Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/bwZN-tYNM3aSYrpFLaHORRihrvI.roa
File:                     bwZN-tYNM3aSYrpFLaHORRihrvI.roa (raw, json)
Hash identifier:          I9AVD6Q1iuk0dnloFpv6WDx3rWDClOHGm8KtCfvtJdo=
Subject key identifier:   6F:06:4D:FA:D6:0D:33:76:92:62:BA:45:2D:A1:CE:45:18:A1:AE:F2
Certificate issuer:       /CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
Certificate serial:       018CC9BBCCA4AFFBD0861A11EB2C7F2FEF60
Authority key identifier: F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/bwZN-tYNM3aSYrpFLaHORRihrvI.roa
Signing time:             Tue 02 Jan 2024 10:32:57 +0000
ROA not before:           Tue 02 Jan 2024 10:32:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30723
IP address blocks:        194.149.38.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:cc:a4:af:fb:d0:86:1a:11:eb:2c:7f:2f:ef:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
        Validity
            Not Before: Jan  2 10:32:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f064dfad60d33769262ba452da1ce4518a1aef2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:7e:25:c1:67:82:f9:95:60:e6:d6:eb:9d:1d:
                    66:df:48:2b:ea:17:7c:65:69:dd:f2:84:2d:8e:2f:
                    5e:b8:1d:fb:92:b7:9f:bc:b4:f4:03:9d:c9:29:40:
                    73:87:e0:ce:d0:a2:8e:23:7c:c7:77:2a:99:5e:f1:
                    10:c0:99:1f:58:7b:c6:41:2b:c7:ff:d8:dd:9b:4d:
                    65:86:f3:13:51:aa:08:8e:80:7b:b3:cf:ac:1b:e6:
                    10:67:57:30:4e:06:42:ae:ed:e3:4a:b1:13:7b:80:
                    42:e7:5d:4c:c0:5b:e9:07:3a:0d:ed:24:fe:9d:3f:
                    c2:f8:90:5a:40:f1:3b:8c:6c:90:86:65:c2:d2:02:
                    06:1a:9d:c4:56:a1:58:dd:20:fe:23:a4:89:9a:17:
                    ae:ba:45:b6:b8:85:9c:b7:77:08:f7:b1:39:56:84:
                    45:b3:7c:4e:ef:25:4c:e0:0f:f2:8f:9d:f3:26:b6:
                    07:bd:99:40:5c:df:e2:76:94:96:bc:d6:b9:be:22:
                    51:c8:d3:c9:35:5f:cb:1b:46:b0:bd:96:28:9f:86:
                    56:7b:34:98:49:e6:fc:04:c3:05:02:f9:14:24:4a:
                    05:a0:57:96:54:0f:79:d9:cf:19:c1:06:34:f9:8d:
                    22:5e:4e:d4:93:14:17:5b:d9:93:49:60:95:7a:25:
                    0f:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:06:4D:FA:D6:0D:33:76:92:62:BA:45:2D:A1:CE:45:18:A1:AE:F2
            X509v3 Authority Key Identifier:
                keyid:F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/bwZN-tYNM3aSYrpFLaHORRihrvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.149.38.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6d:a5:c1:49:f9:98:f2:50:c3:bd:13:85:b5:d8:bd:ca:c2:fa:
         f9:72:4a:14:e7:4c:93:54:5e:e4:71:2c:12:05:a9:db:05:6c:
         26:3a:fb:55:e0:b8:bd:62:08:3d:3e:09:8d:d7:4a:ee:9a:a9:
         06:e1:e6:45:5d:1c:83:92:84:f5:ff:3a:07:9c:50:35:c6:5a:
         b1:41:cb:d3:a0:50:54:b0:13:5a:d5:58:f6:6e:db:2e:15:4b:
         4e:32:a4:be:ba:06:c4:d6:d0:6c:f4:07:c5:55:8b:4c:5a:2a:
         7a:13:29:6c:3f:87:a9:ed:16:32:85:11:57:38:bc:3e:4a:95:
         35:d0:ca:28:9f:7c:12:af:f6:f4:ab:08:51:96:64:75:46:ae:
         34:21:90:f4:91:98:0a:68:72:a2:77:74:35:86:72:9d:8e:1b:
         07:2f:b2:93:1b:df:99:02:c1:9a:46:29:ab:2f:a5:87:27:c3:
         94:a0:d8:71:e4:ba:e3:f6:7b:4d:de:4c:62:77:d0:b3:ca:0e:
         3b:20:33:a0:4c:7f:1c:37:74:0f:da:f1:7f:c3:b6:15:b0:06:
         29:72:88:43:72:ae:2d:54:e4:dd:0e:0c:5a:e6:8c:b3:42:ca:
         47:f0:2f:31:7f:06:ab:8a:3d:1f:5f:01:28:f2:28:58:d8:23:
         25:9a:eb:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu8ykr/vQhhoR6yx/L+9gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMmRhYzYwNWY0NjU5NzE4YzBhMTVlMWY3MzJjYmQ0ZjQ4
YWFlN2IwHhcNMjQwMTAyMTAzMjU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjA2NGRmYWQ2MGQzMzc2OTI2MmJhNDUyZGExY2U0NTE4YTFhZWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArX4lwWeC+ZVg5tbrnR1m30gr6hd8
ZWnd8oQtji9euB37krefvLT0A53JKUBzh+DO0KKOI3zHdyqZXvEQwJkfWHvGQSvH
/9jdm01lhvMTUaoIjoB7s8+sG+YQZ1cwTgZCru3jSrETe4BC511MwFvpBzoN7ST+
nT/C+JBaQPE7jGyQhmXC0gIGGp3EVqFY3SD+I6SJmheuukW2uIWct3cI97E5VoRF
s3xO7yVM4A/yj53zJrYHvZlAXN/idpSWvNa5viJRyNPJNV/LG0awvZYon4ZWezSY
Seb8BMMFAvkUJEoFoFeWVA952c8ZwQY0+Y0iXk7UkxQXW9mTSWCVeiUPbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG8GTfrWDTN2kmK6RS2hzkUYoa7yMB8GA1UdIwQY
MBaAFPAtrGBfRllxjAoV4fcyy9T0iq57MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYt
MjkyYWU0NmU2MzAyLzEvYndaTi10WU5NM2FTWXJwRkxhSE9SUmlocnZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYtMjkyYWU0NmU2MzAy
LzEvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwpUmMA0G
CSqGSIb3DQEBCwUAA4IBAQBtpcFJ+ZjyUMO9E4W12L3Kwvr5ckoU50yTVF7kcSwS
BanbBWwmOvtV4Li9Ygg9PgmN10rumqkG4eZFXRyDkoT1/zoHnFA1xlqxQcvToFBU
sBNa1Vj2btsuFUtOMqS+ugbE1tBs9AfFVYtMWip6EylsP4ep7RYyhRFXOLw+SpU1
0Moon3wSr/b0qwhRlmR1Rq40IZD0kZgKaHKid3Q1hnKdjhsHL7KTG9+ZAsGaRimr
L6WHJ8OUoNhx5Lrj9ntN3kxid9Czyg47IDOgTH8cN3QP2vF/w7YVsAYpcohDcq4t
VOTdDgxa5oyzQspH8C8xfwarij0fXwEo8ihY2CMlmusA
-----END CERTIFICATE-----