Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/d46d25-5d8f-4989-b557-c16baedf6fa6/1/8Bejt7WL1i2sy-EvOnLpPpViu6c.roa
File:                     8Bejt7WL1i2sy-EvOnLpPpViu6c.roa (raw, json)
Hash identifier:          /N/sARZeLjNhi2Dr2RAVEBni1rLlin7Mh7IZhbqdmKw=
Subject key identifier:   F0:17:A3:B7:B5:8B:D6:2D:AC:CB:E1:2F:3A:72:E9:3E:95:62:BB:A7
Certificate issuer:       /CN=f89df56248f9777fa22d5da6c04b5fb332a4b350
Certificate serial:       018F95981A8052CD027844551719E2FF34DC
Authority key identifier: F8:9D:F5:62:48:F9:77:7F:A2:2D:5D:A6:C0:4B:5F:B3:32:A4:B3:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-J31Ykj5d3-iLV2mwEtfszKks1A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/d46d25-5d8f-4989-b557-c16baedf6fa6/1/8Bejt7WL1i2sy-EvOnLpPpViu6c.roa
Signing time:             Mon 20 May 2024 10:42:04 +0000
ROA not before:           Mon 20 May 2024 10:42:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     55002
IP address blocks:        193.138.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/d46d25-5d8f-4989-b557-c16baedf6fa6/1/1-J31Ykj5d3-iLV2mwEtfszKks1A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/d46d25-5d8f-4989-b557-c16baedf6fa6/1/1-J31Ykj5d3-iLV2mwEtfszKks1A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-J31Ykj5d3-iLV2mwEtfszKks1A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 16:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:95:98:1a:80:52:cd:02:78:44:55:17:19:e2:ff:34:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f89df56248f9777fa22d5da6c04b5fb332a4b350
        Validity
            Not Before: May 20 10:42:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f017a3b7b58bd62daccbe12f3a72e93e9562bba7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:7d:80:32:fb:73:90:f9:80:55:66:62:91:13:
                    2a:f1:20:a7:3f:cf:39:2d:0d:24:17:37:5c:f1:af:
                    44:40:ef:34:dc:9d:c0:45:3a:38:97:3a:43:31:2e:
                    8c:d4:1b:9e:a0:8f:31:1b:46:8b:9e:eb:8d:ef:f8:
                    28:f0:81:02:b5:bb:b3:d5:b7:a8:15:f2:7a:df:b5:
                    a9:86:de:7c:06:9a:cb:9b:e7:2e:95:66:b5:e6:02:
                    84:4e:39:cd:82:09:60:c8:1d:e4:06:15:fe:d6:fa:
                    fc:eb:67:70:dd:01:dd:4a:ff:cf:d6:d6:d4:82:9d:
                    90:d9:ba:ee:8f:d5:fb:c7:b6:f1:34:8e:08:fc:6f:
                    17:ae:a1:8f:82:50:84:63:fe:e2:f1:1f:db:8b:8e:
                    e4:7b:5f:d9:53:23:64:f3:27:c7:88:f7:49:a1:5b:
                    ff:46:cf:97:34:18:ce:5b:2b:79:31:f3:76:09:5d:
                    0c:5f:a5:32:2f:70:31:38:4f:ef:7a:74:d2:fe:e8:
                    51:17:27:09:ae:c5:90:78:76:dd:b2:d7:3c:e1:39:
                    58:fa:36:32:c3:e4:9c:5a:cd:95:10:82:d8:66:3d:
                    03:69:93:2d:a2:98:ac:a9:7a:7a:17:47:46:ef:02:
                    7b:24:25:14:98:e7:1c:e3:35:f5:73:79:40:2f:aa:
                    a0:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:17:A3:B7:B5:8B:D6:2D:AC:CB:E1:2F:3A:72:E9:3E:95:62:BB:A7
            X509v3 Authority Key Identifier:
                keyid:F8:9D:F5:62:48:F9:77:7F:A2:2D:5D:A6:C0:4B:5F:B3:32:A4:B3:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-J31Ykj5d3-iLV2mwEtfszKks1A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/d46d25-5d8f-4989-b557-c16baedf6fa6/1/8Bejt7WL1i2sy-EvOnLpPpViu6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/d46d25-5d8f-4989-b557-c16baedf6fa6/1/1-J31Ykj5d3-iLV2mwEtfszKks1A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.138.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:f3:aa:ba:0c:51:93:90:6a:45:1a:9c:83:9c:31:7e:41:df:
         6f:2e:60:18:13:5b:84:e8:5f:a7:34:da:bd:8b:45:22:c8:6b:
         ab:01:c9:2a:9d:a6:32:da:26:21:b1:b8:a6:cd:4e:e6:ce:7e:
         b8:70:cd:54:69:77:3e:3c:d2:dd:67:a7:3b:f2:c8:5a:1e:0f:
         c7:09:c4:bb:0b:63:0f:8d:50:db:c4:9f:69:60:0a:3f:ed:62:
         67:72:64:db:96:c9:2c:cc:99:0a:cc:f6:69:c5:bb:39:6c:5e:
         14:0a:9a:81:43:10:92:83:16:1d:d6:98:52:9b:0e:9b:ee:31:
         3b:50:32:2f:82:f8:a5:53:1a:58:23:fe:a1:3b:ea:c6:c7:5e:
         9e:01:87:da:2b:ef:ce:f7:b0:89:80:b9:a6:a7:db:85:cd:5a:
         81:98:f2:18:1d:c2:da:f7:bf:47:55:81:43:7e:4e:c8:c0:2f:
         48:62:01:e6:91:9c:59:f7:82:04:3c:5c:25:03:88:b3:bd:7f:
         c9:bd:07:36:ce:2d:b7:1d:0a:f9:b1:74:3d:6d:af:8a:27:62:
         b4:e7:b7:7b:c2:db:fb:7d:80:d9:4f:be:ea:39:95:e9:26:32:
         aa:07:02:8b:5a:37:87:a6:94:16:56:b9:a0:65:3b:47:a5:f5:
         32:8a:42:90
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY+VmBqAUs0CeERVFxni/zTcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4OWRmNTYyNDhmOTc3N2ZhMjJkNWRhNmMwNGI1ZmIzMzJh
NGIzNTAwHhcNMjQwNTIwMTA0MjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDE3YTNiN2I1OGJkNjJkYWNjYmUxMmYzYTcyZTkzZTk1NjJiYmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4H2AMvtzkPmAVWZikRMq8SCnP885
LQ0kFzdc8a9EQO803J3ARTo4lzpDMS6M1BueoI8xG0aLnuuN7/go8IECtbuz1beo
FfJ637Wpht58BprLm+culWa15gKETjnNgglgyB3kBhX+1vr862dw3QHdSv/P1tbU
gp2Q2bruj9X7x7bxNI4I/G8XrqGPglCEY/7i8R/bi47ke1/ZUyNk8yfHiPdJoVv/
Rs+XNBjOWyt5MfN2CV0MX6UyL3AxOE/venTS/uhRFycJrsWQeHbdstc84TlY+jYy
w+ScWs2VEILYZj0DaZMtopisqXp6F0dG7wJ7JCUUmOcc4zX1c3lAL6qg0QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPAXo7e1i9YtrMvhLzpy6T6VYrunMB8GA1UdIwQY
MBaAFPid9WJI+Xd/oi1dpsBLX7MypLNQMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1KMzFZa2o1ZDMtaUxWMm13RXRmc3pLa3MxQS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzUvZDQ2ZDI1LTVkOGYtNDk4OS1iNTU3
LWMxNmJhZWRmNmZhNi8xLzhCZWp0N1dMMWkyc3ktRXZPbkxwUHBWaXU2Yy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzUvZDQ2ZDI1LTVkOGYtNDk4OS1iNTU3LWMxNmJhZWRmNmZh
Ni8xLzEtSjMxWWtqNWQzLWlMVjJtd0V0ZnN6S2tzMUEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADBimcw
DQYJKoZIhvcNAQELBQADggEBAHTzqroMUZOQakUanIOcMX5B328uYBgTW4ToX6c0
2r2LRSLIa6sBySqdpjLaJiGxuKbNTubOfrhwzVRpdz480t1npzvyyFoeD8cJxLsL
Yw+NUNvEn2lgCj/tYmdyZNuWySzMmQrM9mnFuzlsXhQKmoFDEJKDFh3WmFKbDpvu
MTtQMi+C+KVTGlgj/qE76sbHXp4Bh9or7873sImAuaan24XNWoGY8hgdwtr3v0dV
gUN+TsjAL0hiAeaRnFn3ggQ8XCUDiLO9f8m9BzbOLbcdCvmxdD1tr4onYrTnt3vC
2/t9gNlPvuo5lekmMqoHAotaN4emlBZWuaBlO0el9TKKQpA=
-----END CERTIFICATE-----