Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/c4210e-90de-4eca-8206-5537d85d2bd0/1/CAwqLZfDon7q8ns5OJf_ISf4ayA.roa
File:                     CAwqLZfDon7q8ns5OJf_ISf4ayA.roa (raw, json)
Hash identifier:          CFYyxjImToC4og+XDFan+5HJAPPyu04GlZTL6sa3aFA=
Subject key identifier:   08:0C:2A:2D:97:C3:A2:7E:EA:F2:7B:39:38:97:FF:21:27:F8:6B:20
Certificate issuer:       /CN=a0bb1718963ddd9128b76fd3d8213a1565ef856d
Certificate serial:       018CC3B69B223631A81D03BDB7A1693BB845
Authority key identifier: A0:BB:17:18:96:3D:DD:91:28:B7:6F:D3:D8:21:3A:15:65:EF:85:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oLsXGJY93ZEot2_T2CE6FWXvhW0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/c4210e-90de-4eca-8206-5537d85d2bd0/1/CAwqLZfDon7q8ns5OJf_ISf4ayA.roa
Signing time:             Mon 01 Jan 2024 06:29:33 +0000
ROA not before:           Mon 01 Jan 2024 06:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58131
IP address blocks:        194.8.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/c4210e-90de-4eca-8206-5537d85d2bd0/1/oLsXGJY93ZEot2_T2CE6FWXvhW0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/c4210e-90de-4eca-8206-5537d85d2bd0/1/oLsXGJY93ZEot2_T2CE6FWXvhW0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oLsXGJY93ZEot2_T2CE6FWXvhW0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:9b:22:36:31:a8:1d:03:bd:b7:a1:69:3b:b8:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0bb1718963ddd9128b76fd3d8213a1565ef856d
        Validity
            Not Before: Jan  1 06:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=080c2a2d97c3a27eeaf27b393897ff2127f86b20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:71:e8:1d:6e:6e:67:63:c7:8b:8c:c6:16:61:
                    d3:93:68:4b:21:4d:e3:73:52:20:fa:e1:cf:aa:04:
                    17:b8:23:6f:d2:ec:33:1d:e6:73:d8:c7:48:bf:77:
                    0d:c5:8c:ce:35:42:eb:94:59:4b:04:e0:f1:4c:cc:
                    59:59:47:5b:40:dc:cd:4a:c5:d2:4b:c6:32:55:89:
                    7e:74:98:88:ad:af:dc:ff:3e:81:49:e0:d7:d6:8c:
                    af:22:38:a7:34:bf:35:b6:e0:a8:1b:22:02:bf:70:
                    2c:6c:70:22:1a:22:9b:a9:64:5e:f0:e0:15:68:2b:
                    6e:c2:1d:61:d0:92:66:90:b9:7a:e5:61:73:02:a5:
                    d6:37:cf:a3:40:98:53:8d:27:db:5a:46:23:26:3b:
                    5d:33:12:b5:23:a6:3d:aa:04:25:6d:4e:34:8a:dd:
                    bb:88:44:5b:ad:6e:21:af:d5:ed:94:21:61:87:18:
                    8b:6f:c8:5a:d1:29:42:2d:d7:00:c2:ca:3f:26:7e:
                    18:3c:84:c8:0b:31:60:15:62:1f:e8:56:df:03:30:
                    d9:37:a5:13:83:2a:7b:27:7a:03:1b:2b:eb:87:f6:
                    59:09:e2:1d:8c:64:5d:76:04:fb:ec:cb:43:ec:57:
                    88:af:ac:82:e0:a8:6d:ee:27:e5:1c:a5:aa:1c:55:
                    1e:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:0C:2A:2D:97:C3:A2:7E:EA:F2:7B:39:38:97:FF:21:27:F8:6B:20
            X509v3 Authority Key Identifier:
                keyid:A0:BB:17:18:96:3D:DD:91:28:B7:6F:D3:D8:21:3A:15:65:EF:85:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oLsXGJY93ZEot2_T2CE6FWXvhW0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/c4210e-90de-4eca-8206-5537d85d2bd0/1/CAwqLZfDon7q8ns5OJf_ISf4ayA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/c4210e-90de-4eca-8206-5537d85d2bd0/1/oLsXGJY93ZEot2_T2CE6FWXvhW0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.8.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:86:bb:ed:d6:21:b4:73:2e:13:00:a0:f7:5f:81:d6:42:54:
         92:4c:a7:14:a1:14:32:19:0f:1f:88:e5:d7:88:65:39:e9:09:
         33:7b:fe:77:6e:7b:96:3e:39:68:7b:19:2b:b6:ad:f0:0a:5c:
         76:2f:ec:78:25:b5:c9:c4:22:6d:9e:f1:1b:8c:d0:6e:bc:87:
         57:94:9a:04:b8:0b:00:72:e2:e4:73:65:85:11:26:f7:84:f9:
         6b:3e:5b:c5:d1:a1:20:10:db:32:ee:f9:99:ea:90:7d:72:d6:
         2d:0c:eb:46:9c:29:be:43:0d:c9:58:49:f0:02:61:9b:18:25:
         cc:db:64:f5:61:c1:c8:e0:1c:97:27:6f:d8:c6:1b:43:26:e2:
         a2:04:11:e8:ad:f0:aa:fe:43:9a:6b:67:c7:f1:47:69:f5:a4:
         29:69:8b:b1:f6:f0:ad:3e:a5:dc:35:6a:8f:19:8c:19:7f:a1:
         d3:b8:21:fd:7c:fb:e2:af:e5:35:20:e9:3a:70:59:bc:17:16:
         08:8b:e1:a0:2f:04:cf:8b:42:74:8f:26:72:d1:ac:4a:9e:83:
         e2:fd:34:e3:c3:a3:20:fa:72:8c:3d:e1:55:70:3c:88:31:7d:
         08:56:f6:4e:9c:15:07:16:96:be:97:f8:77:72:72:23:ff:8a:
         91:05:1b:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtpsiNjGoHQO9t6FpO7hFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwYmIxNzE4OTYzZGRkOTEyOGI3NmZkM2Q4MjEzYTE1NjVl
Zjg1NmQwHhcNMjQwMTAxMDYyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODBjMmEyZDk3YzNhMjdlZWFmMjdiMzkzODk3ZmYyMTI3Zjg2YjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3HoHW5uZ2PHi4zGFmHTk2hLIU3j
c1Ig+uHPqgQXuCNv0uwzHeZz2MdIv3cNxYzONULrlFlLBODxTMxZWUdbQNzNSsXS
S8YyVYl+dJiIra/c/z6BSeDX1oyvIjinNL81tuCoGyICv3AsbHAiGiKbqWRe8OAV
aCtuwh1h0JJmkLl65WFzAqXWN8+jQJhTjSfbWkYjJjtdMxK1I6Y9qgQlbU40it27
iERbrW4hr9XtlCFhhxiLb8ha0SlCLdcAwso/Jn4YPITICzFgFWIf6FbfAzDZN6UT
gyp7J3oDGyvrh/ZZCeIdjGRddgT77MtD7FeIr6yC4Kht7iflHKWqHFUeqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAgMKi2Xw6J+6vJ7OTiX/yEn+GsgMB8GA1UdIwQY
MBaAFKC7FxiWPd2RKLdv09ghOhVl74VtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0xzWEdKWTkzWkVvdDJfVDJDRTZGV1h2aFcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9jNDIxMGUtOTBkZS00ZWNhLTgyMDYt
NTUzN2Q4NWQyYmQwLzEvQ0F3cUxaZkRvbjdxOG5zNU9KZl9JU2Y0YXlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9jNDIxMGUtOTBkZS00ZWNhLTgyMDYtNTUzN2Q4NWQyYmQw
LzEvb0xzWEdKWTkzWkVvdDJfVDJDRTZGV1h2aFcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgg/MA0G
CSqGSIb3DQEBCwUAA4IBAQCmhrvt1iG0cy4TAKD3X4HWQlSSTKcUoRQyGQ8fiOXX
iGU56Qkze/53bnuWPjloexkrtq3wClx2L+x4JbXJxCJtnvEbjNBuvIdXlJoEuAsA
cuLkc2WFESb3hPlrPlvF0aEgENsy7vmZ6pB9ctYtDOtGnCm+Qw3JWEnwAmGbGCXM
22T1YcHI4ByXJ2/YxhtDJuKiBBHorfCq/kOaa2fH8Udp9aQpaYux9vCtPqXcNWqP
GYwZf6HTuCH9fPvir+U1IOk6cFm8FxYIi+GgLwTPi0J0jyZy0axKnoPi/TTjw6Mg
+nKMPeFVcDyIMX0IVvZOnBUHFpa+l/h3cnIj/4qRBRuT
-----END CERTIFICATE-----