Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/e5b520-8d4c-4cd8-a54c-681c4a5d5b74/1/v7xY5sc0A-R85DZEgdxWiZuvzRg.roa
File:                     v7xY5sc0A-R85DZEgdxWiZuvzRg.roa (raw, json)
Hash identifier:          pdqdIOkua3RbQt98TXCeFiqoM4jUGWyEZxXOGiDhH3I=
Subject key identifier:   BF:BC:58:E6:C7:34:03:E4:7C:E4:36:44:81:DC:56:89:9B:AF:CD:18
Certificate issuer:       /CN=e8b6e8499ffe31e1f6d6780d03017e83473f2d3c
Certificate serial:       018CC4246E060533F7995FA46BF7B77A3C60
Authority key identifier: E8:B6:E8:49:9F:FE:31:E1:F6:D6:78:0D:03:01:7E:83:47:3F:2D:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6LboSZ_-MeH21ngNAwF-g0c_LTw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/e5b520-8d4c-4cd8-a54c-681c4a5d5b74/1/v7xY5sc0A-R85DZEgdxWiZuvzRg.roa
Signing time:             Mon 01 Jan 2024 08:29:30 +0000
ROA not before:           Mon 01 Jan 2024 08:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48737
IP address blocks:        193.42.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/e5b520-8d4c-4cd8-a54c-681c4a5d5b74/1/6LboSZ_-MeH21ngNAwF-g0c_LTw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/e5b520-8d4c-4cd8-a54c-681c4a5d5b74/1/6LboSZ_-MeH21ngNAwF-g0c_LTw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6LboSZ_-MeH21ngNAwF-g0c_LTw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:6e:06:05:33:f7:99:5f:a4:6b:f7:b7:7a:3c:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8b6e8499ffe31e1f6d6780d03017e83473f2d3c
        Validity
            Not Before: Jan  1 08:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bfbc58e6c73403e47ce4364481dc56899bafcd18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:8b:56:25:49:f6:8c:a5:50:50:3f:69:1a:c7:
                    97:13:a6:1c:69:93:a9:50:73:42:16:5a:bf:4c:7a:
                    95:7c:23:fe:9a:50:d2:f8:e9:e5:c6:12:2f:2c:c4:
                    6e:c1:b1:e0:98:ae:55:16:df:1c:28:92:c4:d2:17:
                    6d:07:5b:47:36:6d:fb:60:0a:13:3b:d7:54:01:b6:
                    b7:65:06:6d:80:04:f4:a3:b9:e4:db:49:30:1d:14:
                    64:4e:4b:4e:37:53:c7:39:28:86:74:40:47:cc:15:
                    1d:27:be:b6:62:b7:b1:7f:a3:a1:d9:3c:ce:35:7a:
                    dd:bb:c4:c9:6e:ed:62:bc:71:75:5e:78:0b:3d:d5:
                    80:6f:0f:4a:61:c1:50:2d:c9:9b:75:13:9f:a8:3f:
                    fa:a3:49:63:3e:68:5d:2b:f0:0f:96:11:15:f3:8e:
                    f3:cc:84:7c:2a:a2:a3:b0:0e:bd:aa:33:06:ef:f7:
                    5a:d1:41:bf:57:df:53:62:aa:27:a0:ce:31:77:ea:
                    21:56:be:a1:6e:f5:04:6f:af:08:33:f3:35:71:bb:
                    84:e9:fb:36:d8:30:0e:96:2f:b2:0a:f8:34:2d:24:
                    41:8d:64:34:8d:10:5e:32:8c:11:48:b3:89:9d:cf:
                    2d:06:86:9d:ab:69:ea:6d:5e:33:a0:9e:aa:bb:d8:
                    13:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:BC:58:E6:C7:34:03:E4:7C:E4:36:44:81:DC:56:89:9B:AF:CD:18
            X509v3 Authority Key Identifier:
                keyid:E8:B6:E8:49:9F:FE:31:E1:F6:D6:78:0D:03:01:7E:83:47:3F:2D:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6LboSZ_-MeH21ngNAwF-g0c_LTw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/e5b520-8d4c-4cd8-a54c-681c4a5d5b74/1/v7xY5sc0A-R85DZEgdxWiZuvzRg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/e5b520-8d4c-4cd8-a54c-681c4a5d5b74/1/6LboSZ_-MeH21ngNAwF-g0c_LTw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.42.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:29:2d:86:ae:e2:a2:4d:49:20:e1:89:9a:1f:e1:7f:9d:0f:
         a6:4b:1c:f7:00:01:69:cc:e1:74:e2:8b:c5:5c:d3:d8:5a:1b:
         fd:5f:7a:4f:bf:37:54:ff:d5:5e:79:20:fe:1c:8f:78:79:28:
         0e:66:4a:7e:d3:0e:c8:2f:30:09:d6:69:aa:93:84:05:a3:15:
         67:11:8a:b2:3b:bc:b4:8f:28:78:71:4a:34:35:67:37:1c:91:
         cc:0a:25:84:2c:78:fb:1e:b8:99:54:6f:47:d8:4d:22:42:fe:
         75:f3:c6:bb:3a:7e:78:41:4d:3e:fb:d4:8f:fc:d8:f0:24:95:
         8d:e0:13:57:25:0e:cc:32:e9:78:32:ba:bc:06:92:19:1e:48:
         c2:ef:d2:d6:cf:73:d5:99:0e:08:e8:db:47:ff:31:83:18:40:
         46:cb:87:8c:09:8a:ee:6b:da:95:83:04:21:6a:af:15:5f:c3:
         e1:71:2d:e6:7d:ee:38:22:7e:c8:1c:fd:b7:90:6c:4e:8d:07:
         f8:81:f8:74:b0:38:41:48:30:c3:26:a9:98:31:74:a4:c1:86:
         9a:f4:1a:f8:fa:9e:c9:82:aa:ab:31:4d:e8:4b:81:15:25:53:
         7d:c7:0b:cb:66:df:1a:31:cd:a5:c9:68:d1:04:cb:fc:6d:7c:
         ae:dc:f0:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJG4GBTP3mV+ka/e3ejxgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YjZlODQ5OWZmZTMxZTFmNmQ2NzgwZDAzMDE3ZTgzNDcz
ZjJkM2MwHhcNMjQwMTAxMDgyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmJjNThlNmM3MzQwM2U0N2NlNDM2NDQ4MWRjNTY4OTliYWZjZDE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjItWJUn2jKVQUD9pGseXE6YcaZOp
UHNCFlq/THqVfCP+mlDS+OnlxhIvLMRuwbHgmK5VFt8cKJLE0hdtB1tHNm37YAoT
O9dUAba3ZQZtgAT0o7nk20kwHRRkTktON1PHOSiGdEBHzBUdJ762Yrexf6Oh2TzO
NXrdu8TJbu1ivHF1XngLPdWAbw9KYcFQLcmbdROfqD/6o0ljPmhdK/APlhEV847z
zIR8KqKjsA69qjMG7/da0UG/V99TYqonoM4xd+ohVr6hbvUEb68IM/M1cbuE6fs2
2DAOli+yCvg0LSRBjWQ0jRBeMowRSLOJnc8tBoadq2nqbV4zoJ6qu9gTGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL+8WObHNAPkfOQ2RIHcVombr80YMB8GA1UdIwQY
MBaAFOi26Emf/jHh9tZ4DQMBfoNHPy08MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkxib1NaXy1NZUgyMW5nTkF3Ri1nMGNfTFR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi9lNWI1MjAtOGQ0Yy00Y2Q4LWE1NGMt
NjgxYzRhNWQ1Yjc0LzEvdjd4WTVzYzBBLVI4NURaRWdkeFdpWnV2elJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi9lNWI1MjAtOGQ0Yy00Y2Q4LWE1NGMtNjgxYzRhNWQ1Yjc0
LzEvNkxib1NaXy1NZUgyMW5nTkF3Ri1nMGNfTFR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSpkMA0G
CSqGSIb3DQEBCwUAA4IBAQACKS2GruKiTUkg4YmaH+F/nQ+mSxz3AAFpzOF04ovF
XNPYWhv9X3pPvzdU/9VeeSD+HI94eSgOZkp+0w7ILzAJ1mmqk4QFoxVnEYqyO7y0
jyh4cUo0NWc3HJHMCiWELHj7HriZVG9H2E0iQv5188a7On54QU0++9SP/NjwJJWN
4BNXJQ7MMul4Mrq8BpIZHkjC79LWz3PVmQ4I6NtH/zGDGEBGy4eMCYrua9qVgwQh
aq8VX8PhcS3mfe44In7IHP23kGxOjQf4gfh0sDhBSDDDJqmYMXSkwYaa9Br4+p7J
gqqrMU3oS4EVJVN9xwvLZt8aMc2lyWjRBMv8bXyu3PAn
-----END CERTIFICATE-----