Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/d6cfe9-c301-4079-86b9-7fbc4e5797a1/1/lI69GbRkaPtLjAXvYDryLHilHVY.roa
File:                     lI69GbRkaPtLjAXvYDryLHilHVY.roa (raw, json)
Hash identifier:          wurkX2WgkSI7IlnqPTwSEbjr/BypOIG6p9LFO6sI8XY=
Subject key identifier:   94:8E:BD:19:B4:64:68:FB:4B:8C:05:EF:60:3A:F2:2C:78:A5:1D:56
Certificate issuer:       /CN=ff13a21b4e8ce14ce7d6680c990ec6ba29a027c2
Certificate serial:       0190FDA93AF6D4C9654EFDA10825D8AA66B5
Authority key identifier: FF:13:A2:1B:4E:8C:E1:4C:E7:D6:68:0C:99:0E:C6:BA:29:A0:27:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_xOiG06M4Uzn1mgMmQ7GuimgJ8I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/d6cfe9-c301-4079-86b9-7fbc4e5797a1/1/lI69GbRkaPtLjAXvYDryLHilHVY.roa
Signing time:             Mon 29 Jul 2024 08:44:04 +0000
ROA not before:           Mon 29 Jul 2024 08:44:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60458
IP address blocks:        193.3.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/d6cfe9-c301-4079-86b9-7fbc4e5797a1/1/_xOiG06M4Uzn1mgMmQ7GuimgJ8I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/d6cfe9-c301-4079-86b9-7fbc4e5797a1/1/_xOiG06M4Uzn1mgMmQ7GuimgJ8I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_xOiG06M4Uzn1mgMmQ7GuimgJ8I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:fd:a9:3a:f6:d4:c9:65:4e:fd:a1:08:25:d8:aa:66:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff13a21b4e8ce14ce7d6680c990ec6ba29a027c2
        Validity
            Not Before: Jul 29 08:44:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=948ebd19b46468fb4b8c05ef603af22c78a51d56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:d4:ac:ef:38:20:bb:db:83:6b:25:13:85:65:
                    0e:d2:f2:27:57:fa:20:1c:03:56:63:9d:af:18:68:
                    ea:1e:be:83:a0:87:2f:1a:7d:14:d9:32:02:3d:ff:
                    c5:3f:00:33:7d:0b:c3:ce:a7:70:70:83:04:ba:76:
                    76:a4:a8:1b:d4:2a:2b:c3:87:f1:19:41:6c:92:a5:
                    97:35:b4:5b:e2:09:a7:3c:7c:df:d6:b8:aa:4b:01:
                    e6:67:3d:f6:56:a9:b1:16:c4:ec:8f:c7:7c:8a:37:
                    7e:91:e8:3c:07:2f:01:51:13:79:d4:e2:8f:52:f5:
                    16:0d:a9:df:08:d8:95:f6:c5:3b:c9:9c:43:90:c7:
                    13:c1:4d:e6:af:d6:5f:14:87:a0:1e:a9:90:72:0c:
                    94:eb:55:96:1e:3f:71:0a:22:a2:2f:e0:8b:8c:0d:
                    f5:10:f6:dd:f0:de:36:f4:f0:72:6b:33:e7:03:52:
                    90:4e:44:b1:c2:d5:8f:63:10:50:7a:57:3b:7b:26:
                    0a:bd:ea:b1:d5:f6:bf:b3:d1:45:0f:04:d4:23:38:
                    aa:96:6a:a0:da:9a:cd:36:d8:88:dc:4a:5b:a0:62:
                    d4:fa:1c:bd:57:c4:c2:62:86:30:38:39:9c:3b:32:
                    ab:f1:29:bf:a4:c4:37:00:98:f9:56:bd:d5:0f:62:
                    d0:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:8E:BD:19:B4:64:68:FB:4B:8C:05:EF:60:3A:F2:2C:78:A5:1D:56
            X509v3 Authority Key Identifier:
                keyid:FF:13:A2:1B:4E:8C:E1:4C:E7:D6:68:0C:99:0E:C6:BA:29:A0:27:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_xOiG06M4Uzn1mgMmQ7GuimgJ8I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/d6cfe9-c301-4079-86b9-7fbc4e5797a1/1/lI69GbRkaPtLjAXvYDryLHilHVY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/d6cfe9-c301-4079-86b9-7fbc4e5797a1/1/_xOiG06M4Uzn1mgMmQ7GuimgJ8I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:c8:fb:7e:10:08:45:fc:7a:30:5b:2e:f3:b4:02:92:e9:9f:
         23:4b:dd:c8:25:ef:d6:de:86:71:2c:97:a7:2b:38:d6:19:7c:
         e3:f1:2b:07:5a:ae:c9:0a:bf:19:6f:a2:4b:34:90:b0:e6:e6:
         fd:7b:15:dd:40:e9:98:dd:15:a5:f0:f9:70:6a:0b:29:28:70:
         72:e4:29:f8:37:e1:d6:74:7b:52:ef:b7:c3:27:de:e5:fd:5f:
         ff:92:69:4e:01:6a:c6:19:f2:36:6b:bb:a1:b8:fe:20:6b:24:
         50:05:28:e5:45:36:e6:4f:c4:01:0c:71:5e:db:2c:bf:48:20:
         ba:b1:58:5e:61:f3:b7:b0:78:c6:41:1f:06:f1:ad:67:d8:21:
         89:ce:32:30:49:f4:25:9a:32:14:e6:8d:5b:a9:25:65:02:c2:
         2e:31:ba:36:fc:e0:a9:ce:bf:83:85:7b:cb:43:16:30:11:c6:
         b9:b8:64:57:2c:4e:8d:a2:19:a1:7e:7b:64:85:cf:e5:69:cb:
         62:0d:71:e9:3c:ac:20:59:e2:29:11:ff:b2:42:8c:8a:fa:c0:
         2e:ce:52:e4:c0:18:ed:db:63:4d:88:57:44:8f:7a:7d:0d:a2:
         b5:18:56:d9:e8:09:b1:98:2b:2f:8f:5b:34:33:c1:3c:30:03:
         a3:e1:63:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZD9qTr21MllTv2hCCXYqma1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmMTNhMjFiNGU4Y2UxNGNlN2Q2NjgwYzk5MGVjNmJhMjlh
MDI3YzIwHhcNMjQwNzI5MDg0NDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDhlYmQxOWI0NjQ2OGZiNGI4YzA1ZWY2MDNhZjIyYzc4YTUxZDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1NSs7zggu9uDayUThWUO0vInV/og
HANWY52vGGjqHr6DoIcvGn0U2TICPf/FPwAzfQvDzqdwcIMEunZ2pKgb1Corw4fx
GUFskqWXNbRb4gmnPHzf1riqSwHmZz32VqmxFsTsj8d8ijd+keg8By8BURN51OKP
UvUWDanfCNiV9sU7yZxDkMcTwU3mr9ZfFIegHqmQcgyU61WWHj9xCiKiL+CLjA31
EPbd8N429PByazPnA1KQTkSxwtWPYxBQelc7eyYKveqx1fa/s9FFDwTUIziqlmqg
2prNNtiI3EpboGLU+hy9V8TCYoYwODmcOzKr8Sm/pMQ3AJj5Vr3VD2LQYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJSOvRm0ZGj7S4wF72A68ix4pR1WMB8GA1UdIwQY
MBaAFP8TohtOjOFM59ZoDJkOxropoCfCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3hPaUcwNk00VXpuMW1nTW1RN0d1aW1nSjhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi9kNmNmZTktYzMwMS00MDc5LTg2Yjkt
N2ZiYzRlNTc5N2ExLzEvbEk2OUdiUmthUHRMakFYdllEcnlMSGlsSFZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi9kNmNmZTktYzMwMS00MDc5LTg2YjktN2ZiYzRlNTc5N2Ex
LzEvX3hPaUcwNk00VXpuMW1nTW1RN0d1aW1nSjhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQPoMA0G
CSqGSIb3DQEBCwUAA4IBAQBPyPt+EAhF/HowWy7ztAKS6Z8jS93IJe/W3oZxLJen
KzjWGXzj8SsHWq7JCr8Zb6JLNJCw5ub9exXdQOmY3RWl8PlwagspKHBy5Cn4N+HW
dHtS77fDJ97l/V//kmlOAWrGGfI2a7uhuP4gayRQBSjlRTbmT8QBDHFe2yy/SCC6
sVheYfO3sHjGQR8G8a1n2CGJzjIwSfQlmjIU5o1bqSVlAsIuMbo2/OCpzr+DhXvL
QxYwEca5uGRXLE6Nohmhfntkhc/lactiDXHpPKwgWeIpEf+yQoyK+sAuzlLkwBjt
22NNiFdEj3p9DaK1GFbZ6AmxmCsvj1s0M8E8MAOj4WN6
-----END CERTIFICATE-----