Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/9bA4ssV9rTfVlS1i0qVD-wrdqj8.roa
File:                     9bA4ssV9rTfVlS1i0qVD-wrdqj8.roa (raw, json)
Hash identifier:          e6PLAsyP58uKFiGXg8EYnDMMPYm9mzRQi/UtLI2qrFU=
Subject key identifier:   F5:B0:38:B2:C5:7D:AD:37:D5:95:2D:62:D2:A5:43:FB:0A:DD:AA:3F
Certificate issuer:       /CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
Certificate serial:       01906E4B0397430A9842C2980B57D0908F6E
Authority key identifier: BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/9bA4ssV9rTfVlS1i0qVD-wrdqj8.roa
Signing time:             Mon 01 Jul 2024 12:35:28 +0000
ROA not before:           Mon 01 Jul 2024 12:35:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60223
IP address blocks:        193.68.89.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 05:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:6e:4b:03:97:43:0a:98:42:c2:98:0b:57:d0:90:8f:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
        Validity
            Not Before: Jul  1 12:35:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5b038b2c57dad37d5952d62d2a543fb0addaa3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:7e:68:26:dd:a6:4a:9b:42:df:3c:bc:5c:d3:
                    f0:73:21:70:1b:a2:fa:75:8a:55:4a:e0:2c:c0:c9:
                    cd:e5:ea:72:3d:bf:d3:0c:00:6b:56:37:99:de:83:
                    9d:ad:15:a2:c8:9a:16:bf:91:7e:fe:53:b0:7f:b0:
                    b0:f9:b2:2c:f8:51:6e:d4:b9:65:5f:ae:65:e6:76:
                    3d:da:73:ba:fe:e9:d9:f4:a3:ff:13:37:61:0b:b0:
                    0e:4b:6c:08:44:0e:2a:ee:f9:e8:7f:af:24:47:52:
                    fe:28:83:75:58:8b:e4:40:13:af:dc:5d:3c:5d:99:
                    e3:44:54:31:f2:63:47:40:74:28:8c:c2:d9:5b:90:
                    4a:f7:6f:b5:19:a0:04:28:13:c9:6a:4c:4d:e7:8d:
                    48:b1:e1:ce:05:5e:0d:9e:eb:8a:d8:ac:18:14:d6:
                    62:1c:a7:26:09:90:0c:ab:da:ac:b3:cc:57:98:cc:
                    9a:07:bc:65:7f:27:6e:f6:f5:3b:4f:2d:a4:e3:86:
                    bc:71:1a:90:43:e5:44:ed:91:03:60:55:61:84:6f:
                    d6:04:d2:f9:bd:e5:ea:0c:6c:03:ff:26:42:b4:0b:
                    10:8e:4b:64:c9:56:d6:84:41:5f:3b:2f:c0:4d:3f:
                    26:07:a1:93:fc:2f:60:b2:93:2e:59:56:06:35:2e:
                    e4:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:B0:38:B2:C5:7D:AD:37:D5:95:2D:62:D2:A5:43:FB:0A:DD:AA:3F
            X509v3 Authority Key Identifier:
                keyid:BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/9bA4ssV9rTfVlS1i0qVD-wrdqj8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.68.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:29:37:41:b3:7f:c5:5d:14:e1:6f:eb:50:3d:fa:72:4b:61:
         ff:6a:41:af:c9:ec:05:ad:d7:a7:7f:87:9d:b6:df:c1:18:81:
         6d:6a:a0:a4:59:6e:21:d7:6f:38:d5:d1:91:bf:bf:ef:83:bb:
         06:aa:c0:9f:e7:99:5c:03:ef:3c:18:b5:80:3e:af:b0:ec:a8:
         f1:11:3e:b8:c5:58:cf:a4:8f:c1:35:ac:e6:34:1b:b1:a1:c3:
         62:7d:87:4b:b6:54:00:67:2f:2f:c9:bd:6c:31:fe:65:92:7c:
         4a:96:5a:1f:3d:65:3e:26:a7:2f:6c:69:7d:f0:b8:a1:2e:aa:
         54:27:cb:21:a1:74:37:f4:d5:48:e8:c0:df:c8:63:5c:38:20:
         13:5b:c5:8d:de:c2:0b:63:6e:8f:f0:f4:db:d8:7b:1f:01:b3:
         35:04:85:ec:bd:7b:a2:35:d8:78:00:3d:19:25:48:86:da:48:
         82:7e:db:97:51:6a:7f:61:bc:8e:e4:fc:9e:49:ed:e5:6e:3d:
         c9:5e:80:2d:80:23:1e:1f:a2:47:56:87:a7:93:e6:5e:8a:6f:
         50:83:07:6a:1c:d0:43:52:fc:89:e6:13:99:cb:0e:12:4e:2e:
         95:e0:8b:fb:f2:58:b4:c8:0f:86:9c:05:87:70:f9:a8:9b:90:
         72:c5:e8:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBuSwOXQwqYQsKYC1fQkI9uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjZmRmZTZkY2E4YWM3YmZhMWE5NDUwZWY5OWZkMzE1ZWQw
MmFjZDkwHhcNMjQwNzAxMTIzNTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWIwMzhiMmM1N2RhZDM3ZDU5NTJkNjJkMmE1NDNmYjBhZGRhYTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvn5oJt2mSptC3zy8XNPwcyFwG6L6
dYpVSuAswMnN5epyPb/TDABrVjeZ3oOdrRWiyJoWv5F+/lOwf7Cw+bIs+FFu1Lll
X65l5nY92nO6/unZ9KP/EzdhC7AOS2wIRA4q7vnof68kR1L+KIN1WIvkQBOv3F08
XZnjRFQx8mNHQHQojMLZW5BK92+1GaAEKBPJakxN541IseHOBV4NnuuK2KwYFNZi
HKcmCZAMq9qss8xXmMyaB7xlfydu9vU7Ty2k44a8cRqQQ+VE7ZEDYFVhhG/WBNL5
veXqDGwD/yZCtAsQjktkyVbWhEFfOy/ATT8mB6GT/C9gspMuWVYGNS7kKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPWwOLLFfa031ZUtYtKlQ/sK3ao/MB8GA1UdIwQY
MBaAFLz9/m3Kise/oalFDvmf0xXtAqzZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmIt
MWFmMjQ2NWE4ZWVjLzEvOWJBNHNzVjlyVGZWbFMxaTBxVkQtd3JkcWo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmItMWFmMjQ2NWE4ZWVj
LzEvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwURZMA0G
CSqGSIb3DQEBCwUAA4IBAQBMKTdBs3/FXRThb+tQPfpyS2H/akGvyewFrdenf4ed
tt/BGIFtaqCkWW4h12841dGRv7/vg7sGqsCf55lcA+88GLWAPq+w7KjxET64xVjP
pI/BNazmNBuxocNifYdLtlQAZy8vyb1sMf5lknxKllofPWU+JqcvbGl98LihLqpU
J8shoXQ39NVI6MDfyGNcOCATW8WN3sILY26P8PTb2HsfAbM1BIXsvXuiNdh4AD0Z
JUiG2kiCftuXUWp/YbyO5PyeSe3lbj3JXoAtgCMeH6JHVoenk+Zeim9QgwdqHNBD
UvyJ5hOZyw4STi6V4Iv78li0yA+GnAWHcPmom5ByxehS
-----END CERTIFICATE-----