Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/157f1e-7cf8-4d98-a924-97c332f7239d/1/68hMY9hh5lw56Kw_wL7oRNQT4Dc.roa
File:                     68hMY9hh5lw56Kw_wL7oRNQT4Dc.roa (raw, json)
Hash identifier:          kzXaF8FjIY6GUfbcvlIKWmr+kZWMSYWCUR1CBzVhKqQ=
Subject key identifier:   EB:C8:4C:63:D8:61:E6:5C:39:E8:AC:3F:C0:BE:E8:44:D4:13:E0:37
Certificate issuer:       /CN=aea84d7e64ba3e85b57036c7318f93cc3d94d187
Certificate serial:       018CC4933E8AF4B17B76369ECA558D3F404D
Authority key identifier: AE:A8:4D:7E:64:BA:3E:85:B5:70:36:C7:31:8F:93:CC:3D:94:D1:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rqhNfmS6PoW1cDbHMY-TzD2U0Yc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/157f1e-7cf8-4d98-a924-97c332f7239d/1/68hMY9hh5lw56Kw_wL7oRNQT4Dc.roa
Signing time:             Mon 01 Jan 2024 10:30:33 +0000
ROA not before:           Mon 01 Jan 2024 10:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16184
IP address blocks:        193.109.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/157f1e-7cf8-4d98-a924-97c332f7239d/1/rqhNfmS6PoW1cDbHMY-TzD2U0Yc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/157f1e-7cf8-4d98-a924-97c332f7239d/1/rqhNfmS6PoW1cDbHMY-TzD2U0Yc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rqhNfmS6PoW1cDbHMY-TzD2U0Yc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:3e:8a:f4:b1:7b:76:36:9e:ca:55:8d:3f:40:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aea84d7e64ba3e85b57036c7318f93cc3d94d187
        Validity
            Not Before: Jan  1 10:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ebc84c63d861e65c39e8ac3fc0bee844d413e037
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:3c:95:8e:10:13:0c:18:41:20:dd:10:9d:17:
                    a3:6a:15:9e:8e:7d:98:b1:32:62:4f:47:7d:90:93:
                    01:f7:29:4e:13:36:34:3c:39:14:c8:23:db:4f:22:
                    b8:6c:aa:33:ca:39:62:31:41:68:b1:68:b8:25:2a:
                    af:3e:e2:e1:b5:72:fc:e4:50:47:fd:a7:2e:2a:b7:
                    5c:c6:46:6f:44:a3:cd:1f:de:cb:7c:c5:ca:b4:4a:
                    7f:fc:db:d2:84:29:a5:41:1a:fc:ff:f8:c4:1c:6a:
                    42:d9:88:71:76:3b:0b:35:b3:dc:ca:c8:48:1c:70:
                    81:a4:25:8b:18:9f:d9:9f:5b:5e:1c:76:3c:20:94:
                    c4:44:f0:78:7f:ba:a6:51:63:52:9d:34:e4:94:18:
                    b7:34:78:0d:01:7b:6a:70:80:93:27:ee:70:dd:86:
                    f8:c4:d6:7a:36:5e:0d:2f:50:91:25:6a:3c:7d:94:
                    78:09:61:9a:c2:d5:51:33:cc:a5:c2:89:7a:d8:3f:
                    33:da:e1:08:b7:3d:8a:cb:50:61:fd:32:85:8e:a9:
                    83:cf:fc:e0:df:ac:fe:69:95:82:f1:86:c2:65:24:
                    30:71:94:15:66:86:b3:aa:11:a9:61:71:1a:d3:ca:
                    d4:44:57:4e:49:e8:6c:ff:5b:07:d8:2b:8d:7c:02:
                    29:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:C8:4C:63:D8:61:E6:5C:39:E8:AC:3F:C0:BE:E8:44:D4:13:E0:37
            X509v3 Authority Key Identifier:
                keyid:AE:A8:4D:7E:64:BA:3E:85:B5:70:36:C7:31:8F:93:CC:3D:94:D1:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rqhNfmS6PoW1cDbHMY-TzD2U0Yc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/157f1e-7cf8-4d98-a924-97c332f7239d/1/68hMY9hh5lw56Kw_wL7oRNQT4Dc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/157f1e-7cf8-4d98-a924-97c332f7239d/1/rqhNfmS6PoW1cDbHMY-TzD2U0Yc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:85:fd:0c:b8:18:1e:13:f0:bf:1e:45:c5:2e:8f:0b:2c:39:
         fc:5e:bf:c7:df:c4:d4:10:9b:1b:60:ba:a4:6b:89:59:90:aa:
         3c:80:c3:81:30:fe:a3:37:32:8e:57:59:2e:17:4d:d0:7c:06:
         b1:ec:9e:be:93:35:d5:2e:82:87:51:49:4a:bd:49:3a:9e:91:
         7c:f8:9f:77:0e:3b:05:82:8c:c2:a4:72:1e:38:f4:7e:43:2a:
         b6:6e:17:98:9c:f1:b7:c0:75:cc:8e:45:a5:96:24:79:95:49:
         3b:24:8b:5e:01:84:10:09:d2:24:57:5b:13:8a:37:48:24:8c:
         8c:a4:3d:6d:b6:f3:5d:41:63:76:3b:21:fc:06:cb:0c:91:30:
         78:34:e3:40:bc:6c:e5:a1:70:22:15:4a:71:8f:53:ee:c8:ee:
         9d:e1:da:1f:39:33:ba:51:fb:fa:81:df:aa:43:62:da:ac:30:
         b8:e6:0b:93:26:a7:d9:19:90:31:e3:7e:ff:d0:11:a4:3e:75:
         7f:b3:05:35:73:f7:aa:cd:0e:68:f0:37:d0:1f:49:42:ad:ed:
         e8:fa:04:73:2e:3f:e8:a2:60:b8:78:04:2b:cb:e7:32:5a:14:
         8f:3b:4a:68:1a:3e:07:a0:a8:fd:58:c3:8a:02:02:74:62:91:
         2a:99:64:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkz6K9LF7djaeylWNP0BNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlYTg0ZDdlNjRiYTNlODViNTcwMzZjNzMxOGY5M2NjM2Q5
NGQxODcwHhcNMjQwMTAxMTAzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmM4NGM2M2Q4NjFlNjVjMzllOGFjM2ZjMGJlZTg0NGQ0MTNlMDM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjyVjhATDBhBIN0QnRejahWejn2Y
sTJiT0d9kJMB9ylOEzY0PDkUyCPbTyK4bKozyjliMUFosWi4JSqvPuLhtXL85FBH
/acuKrdcxkZvRKPNH97LfMXKtEp//NvShCmlQRr8//jEHGpC2YhxdjsLNbPcyshI
HHCBpCWLGJ/Zn1teHHY8IJTERPB4f7qmUWNSnTTklBi3NHgNAXtqcICTJ+5w3Yb4
xNZ6Nl4NL1CRJWo8fZR4CWGawtVRM8ylwol62D8z2uEItz2Ky1Bh/TKFjqmDz/zg
36z+aZWC8YbCZSQwcZQVZoazqhGpYXEa08rURFdOSehs/1sH2CuNfAIpEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOvITGPYYeZcOeisP8C+6ETUE+A3MB8GA1UdIwQY
MBaAFK6oTX5kuj6FtXA2xzGPk8w9lNGHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnFoTmZtUzZQb1cxY0RiSE1ZLVR6RDJVMFljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xNTdmMWUtN2NmOC00ZDk4LWE5MjQt
OTdjMzMyZjcyMzlkLzEvNjhoTVk5aGg1bHc1Nkt3X3dMN29STlFUNERjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xNTdmMWUtN2NmOC00ZDk4LWE5MjQtOTdjMzMyZjcyMzlk
LzEvcnFoTmZtUzZQb1cxY0RiSE1ZLVR6RDJVMFljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW18MA0G
CSqGSIb3DQEBCwUAA4IBAQCAhf0MuBgeE/C/HkXFLo8LLDn8Xr/H38TUEJsbYLqk
a4lZkKo8gMOBMP6jNzKOV1kuF03QfAax7J6+kzXVLoKHUUlKvUk6npF8+J93DjsF
gozCpHIeOPR+Qyq2bheYnPG3wHXMjkWlliR5lUk7JIteAYQQCdIkV1sTijdIJIyM
pD1ttvNdQWN2OyH8BssMkTB4NONAvGzloXAiFUpxj1PuyO6d4dofOTO6Ufv6gd+q
Q2LarDC45guTJqfZGZAx437/0BGkPnV/swU1c/eqzQ5o8DfQH0lCre3o+gRzLj/o
omC4eAQry+cyWhSPO0poGj4HoKj9WMOKAgJ0YpEqmWR9
-----END CERTIFICATE-----