Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/CK1-9yet-ao3tXi52n6U1jFx4eI.roa
File:                     CK1-9yet-ao3tXi52n6U1jFx4eI.roa (raw, json)
Hash identifier:          uxNwWGpcwkYODJ7wqQTuBS831VcjxeBtGYZUh5gzc9g=
Subject key identifier:   08:AD:7E:F7:27:AD:F9:AA:37:B5:78:B9:DA:7E:94:D6:31:71:E1:E2
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       018CC2DB688A37C38D217A9D7C45905CDE50
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/CK1-9yet-ao3tXi52n6U1jFx4eI.roa
Signing time:             Mon 01 Jan 2024 02:30:08 +0000
ROA not before:           Mon 01 Jan 2024 02:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203936
IP address blocks:        193.160.209.0/24 maxlen: 24
                          193.160.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:68:8a:37:c3:8d:21:7a:9d:7c:45:90:5c:de:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 02:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08ad7ef727adf9aa37b578b9da7e94d63171e1e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:72:38:70:fe:e2:29:fc:86:2c:8e:91:1f:f6:
                    35:9f:50:0a:10:da:57:c9:c5:80:c0:f1:b6:f0:99:
                    d5:5b:3b:29:66:d6:dc:23:66:9c:05:9e:10:55:b4:
                    bf:c9:89:07:ae:08:a5:7c:4b:40:35:30:bc:2e:30:
                    2d:51:db:ff:19:59:d6:c3:0e:15:74:e2:99:d0:5f:
                    e2:8d:fa:d3:91:8c:7e:27:b9:69:cd:65:d7:92:1a:
                    80:71:75:e8:08:96:36:34:58:ac:1a:69:59:86:4f:
                    78:43:64:24:07:d8:aa:1f:f8:34:e4:12:ad:d4:69:
                    74:fe:e3:ae:49:81:c7:19:fb:83:b6:71:5f:fa:8d:
                    d2:dd:bd:02:a6:cf:2f:23:ad:87:53:65:4d:15:ab:
                    ed:ee:7e:22:c8:ba:5a:3f:17:db:47:14:47:ad:6b:
                    e1:8a:2b:9e:f2:4e:eb:53:65:4e:3b:23:c5:a4:eb:
                    bc:82:a7:1a:b4:5b:c4:32:26:41:0e:8c:1f:77:a1:
                    fb:89:af:22:35:32:86:4a:b2:c2:91:20:b7:26:2c:
                    1a:11:fc:b2:bb:e9:2c:22:32:0f:d4:07:90:d7:b8:
                    62:88:15:5e:31:47:f3:47:fe:16:ac:39:c9:55:e5:
                    36:3b:37:a3:6b:42:91:f1:e7:ac:34:68:23:b2:34:
                    d7:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:AD:7E:F7:27:AD:F9:AA:37:B5:78:B9:DA:7E:94:D6:31:71:E1:E2
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/CK1-9yet-ao3tXi52n6U1jFx4eI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.160.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0f:03:7b:12:b5:1d:c2:de:37:db:6c:6f:b4:b5:ff:3d:31:e4:
         b5:fd:75:99:fa:7a:b8:06:3a:56:c8:e0:ab:0b:18:53:02:28:
         3f:23:22:12:a8:2d:e9:4a:ff:ba:37:eb:66:96:8f:81:f3:20:
         fb:c2:70:36:3d:d9:4f:ee:8a:67:b9:8b:6d:ba:bf:77:b7:31:
         cd:6f:0a:62:c0:16:3d:b4:99:a1:29:63:c3:0a:a7:51:ef:8b:
         b7:aa:2d:b9:c9:93:c9:3c:3e:cb:9f:34:31:23:42:94:d6:95:
         de:e5:8b:93:b1:56:1f:f9:be:e0:10:82:fb:68:5d:8d:39:4c:
         c8:c1:b2:6c:31:16:46:f2:61:25:c5:b4:3d:08:6e:b4:ff:80:
         b8:f3:ca:e5:8d:46:57:3d:c6:ad:5f:a6:3e:17:b8:89:a9:d1:
         e4:55:c8:72:3f:48:4f:fb:4c:3e:33:d1:6f:90:04:93:70:be:
         ab:10:e3:d3:43:9d:97:43:c4:60:f4:d9:1c:7f:8f:69:b7:ab:
         f4:f2:f2:96:6f:b3:6e:d9:a2:bf:67:52:3c:c7:dd:43:d5:27:
         79:6a:8c:78:c8:24:f7:af:07:27:13:6f:ca:cb:15:80:d5:d2:
         fc:27:34:30:bd:63:1e:2f:d1:26:d8:3d:64:f2:5f:e9:66:fc:
         42:2c:d7:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC22iKN8ONIXqdfEWQXN5QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjQwMTAxMDIzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGFkN2VmNzI3YWRmOWFhMzdiNTc4YjlkYTdlOTRkNjMxNzFlMWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl3I4cP7iKfyGLI6RH/Y1n1AKENpX
ycWAwPG28JnVWzspZtbcI2acBZ4QVbS/yYkHrgilfEtANTC8LjAtUdv/GVnWww4V
dOKZ0F/ijfrTkYx+J7lpzWXXkhqAcXXoCJY2NFisGmlZhk94Q2QkB9iqH/g05BKt
1Gl0/uOuSYHHGfuDtnFf+o3S3b0Cps8vI62HU2VNFavt7n4iyLpaPxfbRxRHrWvh
iiue8k7rU2VOOyPFpOu8gqcatFvEMiZBDowfd6H7ia8iNTKGSrLCkSC3JiwaEfyy
u+ksIjIP1AeQ17hiiBVeMUfzR/4WrDnJVeU2Ozeja0KR8eesNGgjsjTXDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAitfvcnrfmqN7V4udp+lNYxceHiMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvQ0sxLTl5ZXQtYW8zdFhpNTJuNlUxakZ4NGVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwaDQMA0G
CSqGSIb3DQEBCwUAA4IBAQAPA3sStR3C3jfbbG+0tf89MeS1/XWZ+nq4BjpWyOCr
CxhTAig/IyISqC3pSv+6N+tmlo+B8yD7wnA2PdlP7opnuYttur93tzHNbwpiwBY9
tJmhKWPDCqdR74u3qi25yZPJPD7LnzQxI0KU1pXe5YuTsVYf+b7gEIL7aF2NOUzI
wbJsMRZG8mElxbQ9CG60/4C488rljUZXPcatX6Y+F7iJqdHkVchyP0hP+0w+M9Fv
kASTcL6rEOPTQ52XQ8Rg9Nkcf49pt6v08vKWb7Nu2aK/Z1I8x91D1Sd5aox4yCT3
rwcnE2/KyxWA1dL8JzQwvWMeL9Em2D1k8l/pZvxCLNej
-----END CERTIFICATE-----