDdm
MjQ0YjYwHhcNMjQwMTAxMTgzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2U5NmFmOTg3MjgwN2U0ODBmMDAyNzAyYTZiMDdiN2VlMTM5Zjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhtVGFXAwpKuLbPGx6jrJvi4AMd1B
djtizDHc4JwJbNIt7oLIrKmohoZrk4AzEO6LCDmDRNGhfWORW6KmpK7bRtLa7TxD
huy54TR3unwPwSuWpsm0+PSVqvLiFQaSIzvLhiT8Zdvh/RrRJOk8VD3zIlD9whkj
FVjP+8LkMDKZPf0bJEdW3nRglyQlT6Y7Q9Td2SQLGmY8k8pXx5l50Zz1m8JCmTLG
OSvYAT3K531iic4xuj2UyWcZOo9v2zN9+gEXQ8Lt8/8gxFuyLdvlD61xXJK8xCgE
OHLXOTw4sx+FQn9DkZ5U/9ftVwXkn4yfWRtiMln99wDzcdqlEHg4Olb8OwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCfpavmHKAfkgPACcCprB7fuE593MB8GA1UdIwQY
MBaAFNu2U7vRcExHutpiq2zjUCMH8kS2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjdaVHU5RndURWU2Mm1LcmJPTlFJd2Z5UkxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC84MDYwZGYtYTZmNy00MTY2LWE5Mjkt
YTk4MGJlZDMzYWIwLzEvSi1scS1ZY29CLVNBOEFKd0ttc0h0LTRUbjNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC84MDYwZGYtYTZmNy00MTY2LWE5MjktYTk4MGJlZDMzYWIw
LzEvMjdaVHU5RndURWU2Mm1LcmJPTlFJd2Z5UkxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwbpWMA0G
CSqGSIb3DQEBCwUAA4IBAQANpXFeoB6nWjsmkHqF+x9WPiAAdGpI4sOm+TcBqJ1z
WqjyAKVe5Qc9U5linSNHCELwLfmGVeRFGjHHRaidoMdoi4uayhRHpIO3dR5ZEof4
pO/JwszOfeSFKEMPlcY03Q5J9ER692MC7Ab6OFSPSRMS4GqgcTnlJRd7GwILd0as
ep+m4SW5nA5VAPYajdwgNQFWOYzzEDa9BNdrckkSIy0TQ9sFE58sIEitGZcFlLU2
2RCYvno7y5qbRu1onaJhCqIcPDbSqfZuRw6y0LhGD44DRYow6AJxCuNzXo8sEvpz
+c71QWIVSf9AjKZDAcBwFBJdk2hJ25V2fzMbQQoQGmA1
-----END CERTIFICATE-----