Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/f89b64-87b7-48f4-8b60-c3204bde7773/1/aFjBtMgAkCdur0LAp1zKSd39ajk.roa
File:                     aFjBtMgAkCdur0LAp1zKSd39ajk.roa (raw, json)
Hash identifier:          k5sQSrUZApP+C12qAI5rWT2beBv2HXfS7efknu8qI8M=
Subject key identifier:   68:58:C1:B4:C8:00:90:27:6E:AF:42:C0:A7:5C:CA:49:DD:FD:6A:39
Certificate issuer:       /CN=021b3ea35edfdd138c15506d74a76022dd37694b
Certificate serial:       019427B5C2C70AE978E3E99FE9363729B739
Authority key identifier: 02:1B:3E:A3:5E:DF:DD:13:8C:15:50:6D:74:A7:60:22:DD:37:69:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ahs-o17f3ROMFVBtdKdgIt03aUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/f89b64-87b7-48f4-8b60-c3204bde7773/1/aFjBtMgAkCdur0LAp1zKSd39ajk.roa
Signing time:             Thu 02 Jan 2025 15:50:10 +0000
ROA not before:           Thu 02 Jan 2025 15:50:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203703
IP address blocks:        192.100.96.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/f89b64-87b7-48f4-8b60-c3204bde7773/1/Ahs-o17f3ROMFVBtdKdgIt03aUs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/f89b64-87b7-48f4-8b60-c3204bde7773/1/Ahs-o17f3ROMFVBtdKdgIt03aUs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ahs-o17f3ROMFVBtdKdgIt03aUs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:c2:c7:0a:e9:78:e3:e9:9f:e9:36:37:29:b7:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=021b3ea35edfdd138c15506d74a76022dd37694b
        Validity
            Not Before: Jan  2 15:50:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6858c1b4c80090276eaf42c0a75cca49ddfd6a39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:0b:4b:79:34:ba:43:e1:22:21:89:9e:43:23:
                    4d:0c:0c:d0:4d:c5:ff:f4:bc:8c:ff:9e:d6:75:49:
                    5f:2b:88:f8:80:4d:df:ad:4d:33:f9:de:b7:cd:22:
                    33:54:39:a6:f9:66:a3:d6:16:24:c6:c0:b4:3a:65:
                    3b:ee:b0:7c:eb:69:33:c5:ea:97:3e:3b:f4:a5:1f:
                    ca:72:31:b4:52:e4:c9:63:4d:f9:da:75:c2:5a:1d:
                    dc:fa:b1:98:04:0f:e1:82:d7:32:98:52:46:61:14:
                    6f:dd:7d:28:3c:2d:cf:a7:76:09:aa:4b:83:54:06:
                    e0:9c:12:9e:95:9d:52:31:e4:07:6e:dd:1e:5b:d6:
                    7e:62:48:98:c5:5b:f5:a0:b7:03:81:02:c3:6b:07:
                    65:7f:9e:e8:b9:90:00:32:79:03:70:71:35:97:de:
                    a2:cc:19:55:53:b5:b0:5a:a3:9d:b9:e2:97:96:a5:
                    22:48:7a:7b:04:c2:49:94:2a:fb:90:bc:f1:e8:28:
                    be:86:c5:5d:91:67:7c:60:ca:4e:3e:20:7b:0c:4c:
                    97:87:a1:84:8e:31:1a:c5:d4:fd:d8:99:af:ca:1c:
                    72:ff:1c:11:5a:c1:53:bb:8b:e0:b6:9e:95:c7:71:
                    32:38:db:0b:c0:54:b4:21:18:80:38:a7:37:52:bd:
                    6a:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:58:C1:B4:C8:00:90:27:6E:AF:42:C0:A7:5C:CA:49:DD:FD:6A:39
            X509v3 Authority Key Identifier:
                keyid:02:1B:3E:A3:5E:DF:DD:13:8C:15:50:6D:74:A7:60:22:DD:37:69:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ahs-o17f3ROMFVBtdKdgIt03aUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f89b64-87b7-48f4-8b60-c3204bde7773/1/aFjBtMgAkCdur0LAp1zKSd39ajk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f89b64-87b7-48f4-8b60-c3204bde7773/1/Ahs-o17f3ROMFVBtdKdgIt03aUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.100.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0e:1c:9a:89:1c:a7:0b:45:26:2e:a8:e7:bc:6d:3e:77:43:16:
         47:4c:bc:74:ca:2a:33:c8:32:c0:3e:11:95:ee:f7:09:ee:f7:
         04:e9:d4:85:2b:de:16:cd:f3:d5:a2:74:ba:06:b8:de:58:10:
         7c:af:b9:ad:76:47:dc:6b:21:cb:55:ba:2a:c4:3f:db:f5:c7:
         a7:ac:cc:a8:6f:8a:25:0d:a1:af:e8:41:6c:b7:b2:fb:c7:c1:
         77:dc:84:eb:3c:66:ef:51:a2:2b:e3:91:b2:2b:b8:25:53:d4:
         c4:45:ff:df:ee:90:a3:df:12:ac:b6:22:18:a8:fb:5b:e3:63:
         21:82:69:b1:d1:ac:79:14:92:47:b7:e8:04:60:de:76:78:67:
         91:43:01:46:f6:26:0c:1f:d3:a6:fa:29:d4:8f:d0:30:65:c1:
         0e:90:13:aa:8a:3a:31:96:c7:a1:14:5d:aa:b8:0b:a5:ec:5e:
         a4:6f:ce:c4:c6:74:c3:b0:32:29:e8:9f:db:d7:23:ce:3d:e8:
         63:8d:8b:33:28:78:71:b2:7d:b4:90:5c:b1:95:d8:8b:87:2f:
         39:63:c8:79:60:e5:5e:ac:4b:ab:51:9d:5d:55:0f:4e:51:69:
         9e:75:0c:7a:5b:ab:a9:be:c1:7b:f0:8e:5f:f8:15:5f:55:b2:
         c0:e9:86:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntcLHCul44+mf6TY3Kbc5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyMWIzZWEzNWVkZmRkMTM4YzE1NTA2ZDc0YTc2MDIyZGQz
NzY5NGIwHhcNMjUwMTAyMTU1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODU4YzFiNGM4MDA5MDI3NmVhZjQyYzBhNzVjY2E0OWRkZmQ2YTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAugtLeTS6Q+EiIYmeQyNNDAzQTcX/
9LyM/57WdUlfK4j4gE3frU0z+d63zSIzVDmm+Waj1hYkxsC0OmU77rB862kzxeqX
Pjv0pR/KcjG0UuTJY0352nXCWh3c+rGYBA/hgtcymFJGYRRv3X0oPC3Pp3YJqkuD
VAbgnBKelZ1SMeQHbt0eW9Z+YkiYxVv1oLcDgQLDawdlf57ouZAAMnkDcHE1l96i
zBlVU7WwWqOdueKXlqUiSHp7BMJJlCr7kLzx6Ci+hsVdkWd8YMpOPiB7DEyXh6GE
jjEaxdT92Jmvyhxy/xwRWsFTu4vgtp6Vx3EyONsLwFS0IRiAOKc3Ur1qgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGhYwbTIAJAnbq9CwKdcyknd/Wo5MB8GA1UdIwQY
MBaAFAIbPqNe390TjBVQbXSnYCLdN2lLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWhzLW8xN2YzUk9NRlZCdGRLZGdJdDAzYVVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9mODliNjQtODdiNy00OGY0LThiNjAt
YzMyMDRiZGU3NzczLzEvYUZqQnRNZ0FrQ2R1cjBMQXAxektTZDM5YWprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9mODliNjQtODdiNy00OGY0LThiNjAtYzMyMDRiZGU3Nzcz
LzEvQWhzLW8xN2YzUk9NRlZCdGRLZGdJdDAzYVVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwGRgMA0G
CSqGSIb3DQEBCwUAA4IBAQAOHJqJHKcLRSYuqOe8bT53QxZHTLx0yiozyDLAPhGV
7vcJ7vcE6dSFK94WzfPVonS6BrjeWBB8r7mtdkfcayHLVboqxD/b9cenrMyob4ol
DaGv6EFst7L7x8F33ITrPGbvUaIr45GyK7glU9TERf/f7pCj3xKstiIYqPtb42Mh
gmmx0ax5FJJHt+gEYN52eGeRQwFG9iYMH9Om+inUj9AwZcEOkBOqijoxlsehFF2q
uAul7F6kb87ExnTDsDIp6J/b1yPOPehjjYszKHhxsn20kFyxldiLhy85Y8h5YOVe
rEurUZ1dVQ9OUWmedQx6W6upvsF78I5f+BVfVbLA6Yb8
-----END CERTIFICATE-----