Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/L8yiRc84MIB2h1fRIX44t7kUm1w.roa
File:                     L8yiRc84MIB2h1fRIX44t7kUm1w.roa (raw, json)
Hash identifier:          zKA0L2bFvwOoiISQtduY5+bTDFyQnQhpCYlDUkZh/LM=
Subject key identifier:   2F:CC:A2:45:CF:38:30:80:76:87:57:D1:21:7E:38:B7:B9:14:9B:5C
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC8027B7353DA47BE21C27685237223B1
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/L8yiRc84MIB2h1fRIX44t7kUm1w.roa
Signing time:             Tue 02 Jan 2024 02:30:54 +0000
ROA not before:           Tue 02 Jan 2024 02:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43618
IP address blocks:        193.37.66.0/24 maxlen: 24
                          193.37.67.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:7b:73:53:da:47:be:21:c2:76:85:23:72:23:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2fcca245cf383080768757d1217e38b7b9149b5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:14:76:ff:ac:49:6c:1a:04:7c:91:60:cb:85:
                    86:02:cb:a5:8a:d2:01:14:93:ca:db:d7:28:79:00:
                    dd:f4:9a:a2:0f:eb:b9:ad:91:ba:75:fc:d7:43:dc:
                    50:a0:57:6e:3b:0a:18:6d:1b:ac:f1:24:b4:b2:55:
                    af:ba:80:c7:9a:b2:6e:c8:e7:c9:98:35:df:cf:a5:
                    40:95:e9:aa:13:15:85:8b:b9:c3:d2:6d:1d:88:6d:
                    58:dc:64:1d:3e:99:ee:4f:75:d8:6d:b6:ee:dd:a9:
                    d4:09:7a:2e:d8:7e:38:b2:c9:19:b5:15:45:72:79:
                    c1:dc:9b:88:74:7f:9e:77:9b:c0:1b:69:21:b3:9a:
                    ff:f1:6b:3a:ef:a6:cd:d8:71:b0:28:c2:5e:c1:88:
                    ed:87:3c:b3:e3:77:26:f1:01:1d:ff:ec:8d:80:50:
                    e9:f3:51:e9:c8:22:67:f0:3b:b6:53:cb:2c:ca:2a:
                    0c:4b:7e:1a:b4:fb:88:02:d8:3e:98:83:2d:f9:bc:
                    a8:e7:2d:a6:a4:65:f5:96:3b:2c:f3:51:7a:0b:b9:
                    5e:1f:c9:2f:27:6e:d6:0a:86:ad:7b:97:a1:9f:6b:
                    63:04:c5:82:bf:93:16:c1:6d:26:47:6b:4a:f7:71:
                    48:05:a8:40:38:2e:89:fc:02:8b:8b:f8:05:d3:d3:
                    51:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:CC:A2:45:CF:38:30:80:76:87:57:D1:21:7E:38:B7:B9:14:9B:5C
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/L8yiRc84MIB2h1fRIX44t7kUm1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         be:d5:77:6d:33:f9:a1:f1:02:7b:b2:f5:a3:e5:8a:d0:9e:60:
         38:60:07:a7:dd:35:39:c5:29:14:ba:7f:1a:6f:fa:44:a8:e4:
         0a:fa:e0:a0:39:0e:1f:90:44:ba:c3:db:36:4f:b2:47:35:cd:
         0b:8d:76:11:87:f9:28:16:90:93:c2:67:96:bd:46:e2:75:a1:
         ba:95:91:5d:f3:0b:73:d2:c9:45:7d:87:07:a3:3f:af:fc:ea:
         e0:ac:b1:41:ff:84:bd:77:74:5a:fb:53:1d:20:de:fc:4c:53:
         30:2e:2e:0d:85:94:80:ff:40:25:98:17:d0:d1:9e:40:c6:d1:
         a8:28:a8:a3:f9:2c:a7:45:74:b5:07:2f:2a:b6:83:e0:8a:65:
         66:cb:1a:1e:a5:bb:01:d2:8e:3b:37:07:dc:53:42:37:78:a2:
         8b:be:77:54:19:22:d4:9e:fa:68:ac:b5:2d:7b:a4:08:dd:6f:
         52:66:93:f7:2b:b7:41:1c:57:ac:c3:fa:82:61:f6:b1:76:b2:
         08:61:a7:50:ac:98:81:48:71:b6:e7:ad:1a:f2:84:5e:6d:7f:
         34:93:03:97:d9:79:71:d2:b4:e8:9f:bd:ff:63:00:ea:d1:6b:
         de:33:d9:10:11:b3:7f:9a:67:79:da:f5:76:10:be:23:51:f2:
         da:bb:37:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAntzU9pHviHCdoUjciOxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmNjYTI0NWNmMzgzMDgwNzY4NzU3ZDEyMTdlMzhiN2I5MTQ5YjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkBR2/6xJbBoEfJFgy4WGAsulitIB
FJPK29coeQDd9JqiD+u5rZG6dfzXQ9xQoFduOwoYbRus8SS0slWvuoDHmrJuyOfJ
mDXfz6VAlemqExWFi7nD0m0diG1Y3GQdPpnuT3XYbbbu3anUCXou2H44sskZtRVF
cnnB3JuIdH+ed5vAG2khs5r/8Ws676bN2HGwKMJewYjthzyz43cm8QEd/+yNgFDp
81HpyCJn8Du2U8ssyioMS34atPuIAtg+mIMt+byo5y2mpGX1ljss81F6C7leH8kv
J27WCoate5ehn2tjBMWCv5MWwW0mR2tK93FIBahAOC6J/AKLi/gF09NR3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC/MokXPODCAdodX0SF+OLe5FJtcMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvTDh5aVJjODRNSUIyaDFmUklYNDR0N2tVbTF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwSVCMA0G
CSqGSIb3DQEBCwUAA4IBAQC+1XdtM/mh8QJ7svWj5YrQnmA4YAen3TU5xSkUun8a
b/pEqOQK+uCgOQ4fkES6w9s2T7JHNc0LjXYRh/koFpCTwmeWvUbidaG6lZFd8wtz
0slFfYcHoz+v/OrgrLFB/4S9d3Ra+1MdIN78TFMwLi4NhZSA/0AlmBfQ0Z5AxtGo
KKij+SynRXS1By8qtoPgimVmyxoepbsB0o47NwfcU0I3eKKLvndUGSLUnvporLUt
e6QI3W9SZpP3K7dBHFesw/qCYfaxdrIIYadQrJiBSHG2560a8oRebX80kwOX2Xlx
0rTon73/YwDq0WveM9kQEbN/mmd52vV2EL4jUfLauzfG
-----END CERTIFICATE-----