Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/6f03fd-5217-4e52-a159-781280fd2412/1/BudVFfYTVPqiYM5E8Nuv_Nr7zkw.roa
File:                     BudVFfYTVPqiYM5E8Nuv_Nr7zkw.roa (raw, json)
Hash identifier:          Ykb/xzMCds7C+q70vCny4RbaKTPKFR7412HjefaOez8=
Subject key identifier:   06:E7:55:15:F6:13:54:FA:A2:60:CE:44:F0:DB:AF:FC:DA:FB:CE:4C
Certificate issuer:       /CN=ec65f246bfc1ea8fc386c86dd49fbaa8d88c4881
Certificate serial:       018EBD41893594F448DE1E52464E4A3146D7
Authority key identifier: EC:65:F2:46:BF:C1:EA:8F:C3:86:C8:6D:D4:9F:BA:A8:D8:8C:48:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7GXyRr_B6o_Dhsht1J-6qNiMSIE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/6f03fd-5217-4e52-a159-781280fd2412/1/BudVFfYTVPqiYM5E8Nuv_Nr7zkw.roa
Signing time:             Mon 08 Apr 2024 10:29:32 +0000
ROA not before:           Mon 08 Apr 2024 10:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199760
IP address blocks:        193.9.16.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/6f03fd-5217-4e52-a159-781280fd2412/1/7GXyRr_B6o_Dhsht1J-6qNiMSIE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/6f03fd-5217-4e52-a159-781280fd2412/1/7GXyRr_B6o_Dhsht1J-6qNiMSIE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7GXyRr_B6o_Dhsht1J-6qNiMSIE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:bd:41:89:35:94:f4:48:de:1e:52:46:4e:4a:31:46:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec65f246bfc1ea8fc386c86dd49fbaa8d88c4881
        Validity
            Not Before: Apr  8 10:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06e75515f61354faa260ce44f0dbaffcdafbce4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:3f:6e:b5:7e:5d:0b:ea:13:61:34:a8:1d:40:
                    3b:5e:a5:19:1a:2f:0c:98:e4:2f:4b:6e:f5:6a:8e:
                    9b:af:4c:13:e7:41:25:2d:76:7b:b2:dc:12:9e:08:
                    a2:76:bc:04:09:59:e0:40:3c:b4:f4:41:73:ad:9f:
                    78:91:68:87:38:b8:ec:cc:de:45:b9:cc:b7:0e:f0:
                    2e:52:5b:ff:f9:5a:90:f2:4d:52:f7:8a:9d:43:2d:
                    55:59:d0:52:84:42:76:4d:83:37:b9:e9:37:4f:cd:
                    49:bd:be:1e:ea:d2:fc:8a:4b:6d:78:2f:40:b5:37:
                    c2:1c:05:70:94:3f:0c:1e:68:49:77:fb:df:f9:30:
                    27:93:4b:df:5f:41:13:30:7a:ec:b6:38:c6:26:fc:
                    c5:08:ad:80:b3:64:7a:b7:4a:34:83:3a:45:f6:d5:
                    c1:57:ce:57:9f:20:02:44:94:ae:aa:52:55:0f:a8:
                    4d:fd:71:27:68:22:e4:83:17:d7:8e:81:39:b8:b5:
                    59:88:43:2f:b8:91:91:51:1b:c3:c0:9d:80:4c:2c:
                    35:08:a4:98:3a:a2:3a:22:25:75:6b:b6:43:31:a7:
                    39:e3:91:3f:de:a6:06:b9:ba:cf:bd:d7:0b:16:db:
                    36:76:07:e8:36:15:08:fa:54:ef:b4:6e:dd:37:f9:
                    90:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:E7:55:15:F6:13:54:FA:A2:60:CE:44:F0:DB:AF:FC:DA:FB:CE:4C
            X509v3 Authority Key Identifier:
                keyid:EC:65:F2:46:BF:C1:EA:8F:C3:86:C8:6D:D4:9F:BA:A8:D8:8C:48:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7GXyRr_B6o_Dhsht1J-6qNiMSIE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/6f03fd-5217-4e52-a159-781280fd2412/1/BudVFfYTVPqiYM5E8Nuv_Nr7zkw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/6f03fd-5217-4e52-a159-781280fd2412/1/7GXyRr_B6o_Dhsht1J-6qNiMSIE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.9.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:1d:6f:02:34:6e:3f:d7:6a:0e:2d:d2:36:bd:03:ea:11:ae:
         a1:7a:f2:ef:ec:4e:66:1e:92:5a:aa:a2:d2:9f:5f:3d:18:38:
         12:72:d5:a4:43:41:06:a7:8c:73:e1:3a:1b:83:1b:d2:d2:db:
         67:c9:cb:66:ae:8d:9f:3d:91:87:94:19:c7:f9:bd:18:6c:4d:
         2b:68:91:26:7f:eb:82:9f:25:18:fb:b7:38:b3:65:8a:0a:cb:
         c6:db:3e:01:98:3a:16:9c:46:33:74:5d:da:f5:36:09:7a:18:
         f1:20:e1:6a:ff:25:fc:10:7e:82:c3:4b:7e:3d:40:a5:07:e2:
         d5:f3:49:1e:86:e3:31:77:e5:d7:65:2a:ce:73:03:25:c2:73:
         24:27:97:f1:92:8a:dd:03:1a:cb:fd:42:9f:51:2b:9b:d0:a8:
         84:ae:f3:59:58:d6:aa:ec:f6:c1:e0:bd:9b:5b:da:fc:83:f9:
         ca:ff:4a:6e:68:23:78:c3:92:9c:35:1a:a9:c0:79:b9:21:66:
         48:2c:a6:10:4d:e9:23:ed:74:02:bf:0d:e1:93:1f:38:85:63:
         0b:6e:b0:6c:33:5b:1c:6d:d9:0e:f1:63:f1:d1:2a:4c:a7:bd:
         8b:2d:83:fe:b5:55:46:d0:68:92:5e:02:a2:fe:34:3c:d1:31:
         0e:89:ea:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY69QYk1lPRI3h5SRk5KMUbXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNjVmMjQ2YmZjMWVhOGZjMzg2Yzg2ZGQ0OWZiYWE4ZDg4
YzQ4ODEwHhcNMjQwNDA4MTAyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmU3NTUxNWY2MTM1NGZhYTI2MGNlNDRmMGRiYWZmY2RhZmJjZTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkD9utX5dC+oTYTSoHUA7XqUZGi8M
mOQvS271ao6br0wT50ElLXZ7stwSngiidrwECVngQDy09EFzrZ94kWiHOLjszN5F
ucy3DvAuUlv/+VqQ8k1S94qdQy1VWdBShEJ2TYM3uek3T81Jvb4e6tL8iktteC9A
tTfCHAVwlD8MHmhJd/vf+TAnk0vfX0ETMHrstjjGJvzFCK2As2R6t0o0gzpF9tXB
V85XnyACRJSuqlJVD6hN/XEnaCLkgxfXjoE5uLVZiEMvuJGRURvDwJ2ATCw1CKSY
OqI6IiV1a7ZDMac545E/3qYGubrPvdcLFts2dgfoNhUI+lTvtG7dN/mQiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAbnVRX2E1T6omDORPDbr/za+85MMB8GA1UdIwQY
MBaAFOxl8ka/weqPw4bIbdSfuqjYjEiBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0dYeVJyX0I2b19EaHNodDFKLTZxTmlNU0lFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi82ZjAzZmQtNTIxNy00ZTUyLWExNTkt
NzgxMjgwZmQyNDEyLzEvQnVkVkZmWVRWUHFpWU01RThOdXZfTnI3emt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi82ZjAzZmQtNTIxNy00ZTUyLWExNTktNzgxMjgwZmQyNDEy
LzEvN0dYeVJyX0I2b19EaHNodDFKLTZxTmlNU0lFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQkQMA0G
CSqGSIb3DQEBCwUAA4IBAQAoHW8CNG4/12oOLdI2vQPqEa6hevLv7E5mHpJaqqLS
n189GDgSctWkQ0EGp4xz4TobgxvS0ttnyctmro2fPZGHlBnH+b0YbE0raJEmf+uC
nyUY+7c4s2WKCsvG2z4BmDoWnEYzdF3a9TYJehjxIOFq/yX8EH6Cw0t+PUClB+LV
80kehuMxd+XXZSrOcwMlwnMkJ5fxkordAxrL/UKfUSub0KiErvNZWNaq7PbB4L2b
W9r8g/nK/0puaCN4w5KcNRqpwHm5IWZILKYQTekj7XQCvw3hkx84hWMLbrBsM1sc
bdkO8WPx0SpMp72LLYP+tVVG0GiSXgKi/jQ80TEOieoR
-----END CERTIFICATE-----