Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/d6e44d-89ab-460e-9379-95c50531d4d8/1/j2L-6G_N2FSug-pbSDJAmgqZhk8.roa
File:                     j2L-6G_N2FSug-pbSDJAmgqZhk8.roa (raw, json)
Hash identifier:          rSuzbHGP9YbGBLmI7SdLDAbl/HUf/LFm1Tl1we3bsKs=
Subject key identifier:   8F:62:FE:E8:6F:CD:D8:54:AE:83:EA:5B:48:32:40:9A:0A:99:86:4F
Certificate issuer:       /CN=bbfb3671c9fc746a1ca63449546557ca9e9a7d6d
Certificate serial:       018CC4930EED01A1BF58031C7AA6BF42C1BF
Authority key identifier: BB:FB:36:71:C9:FC:74:6A:1C:A6:34:49:54:65:57:CA:9E:9A:7D:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u_s2ccn8dGocpjRJVGVXyp6afW0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/d6e44d-89ab-460e-9379-95c50531d4d8/1/j2L-6G_N2FSug-pbSDJAmgqZhk8.roa
Signing time:             Mon 01 Jan 2024 10:30:21 +0000
ROA not before:           Mon 01 Jan 2024 10:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34863
IP address blocks:        193.46.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/d6e44d-89ab-460e-9379-95c50531d4d8/1/u_s2ccn8dGocpjRJVGVXyp6afW0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/d6e44d-89ab-460e-9379-95c50531d4d8/1/u_s2ccn8dGocpjRJVGVXyp6afW0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u_s2ccn8dGocpjRJVGVXyp6afW0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:0e:ed:01:a1:bf:58:03:1c:7a:a6:bf:42:c1:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bbfb3671c9fc746a1ca63449546557ca9e9a7d6d
        Validity
            Not Before: Jan  1 10:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f62fee86fcdd854ae83ea5b4832409a0a99864f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:5a:9e:57:67:30:4a:45:0e:61:9a:3c:bd:45:
                    91:91:65:e4:f3:bc:dc:cd:fe:f8:d5:82:21:0c:7b:
                    95:d8:90:3b:59:ed:d2:bc:dc:11:9f:cb:e9:8a:54:
                    77:65:e7:01:7a:3a:2d:6c:db:5e:ba:cd:aa:e1:3f:
                    c8:5b:3d:ae:87:12:ce:00:d7:b0:d5:05:a1:87:4d:
                    e0:28:4f:a9:f1:b9:e4:22:09:0d:9a:a4:11:58:0d:
                    fa:a5:91:60:7f:a9:38:39:3c:43:75:43:0c:9c:b0:
                    e8:57:88:3a:70:e8:82:c3:5d:56:f9:b6:cd:0f:4f:
                    b3:a9:2c:51:18:6f:9b:7c:44:5d:b6:ff:d0:39:2a:
                    a6:e1:41:d1:ef:97:33:e7:dd:f3:c4:a9:f7:eb:e7:
                    f0:df:f8:93:9c:19:ee:a8:d8:36:ac:64:dd:1b:58:
                    9b:72:a2:9c:53:c8:aa:ac:da:dd:db:37:88:ba:99:
                    c6:e8:ac:ff:5c:3c:ef:17:98:6b:75:46:6e:dd:e4:
                    6d:e3:14:db:a2:70:26:c2:ae:57:68:f1:e6:60:4a:
                    e5:0d:fa:80:8a:6e:7b:d7:d2:c5:c1:d1:4c:ce:d6:
                    54:08:55:a2:69:df:07:8a:1e:35:4d:38:6e:c6:64:
                    66:17:3c:d6:f1:04:fc:fc:d7:9e:47:f6:e6:22:44:
                    a6:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:62:FE:E8:6F:CD:D8:54:AE:83:EA:5B:48:32:40:9A:0A:99:86:4F
            X509v3 Authority Key Identifier:
                keyid:BB:FB:36:71:C9:FC:74:6A:1C:A6:34:49:54:65:57:CA:9E:9A:7D:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u_s2ccn8dGocpjRJVGVXyp6afW0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/d6e44d-89ab-460e-9379-95c50531d4d8/1/j2L-6G_N2FSug-pbSDJAmgqZhk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/d6e44d-89ab-460e-9379-95c50531d4d8/1/u_s2ccn8dGocpjRJVGVXyp6afW0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.46.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:34:0c:25:8a:a7:95:b0:ea:15:eb:43:e9:66:3c:f1:35:50:
         de:27:98:47:82:d3:07:6e:9a:69:9d:0e:0b:1c:53:b8:f2:1c:
         6f:75:50:cb:e5:33:2e:8e:c5:78:df:5f:29:fb:96:13:b6:b3:
         41:75:ba:8d:b2:bf:53:ed:bc:05:f1:de:b8:87:5a:25:c7:79:
         96:58:ca:4f:a8:62:8d:da:35:0e:2f:14:7e:98:ba:65:bd:2d:
         13:c2:d3:06:a6:c4:17:8a:a4:f1:b7:2b:cf:43:92:a9:e0:62:
         6f:81:11:a8:74:ed:05:b9:01:c5:f4:cd:e5:f9:b0:5d:31:ca:
         78:7b:3c:97:5d:32:00:e1:04:c0:b8:5c:22:2f:2b:19:84:d1:
         d4:04:09:84:10:0e:9d:5a:a0:c8:88:83:94:3b:4c:a4:47:af:
         03:82:1f:93:b0:19:4a:e7:ac:13:83:0b:39:8d:8e:f7:a3:91:
         e8:e5:61:1a:3a:12:37:4d:53:b7:b2:4f:9a:f1:ac:2c:27:97:
         3a:45:ce:22:64:a9:db:09:5e:af:9a:d7:32:8a:6c:9e:55:c8:
         d5:8b:68:38:67:3b:9f:9a:6b:b0:22:fe:3d:cd:ab:e5:fa:0a:
         f7:97:47:e3:66:9c:8c:95:7e:47:22:f0:32:ba:d2:2e:60:e4:
         67:3d:8a:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkw7tAaG/WAMceqa/QsG/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiZmIzNjcxYzlmYzc0NmExY2E2MzQ0OTU0NjU1N2NhOWU5
YTdkNmQwHhcNMjQwMTAxMTAzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjYyZmVlODZmY2RkODU0YWU4M2VhNWI0ODMyNDA5YTBhOTk4NjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmVqeV2cwSkUOYZo8vUWRkWXk87zc
zf741YIhDHuV2JA7We3SvNwRn8vpilR3ZecBejotbNteus2q4T/IWz2uhxLOANew
1QWhh03gKE+p8bnkIgkNmqQRWA36pZFgf6k4OTxDdUMMnLDoV4g6cOiCw11W+bbN
D0+zqSxRGG+bfERdtv/QOSqm4UHR75cz593zxKn36+fw3/iTnBnuqNg2rGTdG1ib
cqKcU8iqrNrd2zeIupnG6Kz/XDzvF5hrdUZu3eRt4xTbonAmwq5XaPHmYErlDfqA
im5719LFwdFMztZUCFWiad8Hih41TThuxmRmFzzW8QT8/NeeR/bmIkSmGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI9i/uhvzdhUroPqW0gyQJoKmYZPMB8GA1UdIwQY
MBaAFLv7NnHJ/HRqHKY0SVRlV8qemn1tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdV9zMmNjbjhkR29jcGpSSlZHVlh5cDZhZlcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9kNmU0NGQtODlhYi00NjBlLTkzNzkt
OTVjNTA1MzFkNGQ4LzEvajJMLTZHX04yRlN1Zy1wYlNESkFtZ3FaaGs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9kNmU0NGQtODlhYi00NjBlLTkzNzktOTVjNTA1MzFkNGQ4
LzEvdV9zMmNjbjhkR29jcGpSSlZHVlh5cDZhZlcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwS5VMA0G
CSqGSIb3DQEBCwUAA4IBAQAINAwliqeVsOoV60PpZjzxNVDeJ5hHgtMHbpppnQ4L
HFO48hxvdVDL5TMujsV4318p+5YTtrNBdbqNsr9T7bwF8d64h1olx3mWWMpPqGKN
2jUOLxR+mLplvS0TwtMGpsQXiqTxtyvPQ5Kp4GJvgRGodO0FuQHF9M3l+bBdMcp4
ezyXXTIA4QTAuFwiLysZhNHUBAmEEA6dWqDIiIOUO0ykR68Dgh+TsBlK56wTgws5
jY73o5Ho5WEaOhI3TVO3sk+a8awsJ5c6Rc4iZKnbCV6vmtcyimyeVcjVi2g4Zzuf
mmuwIv49zavl+gr3l0fjZpyMlX5HIvAyutIuYORnPYqv
-----END CERTIFICATE-----