Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/6f9604-480c-4837-aff2-d5c1aa5ae398/1/1-vaoA_lXGvLr-mAwJAqIAo4tMYM.roa
File:                     1-vaoA_lXGvLr-mAwJAqIAo4tMYM.roa (raw, json)
Hash identifier:          3QMiEkPKqRh0oOlN/aLXPs9MLvEBaOQoXoHQYkJswOc=
Subject key identifier:   FA:F6:A8:03:F9:57:1A:F2:EB:FA:60:30:24:0A:88:02:8E:2D:31:83
Certificate issuer:       /CN=f8753e2f7230ddb7bc0e64e358af97c318d88b6a
Certificate serial:       018CCA96E3EF1734ADB0E2C9F8D170FE4F67
Authority key identifier: F8:75:3E:2F:72:30:DD:B7:BC:0E:64:E3:58:AF:97:C3:18:D8:8B:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-HU-L3Iw3be8DmTjWK-XwxjYi2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/6f9604-480c-4837-aff2-d5c1aa5ae398/1/1-vaoA_lXGvLr-mAwJAqIAo4tMYM.roa
Signing time:             Tue 02 Jan 2024 14:32:15 +0000
ROA not before:           Tue 02 Jan 2024 14:32:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42491
IP address blocks:        193.72.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/6f9604-480c-4837-aff2-d5c1aa5ae398/1/1-HU-L3Iw3be8DmTjWK-XwxjYi2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/6f9604-480c-4837-aff2-d5c1aa5ae398/1/1-HU-L3Iw3be8DmTjWK-XwxjYi2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-HU-L3Iw3be8DmTjWK-XwxjYi2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:96:e3:ef:17:34:ad:b0:e2:c9:f8:d1:70:fe:4f:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8753e2f7230ddb7bc0e64e358af97c318d88b6a
        Validity
            Not Before: Jan  2 14:32:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=faf6a803f9571af2ebfa6030240a88028e2d3183
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:f3:75:bf:b6:86:88:24:f5:08:3b:68:4e:d3:
                    29:bc:78:3b:ea:5b:1f:ce:48:a6:31:45:77:7b:ad:
                    b1:fa:c9:95:80:c2:ab:c1:be:7e:ce:ed:39:16:cf:
                    bd:d1:4c:0d:03:45:ac:05:e2:13:76:cf:d4:8f:a2:
                    d2:ac:4b:72:fe:74:91:42:0b:0d:f1:1b:59:8b:4c:
                    67:ac:29:8e:ab:2e:e7:6d:49:0d:a1:7b:b6:a3:72:
                    18:82:34:3a:4f:81:cd:16:30:e8:71:c7:20:e2:ef:
                    cd:b5:1c:22:ad:27:5e:99:02:11:e9:d8:dd:ea:e9:
                    93:fa:a3:b7:5c:de:51:05:2b:64:7f:71:01:9e:24:
                    01:d1:1c:cf:ed:ae:8b:9e:90:d8:8c:d8:30:44:dd:
                    f7:cb:7b:78:29:b1:af:d0:5c:f4:13:de:40:1a:4b:
                    84:46:36:cf:0b:ab:eb:16:d5:0c:0c:47:b0:46:cd:
                    4e:8e:e0:c5:de:50:5f:43:b0:2f:08:02:97:69:86:
                    83:6c:23:15:88:ad:0f:96:91:93:9c:1b:d8:45:18:
                    a3:9d:4b:76:32:aa:d6:bf:e3:d7:ca:b4:b4:66:1d:
                    e6:86:7a:92:73:ee:46:9b:c0:39:d7:25:e0:bd:22:
                    4b:6d:7a:b5:77:d4:9b:65:6a:2a:97:03:fe:c5:83:
                    14:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:F6:A8:03:F9:57:1A:F2:EB:FA:60:30:24:0A:88:02:8E:2D:31:83
            X509v3 Authority Key Identifier:
                keyid:F8:75:3E:2F:72:30:DD:B7:BC:0E:64:E3:58:AF:97:C3:18:D8:8B:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-HU-L3Iw3be8DmTjWK-XwxjYi2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/6f9604-480c-4837-aff2-d5c1aa5ae398/1/1-vaoA_lXGvLr-mAwJAqIAo4tMYM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/6f9604-480c-4837-aff2-d5c1aa5ae398/1/1-HU-L3Iw3be8DmTjWK-XwxjYi2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.72.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:84:29:e1:cc:12:10:b4:bb:47:4d:6a:e5:9d:3f:c6:c5:c0:
         77:69:b1:33:93:d0:42:a9:d8:c5:e9:71:d0:3b:cc:d7:5f:6c:
         3f:11:69:26:f8:f7:44:5e:44:db:a6:77:98:42:e4:04:a2:b4:
         cf:af:25:86:24:3d:81:41:7f:b4:2f:c7:51:b0:d7:94:ca:14:
         9a:a3:0b:2c:ed:d7:37:46:19:59:78:af:88:2d:5b:34:24:c5:
         fc:ae:84:2c:42:56:ce:38:50:08:0a:41:bc:75:41:44:61:de:
         09:fe:0f:d1:bd:bb:78:ab:d6:bc:0a:26:87:ae:e7:54:88:0d:
         37:89:87:4c:66:9b:7e:e7:dc:ba:79:38:35:60:da:c5:c6:85:
         92:e0:b9:38:ba:83:73:ff:08:f3:1f:3e:f2:f0:08:c7:ca:c1:
         84:00:58:0d:a3:b8:bf:a2:b3:04:58:85:40:f4:92:84:6f:5d:
         0c:b6:36:5f:f2:df:2b:4d:52:7b:15:5e:4b:31:26:ae:19:d2:
         5b:ea:f0:b8:86:27:a8:42:36:c0:0a:3a:71:62:03:04:f7:5a:
         a1:8a:a7:04:3c:dc:7d:54:9f:6d:6e:c6:db:1f:57:e7:7f:ba:
         4d:ee:5d:6f:55:59:48:6f:a1:68:23:02:9b:09:da:09:02:c1:
         df:ce:f2:77
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKluPvFzStsOLJ+NFw/k9nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NzUzZTJmNzIzMGRkYjdiYzBlNjRlMzU4YWY5N2MzMThk
ODhiNmEwHhcNMjQwMTAyMTQzMjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWY2YTgwM2Y5NTcxYWYyZWJmYTYwMzAyNDBhODgwMjhlMmQzMTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/N1v7aGiCT1CDtoTtMpvHg76lsf
zkimMUV3e62x+smVgMKrwb5+zu05Fs+90UwNA0WsBeITds/Uj6LSrEty/nSRQgsN
8RtZi0xnrCmOqy7nbUkNoXu2o3IYgjQ6T4HNFjDocccg4u/NtRwirSdemQIR6djd
6umT+qO3XN5RBStkf3EBniQB0RzP7a6LnpDYjNgwRN33y3t4KbGv0Fz0E95AGkuE
RjbPC6vrFtUMDEewRs1OjuDF3lBfQ7AvCAKXaYaDbCMViK0PlpGTnBvYRRijnUt2
MqrWv+PXyrS0Zh3mhnqSc+5Gm8A51yXgvSJLbXq1d9SbZWoqlwP+xYMUUwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPr2qAP5Vxry6/pgMCQKiAKOLTGDMB8GA1UdIwQY
MBaAFPh1Pi9yMN23vA5k41ivl8MY2ItqMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1IVS1MM0l3M2JlOERtVGpXSy1Yd3hqWWkyby5jZXIw
gY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUHMAuGcXJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGMvNmY5NjA0LTQ4MGMtNDgzNy1hZmYy
LWQ1YzFhYTVhZTM5OC8xLzEtdmFvQV9sWEd2THItbUF3SkFxSUFvNHRNWU0ucm9h
MIGCBgNVHR8EezB5MHegdaBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3Np
dG9yeS9ERUZBVUxULzhjLzZmOTYwNC00ODBjLTQ4MzctYWZmMi1kNWMxYWE1YWUz
OTgvMS8xLUhVLUwzSXczYmU4RG1UaldLLVh3eGpZaTJvLmNybDAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwUim
MA0GCSqGSIb3DQEBCwUAA4IBAQBRhCnhzBIQtLtHTWrlnT/GxcB3abEzk9BCqdjF
6XHQO8zXX2w/EWkm+PdEXkTbpneYQuQEorTPryWGJD2BQX+0L8dRsNeUyhSaowss
7dc3RhlZeK+ILVs0JMX8roQsQlbOOFAICkG8dUFEYd4J/g/Rvbt4q9a8CiaHrudU
iA03iYdMZpt+59y6eTg1YNrFxoWS4Lk4uoNz/wjzHz7y8AjHysGEAFgNo7i/orME
WIVA9JKEb10MtjZf8t8rTVJ7FV5LMSauGdJb6vC4hieoQjbACjpxYgME91qhiqcE
PNx9VJ9tbsbbH1fnf7pN7l1vVVlIb6FoIwKbCdoJAsHfzvJ3
-----END CERTIFICATE-----