Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/6914ce-66c2-4238-92b7-a2d636f325e6/1/thyHkU3tMD6U1Zzf4WIVttMpRsI.roa
File:                     thyHkU3tMD6U1Zzf4WIVttMpRsI.roa (raw, json)
Hash identifier:          VnzmMLVuEegUFC1m7sthGVTdBM4NIl+xdYrFMuS7Wpw=
Subject key identifier:   B6:1C:87:91:4D:ED:30:3E:94:D5:9C:DF:E1:62:15:B6:D3:29:46:C2
Certificate issuer:       /CN=d0113dd5d0759c03009380140c668ebbd1f9c168
Certificate serial:       018CC8711D089EFF412D9ADA9B9BF1879FE0
Authority key identifier: D0:11:3D:D5:D0:75:9C:03:00:93:80:14:0C:66:8E:BB:D1:F9:C1:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0BE91dB1nAMAk4AUDGaOu9H5wWg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/6914ce-66c2-4238-92b7-a2d636f325e6/1/thyHkU3tMD6U1Zzf4WIVttMpRsI.roa
Signing time:             Tue 02 Jan 2024 04:31:45 +0000
ROA not before:           Tue 02 Jan 2024 04:31:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209916
IP address blocks:        193.39.79.0/24 maxlen: 24
                          2a0e:8a80::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/6914ce-66c2-4238-92b7-a2d636f325e6/1/0BE91dB1nAMAk4AUDGaOu9H5wWg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/6914ce-66c2-4238-92b7-a2d636f325e6/1/0BE91dB1nAMAk4AUDGaOu9H5wWg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0BE91dB1nAMAk4AUDGaOu9H5wWg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:1d:08:9e:ff:41:2d:9a:da:9b:9b:f1:87:9f:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0113dd5d0759c03009380140c668ebbd1f9c168
        Validity
            Not Before: Jan  2 04:31:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b61c87914ded303e94d59cdfe16215b6d32946c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:5d:c4:e9:47:b5:e1:18:39:7a:6c:b1:a9:f2:
                    5c:62:5a:9e:ec:49:70:c5:86:f4:00:20:9d:d3:18:
                    50:7a:0f:e9:e8:86:c9:82:39:d4:0e:71:c5:c6:48:
                    2b:f5:d1:81:f1:e8:eb:bf:a4:91:d2:ef:5d:4e:13:
                    03:1f:77:9e:47:f3:60:8d:8a:32:9d:97:5c:c5:96:
                    01:02:0a:33:e7:34:a8:17:da:ff:97:b7:7e:6c:8b:
                    64:d3:c6:02:68:c1:90:fd:81:b8:f6:fc:b4:92:92:
                    fa:0b:9f:f5:89:59:7a:db:77:33:e1:72:62:6c:5e:
                    55:af:9c:c7:8f:53:e4:27:1a:f2:24:d9:8d:76:e0:
                    9c:e9:f7:11:3e:20:fd:e0:b4:70:91:19:92:a7:8e:
                    7b:9a:be:ac:0b:ac:e0:b6:b8:4e:cf:55:e1:17:59:
                    3d:8c:e5:18:2b:d7:86:40:a0:31:eb:06:33:c2:b9:
                    8d:68:7e:d6:85:36:be:f2:f9:ff:5a:21:e8:a8:99:
                    54:0d:d6:fe:c6:5c:7e:19:c9:68:f0:6b:cb:9a:f7:
                    32:bf:1e:f4:e7:ef:9a:7f:fa:26:76:bb:82:69:39:
                    e7:45:21:cd:2b:bc:d3:63:b2:3f:13:08:ed:92:ae:
                    6e:79:bd:e8:fb:da:b2:c3:93:d9:a5:61:13:b7:a2:
                    a0:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:1C:87:91:4D:ED:30:3E:94:D5:9C:DF:E1:62:15:B6:D3:29:46:C2
            X509v3 Authority Key Identifier:
                keyid:D0:11:3D:D5:D0:75:9C:03:00:93:80:14:0C:66:8E:BB:D1:F9:C1:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0BE91dB1nAMAk4AUDGaOu9H5wWg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/6914ce-66c2-4238-92b7-a2d636f325e6/1/thyHkU3tMD6U1Zzf4WIVttMpRsI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/6914ce-66c2-4238-92b7-a2d636f325e6/1/0BE91dB1nAMAk4AUDGaOu9H5wWg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.39.79.0/24
                IPv6:
                  2a0e:8a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         26:91:c6:21:7b:fd:ef:ee:54:64:c4:7e:68:16:f3:85:9d:f0:
         87:a2:43:91:7f:8c:5c:09:91:1c:66:b1:ae:40:a8:f4:47:b1:
         3a:82:66:9e:90:aa:0c:67:de:5b:7e:3f:88:78:61:1e:59:09:
         7a:34:d0:5b:d9:35:ee:11:a6:ef:65:1c:99:2b:81:25:e5:f6:
         28:40:48:0b:42:84:42:ce:f2:8c:df:78:40:b1:a7:42:d4:a3:
         0f:10:8b:8a:40:54:46:66:f2:b4:63:44:65:7f:85:14:f6:61:
         14:5c:55:b6:25:4c:a7:18:7a:9b:bf:d7:fe:a1:26:26:6c:bb:
         9b:bc:2c:83:63:a7:a5:d7:f0:42:cb:dc:02:ae:c3:cd:d1:00:
         46:90:94:36:8c:2b:a3:fb:db:0c:1c:87:47:3d:99:7f:62:68:
         bc:25:04:49:af:e5:65:77:97:cc:c8:7d:cb:d1:8a:cb:e8:9f:
         19:f6:3b:11:bb:de:01:80:a8:75:1c:4a:8f:95:c4:46:aa:47:
         ae:71:aa:32:b7:45:4e:25:0b:27:fc:63:18:ac:54:1b:63:ae:
         2d:ac:6b:89:25:74:0f:80:da:9d:27:91:70:d0:6e:e7:36:b3:
         3a:c0:8b:c7:f6:c5:d7:1e:db:41:43:cb:0f:f6:03:bf:ac:3c:
         d3:0c:4b:36
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIcR0Inv9BLZram5vxh5/gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMTEzZGQ1ZDA3NTljMDMwMDkzODAxNDBjNjY4ZWJiZDFm
OWMxNjgwHhcNMjQwMTAyMDQzMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjFjODc5MTRkZWQzMDNlOTRkNTljZGZlMTYyMTViNmQzMjk0NmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwF3E6Ue14Rg5emyxqfJcYlqe7Elw
xYb0ACCd0xhQeg/p6IbJgjnUDnHFxkgr9dGB8ejrv6SR0u9dThMDH3eeR/NgjYoy
nZdcxZYBAgoz5zSoF9r/l7d+bItk08YCaMGQ/YG49vy0kpL6C5/1iVl623cz4XJi
bF5Vr5zHj1PkJxryJNmNduCc6fcRPiD94LRwkRmSp457mr6sC6zgtrhOz1XhF1k9
jOUYK9eGQKAx6wYzwrmNaH7WhTa+8vn/WiHoqJlUDdb+xlx+Gclo8GvLmvcyvx70
5++af/omdruCaTnnRSHNK7zTY7I/Ewjtkq5ueb3o+9qyw5PZpWETt6KgMQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLYch5FN7TA+lNWc3+FiFbbTKUbCMB8GA1UdIwQY
MBaAFNARPdXQdZwDAJOAFAxmjrvR+cFoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEJFOTFkQjFuQU1BazRBVURHYU91OUg1d1dnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS82OTE0Y2UtNjZjMi00MjM4LTkyYjct
YTJkNjM2ZjMyNWU2LzEvdGh5SGtVM3RNRDZVMVp6ZjRXSVZ0dE1wUnNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS82OTE0Y2UtNjZjMi00MjM4LTkyYjctYTJkNjM2ZjMyNWU2
LzEvMEJFOTFkQjFuQU1BazRBVURHYU91OUg1d1dnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwSdPMA0E
AgACMAcDBQMqDoqAMA0GCSqGSIb3DQEBCwUAA4IBAQAmkcYhe/3v7lRkxH5oFvOF
nfCHokORf4xcCZEcZrGuQKj0R7E6gmaekKoMZ95bfj+IeGEeWQl6NNBb2TXuEabv
ZRyZK4El5fYoQEgLQoRCzvKM33hAsadC1KMPEIuKQFRGZvK0Y0Rlf4UU9mEUXFW2
JUynGHqbv9f+oSYmbLubvCyDY6el1/BCy9wCrsPN0QBGkJQ2jCuj+9sMHIdHPZl/
Ymi8JQRJr+Vld5fMyH3L0YrL6J8Z9jsRu94BgKh1HEqPlcRGqkeucaoyt0VOJQsn
/GMYrFQbY64trGuJJXQPgNqdJ5Fw0G7nNrM6wIvH9sXXHttBQ8sP9gO/rDzTDEs2
-----END CERTIFICATE-----