Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/8c4ec4-d637-4d3f-9de8-05559c1f5915/1/AAU8Jn6aqtLPvqj80LsSnTR98LE.roa
File:                     AAU8Jn6aqtLPvqj80LsSnTR98LE.roa (raw, json)
Hash identifier:          w9mVzXN+0ZN393kOgRVS1fF6qRZwjFwyzIp82z4G+z8=
Subject key identifier:   00:05:3C:26:7E:9A:AA:D2:CF:BE:A8:FC:D0:BB:12:9D:34:7D:F0:B1
Certificate issuer:       /CN=6a366fdfcaa20e80e8bfc330a4d8b1be7de6a1d0
Certificate serial:       018CC8DEF8E94BB2F60678D218A11E542320
Authority key identifier: 6A:36:6F:DF:CA:A2:0E:80:E8:BF:C3:30:A4:D8:B1:BE:7D:E6:A1:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ajZv38qiDoDov8MwpNixvn3modA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/8c4ec4-d637-4d3f-9de8-05559c1f5915/1/AAU8Jn6aqtLPvqj80LsSnTR98LE.roa
Signing time:             Tue 02 Jan 2024 06:31:45 +0000
ROA not before:           Tue 02 Jan 2024 06:31:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        194.60.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/8c4ec4-d637-4d3f-9de8-05559c1f5915/1/ajZv38qiDoDov8MwpNixvn3modA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/8c4ec4-d637-4d3f-9de8-05559c1f5915/1/ajZv38qiDoDov8MwpNixvn3modA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ajZv38qiDoDov8MwpNixvn3modA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:f8:e9:4b:b2:f6:06:78:d2:18:a1:1e:54:23:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a366fdfcaa20e80e8bfc330a4d8b1be7de6a1d0
        Validity
            Not Before: Jan  2 06:31:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00053c267e9aaad2cfbea8fcd0bb129d347df0b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:88:26:ef:72:53:05:d7:bc:56:7c:02:66:cf:
                    e1:18:f9:9c:a5:9a:22:a6:9b:e5:5e:d8:9a:91:34:
                    37:36:ca:be:40:6c:44:50:05:85:1b:98:a7:cd:8a:
                    a3:df:ec:53:39:e8:3d:87:db:5d:7b:d3:ca:d8:44:
                    e8:59:f7:a8:cd:74:d0:44:e3:3f:79:9a:4f:4e:1d:
                    02:92:fe:4e:8e:42:e3:b0:c2:58:03:c7:ef:8f:a6:
                    1c:a5:a7:91:93:11:39:4c:11:82:38:b8:bd:e6:32:
                    91:3f:ca:b2:e5:cc:11:a7:36:79:9b:a0:97:03:59:
                    7e:95:51:88:36:97:c9:95:64:ad:97:d8:26:28:d5:
                    9a:2c:23:13:b0:82:6c:5e:28:a8:dc:c7:40:1d:0d:
                    d6:c7:c9:d6:61:81:d7:c1:fd:0c:ad:ed:fc:92:ac:
                    f0:0b:b1:cd:12:c3:3c:51:c4:72:f6:5b:a2:2f:9c:
                    b7:8f:c8:37:da:f9:f3:58:e3:d4:85:13:07:1f:67:
                    d7:d0:3d:65:11:3a:31:2c:db:4e:8a:2b:8a:be:f1:
                    12:34:1b:73:d9:95:d9:f9:ae:21:77:29:0a:30:2b:
                    bb:e4:c5:79:53:7e:64:00:1c:3d:37:d1:99:01:99:
                    51:4a:3e:ea:57:e9:1c:b9:19:5e:f7:83:fa:5a:ca:
                    ca:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:05:3C:26:7E:9A:AA:D2:CF:BE:A8:FC:D0:BB:12:9D:34:7D:F0:B1
            X509v3 Authority Key Identifier:
                keyid:6A:36:6F:DF:CA:A2:0E:80:E8:BF:C3:30:A4:D8:B1:BE:7D:E6:A1:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ajZv38qiDoDov8MwpNixvn3modA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/8c4ec4-d637-4d3f-9de8-05559c1f5915/1/AAU8Jn6aqtLPvqj80LsSnTR98LE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/8c4ec4-d637-4d3f-9de8-05559c1f5915/1/ajZv38qiDoDov8MwpNixvn3modA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.60.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:a4:73:7f:a0:f0:73:2e:e7:8e:67:9a:14:f8:59:66:e9:e3:
         af:ab:ad:cd:9b:3a:71:d9:2a:07:08:57:87:93:6d:a5:ee:69:
         57:56:10:66:45:95:11:2a:55:e3:3f:8a:27:a9:0d:e3:ae:24:
         2d:ac:c7:34:7b:4d:8f:21:88:60:50:fb:b8:ff:a2:82:95:f5:
         4b:48:cf:db:86:9d:09:77:2e:16:3e:c8:8c:03:f1:ff:43:3d:
         aa:a8:ab:11:7b:03:b6:33:cc:db:76:37:8a:41:af:a2:73:cc:
         0a:f7:9d:dc:25:2f:90:20:33:4e:1a:7a:0f:3d:fb:13:7e:31:
         d8:f0:25:51:a8:9e:3e:da:b3:7f:ae:e5:0f:3e:79:49:f8:c4:
         16:d0:8d:c5:d6:80:7a:02:07:e6:68:41:e2:72:4a:33:86:4c:
         67:51:78:0d:6c:36:9c:02:aa:08:0e:8a:74:d6:a5:5c:9a:ce:
         0b:07:99:83:95:52:c2:7c:c5:67:25:80:52:df:0d:b5:8f:f5:
         56:20:96:18:6f:7c:df:d6:a4:8f:f8:c7:fe:53:dd:9c:48:09:
         73:22:72:05:ab:81:9a:b8:10:ad:3b:a5:f3:72:52:60:e1:96:
         fd:ee:01:ec:20:46:f9:06:32:fa:97:da:45:8d:f6:e1:7f:3d:
         8f:2d:c3:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3vjpS7L2BnjSGKEeVCMgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhMzY2ZmRmY2FhMjBlODBlOGJmYzMzMGE0ZDhiMWJlN2Rl
NmExZDAwHhcNMjQwMTAyMDYzMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDA1M2MyNjdlOWFhYWQyY2ZiZWE4ZmNkMGJiMTI5ZDM0N2RmMGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Ygm73JTBde8VnwCZs/hGPmcpZoi
ppvlXtiakTQ3Nsq+QGxEUAWFG5inzYqj3+xTOeg9h9tde9PK2EToWfeozXTQROM/
eZpPTh0Ckv5OjkLjsMJYA8fvj6YcpaeRkxE5TBGCOLi95jKRP8qy5cwRpzZ5m6CX
A1l+lVGINpfJlWStl9gmKNWaLCMTsIJsXiio3MdAHQ3Wx8nWYYHXwf0Mre38kqzw
C7HNEsM8UcRy9luiL5y3j8g32vnzWOPUhRMHH2fX0D1lEToxLNtOiiuKvvESNBtz
2ZXZ+a4hdykKMCu75MV5U35kABw9N9GZAZlRSj7qV+kcuRle94P6WsrKLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAAFPCZ+mqrSz76o/NC7Ep00ffCxMB8GA1UdIwQY
MBaAFGo2b9/Kog6A6L/DMKTYsb595qHQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWpadjM4cWlEb0RvdjhNd3BOaXh2bjNtb2RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84YzRlYzQtZDYzNy00ZDNmLTlkZTgt
MDU1NTljMWY1OTE1LzEvQUFVOEpuNmFxdExQdnFqODBMc1NuVFI5OExFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84YzRlYzQtZDYzNy00ZDNmLTlkZTgtMDU1NTljMWY1OTE1
LzEvYWpadjM4cWlEb0RvdjhNd3BOaXh2bjNtb2RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjz8MA0G
CSqGSIb3DQEBCwUAA4IBAQCipHN/oPBzLueOZ5oU+Flm6eOvq63Nmzpx2SoHCFeH
k22l7mlXVhBmRZURKlXjP4onqQ3jriQtrMc0e02PIYhgUPu4/6KClfVLSM/bhp0J
dy4WPsiMA/H/Qz2qqKsRewO2M8zbdjeKQa+ic8wK953cJS+QIDNOGnoPPfsTfjHY
8CVRqJ4+2rN/ruUPPnlJ+MQW0I3F1oB6AgfmaEHickozhkxnUXgNbDacAqoIDop0
1qVcms4LB5mDlVLCfMVnJYBS3w21j/VWIJYYb3zf1qSP+Mf+U92cSAlzInIFq4Ga
uBCtO6XzclJg4Zb97gHsIEb5BjL6l9pFjfbhfz2PLcO8
-----END CERTIFICATE-----