Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/ef6c8e-3f07-4b3f-a87e-bbe912eec73e/1/azIpFXgkBBinE9Zc3Of3beY0jcg.roa
File:                     azIpFXgkBBinE9Zc3Of3beY0jcg.roa (raw, json)
Hash identifier:          EY2T+YWiWJyP3YR8BbFZbCLsmdbdE5433HS02bok1Iw=
Subject key identifier:   6B:32:29:15:78:24:04:18:A7:13:D6:5C:DC:E7:F7:6D:E6:34:8D:C8
Certificate issuer:       /CN=40254d4a767ad099606e442e092f91241a363670
Certificate serial:       018CC6B792521F9F970209F957CDD59816DC
Authority key identifier: 40:25:4D:4A:76:7A:D0:99:60:6E:44:2E:09:2F:91:24:1A:36:36:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QCVNSnZ60JlgbkQuCS-RJBo2NnA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/ef6c8e-3f07-4b3f-a87e-bbe912eec73e/1/azIpFXgkBBinE9Zc3Of3beY0jcg.roa
Signing time:             Mon 01 Jan 2024 20:29:28 +0000
ROA not before:           Mon 01 Jan 2024 20:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21227
IP address blocks:        193.22.108.0/24 maxlen: 24
                          2a0f:7b40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/ef6c8e-3f07-4b3f-a87e-bbe912eec73e/1/QCVNSnZ60JlgbkQuCS-RJBo2NnA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/ef6c8e-3f07-4b3f-a87e-bbe912eec73e/1/QCVNSnZ60JlgbkQuCS-RJBo2NnA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QCVNSnZ60JlgbkQuCS-RJBo2NnA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:92:52:1f:9f:97:02:09:f9:57:cd:d5:98:16:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40254d4a767ad099606e442e092f91241a363670
        Validity
            Not Before: Jan  1 20:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b32291578240418a713d65cdce7f76de6348dc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:3f:75:8b:aa:77:80:03:a0:16:d1:e5:53:ac:
                    44:93:b8:f8:77:f5:f8:db:30:0f:04:13:e4:1f:85:
                    44:b6:7e:48:ad:0e:55:83:ec:52:1a:6b:94:50:fd:
                    3c:41:da:73:77:c0:70:3f:16:75:d4:25:00:63:21:
                    78:ad:6d:f1:8a:44:76:f7:22:50:d4:a2:36:16:ef:
                    93:30:de:e1:f3:bf:82:1d:aa:99:e1:bf:89:98:5c:
                    ab:9b:46:2f:93:7c:7f:de:54:db:3e:c3:e3:0f:7d:
                    2e:2c:be:d4:32:5a:ac:74:c8:ae:3e:1e:ae:87:63:
                    66:c1:6d:f3:bd:cd:fd:61:7c:bf:01:fe:69:ef:83:
                    41:83:35:ee:f3:7e:c5:ab:04:db:59:64:3e:e5:55:
                    2e:b5:96:89:68:02:94:5a:a6:74:9b:65:16:80:bf:
                    62:b8:99:df:50:8d:f2:ff:8e:17:2f:f9:93:d2:5a:
                    be:7f:f8:b6:31:a6:53:d0:f3:d7:e8:de:ba:e3:09:
                    8f:3a:ce:c5:fb:78:21:df:a8:54:a5:88:00:f2:4f:
                    f6:47:ed:76:79:8e:12:8f:f1:75:04:84:9b:00:0e:
                    ef:6c:a4:0d:76:56:95:60:39:b0:ed:b4:c3:72:89:
                    59:30:4e:93:78:b0:58:d3:54:68:3e:49:25:f8:be:
                    63:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:32:29:15:78:24:04:18:A7:13:D6:5C:DC:E7:F7:6D:E6:34:8D:C8
            X509v3 Authority Key Identifier:
                keyid:40:25:4D:4A:76:7A:D0:99:60:6E:44:2E:09:2F:91:24:1A:36:36:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QCVNSnZ60JlgbkQuCS-RJBo2NnA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/ef6c8e-3f07-4b3f-a87e-bbe912eec73e/1/azIpFXgkBBinE9Zc3Of3beY0jcg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/ef6c8e-3f07-4b3f-a87e-bbe912eec73e/1/QCVNSnZ60JlgbkQuCS-RJBo2NnA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.22.108.0/24
                IPv6:
                  2a0f:7b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         0f:68:b6:54:50:d1:26:f1:05:3d:75:1a:18:d0:eb:38:b8:2b:
         96:75:48:fa:c3:43:3b:f8:e2:17:ed:a6:14:19:4f:71:36:a9:
         91:21:9f:13:7e:b7:eb:1c:19:47:cd:39:5b:98:af:2c:bf:64:
         09:56:6e:7f:81:9b:24:5d:c7:cf:83:69:1b:32:5e:2a:40:f6:
         99:0d:df:00:c7:79:5b:e7:26:af:a0:b0:19:db:22:a3:5f:81:
         fe:b4:7b:2c:a8:d9:a4:68:a7:d4:f1:f7:27:33:dc:08:ae:01:
         1c:7c:d0:66:a8:ee:46:4c:ed:ba:75:4d:57:0b:55:94:5f:e3:
         cd:e4:8d:38:62:5f:6f:ee:73:86:55:0a:2b:a6:f3:ec:a2:f2:
         4a:7e:cf:66:95:f7:02:b5:7d:b2:7d:1c:e7:4e:99:93:ac:fa:
         46:49:a3:d6:8c:4e:c3:16:6e:63:f8:01:54:93:f8:e9:82:5d:
         9d:11:e8:0b:59:07:00:98:e1:88:f7:52:0f:61:e4:d3:a4:96:
         12:f6:84:eb:52:29:67:8b:61:da:2f:9d:6e:4e:e7:2f:ba:b1:
         bb:23:bc:e1:15:d8:42:3d:02:9e:80:92:34:84:bb:fa:7c:e7:
         51:c1:b3:be:9f:a7:94:34:7b:82:8a:f0:ea:93:9b:28:5d:7f:
         b5:08:ba:44
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGt5JSH5+XAgn5V83VmBbcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwMjU0ZDRhNzY3YWQwOTk2MDZlNDQyZTA5MmY5MTI0MWEz
NjM2NzAwHhcNMjQwMTAxMjAyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjMyMjkxNTc4MjQwNDE4YTcxM2Q2NWNkY2U3Zjc2ZGU2MzQ4ZGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmT91i6p3gAOgFtHlU6xEk7j4d/X4
2zAPBBPkH4VEtn5IrQ5Vg+xSGmuUUP08Qdpzd8BwPxZ11CUAYyF4rW3xikR29yJQ
1KI2Fu+TMN7h87+CHaqZ4b+JmFyrm0Yvk3x/3lTbPsPjD30uLL7UMlqsdMiuPh6u
h2NmwW3zvc39YXy/Af5p74NBgzXu837FqwTbWWQ+5VUutZaJaAKUWqZ0m2UWgL9i
uJnfUI3y/44XL/mT0lq+f/i2MaZT0PPX6N664wmPOs7F+3gh36hUpYgA8k/2R+12
eY4Sj/F1BISbAA7vbKQNdlaVYDmw7bTDcolZME6TeLBY01RoPkkl+L5jrwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGsyKRV4JAQYpxPWXNzn923mNI3IMB8GA1UdIwQY
MBaAFEAlTUp2etCZYG5ELgkvkSQaNjZwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUNWTlNuWjYwSmxnYmtRdUNTLVJKQm8yTm5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9lZjZjOGUtM2YwNy00YjNmLWE4N2Ut
YmJlOTEyZWVjNzNlLzEvYXpJcEZYZ2tCQmluRTlaYzNPZjNiZVkwamNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9lZjZjOGUtM2YwNy00YjNmLWE4N2UtYmJlOTEyZWVjNzNl
LzEvUUNWTlNuWjYwSmxnYmtRdUNTLVJKQm8yTm5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwRZsMA0E
AgACMAcDBQMqD3tAMA0GCSqGSIb3DQEBCwUAA4IBAQAPaLZUUNEm8QU9dRoY0Os4
uCuWdUj6w0M7+OIX7aYUGU9xNqmRIZ8TfrfrHBlHzTlbmK8sv2QJVm5/gZskXcfP
g2kbMl4qQPaZDd8Ax3lb5yavoLAZ2yKjX4H+tHssqNmkaKfU8fcnM9wIrgEcfNBm
qO5GTO26dU1XC1WUX+PN5I04Yl9v7nOGVQorpvPsovJKfs9mlfcCtX2yfRznTpmT
rPpGSaPWjE7DFm5j+AFUk/jpgl2dEegLWQcAmOGI91IPYeTTpJYS9oTrUilni2Ha
L51uTucvurG7I7zhFdhCPQKegJI0hLv6fOdRwbO+n6eUNHuCivDqk5soXX+1CLpE
-----END CERTIFICATE-----