Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/64722b-2995-40de-8b87-226b8d4a5f60/1/urF9f7HlsHUMac_3rzQeBB-pgNc.roa
File:                     urF9f7HlsHUMac_3rzQeBB-pgNc.roa (raw, json)
Hash identifier:          pUie4fCTfSFVi6UIJmMScHyOngHn9AjqDzVmI1SQ+hU=
Subject key identifier:   BA:B1:7D:7F:B1:E5:B0:75:0C:69:CF:F7:AF:34:1E:04:1F:A9:80:D7
Certificate issuer:       /CN=20feef391f16300157bb78b2eaea06d61c20c945
Certificate serial:       018FF857FFA4A2F6676F0CA89FD9091D59E8
Authority key identifier: 20:FE:EF:39:1F:16:30:01:57:BB:78:B2:EA:EA:06:D6:1C:20:C9:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IP7vOR8WMAFXu3iy6uoG1hwgyUU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/64722b-2995-40de-8b87-226b8d4a5f60/1/urF9f7HlsHUMac_3rzQeBB-pgNc.roa
Signing time:             Sat 08 Jun 2024 14:54:27 +0000
ROA not before:           Sat 08 Jun 2024 14:54:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215133
IP address blocks:        193.25.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/64722b-2995-40de-8b87-226b8d4a5f60/1/IP7vOR8WMAFXu3iy6uoG1hwgyUU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/64722b-2995-40de-8b87-226b8d4a5f60/1/IP7vOR8WMAFXu3iy6uoG1hwgyUU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IP7vOR8WMAFXu3iy6uoG1hwgyUU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 13:57:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:f8:57:ff:a4:a2:f6:67:6f:0c:a8:9f:d9:09:1d:59:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20feef391f16300157bb78b2eaea06d61c20c945
        Validity
            Not Before: Jun  8 14:54:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bab17d7fb1e5b0750c69cff7af341e041fa980d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:41:99:ae:c0:8b:eb:d2:a5:45:7d:7c:db:a9:
                    0c:25:fb:58:be:85:bc:4f:15:fe:80:74:d6:ce:43:
                    9b:6f:7a:be:42:f1:e4:b1:b3:f1:c0:c3:6f:83:86:
                    f7:7e:8e:11:d9:e1:4b:6d:dd:4d:33:52:99:7d:0e:
                    f8:a6:36:c9:66:97:4d:a0:ca:6b:83:e4:d2:5b:f8:
                    9a:6f:a6:30:b6:6c:d8:26:9f:11:96:9b:d8:b1:39:
                    f7:ed:c3:77:b5:21:35:cd:8f:c4:85:88:ac:fd:55:
                    a7:e1:7e:1b:32:ec:c8:8c:44:5c:95:f6:0c:a5:4e:
                    fa:1c:d7:5c:9e:af:49:a6:bb:8e:fd:41:57:dd:aa:
                    3c:8d:77:e5:f9:2e:5e:f5:f7:e7:2f:36:9f:f8:fe:
                    fe:0b:ea:d7:04:12:96:35:f1:ec:86:9f:1e:22:93:
                    3b:eb:cb:d0:3d:6c:4d:c7:38:7e:b1:9f:f7:7f:ae:
                    9f:5d:0d:c2:0e:73:e1:d8:69:bc:a7:ce:6f:28:6e:
                    22:29:00:94:04:61:14:0b:d5:14:85:4f:44:a5:29:
                    dd:f8:e6:be:a4:8f:38:bd:63:56:74:e7:ac:e6:51:
                    a2:69:7e:65:f7:cb:44:1b:5b:08:c2:21:23:30:31:
                    ca:b3:77:a8:ba:91:ed:3b:db:81:a1:fc:b9:b8:a8:
                    5b:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:B1:7D:7F:B1:E5:B0:75:0C:69:CF:F7:AF:34:1E:04:1F:A9:80:D7
            X509v3 Authority Key Identifier:
                keyid:20:FE:EF:39:1F:16:30:01:57:BB:78:B2:EA:EA:06:D6:1C:20:C9:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IP7vOR8WMAFXu3iy6uoG1hwgyUU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/64722b-2995-40de-8b87-226b8d4a5f60/1/urF9f7HlsHUMac_3rzQeBB-pgNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/64722b-2995-40de-8b87-226b8d4a5f60/1/IP7vOR8WMAFXu3iy6uoG1hwgyUU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.25.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:3e:0e:17:93:de:97:79:e5:d6:0f:85:d7:d8:f8:54:6b:c1:
         30:73:92:9e:98:b8:7f:69:04:83:45:ca:2e:a7:3b:98:15:1c:
         d0:7a:59:16:64:f9:82:52:b9:e4:1b:54:3b:d6:99:0f:16:ae:
         9e:d8:42:6e:65:fa:57:95:c6:04:16:c2:ab:85:2a:5e:e0:56:
         bc:0f:6f:61:16:e7:99:27:85:27:10:7c:46:ec:7c:41:a5:7a:
         74:17:3d:10:cd:41:7a:2b:24:e3:0e:8e:ba:9f:a4:c1:30:86:
         92:9d:01:e7:5a:6b:d6:9d:3a:f0:ac:e4:c1:fc:d1:42:8b:77:
         8b:0e:a5:30:fa:ba:33:e3:a2:7b:37:1a:ff:81:a0:85:8a:45:
         55:40:48:a7:d5:36:cf:9e:e7:c4:f3:cf:a0:02:ee:19:94:93:
         5a:78:b4:22:da:26:77:03:cc:e4:7b:da:db:e4:f8:a1:58:dc:
         a8:22:81:e3:5d:1d:86:13:9e:43:aa:e7:49:6d:53:a7:80:11:
         36:a3:d4:c0:32:97:94:8f:74:14:c2:ca:86:11:ca:6d:47:f9:
         de:e4:68:b8:32:dd:3f:d3:41:07:6e:5a:9e:15:3f:33:68:bd:
         dc:35:16:fc:5b:e0:5d:b9:34:8a:d9:9f:ce:94:f2:48:f5:52:
         b2:d9:3a:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/4V/+kovZnbwyon9kJHVnoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZmVlZjM5MWYxNjMwMDE1N2JiNzhiMmVhZWEwNmQ2MWMy
MGM5NDUwHhcNMjQwNjA4MTQ1NDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWIxN2Q3ZmIxZTViMDc1MGM2OWNmZjdhZjM0MWUwNDFmYTk4MGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkGZrsCL69KlRX1826kMJftYvoW8
TxX+gHTWzkObb3q+QvHksbPxwMNvg4b3fo4R2eFLbd1NM1KZfQ74pjbJZpdNoMpr
g+TSW/iab6YwtmzYJp8RlpvYsTn37cN3tSE1zY/EhYis/VWn4X4bMuzIjERclfYM
pU76HNdcnq9JpruO/UFX3ao8jXfl+S5e9ffnLzaf+P7+C+rXBBKWNfHshp8eIpM7
68vQPWxNxzh+sZ/3f66fXQ3CDnPh2Gm8p85vKG4iKQCUBGEUC9UUhU9EpSnd+Oa+
pI84vWNWdOes5lGiaX5l98tEG1sIwiEjMDHKs3eoupHtO9uBofy5uKhbDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLqxfX+x5bB1DGnP9680HgQfqYDXMB8GA1UdIwQY
MBaAFCD+7zkfFjABV7t4surqBtYcIMlFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVA3dk9SOFdNQUZYdTNpeTZ1b0cxaHdneVVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC82NDcyMmItMjk5NS00MGRlLThiODct
MjI2YjhkNGE1ZjYwLzEvdXJGOWY3SGxzSFVNYWNfM3J6UWVCQi1wZ05jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC82NDcyMmItMjk5NS00MGRlLThiODctMjI2YjhkNGE1ZjYw
LzEvSVA3dk9SOFdNQUZYdTNpeTZ1b0cxaHdneVVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRmnMA0G
CSqGSIb3DQEBCwUAA4IBAQB7Pg4Xk96XeeXWD4XX2PhUa8Ewc5KemLh/aQSDRcou
pzuYFRzQelkWZPmCUrnkG1Q71pkPFq6e2EJuZfpXlcYEFsKrhSpe4Fa8D29hFueZ
J4UnEHxG7HxBpXp0Fz0QzUF6KyTjDo66n6TBMIaSnQHnWmvWnTrwrOTB/NFCi3eL
DqUw+roz46J7Nxr/gaCFikVVQEin1TbPnufE88+gAu4ZlJNaeLQi2iZ3A8zke9rb
5PihWNyoIoHjXR2GE55DqudJbVOngBE2o9TAMpeUj3QUwsqGEcptR/ne5Gi4Mt0/
00EHblqeFT8zaL3cNRb8W+BduTSK2Z/OlPJI9VKy2TpL
-----END CERTIFICATE-----