Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/d83576-c685-4624-9d88-9911fa984e2e/1/Z8cnEzjVfDTSPqzguEBEIMNVJ-o.roa
File:                     Z8cnEzjVfDTSPqzguEBEIMNVJ-o.roa (raw, json)
Hash identifier:          tAh0RRJl23Iwaj0fcV4tWVUs0PqR7c17TgVk/epq8cU=
Subject key identifier:   67:C7:27:13:38:D5:7C:34:D2:3E:AC:E0:B8:40:44:20:C3:55:27:EA
Certificate issuer:       /CN=e8cf15bf6b1f2690f20901d1896e2d880fe8886e
Certificate serial:       018CC86F5F40DC3B75B818BC834F0CF75C74
Authority key identifier: E8:CF:15:BF:6B:1F:26:90:F2:09:01:D1:89:6E:2D:88:0F:E8:88:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6M8Vv2sfJpDyCQHRiW4tiA_oiG4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/d83576-c685-4624-9d88-9911fa984e2e/1/Z8cnEzjVfDTSPqzguEBEIMNVJ-o.roa
Signing time:             Tue 02 Jan 2024 04:29:51 +0000
ROA not before:           Tue 02 Jan 2024 04:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205753
IP address blocks:        193.169.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/d83576-c685-4624-9d88-9911fa984e2e/1/6M8Vv2sfJpDyCQHRiW4tiA_oiG4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/d83576-c685-4624-9d88-9911fa984e2e/1/6M8Vv2sfJpDyCQHRiW4tiA_oiG4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6M8Vv2sfJpDyCQHRiW4tiA_oiG4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:5f:40:dc:3b:75:b8:18:bc:83:4f:0c:f7:5c:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8cf15bf6b1f2690f20901d1896e2d880fe8886e
        Validity
            Not Before: Jan  2 04:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67c7271338d57c34d23eace0b8404420c35527ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:4d:1a:d3:de:e5:c7:52:90:71:27:7e:c1:50:
                    f3:4e:c5:18:0a:11:4e:e7:c4:80:e7:be:fa:b4:8b:
                    93:64:64:17:6a:34:70:d0:85:08:73:fc:05:37:2c:
                    f4:ba:f6:6b:6f:8a:80:55:f2:83:b9:8c:14:d4:a0:
                    3a:98:c8:e1:bf:dc:cc:50:6d:06:5c:fb:bb:ed:52:
                    f7:0d:cf:03:bd:73:a5:e8:7c:11:5e:f5:8a:bc:f2:
                    8a:34:2b:f2:62:eb:54:d3:cf:26:15:d9:62:20:a5:
                    dd:89:24:6f:ff:34:ee:c0:8b:8f:c8:7f:5d:d1:cf:
                    76:0b:16:3e:eb:dc:10:77:e8:bb:c1:d9:81:ab:6c:
                    30:fa:00:b4:ec:af:75:86:93:78:9f:b9:40:dc:fd:
                    79:8e:60:53:c9:9e:53:35:89:a5:60:87:c1:33:e5:
                    96:75:ba:98:ad:86:16:42:4d:78:c1:af:40:ac:d3:
                    52:f3:34:a5:2d:86:82:c9:8d:c8:c8:ce:ab:e4:b4:
                    fb:c8:16:11:15:92:ac:9c:67:81:e5:d3:ee:d3:08:
                    ba:11:39:e7:92:6f:3d:a9:75:03:2f:18:ce:04:5c:
                    f4:bd:12:ee:c6:08:9f:96:70:b4:c0:16:03:6f:7e:
                    d4:5b:06:bb:e4:12:8e:30:d4:6f:11:18:34:a0:08:
                    ed:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:C7:27:13:38:D5:7C:34:D2:3E:AC:E0:B8:40:44:20:C3:55:27:EA
            X509v3 Authority Key Identifier:
                keyid:E8:CF:15:BF:6B:1F:26:90:F2:09:01:D1:89:6E:2D:88:0F:E8:88:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6M8Vv2sfJpDyCQHRiW4tiA_oiG4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d83576-c685-4624-9d88-9911fa984e2e/1/Z8cnEzjVfDTSPqzguEBEIMNVJ-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d83576-c685-4624-9d88-9911fa984e2e/1/6M8Vv2sfJpDyCQHRiW4tiA_oiG4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.169.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:5a:71:16:69:76:77:fa:29:55:a5:52:ef:80:a4:6f:95:04:
         ec:6e:3e:c0:ec:1f:cc:9f:68:f2:a6:ec:f1:c1:a2:a8:be:13:
         39:a3:bf:c1:6d:60:15:f6:41:a1:5d:72:2e:d6:c4:0c:45:4a:
         1b:3d:3f:82:5b:1b:38:b7:47:e0:e0:4d:54:2b:21:bf:9a:5f:
         e5:d3:d6:36:ec:2b:54:c5:6d:35:49:20:71:4f:9d:ad:07:7c:
         e2:91:31:2e:d4:ed:70:4e:26:4f:9a:20:72:62:bf:e8:46:1d:
         0f:88:e9:0b:f4:8d:51:7b:af:00:f3:d6:64:98:13:9c:98:bf:
         e1:af:ed:f6:ca:9b:14:88:bf:73:55:bf:9b:6c:ca:40:95:ef:
         52:a1:43:aa:0a:71:73:e6:a4:93:8c:6d:b2:24:f8:fa:e5:e1:
         94:81:fe:f7:64:56:98:e2:21:9c:8e:ff:df:77:bd:c0:76:d8:
         87:35:a1:4d:b9:19:55:f4:5c:8f:a6:04:14:09:0b:f5:fe:c6:
         32:c5:3a:85:ed:43:8f:0b:1c:2c:60:14:bb:8f:23:d3:5c:d4:
         ff:9d:51:51:d4:82:7f:c0:d3:b9:54:b0:61:1d:9f:de:87:a4:
         d1:67:5b:28:83:46:cc:ce:b5:b4:da:85:85:83:f7:40:69:be:
         d9:ca:cb:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb19A3Dt1uBi8g08M91x0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4Y2YxNWJmNmIxZjI2OTBmMjA5MDFkMTg5NmUyZDg4MGZl
ODg4NmUwHhcNMjQwMTAyMDQyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2M3MjcxMzM4ZDU3YzM0ZDIzZWFjZTBiODQwNDQyMGMzNTUyN2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjU0a097lx1KQcSd+wVDzTsUYChFO
58SA5776tIuTZGQXajRw0IUIc/wFNyz0uvZrb4qAVfKDuYwU1KA6mMjhv9zMUG0G
XPu77VL3Dc8DvXOl6HwRXvWKvPKKNCvyYutU088mFdliIKXdiSRv/zTuwIuPyH9d
0c92CxY+69wQd+i7wdmBq2ww+gC07K91hpN4n7lA3P15jmBTyZ5TNYmlYIfBM+WW
dbqYrYYWQk14wa9ArNNS8zSlLYaCyY3IyM6r5LT7yBYRFZKsnGeB5dPu0wi6ETnn
km89qXUDLxjOBFz0vRLuxgiflnC0wBYDb37UWwa75BKOMNRvERg0oAjt0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGfHJxM41Xw00j6s4LhARCDDVSfqMB8GA1UdIwQY
MBaAFOjPFb9rHyaQ8gkB0YluLYgP6IhuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNk04VnYyc2ZKcER5Q1FIUmlXNHRpQV9vaUc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9kODM1NzYtYzY4NS00NjI0LTlkODgt
OTkxMWZhOTg0ZTJlLzEvWjhjbkV6alZmRFRTUHF6Z3VFQkVJTU5WSi1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9kODM1NzYtYzY4NS00NjI0LTlkODgtOTkxMWZhOTg0ZTJl
LzEvNk04VnYyc2ZKcER5Q1FIUmlXNHRpQV9vaUc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwamHMA0G
CSqGSIb3DQEBCwUAA4IBAQAvWnEWaXZ3+ilVpVLvgKRvlQTsbj7A7B/Mn2jypuzx
waKovhM5o7/BbWAV9kGhXXIu1sQMRUobPT+CWxs4t0fg4E1UKyG/ml/l09Y27CtU
xW01SSBxT52tB3zikTEu1O1wTiZPmiByYr/oRh0PiOkL9I1Re68A89ZkmBOcmL/h
r+32ypsUiL9zVb+bbMpAle9SoUOqCnFz5qSTjG2yJPj65eGUgf73ZFaY4iGcjv/f
d73AdtiHNaFNuRlV9FyPpgQUCQv1/sYyxTqF7UOPCxwsYBS7jyPTXNT/nVFR1IJ/
wNO5VLBhHZ/eh6TRZ1sog0bMzrW02oWFg/dAab7Zysux
-----END CERTIFICATE-----