Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/a6EHlC0C-wLEmcYYvLbPUGzvYQk.roa
File:                     a6EHlC0C-wLEmcYYvLbPUGzvYQk.roa (raw, json)
Hash identifier:          GL/Y88IENoJ3kGFgyZEDBdqHxptupdxagbUJ3tdIWaI=
Subject key identifier:   6B:A1:07:94:2D:02:FB:02:C4:99:C6:18:BC:B6:CF:50:6C:EF:61:09
Certificate issuer:       /CN=2ef957aba2ef00352850e202464c71d33ca81448
Certificate serial:       018CC493047D566F2D96464317A6B7DE462B
Authority key identifier: 2E:F9:57:AB:A2:EF:00:35:28:50:E2:02:46:4C:71:D3:3C:A8:14:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LvlXq6LvADUoUOICRkxx0zyoFEg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/a6EHlC0C-wLEmcYYvLbPUGzvYQk.roa
Signing time:             Mon 01 Jan 2024 10:30:18 +0000
ROA not before:           Mon 01 Jan 2024 10:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1942
IP address blocks:        193.48.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/LvlXq6LvADUoUOICRkxx0zyoFEg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/LvlXq6LvADUoUOICRkxx0zyoFEg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LvlXq6LvADUoUOICRkxx0zyoFEg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:04:7d:56:6f:2d:96:46:43:17:a6:b7:de:46:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ef957aba2ef00352850e202464c71d33ca81448
        Validity
            Not Before: Jan  1 10:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ba107942d02fb02c499c618bcb6cf506cef6109
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:90:7d:e6:dc:bf:73:08:1b:04:24:45:d6:8f:
                    3f:0b:5c:9d:a5:9b:78:11:47:f1:de:95:56:fb:12:
                    f0:bc:a3:14:ce:01:f5:7f:be:4b:2f:63:a8:0b:f2:
                    c9:a5:89:89:16:32:4d:6e:f9:3e:54:06:2c:b9:82:
                    16:dc:f3:9a:fe:35:9d:e7:37:14:19:f6:38:87:37:
                    bd:68:12:0e:39:53:50:98:af:6b:9f:4d:fb:2a:8a:
                    80:d3:e0:05:b2:4e:19:b9:89:6e:05:70:d1:8c:4d:
                    e1:67:56:32:0b:55:23:ab:d7:22:0f:43:5f:9d:1a:
                    d2:8b:70:d1:f6:49:7c:8b:42:f8:33:b7:22:f8:99:
                    76:dd:ed:ae:67:ee:21:1d:b2:af:5d:dc:51:bc:29:
                    2e:66:04:79:31:62:c1:a3:f9:d3:6c:e0:b8:87:8f:
                    f2:23:5a:48:73:e1:c0:96:c3:6a:d1:c0:5b:fd:4b:
                    89:3a:b9:d9:a1:bf:fb:62:1a:2f:d3:22:d7:30:30:
                    ce:45:2d:66:b7:22:ca:14:9d:ac:cb:be:45:1c:56:
                    47:fb:5a:58:b6:6a:39:37:1b:d1:00:07:00:3a:48:
                    70:c6:68:d9:98:0d:ad:b7:d3:98:68:42:5d:48:1f:
                    a2:b8:c4:ce:10:ef:6f:80:63:6d:0b:aa:94:14:64:
                    e4:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:A1:07:94:2D:02:FB:02:C4:99:C6:18:BC:B6:CF:50:6C:EF:61:09
            X509v3 Authority Key Identifier:
                keyid:2E:F9:57:AB:A2:EF:00:35:28:50:E2:02:46:4C:71:D3:3C:A8:14:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LvlXq6LvADUoUOICRkxx0zyoFEg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/a6EHlC0C-wLEmcYYvLbPUGzvYQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/LvlXq6LvADUoUOICRkxx0zyoFEg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.48.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:a3:82:b6:5e:a4:35:74:6c:c3:46:74:00:94:70:ae:e6:ee:
         6e:8e:96:7b:6f:1f:41:3c:f9:a5:ea:27:92:09:24:6f:07:22:
         9c:3a:bd:ed:f8:df:0b:cd:8b:83:b7:9b:cf:f1:1f:35:b2:a3:
         87:49:46:7f:2c:f2:81:fd:34:6f:73:59:7c:25:6b:f0:24:b3:
         12:a1:48:c0:02:f9:66:c2:d5:e6:2a:9e:b2:c8:3f:0b:79:5f:
         1c:2c:ba:2a:0a:97:5c:39:8c:3c:0d:c0:c2:32:c0:cb:60:b2:
         a8:37:3a:a1:88:fa:d2:30:18:e2:86:3d:8b:01:c2:36:51:9a:
         1b:3f:6b:a9:5f:dc:14:6c:a2:ce:47:ab:9a:21:18:40:66:bd:
         6c:45:f7:10:aa:2e:e1:c2:7f:97:4c:5a:43:df:eb:70:d4:ae:
         c7:32:11:89:ca:29:77:e5:75:89:64:d6:ea:30:56:08:0d:a7:
         af:11:db:b9:54:69:64:07:1b:3b:e4:6d:cb:e8:34:88:26:f4:
         f9:ff:ec:73:89:d5:c8:3e:fd:83:b7:bf:48:d6:eb:48:16:9f:
         c0:d6:a7:87:3f:ab:de:61:fc:52:6d:33:13:3d:19:31:aa:40:
         e3:d1:d9:5d:dd:2f:a5:7a:7c:04:a3:6b:2c:28:d7:81:80:ed:
         67:89:5b:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkwR9Vm8tlkZDF6a33kYrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlZjk1N2FiYTJlZjAwMzUyODUwZTIwMjQ2NGM3MWQzM2Nh
ODE0NDgwHhcNMjQwMTAxMTAzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmExMDc5NDJkMDJmYjAyYzQ5OWM2MThiY2I2Y2Y1MDZjZWY2MTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqpB95ty/cwgbBCRF1o8/C1ydpZt4
EUfx3pVW+xLwvKMUzgH1f75LL2OoC/LJpYmJFjJNbvk+VAYsuYIW3POa/jWd5zcU
GfY4hze9aBIOOVNQmK9rn037KoqA0+AFsk4ZuYluBXDRjE3hZ1YyC1Ujq9ciD0Nf
nRrSi3DR9kl8i0L4M7ci+Jl23e2uZ+4hHbKvXdxRvCkuZgR5MWLBo/nTbOC4h4/y
I1pIc+HAlsNq0cBb/UuJOrnZob/7Yhov0yLXMDDORS1mtyLKFJ2sy75FHFZH+1pY
tmo5NxvRAAcAOkhwxmjZmA2tt9OYaEJdSB+iuMTOEO9vgGNtC6qUFGTkjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGuhB5QtAvsCxJnGGLy2z1Bs72EJMB8GA1UdIwQY
MBaAFC75V6ui7wA1KFDiAkZMcdM8qBRIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHZsWHE2THZBRFVvVU9JQ1JreHgwenlvRkVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9hNTg0ZTQtY2NkNC00YzRmLTlkMTYt
MDRhMjdjNGQ1NDUzLzEvYTZFSGxDMEMtd0xFbWNZWXZMYlBVR3p2WVFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9hNTg0ZTQtY2NkNC00YzRmLTlkMTYtMDRhMjdjNGQ1NDUz
LzEvTHZsWHE2THZBRFVvVU9JQ1JreHgwenlvRkVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTBTMA0G
CSqGSIb3DQEBCwUAA4IBAQA2o4K2XqQ1dGzDRnQAlHCu5u5ujpZ7bx9BPPml6ieS
CSRvByKcOr3t+N8LzYuDt5vP8R81sqOHSUZ/LPKB/TRvc1l8JWvwJLMSoUjAAvlm
wtXmKp6yyD8LeV8cLLoqCpdcOYw8DcDCMsDLYLKoNzqhiPrSMBjihj2LAcI2UZob
P2upX9wUbKLOR6uaIRhAZr1sRfcQqi7hwn+XTFpD3+tw1K7HMhGJyil35XWJZNbq
MFYIDaevEdu5VGlkBxs75G3L6DSIJvT5/+xzidXIPv2Dt79I1utIFp/A1qeHP6ve
YfxSbTMTPRkxqkDj0dld3S+lenwEo2ssKNeBgO1niVux
-----END CERTIFICATE-----