Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/nO5Prqy7KmoDiO8AEIJknAIykdE.roa
File:                     nO5Prqy7KmoDiO8AEIJknAIykdE.roa (raw, json)
Hash identifier:          bM/RImA86Kwe4n2TtPRRo3sOCR2V04zlru9gvjGDZ7o=
Subject key identifier:   9C:EE:4F:AE:AC:BB:2A:6A:03:88:EF:00:10:82:64:9C:02:32:91:D1
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01931FEB899A6434AAA6209221DA4E04CD7D
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/nO5Prqy7KmoDiO8AEIJknAIykdE.roa
Signing time:             Tue 12 Nov 2024 10:29:10 +0000
ROA not before:           Tue 12 Nov 2024 10:29:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64267
IP address blocks:        193.58.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 14:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:1f:eb:89:9a:64:34:aa:a6:20:92:21:da:4e:04:cd:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Nov 12 10:29:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9cee4faeacbb2a6a0388ef001082649c023291d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:bd:cb:25:2d:60:54:9e:0a:2c:58:65:8e:a1:
                    de:62:b0:22:74:0f:a1:ec:1d:fb:a2:2b:c7:85:b7:
                    57:18:c0:b3:b1:45:c9:b5:2b:b1:ea:9c:b1:ce:5f:
                    13:94:b4:3c:e3:08:e5:4c:a7:92:47:26:d8:bb:ab:
                    80:3f:80:45:cb:4f:70:22:08:a9:cb:0c:1d:56:01:
                    d9:de:94:e2:cf:4f:d0:92:d4:ac:99:f5:48:6b:cc:
                    73:17:c5:3c:66:ff:0a:0c:32:33:c5:ed:2d:57:41:
                    a7:fa:b7:c3:ff:a9:e1:17:12:8e:30:4b:6f:17:1e:
                    02:d2:b3:aa:0c:c8:5f:87:c4:f1:e0:39:a8:50:79:
                    5f:d9:0c:67:f0:a0:00:dc:2a:09:d2:fb:33:84:e1:
                    c0:66:25:9a:5c:82:14:3c:47:8b:b9:74:81:90:15:
                    a3:d1:a2:e7:03:8b:b3:71:24:c3:6e:81:d3:60:59:
                    3f:41:85:0b:26:09:12:1d:c4:dc:a3:a4:66:98:9e:
                    0a:7e:2c:4d:98:39:ce:7a:36:97:82:27:e5:c7:4b:
                    a7:8a:d7:b0:2a:35:6b:89:98:8e:ae:e4:6d:3f:93:
                    b2:d3:55:5d:0e:4d:3b:09:5d:ae:1c:1a:46:c4:a0:
                    71:ab:16:b8:c5:d2:59:b6:3c:5d:4c:2c:fc:3b:bf:
                    fd:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:EE:4F:AE:AC:BB:2A:6A:03:88:EF:00:10:82:64:9C:02:32:91:D1
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/nO5Prqy7KmoDiO8AEIJknAIykdE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.58.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:6f:1f:65:b5:c7:9e:bd:33:e9:4a:f1:3a:3f:ca:26:7a:77:
         b5:18:4d:3b:49:e6:b8:99:bb:4c:28:3e:a6:a7:62:4f:99:fa:
         cb:94:96:49:ae:69:45:24:f1:8b:63:c7:52:46:d4:c1:f8:27:
         fc:59:f7:cc:37:03:b8:6a:91:95:4d:0d:54:b1:60:9f:9a:87:
         03:8d:c4:b8:d6:2e:6b:ec:11:ae:35:ea:7a:3c:dc:78:63:1f:
         de:a3:9d:73:4c:ae:1c:44:f1:f0:90:e2:cc:8c:bc:ac:cb:7b:
         3a:3d:7c:94:bf:2c:35:89:cb:e3:4b:7c:80:44:bc:1a:9c:53:
         ca:af:77:88:c9:82:27:b4:99:ac:47:3d:77:39:04:e2:30:ad:
         12:c0:d5:54:0b:d8:49:d0:f5:83:f7:2e:ef:fb:b9:87:e0:05:
         80:d5:bf:ac:80:99:bf:8d:0b:f6:e7:03:74:29:02:2d:34:8d:
         41:07:7f:e1:31:c7:54:a2:c6:e5:ef:9c:77:72:01:8a:b5:89:
         38:79:d3:94:5e:6f:65:1e:fc:1a:b7:a4:34:6c:80:9e:9c:c9:
         b8:40:22:d6:ba:11:44:66:4a:eb:03:e5:89:80:12:66:14:47:
         2a:c4:f7:57:5a:b6:d5:76:2d:41:3f:77:3c:74:19:16:3c:7e:
         ed:4f:f6:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMf64maZDSqpiCSIdpOBM19MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQxMTEyMTAyOTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2VlNGZhZWFjYmIyYTZhMDM4OGVmMDAxMDgyNjQ5YzAyMzI5MWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz73LJS1gVJ4KLFhljqHeYrAidA+h
7B37oivHhbdXGMCzsUXJtSux6pyxzl8TlLQ84wjlTKeSRybYu6uAP4BFy09wIgip
ywwdVgHZ3pTiz0/QktSsmfVIa8xzF8U8Zv8KDDIzxe0tV0Gn+rfD/6nhFxKOMEtv
Fx4C0rOqDMhfh8Tx4DmoUHlf2Qxn8KAA3CoJ0vszhOHAZiWaXIIUPEeLuXSBkBWj
0aLnA4uzcSTDboHTYFk/QYULJgkSHcTco6RmmJ4KfixNmDnOejaXgiflx0unitew
KjVriZiOruRtP5Oy01VdDk07CV2uHBpGxKBxqxa4xdJZtjxdTCz8O7/9MwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJzuT66suypqA4jvABCCZJwCMpHRMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvbk81UHJxeTdLbW9EaU84QUVJSmtuQUl5a2RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTqQMA0G
CSqGSIb3DQEBCwUAA4IBAQCebx9ltceevTPpSvE6P8omene1GE07Sea4mbtMKD6m
p2JPmfrLlJZJrmlFJPGLY8dSRtTB+Cf8WffMNwO4apGVTQ1UsWCfmocDjcS41i5r
7BGuNep6PNx4Yx/eo51zTK4cRPHwkOLMjLysy3s6PXyUvyw1icvjS3yARLwanFPK
r3eIyYIntJmsRz13OQTiMK0SwNVUC9hJ0PWD9y7v+7mH4AWA1b+sgJm/jQv25wN0
KQItNI1BB3/hMcdUosbl75x3cgGKtYk4edOUXm9lHvwat6Q0bICenMm4QCLWuhFE
ZkrrA+WJgBJmFEcqxPdXWrbVdi1BP3c8dBkWPH7tT/ZB
-----END CERTIFICATE-----