Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/05ab16-2228-488e-b152-eb0921895714/1/7hqrQiwuo9vc2A0W22l55ns2t2w.roa
File:                     7hqrQiwuo9vc2A0W22l55ns2t2w.roa (raw, json)
Hash identifier:          Wttxsv+QDOB3rTQJmGLRAi8J+zSI/yaZ/VkBvnPvQ3s=
Subject key identifier:   EE:1A:AB:42:2C:2E:A3:DB:DC:D8:0D:16:DB:69:79:E6:7B:36:B7:6C
Certificate issuer:       /CN=960c6d787e6b5eb64248dd9a7a1065b1053f7458
Certificate serial:       018CC8DEF1A5E2F91908238B1DF99491B00A
Authority key identifier: 96:0C:6D:78:7E:6B:5E:B6:42:48:DD:9A:7A:10:65:B1:05:3F:74:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lgxteH5rXrZCSN2aehBlsQU_dFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/05ab16-2228-488e-b152-eb0921895714/1/7hqrQiwuo9vc2A0W22l55ns2t2w.roa
Signing time:             Tue 02 Jan 2024 06:31:43 +0000
ROA not before:           Tue 02 Jan 2024 06:31:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29641
IP address blocks:        193.8.106.0/23 maxlen: 23
                          193.8.108.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/05ab16-2228-488e-b152-eb0921895714/1/lgxteH5rXrZCSN2aehBlsQU_dFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/05ab16-2228-488e-b152-eb0921895714/1/lgxteH5rXrZCSN2aehBlsQU_dFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lgxteH5rXrZCSN2aehBlsQU_dFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:f1:a5:e2:f9:19:08:23:8b:1d:f9:94:91:b0:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=960c6d787e6b5eb64248dd9a7a1065b1053f7458
        Validity
            Not Before: Jan  2 06:31:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee1aab422c2ea3dbdcd80d16db6979e67b36b76c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:e0:f7:77:30:97:d4:82:14:36:96:7c:02:3e:
                    3d:62:e5:d0:d1:b8:5c:c4:96:cf:3d:ee:1d:a9:6e:
                    68:17:dd:f2:c9:07:fe:c1:86:1a:b0:ea:91:f7:a0:
                    58:78:ca:3b:c1:95:8c:6d:0f:9d:e9:c9:29:d8:6e:
                    5a:38:71:18:38:76:86:f6:dc:b9:0d:dd:4c:47:0d:
                    9d:c6:4a:e1:d5:09:41:69:91:6a:38:3d:94:e4:e3:
                    70:36:c1:dc:7b:c1:ff:12:1b:73:40:8f:ed:32:79:
                    99:7e:c9:76:67:29:87:ff:4d:54:1a:96:63:12:63:
                    5d:9d:3c:35:2d:a8:6f:2f:b3:33:fe:ba:a1:6e:d3:
                    90:1f:fa:36:d2:04:4b:53:a1:62:30:e3:08:09:1c:
                    a6:89:f8:c8:76:56:5b:ab:8c:e3:b4:b5:d7:49:da:
                    37:3c:77:e9:6b:2a:c3:61:b9:b5:c3:9f:19:55:b6:
                    fe:3a:d4:e6:73:89:6e:9b:b3:b9:32:9b:76:bd:7c:
                    43:e5:2c:69:0a:a6:e5:8d:c7:75:87:86:ee:09:08:
                    e7:f6:9c:0c:13:51:db:fc:df:51:16:4d:aa:8b:02:
                    d9:a9:68:ef:9c:72:52:7f:74:4e:80:c2:05:d4:6d:
                    e8:99:72:d0:49:db:fb:26:5c:52:63:ff:80:8e:43:
                    de:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:1A:AB:42:2C:2E:A3:DB:DC:D8:0D:16:DB:69:79:E6:7B:36:B7:6C
            X509v3 Authority Key Identifier:
                keyid:96:0C:6D:78:7E:6B:5E:B6:42:48:DD:9A:7A:10:65:B1:05:3F:74:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lgxteH5rXrZCSN2aehBlsQU_dFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/05ab16-2228-488e-b152-eb0921895714/1/7hqrQiwuo9vc2A0W22l55ns2t2w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/05ab16-2228-488e-b152-eb0921895714/1/lgxteH5rXrZCSN2aehBlsQU_dFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.106.0-193.8.109.255

    Signature Algorithm: sha256WithRSAEncryption
         62:27:64:1f:dc:1b:d0:1b:ac:4b:9f:59:5e:d3:a0:92:8d:24:
         79:bd:32:de:22:83:5c:d6:fd:ff:df:1a:5a:fa:2e:0a:67:2a:
         5f:23:20:da:22:5b:07:88:8d:27:79:b0:fa:09:2f:81:35:b7:
         e7:61:de:5f:d9:6a:b1:62:fd:f2:bf:24:41:77:94:b5:75:0c:
         48:49:cc:4c:29:81:8d:22:96:7d:5e:24:aa:59:6a:c7:27:47:
         6f:68:78:eb:bf:31:7f:c2:03:e4:6b:21:82:fd:a0:4c:eb:f3:
         53:4b:d4:f3:b2:4b:fe:1f:9f:a4:7f:68:c8:93:de:d7:93:f0:
         28:46:ec:34:51:eb:f0:43:fb:73:33:53:a0:50:e1:77:b1:b9:
         88:4c:de:47:bb:16:bb:ff:77:9c:8e:95:5e:4e:6c:53:f0:ff:
         0a:49:13:d3:cc:f4:51:ad:74:89:38:6c:94:f8:d0:19:99:73:
         6f:4e:a7:27:84:29:df:a0:40:c9:ce:e0:a0:f8:1c:01:27:b4:
         a7:7e:04:39:15:d9:9c:20:a7:37:64:25:6b:ad:a6:cc:53:ac:
         44:64:a1:e8:40:47:4b:92:3d:f6:5e:cd:8f:21:f4:01:26:c7:
         ea:22:56:33:de:80:8c:9c:2e:fc:d1:88:cb:10:1d:2e:b7:51:
         d4:5b:10:e9
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzI3vGl4vkZCCOLHfmUkbAKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MGM2ZDc4N2U2YjVlYjY0MjQ4ZGQ5YTdhMTA2NWIxMDUz
Zjc0NTgwHhcNMjQwMTAyMDYzMTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTFhYWI0MjJjMmVhM2RiZGNkODBkMTZkYjY5NzllNjdiMzZiNzZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg+D3dzCX1IIUNpZ8Aj49YuXQ0bhc
xJbPPe4dqW5oF93yyQf+wYYasOqR96BYeMo7wZWMbQ+d6ckp2G5aOHEYOHaG9ty5
Dd1MRw2dxkrh1QlBaZFqOD2U5ONwNsHce8H/EhtzQI/tMnmZfsl2ZymH/01UGpZj
EmNdnTw1LahvL7Mz/rqhbtOQH/o20gRLU6FiMOMICRymifjIdlZbq4zjtLXXSdo3
PHfpayrDYbm1w58ZVbb+OtTmc4lum7O5Mpt2vXxD5SxpCqbljcd1h4buCQjn9pwM
E1Hb/N9RFk2qiwLZqWjvnHJSf3ROgMIF1G3omXLQSdv7JlxSY/+AjkPeLwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFO4aq0IsLqPb3NgNFttpeeZ7NrdsMB8GA1UdIwQY
MBaAFJYMbXh+a162QkjdmnoQZbEFP3RYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGd4dGVINXJYclpDU04yYWVoQmxzUVVfZEZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wNWFiMTYtMjIyOC00ODhlLWIxNTIt
ZWIwOTIxODk1NzE0LzEvN2hxclFpd3VvOXZjMkEwVzIybDU1bnMydDJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wNWFiMTYtMjIyOC00ODhlLWIxNTItZWIwOTIxODk1NzE0
LzEvbGd4dGVINXJYclpDU04yYWVoQmxzUVVfZEZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAHBCGoD
BAHBCGwwDQYJKoZIhvcNAQELBQADggEBAGInZB/cG9AbrEufWV7ToJKNJHm9Mt4i
g1zW/f/fGlr6LgpnKl8jINoiWweIjSd5sPoJL4E1t+dh3l/ZarFi/fK/JEF3lLV1
DEhJzEwpgY0iln1eJKpZascnR29oeOu/MX/CA+RrIYL9oEzr81NL1POyS/4fn6R/
aMiT3teT8ChG7DRR6/BD+3MzU6BQ4XexuYhM3ke7Frv/d5yOlV5ObFPw/wpJE9PM
9FGtdIk4bJT40BmZc29OpyeEKd+gQMnO4KD4HAEntKd+BDkV2ZwgpzdkJWutpsxT
rERkoehAR0uSPfZezY8h9AEmx+oiVjPegIycLvzRiMsQHS63UdRbEOk=
-----END CERTIFICATE-----