Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/f9a891-b818-499a-971c-bc5456962f2d/1/RsSLRRz7lsFz8qYdS4LcYwocfo4.roa
File:                     RsSLRRz7lsFz8qYdS4LcYwocfo4.roa (raw, json)
Hash identifier:          IfCbEIgLdLoCLba0xnFCRG8U95BYu+Ynh2W6oG1P49Q=
Subject key identifier:   46:C4:8B:45:1C:FB:96:C1:73:F2:A6:1D:4B:82:DC:63:0A:1C:7E:8E
Certificate issuer:       /CN=b4bb8aef8b0e6d9c6ff6320807f5a9007598eeb0
Certificate serial:       018CC8DDF8167F91FC925B5F593498A85EFF
Authority key identifier: B4:BB:8A:EF:8B:0E:6D:9C:6F:F6:32:08:07:F5:A9:00:75:98:EE:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tLuK74sObZxv9jIIB_WpAHWY7rA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/f9a891-b818-499a-971c-bc5456962f2d/1/RsSLRRz7lsFz8qYdS4LcYwocfo4.roa
Signing time:             Tue 02 Jan 2024 06:30:39 +0000
ROA not before:           Tue 02 Jan 2024 06:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60631
IP address blocks:        193.242.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/f9a891-b818-499a-971c-bc5456962f2d/1/tLuK74sObZxv9jIIB_WpAHWY7rA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/f9a891-b818-499a-971c-bc5456962f2d/1/tLuK74sObZxv9jIIB_WpAHWY7rA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tLuK74sObZxv9jIIB_WpAHWY7rA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 03:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dd:f8:16:7f:91:fc:92:5b:5f:59:34:98:a8:5e:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4bb8aef8b0e6d9c6ff6320807f5a9007598eeb0
        Validity
            Not Before: Jan  2 06:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=46c48b451cfb96c173f2a61d4b82dc630a1c7e8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:8b:e2:f5:c1:94:54:3c:6e:ba:f1:cc:8c:d7:
                    ea:f5:f0:8b:d0:06:8e:60:05:9c:b5:c5:12:37:f9:
                    66:db:25:7c:cf:42:9f:99:64:fb:9f:92:6f:13:0a:
                    ed:f5:94:40:9f:76:ff:f4:9f:91:f6:84:3f:e7:44:
                    65:d3:71:9b:49:7e:28:0c:5d:62:b8:11:43:90:df:
                    ef:68:ca:a3:08:fd:35:d7:02:17:6b:6c:ad:94:93:
                    40:7c:89:ee:27:94:a8:4d:9f:0a:5d:94:c6:62:1e:
                    3f:f7:4e:23:d1:a2:4c:ec:2e:83:b4:7c:a0:b1:17:
                    41:5c:b7:dc:6e:60:e1:c0:65:4e:c5:71:fd:6f:84:
                    22:b5:f3:e3:90:26:22:bb:a4:dd:27:38:58:c2:45:
                    55:91:37:f0:3d:23:c6:08:66:15:ac:16:05:4e:9f:
                    35:0e:a2:be:33:ad:21:50:0c:b1:fc:60:e6:a8:f1:
                    01:13:c4:95:5a:95:f9:9a:ca:51:1b:1d:c8:de:15:
                    6e:6c:71:54:5c:4e:93:15:63:e6:eb:7c:74:1f:59:
                    08:a1:13:3b:d8:10:8e:c1:74:43:8f:9c:f6:88:b8:
                    74:e9:ca:73:63:9f:03:b0:9a:ee:e2:61:2d:cb:a0:
                    91:21:98:74:ce:b0:35:58:72:0c:ed:7f:33:08:d8:
                    fc:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:C4:8B:45:1C:FB:96:C1:73:F2:A6:1D:4B:82:DC:63:0A:1C:7E:8E
            X509v3 Authority Key Identifier:
                keyid:B4:BB:8A:EF:8B:0E:6D:9C:6F:F6:32:08:07:F5:A9:00:75:98:EE:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tLuK74sObZxv9jIIB_WpAHWY7rA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/f9a891-b818-499a-971c-bc5456962f2d/1/RsSLRRz7lsFz8qYdS4LcYwocfo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/f9a891-b818-499a-971c-bc5456962f2d/1/tLuK74sObZxv9jIIB_WpAHWY7rA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.242.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:73:6b:df:5e:b5:ee:d6:d3:d7:17:24:fd:e1:54:4f:01:9d:
         36:19:c3:a2:3e:30:c5:0d:7f:45:de:4d:bc:7c:e4:02:a1:db:
         74:12:42:7f:cf:9e:f3:5c:cf:1a:97:50:53:37:1f:8a:19:bb:
         d1:41:38:de:20:6f:70:66:d9:88:b3:64:6a:61:ca:ab:68:70:
         65:15:85:bf:46:a7:9d:e1:29:cc:3b:53:bc:d3:26:fc:13:29:
         40:c6:bc:34:74:3c:e2:0b:9a:59:c5:05:a4:a2:e4:07:73:0a:
         60:8f:c5:5f:f1:d0:d0:89:ad:f0:98:fe:4e:e9:1f:be:a7:c5:
         cc:81:bf:10:1c:05:95:a8:fb:10:46:4f:7a:24:2f:c0:26:26:
         55:b4:be:c2:58:5b:fb:81:f9:15:08:bb:14:f9:9c:00:ff:25:
         68:70:52:1a:cb:28:2f:ab:e0:96:bf:40:b5:e4:83:d6:af:f0:
         c7:eb:93:be:70:40:c3:f1:9f:55:6b:38:b8:f3:5a:de:68:29:
         9d:96:f9:3e:9d:f0:a0:b8:75:c5:f3:ce:74:61:b8:19:c9:b8:
         8b:0b:7f:9d:c6:23:a1:c1:77:80:a3:38:1d:c2:05:2c:af:4d:
         23:5e:31:21:3e:53:87:93:00:7e:cb:5d:53:d2:3d:cd:b7:fa:
         bd:85:c3:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3fgWf5H8kltfWTSYqF7/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0YmI4YWVmOGIwZTZkOWM2ZmY2MzIwODA3ZjVhOTAwNzU5
OGVlYjAwHhcNMjQwMTAyMDYzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmM0OGI0NTFjZmI5NmMxNzNmMmE2MWQ0YjgyZGM2MzBhMWM3ZThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4vi9cGUVDxuuvHMjNfq9fCL0AaO
YAWctcUSN/lm2yV8z0KfmWT7n5JvEwrt9ZRAn3b/9J+R9oQ/50Rl03GbSX4oDF1i
uBFDkN/vaMqjCP011wIXa2ytlJNAfInuJ5SoTZ8KXZTGYh4/904j0aJM7C6DtHyg
sRdBXLfcbmDhwGVOxXH9b4QitfPjkCYiu6TdJzhYwkVVkTfwPSPGCGYVrBYFTp81
DqK+M60hUAyx/GDmqPEBE8SVWpX5mspRGx3I3hVubHFUXE6TFWPm63x0H1kIoRM7
2BCOwXRDj5z2iLh06cpzY58DsJru4mEty6CRIZh0zrA1WHIM7X8zCNj83wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEbEi0Uc+5bBc/KmHUuC3GMKHH6OMB8GA1UdIwQY
MBaAFLS7iu+LDm2cb/YyCAf1qQB1mO6wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEx1Szc0c09iWnh2OWpJSUJfV3BBSFdZN3JBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9mOWE4OTEtYjgxOC00OTlhLTk3MWMt
YmM1NDU2OTYyZjJkLzEvUnNTTFJSejdsc0Z6OHFZZFM0TGNZd29jZm80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9mOWE4OTEtYjgxOC00OTlhLTk3MWMtYmM1NDU2OTYyZjJk
LzEvdEx1Szc0c09iWnh2OWpJSUJfV3BBSFdZN3JBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwfJ9MA0G
CSqGSIb3DQEBCwUAA4IBAQAyc2vfXrXu1tPXFyT94VRPAZ02GcOiPjDFDX9F3k28
fOQCodt0EkJ/z57zXM8al1BTNx+KGbvRQTjeIG9wZtmIs2RqYcqraHBlFYW/Rqed
4SnMO1O80yb8EylAxrw0dDziC5pZxQWkouQHcwpgj8Vf8dDQia3wmP5O6R++p8XM
gb8QHAWVqPsQRk96JC/AJiZVtL7CWFv7gfkVCLsU+ZwA/yVocFIayygvq+CWv0C1
5IPWr/DH65O+cEDD8Z9Vazi481reaCmdlvk+nfCguHXF8850YbgZybiLC3+dxiOh
wXeAozgdwgUsr00jXjEhPlOHkwB+y11T0j3Nt/q9hcNP
-----END CERTIFICATE-----