Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/KUunNtpmmv69XJe0Z5m8kBzYN_8.roa
File:                     KUunNtpmmv69XJe0Z5m8kBzYN_8.roa (raw, json)
Hash identifier:          WosXNzoVuu7Bq51hVdmEvL4gMnedVFA1n1D/npRpi5g=
Subject key identifier:   29:4B:A7:36:DA:66:9A:FE:BD:5C:97:B4:67:99:BC:90:1C:D8:37:FF
Certificate issuer:       /CN=12fd558a64e97586a43dc7ee50a8d6b292365b60
Certificate serial:       018CC3B6CCB713ACB53AF3B6650EF82D7E1E
Authority key identifier: 12:FD:55:8A:64:E9:75:86:A4:3D:C7:EE:50:A8:D6:B2:92:36:5B:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/KUunNtpmmv69XJe0Z5m8kBzYN_8.roa
Signing time:             Mon 01 Jan 2024 06:29:46 +0000
ROA not before:           Mon 01 Jan 2024 06:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200017
IP address blocks:        193.222.50.0/24 maxlen: 24
                          193.222.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:cc:b7:13:ac:b5:3a:f3:b6:65:0e:f8:2d:7e:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12fd558a64e97586a43dc7ee50a8d6b292365b60
        Validity
            Not Before: Jan  1 06:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=294ba736da669afebd5c97b46799bc901cd837ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:57:4a:61:d9:84:be:4d:35:9b:53:6f:fa:39:
                    2a:84:b1:d9:bf:05:aa:e5:2c:df:de:20:35:1c:ca:
                    28:18:02:15:b6:2e:d2:82:11:64:95:90:46:2c:61:
                    6e:5e:34:29:ed:78:c4:5d:62:7d:f3:aa:17:6f:cc:
                    8a:b2:3a:a7:23:e9:21:6b:38:ea:bf:01:f8:fb:a9:
                    74:e0:08:01:bd:5a:bf:79:76:83:69:9d:58:3e:84:
                    ed:2b:89:ed:f0:77:02:8f:ac:c6:bd:4e:28:a9:cb:
                    65:c0:73:52:5c:27:15:a3:d8:eb:5e:d0:fb:42:35:
                    31:0b:78:db:d7:51:fb:e5:7f:a5:8d:4b:9b:74:16:
                    4f:00:0a:20:50:ff:5e:5c:70:3c:07:7a:82:d3:7d:
                    96:ec:72:bf:3b:86:45:7d:12:c3:2d:6e:e1:9a:68:
                    55:e4:2f:81:bd:85:88:71:99:35:ae:9d:2b:5d:be:
                    a2:6e:9b:4a:7e:e3:dd:14:e1:21:22:df:4a:a6:46:
                    64:fd:d6:bd:39:0b:49:6a:b9:0b:f2:22:18:cd:d8:
                    59:98:9c:64:03:21:a5:68:01:dc:70:c3:22:3d:ee:
                    1c:21:b9:aa:9e:de:bb:8c:65:0f:8e:82:f2:60:eb:
                    ee:98:13:8b:06:95:18:0d:46:ac:7f:55:12:df:11:
                    5b:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:4B:A7:36:DA:66:9A:FE:BD:5C:97:B4:67:99:BC:90:1C:D8:37:FF
            X509v3 Authority Key Identifier:
                keyid:12:FD:55:8A:64:E9:75:86:A4:3D:C7:EE:50:A8:D6:B2:92:36:5B:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/KUunNtpmmv69XJe0Z5m8kBzYN_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.222.50.0/24
                  193.222.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:fc:06:78:77:f1:c1:65:8d:81:7b:83:6b:2e:07:5e:c6:51:
         16:d0:33:23:3f:85:bc:55:80:70:88:3d:f3:1e:36:a5:0a:56:
         0b:6e:60:d4:90:40:82:47:34:b2:d9:b0:f7:18:f2:a8:a2:fa:
         c6:d0:df:8e:d8:d8:68:5a:45:ed:61:d8:b9:ba:d4:88:a1:31:
         29:6e:bb:49:ea:85:4c:69:53:8d:d0:e5:46:21:91:34:f4:47:
         63:2b:56:99:e2:0f:74:49:33:19:8c:e8:19:cb:80:72:71:77:
         51:af:79:97:3c:73:42:c7:05:f2:4a:08:b6:a1:fb:6b:40:23:
         2d:46:cd:e9:b3:be:b3:ed:40:c8:c0:5b:2a:51:92:d2:06:23:
         1e:53:7d:dc:a0:0f:64:e2:d1:47:c3:1b:20:00:d1:30:97:c6:
         e5:f6:81:3c:e5:81:98:be:25:73:2b:27:a2:ed:8f:df:29:42:
         bc:c4:cf:06:d6:41:45:c8:58:8a:20:b5:fb:93:41:18:63:f4:
         c3:f2:81:1f:d4:d8:41:ae:9d:20:03:9a:ae:84:39:9f:01:b7:
         25:93:96:c6:c8:a0:d3:92:5a:9c:59:3d:d8:e6:eb:60:ea:b5:
         09:01:94:81:0c:3e:b5:79:0b:a9:5f:38:bf:28:93:b1:c3:c7:
         27:ca:61:4a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtsy3E6y1OvO2ZQ74LX4eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyZmQ1NThhNjRlOTc1ODZhNDNkYzdlZTUwYThkNmIyOTIz
NjViNjAwHhcNMjQwMTAxMDYyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTRiYTczNmRhNjY5YWZlYmQ1Yzk3YjQ2Nzk5YmM5MDFjZDgzN2ZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1dKYdmEvk01m1Nv+jkqhLHZvwWq
5Szf3iA1HMooGAIVti7SghFklZBGLGFuXjQp7XjEXWJ986oXb8yKsjqnI+khazjq
vwH4+6l04AgBvVq/eXaDaZ1YPoTtK4nt8HcCj6zGvU4oqctlwHNSXCcVo9jrXtD7
QjUxC3jb11H75X+ljUubdBZPAAogUP9eXHA8B3qC032W7HK/O4ZFfRLDLW7hmmhV
5C+BvYWIcZk1rp0rXb6ibptKfuPdFOEhIt9KpkZk/da9OQtJarkL8iIYzdhZmJxk
AyGlaAHccMMiPe4cIbmqnt67jGUPjoLyYOvumBOLBpUYDUasf1US3xFbOwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFClLpzbaZpr+vVyXtGeZvJAc2Df/MB8GA1UdIwQY
MBaAFBL9VYpk6XWGpD3H7lCo1rKSNltgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXYxVmltVHBkWWFrUGNmdVVLaldzcEkyVzJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9hZjk2ZGYtYTRkNS00OGY5LWFjMGMt
MjRkOGU3NDdjMzhmLzEvS1V1bk50cG1tdjY5WEplMFo1bThrQnpZTl84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9hZjk2ZGYtYTRkNS00OGY5LWFjMGMtMjRkOGU3NDdjMzhm
LzEvRXYxVmltVHBkWWFrUGNmdVVLaldzcEkyVzJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwd4yAwQA
wd48MA0GCSqGSIb3DQEBCwUAA4IBAQAQ/AZ4d/HBZY2Be4NrLgdexlEW0DMjP4W8
VYBwiD3zHjalClYLbmDUkECCRzSy2bD3GPKoovrG0N+O2NhoWkXtYdi5utSIoTEp
brtJ6oVMaVON0OVGIZE09EdjK1aZ4g90STMZjOgZy4BycXdRr3mXPHNCxwXySgi2
oftrQCMtRs3ps76z7UDIwFsqUZLSBiMeU33coA9k4tFHwxsgANEwl8bl9oE85YGY
viVzKyei7Y/fKUK8xM8G1kFFyFiKILX7k0EYY/TD8oEf1NhBrp0gA5quhDmfAbcl
k5bGyKDTklqcWT3Y5utg6rUJAZSBDD61eQupXzi/KJOxw8cnymFK
-----END CERTIFICATE-----