Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/d1c06a-dfa5-4c78-980a-6be2f4d24c96/1/FT3zu-yitliCkfNclwUHBU7N7dU.roa
File:                     FT3zu-yitliCkfNclwUHBU7N7dU.roa (raw, json)
Hash identifier:          VGTJcHwefh8USFopvGpMxGN2ILYWaNnCLTvtXsv+4p8=
Subject key identifier:   15:3D:F3:BB:EC:A2:B6:58:82:91:F3:5C:97:05:07:05:4E:CD:ED:D5
Certificate issuer:       /CN=0008589496bf86d2d0f8874b76cac843025bcd3b
Certificate serial:       018CC64AFA120E90C37040E23B968D45E994
Authority key identifier: 00:08:58:94:96:BF:86:D2:D0:F8:87:4B:76:CA:C8:43:02:5B:CD:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AAhYlJa_htLQ-IdLdsrIQwJbzTs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/d1c06a-dfa5-4c78-980a-6be2f4d24c96/1/FT3zu-yitliCkfNclwUHBU7N7dU.roa
Signing time:             Mon 01 Jan 2024 18:30:51 +0000
ROA not before:           Mon 01 Jan 2024 18:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8220
IP address blocks:        193.100.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/d1c06a-dfa5-4c78-980a-6be2f4d24c96/1/AAhYlJa_htLQ-IdLdsrIQwJbzTs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/d1c06a-dfa5-4c78-980a-6be2f4d24c96/1/AAhYlJa_htLQ-IdLdsrIQwJbzTs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AAhYlJa_htLQ-IdLdsrIQwJbzTs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:fa:12:0e:90:c3:70:40:e2:3b:96:8d:45:e9:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0008589496bf86d2d0f8874b76cac843025bcd3b
        Validity
            Not Before: Jan  1 18:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=153df3bbeca2b6588291f35c970507054ecdedd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:5a:46:5e:8d:3f:15:ef:7d:07:37:46:e9:5b:
                    f5:79:9b:a0:e0:0c:84:d9:e8:2b:a0:4d:51:5e:4b:
                    7e:24:cc:1d:b9:f4:31:47:90:8a:33:1a:b6:6d:0c:
                    6f:d0:e3:41:33:4d:f5:05:f6:78:59:71:89:d6:74:
                    ee:d0:a8:5a:36:05:bd:22:e7:f0:79:a6:1f:66:b7:
                    96:67:b3:c6:40:5e:cb:c8:bf:b9:29:cc:5b:72:d4:
                    27:58:95:ae:82:c2:02:08:d7:6c:1c:4c:de:83:ee:
                    53:28:1a:18:7a:08:c0:f7:41:38:76:bb:c1:c9:8a:
                    5e:c6:01:d8:d2:8e:1d:48:3b:b5:93:7b:41:59:d2:
                    05:fd:19:33:30:e5:e5:d5:af:68:fc:9a:8c:19:41:
                    9d:05:0d:1c:82:3b:b6:5d:1f:d3:af:88:17:40:30:
                    ea:e2:cb:74:ae:60:f4:2f:ef:ae:9f:07:3f:ed:76:
                    20:54:ec:58:eb:12:b6:af:6b:2a:9d:f5:26:05:57:
                    59:0e:19:d0:73:0c:68:56:2e:e3:bc:5a:c9:56:77:
                    7e:11:ee:6e:7c:80:9e:e2:41:ec:e9:ad:29:76:35:
                    23:07:94:0d:af:0f:99:f3:40:12:2b:5f:d7:0c:5e:
                    b4:79:9d:92:c4:f3:e5:12:0a:9f:65:17:e5:07:50:
                    6d:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:3D:F3:BB:EC:A2:B6:58:82:91:F3:5C:97:05:07:05:4E:CD:ED:D5
            X509v3 Authority Key Identifier:
                keyid:00:08:58:94:96:BF:86:D2:D0:F8:87:4B:76:CA:C8:43:02:5B:CD:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AAhYlJa_htLQ-IdLdsrIQwJbzTs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/d1c06a-dfa5-4c78-980a-6be2f4d24c96/1/FT3zu-yitliCkfNclwUHBU7N7dU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/d1c06a-dfa5-4c78-980a-6be2f4d24c96/1/AAhYlJa_htLQ-IdLdsrIQwJbzTs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.100.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:aa:a1:84:ce:80:7d:01:f8:8b:ae:b0:e0:dd:cb:33:4a:c3:
         2b:29:8a:6e:40:0e:75:9d:32:05:4d:2e:33:4d:8d:d0:5d:28:
         4a:bb:ed:d7:44:fd:f5:56:a3:ef:41:fb:05:bc:26:ea:fe:d6:
         f5:6a:86:43:02:ed:a5:69:c0:7d:61:fb:99:85:e1:e8:44:45:
         59:eb:65:ee:df:55:b3:fa:fe:2c:33:38:71:4c:76:ee:a6:1e:
         6e:c3:e6:ec:82:d1:d1:ee:f4:75:a1:49:f0:ec:6b:a5:58:0a:
         66:8d:c8:e7:41:3c:29:fb:5e:86:2d:9e:62:bc:f9:a5:ba:eb:
         ab:22:e5:83:4d:b0:46:52:02:28:46:2e:15:f4:c0:5d:56:54:
         fb:c9:1e:52:ae:45:8d:80:da:aa:28:19:7a:f8:74:f4:0b:17:
         0a:11:dc:48:75:e2:e8:ab:f3:15:7e:89:b0:cc:55:b1:fb:db:
         4f:a7:75:70:1c:db:31:67:a5:37:cb:2f:1f:a9:18:29:47:b6:
         e2:ae:19:52:75:90:ce:f4:13:57:b4:f7:c6:02:e8:4e:87:5a:
         8e:12:c1:f9:c4:34:d1:62:2f:3d:6a:e6:07:72:1e:ca:cb:33:
         44:5f:51:1c:53:72:81:2c:4f:49:ac:eb:c5:3f:a3:cb:30:86:
         60:9d:b6:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSvoSDpDDcEDiO5aNRemUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMDg1ODk0OTZiZjg2ZDJkMGY4ODc0Yjc2Y2FjODQzMDI1
YmNkM2IwHhcNMjQwMTAxMTgzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTNkZjNiYmVjYTJiNjU4ODI5MWYzNWM5NzA1MDcwNTRlY2RlZGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmlpGXo0/Fe99BzdG6Vv1eZug4AyE
2egroE1RXkt+JMwdufQxR5CKMxq2bQxv0ONBM031BfZ4WXGJ1nTu0KhaNgW9Iufw
eaYfZreWZ7PGQF7LyL+5KcxbctQnWJWugsICCNdsHEzeg+5TKBoYegjA90E4drvB
yYpexgHY0o4dSDu1k3tBWdIF/RkzMOXl1a9o/JqMGUGdBQ0cgju2XR/Tr4gXQDDq
4st0rmD0L++unwc/7XYgVOxY6xK2r2sqnfUmBVdZDhnQcwxoVi7jvFrJVnd+Ee5u
fICe4kHs6a0pdjUjB5QNrw+Z80ASK1/XDF60eZ2SxPPlEgqfZRflB1Bt/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBU987vsorZYgpHzXJcFBwVOze3VMB8GA1UdIwQY
MBaAFAAIWJSWv4bS0PiHS3bKyEMCW807MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUFoWWxKYV9odExRLUlkTGRzcklRd0pielRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9kMWMwNmEtZGZhNS00Yzc4LTk4MGEt
NmJlMmY0ZDI0Yzk2LzEvRlQzenUteWl0bGlDa2ZOY2x3VUhCVTdON2RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9kMWMwNmEtZGZhNS00Yzc4LTk4MGEtNmJlMmY0ZDI0Yzk2
LzEvQUFoWWxKYV9odExRLUlkTGRzcklRd0pielRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWT+MA0G
CSqGSIb3DQEBCwUAA4IBAQAMqqGEzoB9AfiLrrDg3cszSsMrKYpuQA51nTIFTS4z
TY3QXShKu+3XRP31VqPvQfsFvCbq/tb1aoZDAu2lacB9YfuZheHoREVZ62Xu31Wz
+v4sMzhxTHbuph5uw+bsgtHR7vR1oUnw7GulWApmjcjnQTwp+16GLZ5ivPmluuur
IuWDTbBGUgIoRi4V9MBdVlT7yR5SrkWNgNqqKBl6+HT0CxcKEdxIdeLoq/MVfomw
zFWx+9tPp3VwHNsxZ6U3yy8fqRgpR7birhlSdZDO9BNXtPfGAuhOh1qOEsH5xDTR
Yi89auYHch7KyzNEX1EcU3KBLE9JrOvFP6PLMIZgnbaG
-----END CERTIFICATE-----