Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/_Yh4WFwPTuILTqkIrEhfTKfs6bw.roa
File:                     _Yh4WFwPTuILTqkIrEhfTKfs6bw.roa (raw, json)
Hash identifier:          HR6DZn4vP6AEDBE7s/s5YwjUNxydsvcIBrGNhZz2ceg=
Subject key identifier:   FD:88:78:58:5C:0F:4E:E2:0B:4E:A9:08:AC:48:5F:4C:A7:EC:E9:BC
Certificate issuer:       /CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
Certificate serial:       018E5B8492F6822D5F47ACE81EE03C910EA5
Authority key identifier: BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/_Yh4WFwPTuILTqkIrEhfTKfs6bw.roa
Signing time:             Wed 20 Mar 2024 10:59:58 +0000
ROA not before:           Wed 20 Mar 2024 10:59:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203866
IP address blocks:        193.68.67.0/24 maxlen: 24
                          213.21.195.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:5b:84:92:f6:82:2d:5f:47:ac:e8:1e:e0:3c:91:0e:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
        Validity
            Not Before: Mar 20 10:59:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd8878585c0f4ee20b4ea908ac485f4ca7ece9bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:81:24:a1:62:66:3b:66:89:77:c0:9d:b8:e9:
                    9e:1e:72:55:b3:47:50:84:a2:61:ce:6c:c4:c0:ac:
                    a9:79:62:93:7f:1f:6b:c4:62:f0:ad:4c:47:e5:a6:
                    9e:c0:57:67:ee:ec:b8:ca:cf:74:e4:40:54:3e:99:
                    bc:d5:52:ac:bc:c5:15:6b:83:9a:d5:ec:3c:3f:f7:
                    71:aa:5e:e9:2d:11:97:fb:cb:8e:ab:d6:28:67:69:
                    6b:2d:f2:25:e8:51:d2:04:b0:e6:b8:f5:6b:99:b3:
                    e0:e4:8f:42:30:21:cc:5f:91:e7:6a:67:33:ee:a1:
                    0e:82:f2:d3:72:2a:63:25:ee:e8:fa:67:4d:cc:76:
                    a2:6b:63:02:91:f6:b3:c3:65:58:48:a3:23:25:b2:
                    b7:c4:ae:bb:e6:1f:a5:31:a9:4b:4c:9c:af:48:a0:
                    d3:59:3c:5f:26:7b:e3:73:45:8e:d1:fa:41:6e:79:
                    9d:57:63:d9:a2:04:ed:1e:45:d6:43:87:3d:f0:c5:
                    ae:88:22:89:9c:0a:9a:48:0e:b6:14:26:45:a8:29:
                    55:24:b8:d6:75:a8:fb:70:93:a7:69:03:3e:39:f6:
                    e9:0e:d6:07:2e:d7:bb:3d:5f:c7:4e:b7:d3:bd:94:
                    db:48:6d:8a:09:7b:d4:d6:1d:da:7c:d9:c1:64:60:
                    d3:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:88:78:58:5C:0F:4E:E2:0B:4E:A9:08:AC:48:5F:4C:A7:EC:E9:BC
            X509v3 Authority Key Identifier:
                keyid:BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/_Yh4WFwPTuILTqkIrEhfTKfs6bw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.68.67.0/24
                  213.21.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:a9:1b:83:99:d4:1e:c4:82:28:1d:ea:49:f8:f3:5b:27:38:
         70:d8:d7:0a:06:0b:db:34:c3:a0:19:c3:fe:ea:33:00:51:f4:
         31:7c:09:3d:6f:2f:85:1f:8f:34:30:61:38:e2:56:62:93:e0:
         7a:af:7e:c9:1f:5a:7c:05:d8:47:aa:62:c0:48:8e:11:9a:3b:
         27:79:dd:47:d2:ce:15:a1:aa:32:9e:6e:f6:b3:34:a8:1d:97:
         a8:55:40:9e:73:c9:30:04:c7:41:21:cd:70:f5:11:f8:d4:6e:
         72:0e:1f:de:2e:e2:25:33:0f:3c:ff:0d:49:b8:8f:54:20:d0:
         37:fd:4b:c2:bc:3d:54:2c:e4:0f:de:7a:68:d6:4f:d3:d3:7e:
         ff:db:a2:8a:0d:e2:8b:55:f1:78:27:98:d7:90:8f:ff:db:54:
         45:5f:ed:4c:6f:07:ba:21:ac:f5:f0:c6:3e:50:13:e1:66:96:
         b6:c3:dc:ac:c9:2e:c8:df:b7:4a:fb:64:62:67:3b:d3:e9:86:
         ab:97:6a:04:68:10:a2:6d:26:26:11:a3:e3:ae:2d:76:16:c5:
         ca:29:c1:4e:df:3b:85:11:49:68:00:d5:17:ec:d2:16:c0:e6:
         5d:8b:07:20:bc:c6:58:c2:5a:49:51:0e:2c:32:63:02:c2:4f:
         e6:23:f8:ed
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY5bhJL2gi1fR6zoHuA8kQ6lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjZmRmZTZkY2E4YWM3YmZhMWE5NDUwZWY5OWZkMzE1ZWQw
MmFjZDkwHhcNMjQwMzIwMTA1OTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDg4Nzg1ODVjMGY0ZWUyMGI0ZWE5MDhhYzQ4NWY0Y2E3ZWNlOWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAooEkoWJmO2aJd8CduOmeHnJVs0dQ
hKJhzmzEwKypeWKTfx9rxGLwrUxH5aaewFdn7uy4ys905EBUPpm81VKsvMUVa4Oa
1ew8P/dxql7pLRGX+8uOq9YoZ2lrLfIl6FHSBLDmuPVrmbPg5I9CMCHMX5Hnamcz
7qEOgvLTcipjJe7o+mdNzHaia2MCkfazw2VYSKMjJbK3xK675h+lMalLTJyvSKDT
WTxfJnvjc0WO0fpBbnmdV2PZogTtHkXWQ4c98MWuiCKJnAqaSA62FCZFqClVJLjW
daj7cJOnaQM+OfbpDtYHLte7PV/HTrfTvZTbSG2KCXvU1h3afNnBZGDT/wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP2IeFhcD07iC06pCKxIX0yn7Om8MB8GA1UdIwQY
MBaAFLz9/m3Kise/oalFDvmf0xXtAqzZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmIt
MWFmMjQ2NWE4ZWVjLzEvX1loNFdGd1BUdUlMVHFrSXJFaGZUS2ZzNmJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmItMWFmMjQ2NWE4ZWVj
LzEvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwURDAwQA
1RXDMA0GCSqGSIb3DQEBCwUAA4IBAQAoqRuDmdQexIIoHepJ+PNbJzhw2NcKBgvb
NMOgGcP+6jMAUfQxfAk9by+FH480MGE44lZik+B6r37JH1p8BdhHqmLASI4Rmjsn
ed1H0s4Voaoynm72szSoHZeoVUCec8kwBMdBIc1w9RH41G5yDh/eLuIlMw88/w1J
uI9UINA3/UvCvD1ULOQP3npo1k/T037/26KKDeKLVfF4J5jXkI//21RFX+1Mbwe6
Iaz18MY+UBPhZpa2w9ysyS7I37dK+2RiZzvT6Yarl2oEaBCibSYmEaPjri12FsXK
KcFO3zuFEUloANUX7NIWwOZdiwcgvMZYwlpJUQ4sMmMCwk/mI/jt
-----END CERTIFICATE-----