Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/c44b7f-5bcd-4ee7-8712-38823c1449af/1/9O8jemDFcJlxVrNWVccBbIMmqA0.roa
File:                     9O8jemDFcJlxVrNWVccBbIMmqA0.roa (raw, json)
Hash identifier:          InX+MD4+UPRXJSUYs9H7b9pzLhQUg2vCF54poxe2REE=
Subject key identifier:   F4:EF:23:7A:60:C5:70:99:71:56:B3:56:55:C7:01:6C:83:26:A8:0D
Certificate issuer:       /CN=eebe79d147882422ec275417dfd2affa93a02757
Certificate serial:       018F52E650C51D679AD028E1F691BA5A6978
Authority key identifier: EE:BE:79:D1:47:88:24:22:EC:27:54:17:DF:D2:AF:FA:93:A0:27:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7r550UeIJCLsJ1QX39Kv-pOgJ1c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/c44b7f-5bcd-4ee7-8712-38823c1449af/1/9O8jemDFcJlxVrNWVccBbIMmqA0.roa
Signing time:             Tue 07 May 2024 11:52:56 +0000
ROA not before:           Tue 07 May 2024 11:52:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215076
IP address blocks:        193.8.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/c44b7f-5bcd-4ee7-8712-38823c1449af/1/7r550UeIJCLsJ1QX39Kv-pOgJ1c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/c44b7f-5bcd-4ee7-8712-38823c1449af/1/7r550UeIJCLsJ1QX39Kv-pOgJ1c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7r550UeIJCLsJ1QX39Kv-pOgJ1c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 23:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:52:e6:50:c5:1d:67:9a:d0:28:e1:f6:91:ba:5a:69:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebe79d147882422ec275417dfd2affa93a02757
        Validity
            Not Before: May  7 11:52:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4ef237a60c570997156b35655c7016c8326a80d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:6f:51:44:96:21:1f:58:fa:5b:eb:d4:91:eb:
                    44:23:89:e5:f2:1d:36:38:c1:f4:71:29:23:96:46:
                    c2:69:78:c6:4d:22:a7:3e:f6:a0:e9:d3:bd:9e:86:
                    ec:f6:a0:1f:d2:9a:b8:2f:6a:52:ce:7a:44:86:63:
                    1e:59:3e:6e:61:3a:91:b9:6b:84:98:95:31:88:be:
                    73:55:e4:9a:5b:21:60:30:db:05:11:2f:59:05:7c:
                    4d:2d:a5:88:f0:32:76:22:d6:58:49:eb:e8:73:dc:
                    7a:ec:5f:22:20:ed:41:83:36:2a:7f:a4:43:f1:48:
                    8c:bd:5a:41:0e:16:74:d5:c1:18:e8:4a:d9:df:6d:
                    8a:bf:f3:a3:38:1f:b0:14:82:df:c6:cd:45:9a:22:
                    5d:3b:39:86:f7:d7:21:d2:56:c2:df:f6:3e:67:fa:
                    6d:9b:ab:ee:29:03:13:45:bd:b8:77:2c:1f:a3:23:
                    6f:0c:5e:ad:98:d5:3b:8b:77:54:c0:cb:24:7b:6b:
                    ce:93:2a:a0:be:fe:db:33:c6:56:33:40:32:b4:56:
                    72:96:81:19:2c:07:ae:10:38:2e:38:48:63:ed:2e:
                    77:3f:1b:ae:c5:de:d5:92:50:0c:da:e4:dd:21:df:
                    e5:ab:2c:b8:74:80:8b:5f:f8:a1:b5:67:47:3e:bc:
                    c9:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:EF:23:7A:60:C5:70:99:71:56:B3:56:55:C7:01:6C:83:26:A8:0D
            X509v3 Authority Key Identifier:
                keyid:EE:BE:79:D1:47:88:24:22:EC:27:54:17:DF:D2:AF:FA:93:A0:27:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7r550UeIJCLsJ1QX39Kv-pOgJ1c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/c44b7f-5bcd-4ee7-8712-38823c1449af/1/9O8jemDFcJlxVrNWVccBbIMmqA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/c44b7f-5bcd-4ee7-8712-38823c1449af/1/7r550UeIJCLsJ1QX39Kv-pOgJ1c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:b6:06:63:85:58:da:a8:7c:10:a5:2c:a4:4e:91:1b:1c:f0:
         2e:32:6c:02:52:c4:06:81:ad:1f:df:bf:24:c5:48:2d:f7:81:
         5c:48:a1:45:d9:7b:99:5e:0c:2f:1d:75:b7:96:fb:de:bd:fe:
         0d:44:12:dd:95:2d:37:7f:68:be:94:ab:9c:0f:70:c2:ab:aa:
         de:8b:3a:e8:ca:e0:47:14:5d:f8:17:36:6a:6b:43:a1:40:36:
         b8:ca:2d:46:bc:18:9a:5e:26:7d:7b:8b:e1:4a:39:6f:d6:bc:
         fb:ee:c1:26:1b:85:de:d5:7e:76:e8:e9:01:9d:b2:68:3d:61:
         c9:c9:7f:b6:06:1e:47:ad:4a:bc:bd:bc:8b:6a:46:dd:92:cc:
         82:38:a2:84:16:70:87:4e:21:72:6b:f2:64:f8:c1:23:69:da:
         23:f0:3e:55:ac:2b:b6:19:ea:d1:72:ec:67:aa:6d:66:b6:32:
         6d:b2:7d:b4:ca:63:93:90:b6:e2:a5:75:47:87:28:97:3d:f3:
         97:1c:b0:37:ee:24:ac:5f:16:2b:cf:f9:61:e2:c7:dd:81:0c:
         75:4d:10:45:ec:d0:91:96:6e:94:98:35:ce:e9:5a:46:d2:a9:
         ea:9b:7e:d5:70:42:68:7e:ae:76:68:d1:8d:18:c5:47:a2:3f:
         c7:d5:94:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9S5lDFHWea0Cjh9pG6Wml4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmU3OWQxNDc4ODI0MjJlYzI3NTQxN2RmZDJhZmZhOTNh
MDI3NTcwHhcNMjQwNTA3MTE1MjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGVmMjM3YTYwYzU3MDk5NzE1NmIzNTY1NWM3MDE2YzgzMjZhODBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmm9RRJYhH1j6W+vUketEI4nl8h02
OMH0cSkjlkbCaXjGTSKnPvag6dO9nobs9qAf0pq4L2pSznpEhmMeWT5uYTqRuWuE
mJUxiL5zVeSaWyFgMNsFES9ZBXxNLaWI8DJ2ItZYSevoc9x67F8iIO1BgzYqf6RD
8UiMvVpBDhZ01cEY6ErZ322Kv/OjOB+wFILfxs1FmiJdOzmG99ch0lbC3/Y+Z/pt
m6vuKQMTRb24dywfoyNvDF6tmNU7i3dUwMske2vOkyqgvv7bM8ZWM0AytFZyloEZ
LAeuEDguOEhj7S53Pxuuxd7VklAM2uTdId/lqyy4dICLX/ihtWdHPrzJZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPTvI3pgxXCZcVazVlXHAWyDJqgNMB8GA1UdIwQY
MBaAFO6+edFHiCQi7CdUF9/Sr/qToCdXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3I1NTBVZUlKQ0xzSjFRWDM5S3YtcE9nSjFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9jNDRiN2YtNWJjZC00ZWU3LTg3MTIt
Mzg4MjNjMTQ0OWFmLzEvOU84amVtREZjSmx4VnJOV1ZjY0JiSU1tcUEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9jNDRiN2YtNWJjZC00ZWU3LTg3MTItMzg4MjNjMTQ0OWFm
LzEvN3I1NTBVZUlKQ0xzSjFRWDM5S3YtcE9nSjFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQhIMA0G
CSqGSIb3DQEBCwUAA4IBAQBqtgZjhVjaqHwQpSykTpEbHPAuMmwCUsQGga0f378k
xUgt94FcSKFF2XuZXgwvHXW3lvvevf4NRBLdlS03f2i+lKucD3DCq6reizroyuBH
FF34FzZqa0OhQDa4yi1GvBiaXiZ9e4vhSjlv1rz77sEmG4Xe1X526OkBnbJoPWHJ
yX+2Bh5HrUq8vbyLakbdksyCOKKEFnCHTiFya/Jk+MEjadoj8D5VrCu2GerRcuxn
qm1mtjJtsn20ymOTkLbipXVHhyiXPfOXHLA37iSsXxYrz/lh4sfdgQx1TRBF7NCR
lm6UmDXO6VpG0qnqm37VcEJofq52aNGNGMVHoj/H1ZR4
-----END CERTIFICATE-----