Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/e91816-77d8-4069-aeb7-a5bfc544005c/1/ao0bKXdHbe2ycTNZmIZJuBjmnfI.roa
File:                     ao0bKXdHbe2ycTNZmIZJuBjmnfI.roa (raw, json)
Hash identifier:          o0vAUInLfXvmwCgxuHt/1Xf3nbjGlLqmpia+Kb7pqYw=
Subject key identifier:   6A:8D:1B:29:77:47:6D:ED:B2:71:33:59:98:86:49:B8:18:E6:9D:F2
Certificate issuer:       /CN=d64d4b9086158bc296b200a60fc3750e951d22f8
Certificate serial:       018CC9BBEBDBF8D2DD6F712B112662F83793
Authority key identifier: D6:4D:4B:90:86:15:8B:C2:96:B2:00:A6:0F:C3:75:0E:95:1D:22:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1k1LkIYVi8KWsgCmD8N1DpUdIvg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/e91816-77d8-4069-aeb7-a5bfc544005c/1/ao0bKXdHbe2ycTNZmIZJuBjmnfI.roa
Signing time:             Tue 02 Jan 2024 10:33:05 +0000
ROA not before:           Tue 02 Jan 2024 10:33:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43853
IP address blocks:        193.151.93.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/e91816-77d8-4069-aeb7-a5bfc544005c/1/1k1LkIYVi8KWsgCmD8N1DpUdIvg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/e91816-77d8-4069-aeb7-a5bfc544005c/1/1k1LkIYVi8KWsgCmD8N1DpUdIvg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1k1LkIYVi8KWsgCmD8N1DpUdIvg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:eb:db:f8:d2:dd:6f:71:2b:11:26:62:f8:37:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d64d4b9086158bc296b200a60fc3750e951d22f8
        Validity
            Not Before: Jan  2 10:33:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a8d1b2977476dedb2713359988649b818e69df2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:ca:b9:ac:ea:7e:a9:8b:33:1b:c0:04:d7:67:
                    54:4c:03:8c:c2:42:d4:89:ad:6c:4c:ad:aa:71:eb:
                    70:dc:9c:b7:78:a6:2f:d4:61:4b:fe:18:bc:16:61:
                    60:75:36:f4:e9:68:0d:1f:e2:46:06:ca:02:d5:f7:
                    ab:de:c9:4e:72:39:d7:ea:e9:13:9d:67:95:92:cd:
                    1b:35:9c:19:82:c1:fd:8d:b9:61:12:cf:10:ba:52:
                    24:0c:8a:a6:e1:12:75:ba:67:65:27:8d:63:c8:72:
                    e9:f9:b0:da:15:fd:d2:9e:71:cd:9f:52:b8:66:89:
                    f1:b7:c7:94:b5:27:c2:0f:f4:c3:5a:58:c0:9e:94:
                    cc:80:39:d5:4c:76:5f:26:f3:06:e4:7c:24:e0:77:
                    2f:05:8b:dd:ef:64:68:69:9c:2d:63:62:db:85:ac:
                    cf:7b:b8:d1:f6:63:86:c3:68:d1:10:ba:17:4f:37:
                    65:c4:af:55:84:ab:39:9d:41:1e:a3:51:04:55:70:
                    d5:78:bb:29:bb:37:6d:b6:6e:ec:75:d9:4e:f5:65:
                    de:a9:3d:e3:8b:1b:c0:39:6b:2c:bb:26:74:1b:88:
                    c6:74:89:c6:17:88:df:3b:60:1b:58:28:fe:2e:aa:
                    5f:9a:32:f4:47:45:e9:c1:4b:19:63:e7:aa:8c:8a:
                    f0:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:8D:1B:29:77:47:6D:ED:B2:71:33:59:98:86:49:B8:18:E6:9D:F2
            X509v3 Authority Key Identifier:
                keyid:D6:4D:4B:90:86:15:8B:C2:96:B2:00:A6:0F:C3:75:0E:95:1D:22:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1k1LkIYVi8KWsgCmD8N1DpUdIvg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/e91816-77d8-4069-aeb7-a5bfc544005c/1/ao0bKXdHbe2ycTNZmIZJuBjmnfI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/e91816-77d8-4069-aeb7-a5bfc544005c/1/1k1LkIYVi8KWsgCmD8N1DpUdIvg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.151.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:90:59:b3:47:0d:4c:eb:f0:31:e3:fb:cb:bf:27:c5:0f:f2:
         8a:e3:09:9d:ee:e1:00:12:4e:38:69:af:d7:3b:97:f8:40:53:
         22:2b:70:37:8b:13:98:8b:01:8f:31:a3:f6:69:ef:ad:bd:d1:
         44:06:8e:52:32:0e:ed:e6:5a:b8:43:2d:23:84:bb:93:3d:66:
         64:3f:56:38:22:e2:cb:f8:6a:5a:e6:1f:6c:3b:bc:74:53:3a:
         cf:f6:26:89:08:38:ee:33:1d:19:bf:06:61:5e:36:fa:3b:5c:
         9b:71:bd:74:c1:2c:28:3c:28:3e:44:7a:7b:ce:85:31:e6:31:
         0b:df:43:bf:1e:fe:e5:11:e9:56:89:77:39:07:dc:70:f6:9a:
         ca:fc:0b:37:a7:bb:cd:e4:9f:7f:df:a6:07:32:55:f3:d9:4c:
         c1:43:14:c3:ea:42:14:ed:cb:d9:3a:4e:6d:9f:73:b6:bb:c1:
         f6:0b:76:95:23:75:9e:cb:a4:90:3e:98:6d:2a:4f:62:0e:a1:
         0b:d8:61:27:7b:68:02:f1:21:ba:d7:3b:43:93:24:2f:a6:26:
         27:7b:4d:0b:bf:d5:ce:c4:8d:67:cc:1d:79:6c:f7:55:0c:bf:
         a1:4e:e0:df:2c:4b:21:1b:59:90:96:e9:3e:4d:3a:d7:b4:47:
         52:ed:e6:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu+vb+NLdb3ErESZi+DeTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2NGQ0YjkwODYxNThiYzI5NmIyMDBhNjBmYzM3NTBlOTUx
ZDIyZjgwHhcNMjQwMTAyMTAzMzA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YThkMWIyOTc3NDc2ZGVkYjI3MTMzNTk5ODg2NDliODE4ZTY5ZGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjcq5rOp+qYszG8AE12dUTAOMwkLU
ia1sTK2qcetw3Jy3eKYv1GFL/hi8FmFgdTb06WgNH+JGBsoC1fer3slOcjnX6ukT
nWeVks0bNZwZgsH9jblhEs8QulIkDIqm4RJ1umdlJ41jyHLp+bDaFf3SnnHNn1K4
Zonxt8eUtSfCD/TDWljAnpTMgDnVTHZfJvMG5Hwk4HcvBYvd72RoaZwtY2LbhazP
e7jR9mOGw2jRELoXTzdlxK9VhKs5nUEeo1EEVXDVeLspuzdttm7sddlO9WXeqT3j
ixvAOWssuyZ0G4jGdInGF4jfO2AbWCj+LqpfmjL0R0XpwUsZY+eqjIrwWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGqNGyl3R23tsnEzWZiGSbgY5p3yMB8GA1UdIwQY
MBaAFNZNS5CGFYvClrIApg/DdQ6VHSL4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWsxTGtJWVZpOEtXc2dDbUQ4TjFEcFVkSXZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9lOTE4MTYtNzdkOC00MDY5LWFlYjct
YTViZmM1NDQwMDVjLzEvYW8wYktYZEhiZTJ5Y1ROWm1JWkp1QmptbmZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9lOTE4MTYtNzdkOC00MDY5LWFlYjctYTViZmM1NDQwMDVj
LzEvMWsxTGtJWVZpOEtXc2dDbUQ4TjFEcFVkSXZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwZddMA0G
CSqGSIb3DQEBCwUAA4IBAQBukFmzRw1M6/Ax4/vLvyfFD/KK4wmd7uEAEk44aa/X
O5f4QFMiK3A3ixOYiwGPMaP2ae+tvdFEBo5SMg7t5lq4Qy0jhLuTPWZkP1Y4IuLL
+Gpa5h9sO7x0UzrP9iaJCDjuMx0ZvwZhXjb6O1ybcb10wSwoPCg+RHp7zoUx5jEL
30O/Hv7lEelWiXc5B9xw9prK/As3p7vN5J9/36YHMlXz2UzBQxTD6kIU7cvZOk5t
n3O2u8H2C3aVI3Wey6SQPphtKk9iDqEL2GEne2gC8SG61ztDkyQvpiYne00Lv9XO
xI1nzB15bPdVDL+hTuDfLEshG1mQluk+TTrXtEdS7eYi
-----END CERTIFICATE-----