Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/b60d50-552a-44af-8ba5-36e4fb56fdb4/1/u8QMMjOaWd_Krv_W8LJeX00Sr3k.roa
File:                     u8QMMjOaWd_Krv_W8LJeX00Sr3k.roa (raw, json)
Hash identifier:          DylluWXw3pryeNDu9eYwxpsQ4bBN0mctFdR5kcS5inA=
Subject key identifier:   BB:C4:0C:32:33:9A:59:DF:CA:AE:FF:D6:F0:B2:5E:5F:4D:12:AF:79
Certificate issuer:       /CN=a6cb68246650bd58c22a2ae00ad066178a81eb6f
Certificate serial:       018DF079C4609C53987124E87BAF03402947
Authority key identifier: A6:CB:68:24:66:50:BD:58:C2:2A:2A:E0:0A:D0:66:17:8A:81:EB:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pstoJGZQvVjCKirgCtBmF4qB628.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/b60d50-552a-44af-8ba5-36e4fb56fdb4/1/u8QMMjOaWd_Krv_W8LJeX00Sr3k.roa
Signing time:             Wed 28 Feb 2024 16:08:48 +0000
ROA not before:           Wed 28 Feb 2024 16:08:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2116
IP address blocks:        193.160.176.0/21 maxlen: 21
                          193.160.176.0/24 maxlen: 24
                          193.160.184.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/b60d50-552a-44af-8ba5-36e4fb56fdb4/1/pstoJGZQvVjCKirgCtBmF4qB628.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/b60d50-552a-44af-8ba5-36e4fb56fdb4/1/pstoJGZQvVjCKirgCtBmF4qB628.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pstoJGZQvVjCKirgCtBmF4qB628.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f0:79:c4:60:9c:53:98:71:24:e8:7b:af:03:40:29:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6cb68246650bd58c22a2ae00ad066178a81eb6f
        Validity
            Not Before: Feb 28 16:08:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bbc40c32339a59dfcaaeffd6f0b25e5f4d12af79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:d1:b6:6f:31:e1:36:3c:4e:f1:f8:c9:6f:a6:
                    4f:4a:b6:73:b7:f2:5f:76:e1:f6:f2:b3:36:57:54:
                    01:d3:91:9f:3e:1a:73:19:52:58:3a:bb:67:a5:ca:
                    c9:5c:e2:1b:8e:32:49:83:63:53:90:28:05:9f:50:
                    2e:70:07:fa:ab:1d:52:c7:00:d4:7e:e3:a6:b8:61:
                    95:3b:04:cd:0a:6d:88:47:c6:f0:d2:ec:c1:cd:22:
                    7b:19:34:6b:e9:6b:ba:68:11:09:b3:a7:6b:79:82:
                    77:c2:30:7c:2c:92:71:2d:27:e3:5f:f6:f6:80:cb:
                    9a:05:20:d7:92:eb:09:37:23:b6:df:6c:ef:ab:aa:
                    1e:97:44:02:b6:de:01:02:a1:8b:2e:b9:88:b0:73:
                    9f:35:86:40:cb:d0:0b:ec:e9:5b:d8:55:38:aa:bb:
                    e6:c3:d9:7e:79:ad:7d:43:4c:7f:dd:0f:54:39:35:
                    61:f5:3c:b2:26:84:fc:d1:24:5a:2e:5f:ee:d2:b5:
                    83:5b:1b:df:6b:c0:45:3a:4f:84:4d:b8:4f:a0:c8:
                    69:83:ec:4e:ee:1d:81:58:fd:45:07:53:1a:47:3c:
                    a4:e4:5f:ee:d1:5c:aa:a7:ae:06:55:16:62:c8:ee:
                    54:e6:a0:00:80:a7:d5:b4:f6:bc:5a:f4:eb:70:bd:
                    c3:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:C4:0C:32:33:9A:59:DF:CA:AE:FF:D6:F0:B2:5E:5F:4D:12:AF:79
            X509v3 Authority Key Identifier:
                keyid:A6:CB:68:24:66:50:BD:58:C2:2A:2A:E0:0A:D0:66:17:8A:81:EB:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pstoJGZQvVjCKirgCtBmF4qB628.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/b60d50-552a-44af-8ba5-36e4fb56fdb4/1/u8QMMjOaWd_Krv_W8LJeX00Sr3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/b60d50-552a-44af-8ba5-36e4fb56fdb4/1/pstoJGZQvVjCKirgCtBmF4qB628.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.160.176.0-193.160.187.255

    Signature Algorithm: sha256WithRSAEncryption
         cf:79:f5:57:37:11:78:85:4f:1b:80:1f:8c:e7:d3:df:0c:7b:
         a5:40:06:08:18:00:49:c1:ed:0f:ba:d7:42:9e:6c:c5:9d:83:
         99:c3:56:10:a9:fb:fd:9c:c2:8c:c2:e4:57:fd:d4:f1:ac:b8:
         de:7b:f2:00:8a:b3:41:39:5a:ac:56:7e:21:95:16:a4:2f:b1:
         e1:db:41:56:dc:7c:39:cc:75:0c:3e:e4:bb:a9:52:c7:51:eb:
         22:d0:66:f8:e4:74:3a:b1:05:fd:6b:77:8b:9d:2d:ae:40:c8:
         d3:26:b0:a8:fb:71:87:fe:27:1e:fa:8f:8c:84:4b:5f:79:64:
         83:21:1c:b1:e2:1d:cf:93:56:93:c6:6a:31:e8:ae:57:a9:43:
         59:e3:df:f1:d0:57:2e:4a:41:20:7a:5e:06:6b:5b:f3:e5:12:
         69:82:93:55:d5:eb:ca:f7:bc:6f:b8:27:2f:51:82:8e:42:28:
         57:f3:5b:70:40:09:ec:72:d6:27:08:4d:f9:7a:ed:c5:4b:01:
         40:19:9d:f5:53:12:64:bd:aa:10:af:dd:36:d1:25:82:41:e7:
         d1:92:9a:57:c9:68:54:05:98:41:9d:80:83:c4:43:1c:bb:e8:
         62:93:5d:fb:64:d4:38:93:b0:cf:6a:b3:b7:74:a2:62:16:0d:
         f0:d1:49:76
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY3wecRgnFOYcSToe68DQClHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2Y2I2ODI0NjY1MGJkNThjMjJhMmFlMDBhZDA2NjE3OGE4
MWViNmYwHhcNMjQwMjI4MTYwODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmM0MGMzMjMzOWE1OWRmY2FhZWZmZDZmMGIyNWU1ZjRkMTJhZjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAitG2bzHhNjxO8fjJb6ZPSrZzt/Jf
duH28rM2V1QB05GfPhpzGVJYOrtnpcrJXOIbjjJJg2NTkCgFn1AucAf6qx1SxwDU
fuOmuGGVOwTNCm2IR8bw0uzBzSJ7GTRr6Wu6aBEJs6dreYJ3wjB8LJJxLSfjX/b2
gMuaBSDXkusJNyO232zvq6oel0QCtt4BAqGLLrmIsHOfNYZAy9AL7Olb2FU4qrvm
w9l+ea19Q0x/3Q9UOTVh9TyyJoT80SRaLl/u0rWDWxvfa8BFOk+ETbhPoMhpg+xO
7h2BWP1FB1MaRzyk5F/u0Vyqp64GVRZiyO5U5qAAgKfVtPa8WvTrcL3DhQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLvEDDIzmlnfyq7/1vCyXl9NEq95MB8GA1UdIwQY
MBaAFKbLaCRmUL1Ywioq4ArQZheKgetvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHN0b0pHWlF2VmpDS2lyZ0N0Qm1GNHFCNjI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9iNjBkNTAtNTUyYS00NGFmLThiYTUt
MzZlNGZiNTZmZGI0LzEvdThRTU1qT2FXZF9LcnZfVzhMSmVYMDBTcjNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9iNjBkNTAtNTUyYS00NGFmLThiYTUtMzZlNGZiNTZmZGI0
LzEvcHN0b0pHWlF2VmpDS2lyZ0N0Qm1GNHFCNjI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBATBoLAD
BALBoLgwDQYJKoZIhvcNAQELBQADggEBAM959Vc3EXiFTxuAH4zn098Me6VABggY
AEnB7Q+610KebMWdg5nDVhCp+/2cwozC5Ff91PGsuN578gCKs0E5WqxWfiGVFqQv
seHbQVbcfDnMdQw+5LupUsdR6yLQZvjkdDqxBf1rd4udLa5AyNMmsKj7cYf+Jx76
j4yES195ZIMhHLHiHc+TVpPGajHorlepQ1nj3/HQVy5KQSB6XgZrW/PlEmmCk1XV
68r3vG+4Jy9Rgo5CKFfzW3BACexy1icITfl67cVLAUAZnfVTEmS9qhCv3TbRJYJB
59GSmlfJaFQFmEGdgIPEQxy76GKTXftk1DiTsM9qs7d0omIWDfDRSXY=
-----END CERTIFICATE-----