Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/777038-31ac-4ef7-988a-35b19cf92df9/1/N8AhoL8-YIE9JFTAp1jH2wLTj7U.roa
File:                     N8AhoL8-YIE9JFTAp1jH2wLTj7U.roa (raw, json)
Hash identifier:          m5nKh20xJXT2JCKUo4iaRSIwze29z1yA3XSYhOy60gc=
Subject key identifier:   37:C0:21:A0:BF:3E:60:81:3D:24:54:C0:A7:58:C7:DB:02:D3:8F:B5
Certificate issuer:       /CN=6b03584bce542e554e3227909443f6822c3e4f03
Certificate serial:       018CC4253ED7EB9709888D212312FAFF8CAD
Authority key identifier: 6B:03:58:4B:CE:54:2E:55:4E:32:27:90:94:43:F6:82:2C:3E:4F:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/awNYS85ULlVOMieQlEP2giw-TwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/777038-31ac-4ef7-988a-35b19cf92df9/1/N8AhoL8-YIE9JFTAp1jH2wLTj7U.roa
Signing time:             Mon 01 Jan 2024 08:30:24 +0000
ROA not before:           Mon 01 Jan 2024 08:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29682
IP address blocks:        193.22.0.0/24 maxlen: 24
                          2001:67c:21b8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/777038-31ac-4ef7-988a-35b19cf92df9/1/awNYS85ULlVOMieQlEP2giw-TwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/777038-31ac-4ef7-988a-35b19cf92df9/1/awNYS85ULlVOMieQlEP2giw-TwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/awNYS85ULlVOMieQlEP2giw-TwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:3e:d7:eb:97:09:88:8d:21:23:12:fa:ff:8c:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b03584bce542e554e3227909443f6822c3e4f03
        Validity
            Not Before: Jan  1 08:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37c021a0bf3e60813d2454c0a758c7db02d38fb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:99:80:9a:a8:ff:7b:ab:83:78:97:c3:96:11:
                    24:42:d2:e0:a4:46:80:85:eb:68:ab:88:1b:47:d8:
                    9e:ee:1a:12:9b:f7:8f:87:72:09:8b:8e:a7:2e:86:
                    e2:95:51:59:d1:81:59:4d:52:4e:18:1a:90:da:e5:
                    dd:30:7a:38:57:3c:eb:c7:c6:5d:aa:5e:d5:d8:ca:
                    74:fe:a4:1e:d8:e7:34:4a:48:d2:66:c0:6d:f0:17:
                    41:53:bb:fd:03:84:cc:55:91:7b:e8:f3:bd:37:55:
                    0a:c5:33:47:65:e6:e0:55:0c:a7:ce:37:97:d7:e0:
                    74:c7:8c:d0:50:76:25:b0:a0:9e:ca:1e:9e:73:57:
                    db:bc:7e:bc:52:a6:48:a8:1e:ef:70:2b:92:ac:67:
                    b8:b3:cd:ae:b3:0b:04:8d:83:3b:96:22:a8:30:ef:
                    79:7c:ea:89:2a:81:cc:17:2d:59:6e:82:c5:ab:98:
                    50:66:ab:ae:d3:be:43:09:4e:cf:83:c0:3a:74:de:
                    13:ff:74:1f:4b:e2:77:88:9a:44:ee:59:79:ce:82:
                    48:34:30:cc:ea:72:35:2d:63:92:4f:25:2b:0e:36:
                    29:08:69:45:f9:07:29:b6:af:b4:44:71:20:4f:ed:
                    36:b5:bb:13:69:26:6e:f7:8c:32:7d:fb:79:91:b4:
                    d0:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:C0:21:A0:BF:3E:60:81:3D:24:54:C0:A7:58:C7:DB:02:D3:8F:B5
            X509v3 Authority Key Identifier:
                keyid:6B:03:58:4B:CE:54:2E:55:4E:32:27:90:94:43:F6:82:2C:3E:4F:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/awNYS85ULlVOMieQlEP2giw-TwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/777038-31ac-4ef7-988a-35b19cf92df9/1/N8AhoL8-YIE9JFTAp1jH2wLTj7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/777038-31ac-4ef7-988a-35b19cf92df9/1/awNYS85ULlVOMieQlEP2giw-TwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.22.0.0/24
                IPv6:
                  2001:67c:21b8::/48

    Signature Algorithm: sha256WithRSAEncryption
         71:fd:7b:64:04:50:8c:02:5b:5a:ed:d6:a6:85:78:bd:5f:4e:
         92:fd:4f:c6:4e:fd:82:d2:61:77:9d:f0:e8:87:fc:cf:65:b6:
         06:b7:1f:11:44:ef:0a:f5:5d:1e:7e:71:1a:bd:ad:80:bf:60:
         47:3f:dd:55:87:d1:11:ed:8a:c8:6d:61:c0:b7:f0:3f:7e:06:
         df:f4:51:8a:5f:87:52:a2:c0:4d:d9:d2:af:a1:39:50:80:bd:
         75:e9:49:0e:87:47:e9:54:0d:39:f4:23:61:47:dc:5a:6d:30:
         16:39:94:43:16:7d:54:79:f3:3d:fc:d1:0b:bf:b1:6f:4c:19:
         1a:16:62:18:6c:c9:0d:96:e2:c7:d9:e0:9b:94:74:c7:a5:81:
         f2:94:1d:f0:98:ca:14:aa:59:59:79:54:3f:5e:a6:ef:d8:64:
         96:bf:0a:bb:ba:99:2b:22:23:b6:bf:6a:50:24:f1:a7:a2:68:
         fe:ae:df:dd:1c:48:90:d4:23:d5:83:47:6b:79:56:0e:7c:f6:
         2e:bb:89:d1:1f:cb:58:6d:75:50:d7:05:d3:73:88:f0:97:fd:
         56:c3:b9:f8:f5:e1:aa:21:1a:1b:27:49:13:70:26:90:0c:9c:
         79:b9:86:41:5c:bd:d9:18:49:4f:94:3e:71:f8:64:96:0c:43:
         71:cf:b9:77
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEJT7X65cJiI0hIxL6/4ytMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiMDM1ODRiY2U1NDJlNTU0ZTMyMjc5MDk0NDNmNjgyMmMz
ZTRmMDMwHhcNMjQwMTAxMDgzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2MwMjFhMGJmM2U2MDgxM2QyNDU0YzBhNzU4YzdkYjAyZDM4ZmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5mAmqj/e6uDeJfDlhEkQtLgpEaA
hetoq4gbR9ie7hoSm/ePh3IJi46nLobilVFZ0YFZTVJOGBqQ2uXdMHo4Vzzrx8Zd
ql7V2Mp0/qQe2Oc0SkjSZsBt8BdBU7v9A4TMVZF76PO9N1UKxTNHZebgVQynzjeX
1+B0x4zQUHYlsKCeyh6ec1fbvH68UqZIqB7vcCuSrGe4s82uswsEjYM7liKoMO95
fOqJKoHMFy1ZboLFq5hQZquu075DCU7Pg8A6dN4T/3QfS+J3iJpE7ll5zoJINDDM
6nI1LWOSTyUrDjYpCGlF+Qcptq+0RHEgT+02tbsTaSZu94wyfft5kbTQqQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDfAIaC/PmCBPSRUwKdYx9sC04+1MB8GA1UdIwQY
MBaAFGsDWEvOVC5VTjInkJRD9oIsPk8DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXdOWVM4NVVMbFZPTWllUWxFUDJnaXctVHdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy83NzcwMzgtMzFhYy00ZWY3LTk4OGEt
MzViMTljZjkyZGY5LzEvTjhBaG9MOC1ZSUU5SkZUQXAxakgyd0xUajdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy83NzcwMzgtMzFhYy00ZWY3LTk4OGEtMzViMTljZjkyZGY5
LzEvYXdOWVM4NVVMbFZPTWllUWxFUDJnaXctVHdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwRYAMA8E
AgACMAkDBwAgAQZ8IbgwDQYJKoZIhvcNAQELBQADggEBAHH9e2QEUIwCW1rt1qaF
eL1fTpL9T8ZO/YLSYXed8OiH/M9ltga3HxFE7wr1XR5+cRq9rYC/YEc/3VWH0RHt
ishtYcC38D9+Bt/0UYpfh1KiwE3Z0q+hOVCAvXXpSQ6HR+lUDTn0I2FH3FptMBY5
lEMWfVR58z380Qu/sW9MGRoWYhhsyQ2W4sfZ4JuUdMelgfKUHfCYyhSqWVl5VD9e
pu/YZJa/Cru6mSsiI7a/alAk8aeiaP6u390cSJDUI9WDR2t5Vg589i67idEfy1ht
dVDXBdNziPCX/VbDufj14aohGhsnSRNwJpAMnHm5hkFcvdkYSU+UPnH4ZJYMQ3HP
uXc=
-----END CERTIFICATE-----