Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/rOe_f2d0NQyHbALxwAiBQ70gndM.roa
File:                     rOe_f2d0NQyHbALxwAiBQ70gndM.roa (raw, json)
Hash identifier:          K38pQAtfQPZ/4FAhfEpiIW5IhCj9t+jCwktZ8nS8ZhI=
Subject key identifier:   AC:E7:BF:7F:67:74:35:0C:87:6C:02:F1:C0:08:81:43:BD:20:9D:D3
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       018CC2DB6669DBD9277CCDE9372F8C5EA48E
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/rOe_f2d0NQyHbALxwAiBQ70gndM.roa
Signing time:             Mon 01 Jan 2024 02:30:07 +0000
ROA not before:           Mon 01 Jan 2024 02:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57785
IP address blocks:        193.22.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:66:69:db:d9:27:7c:cd:e9:37:2f:8c:5e:a4:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 02:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ace7bf7f6774350c876c02f1c0088143bd209dd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:b3:c2:51:6d:04:29:1c:ee:dd:d0:e5:42:df:
                    b3:d2:3f:1a:a7:67:0f:d0:96:9b:b5:da:1f:52:c6:
                    b7:f8:32:5c:e1:0b:16:a1:02:0d:91:ed:01:72:4a:
                    fc:4f:4e:6b:21:40:f0:26:55:2d:7f:16:a9:da:84:
                    96:f1:fd:c6:f5:a4:9a:e1:14:8b:c5:4d:70:68:a4:
                    4d:04:3b:95:4b:82:20:1f:cf:67:d1:98:f2:92:91:
                    65:50:e6:0c:04:b6:cc:23:42:b7:3b:61:cf:48:14:
                    4c:0d:fd:b8:11:1d:f5:49:a3:13:05:df:4f:63:5b:
                    e7:46:21:02:26:e5:0e:be:89:4e:64:be:5c:fb:be:
                    00:a6:d3:41:c3:10:80:65:4b:0b:a5:b5:9e:b3:14:
                    d3:c4:00:53:f6:ed:04:8a:85:f1:d1:0e:95:51:85:
                    23:96:16:d0:29:61:53:2f:cb:fd:92:73:11:bc:c5:
                    7f:66:30:48:6d:81:51:be:cc:a2:02:71:19:0b:aa:
                    3a:79:4f:2d:c4:c2:e4:c7:a4:b0:e7:ef:d0:b0:15:
                    30:13:42:d0:66:e6:43:21:71:9a:db:49:46:0c:23:
                    fc:5f:60:df:ee:21:81:4e:c1:59:79:b9:fd:4b:1b:
                    00:57:6c:da:bb:5b:82:dc:cd:6a:b4:8a:6b:58:25:
                    a5:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:E7:BF:7F:67:74:35:0C:87:6C:02:F1:C0:08:81:43:BD:20:9D:D3
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/rOe_f2d0NQyHbALxwAiBQ70gndM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.22.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:79:6f:15:d1:d8:e7:47:12:84:16:5f:1b:f3:09:f4:3f:45:
         6c:c6:3e:5c:2a:fd:45:a6:f3:c2:e7:a1:3a:1a:dd:3a:c5:4d:
         46:34:33:82:24:b0:79:3f:1a:7f:ae:a4:08:72:57:d7:46:ca:
         43:21:1d:55:4b:74:a0:51:6d:ee:c4:97:a7:77:f7:13:71:7c:
         46:57:f4:58:75:fd:01:c3:6b:d4:1f:59:7b:bd:37:10:1c:69:
         b6:37:85:40:65:fb:e8:ad:d1:8f:e8:a8:b3:ec:71:c7:76:a6:
         64:fd:b3:56:6b:37:57:08:cc:fa:59:45:d3:30:cc:12:8f:f6:
         5c:01:8e:21:22:ba:d1:3c:45:fa:0d:6a:61:de:49:79:92:d3:
         46:50:bc:71:a6:85:1b:84:88:80:e4:86:0f:7e:b1:d1:c8:10:
         0d:bf:15:a8:45:ec:cb:5d:47:5a:a2:00:c9:60:a7:73:05:0b:
         91:8d:75:1e:b6:b1:2e:6e:1a:b2:1a:15:3b:ab:11:ba:52:85:
         60:c2:f6:82:5e:28:4f:47:79:bc:5f:71:0f:5b:8b:c8:5f:15:
         f3:b8:b1:d0:a9:48:c4:1b:08:f5:a5:4f:00:9b:ce:8b:a1:09:
         85:2f:79:68:63:d1:35:ca:c7:ae:63:af:df:97:f1:38:f5:1c:
         30:22:c9:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC22Zp29knfM3pNy+MXqSOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjQwMTAxMDIzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2U3YmY3ZjY3NzQzNTBjODc2YzAyZjFjMDA4ODE0M2JkMjA5ZGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm7PCUW0EKRzu3dDlQt+z0j8ap2cP
0JabtdofUsa3+DJc4QsWoQINke0Bckr8T05rIUDwJlUtfxap2oSW8f3G9aSa4RSL
xU1waKRNBDuVS4IgH89n0ZjykpFlUOYMBLbMI0K3O2HPSBRMDf24ER31SaMTBd9P
Y1vnRiECJuUOvolOZL5c+74AptNBwxCAZUsLpbWesxTTxABT9u0EioXx0Q6VUYUj
lhbQKWFTL8v9knMRvMV/ZjBIbYFRvsyiAnEZC6o6eU8txMLkx6Sw5+/QsBUwE0LQ
ZuZDIXGa20lGDCP8X2Df7iGBTsFZebn9SxsAV2zau1uC3M1qtIprWCWl3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKznv39ndDUMh2wC8cAIgUO9IJ3TMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvck9lX2YyZDBOUXlIYkFMeHdBaUJRNzBnbmRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRbmMA0G
CSqGSIb3DQEBCwUAA4IBAQA2eW8V0djnRxKEFl8b8wn0P0Vsxj5cKv1FpvPC56E6
Gt06xU1GNDOCJLB5Pxp/rqQIclfXRspDIR1VS3SgUW3uxJend/cTcXxGV/RYdf0B
w2vUH1l7vTcQHGm2N4VAZfvordGP6Kiz7HHHdqZk/bNWazdXCMz6WUXTMMwSj/Zc
AY4hIrrRPEX6DWph3kl5ktNGULxxpoUbhIiA5IYPfrHRyBANvxWoRezLXUdaogDJ
YKdzBQuRjXUetrEubhqyGhU7qxG6UoVgwvaCXihPR3m8X3EPW4vIXxXzuLHQqUjE
Gwj1pU8Am86LoQmFL3loY9E1yseuY6/fl/E49RwwIsnS
-----END CERTIFICATE-----