Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/98aca3-0c7c-4f05-8d03-35c78e70199e/1/8pO6zzRjN33BYTvkOrafzKUq8pY.roa
File:                     8pO6zzRjN33BYTvkOrafzKUq8pY.roa (raw, json)
Hash identifier:          6NGQ4fCvzKUtXxskjfipbe5X2LquAe4vcq5nCcCj4dA=
Subject key identifier:   F2:93:BA:CF:34:63:37:7D:C1:61:3B:E4:3A:B6:9F:CC:A5:2A:F2:96
Certificate issuer:       /CN=96c56c5ea5478f4d37b30f3682e43b7e2ef90d98
Certificate serial:       018CC8014F1653D2C631689061163C6BF4F7
Authority key identifier: 96:C5:6C:5E:A5:47:8F:4D:37:B3:0F:36:82:E4:3B:7E:2E:F9:0D:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lsVsXqVHj003sw82guQ7fi75DZg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/98aca3-0c7c-4f05-8d03-35c78e70199e/1/8pO6zzRjN33BYTvkOrafzKUq8pY.roa
Signing time:             Tue 02 Jan 2024 02:29:38 +0000
ROA not before:           Tue 02 Jan 2024 02:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31534
IP address blocks:        193.16.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/98aca3-0c7c-4f05-8d03-35c78e70199e/1/lsVsXqVHj003sw82guQ7fi75DZg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/98aca3-0c7c-4f05-8d03-35c78e70199e/1/lsVsXqVHj003sw82guQ7fi75DZg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lsVsXqVHj003sw82guQ7fi75DZg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:4f:16:53:d2:c6:31:68:90:61:16:3c:6b:f4:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96c56c5ea5478f4d37b30f3682e43b7e2ef90d98
        Validity
            Not Before: Jan  2 02:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f293bacf3463377dc1613be43ab69fcca52af296
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:52:93:fe:2b:5a:ba:92:a6:07:23:a3:0f:16:
                    f9:5c:84:61:24:14:95:bd:3b:0f:aa:35:d5:33:21:
                    70:6f:e1:ea:42:48:2a:1c:c9:e6:92:4e:7b:a7:b0:
                    2b:38:b9:3d:c3:1b:5e:a2:5a:64:21:4e:1c:87:a4:
                    f0:2e:20:78:24:6e:a1:fa:0f:c3:2f:b7:6c:45:05:
                    44:ff:61:1a:7e:de:c3:c6:11:07:17:45:4d:42:e1:
                    95:04:d3:ea:12:c4:d5:5e:e2:8d:51:8e:10:68:a1:
                    cf:8e:0a:59:6a:be:89:31:9d:b2:8f:28:ce:50:ac:
                    17:1a:41:ea:71:a6:9d:3e:87:29:eb:ad:3a:a8:7c:
                    b6:3e:10:f3:4a:39:82:89:82:67:d5:1e:c8:70:0a:
                    cb:45:42:2c:ce:7f:a3:e7:5f:27:d2:7e:0f:87:7f:
                    3a:a7:f1:34:fc:40:0f:8b:e4:ce:2f:54:b3:80:95:
                    b2:f7:ab:ba:b0:f8:a0:78:27:ab:ab:d6:3c:c4:63:
                    3a:d8:29:ae:05:26:70:c3:bc:64:c0:c2:f9:a0:a0:
                    2e:f4:fc:e2:1f:71:20:6b:da:8a:69:0b:8d:e4:2a:
                    4e:ea:7b:15:eb:bf:2c:61:f6:39:bd:40:5c:a1:03:
                    34:81:88:b9:2a:8e:1e:0d:16:0f:94:2e:0d:5c:00:
                    9c:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:93:BA:CF:34:63:37:7D:C1:61:3B:E4:3A:B6:9F:CC:A5:2A:F2:96
            X509v3 Authority Key Identifier:
                keyid:96:C5:6C:5E:A5:47:8F:4D:37:B3:0F:36:82:E4:3B:7E:2E:F9:0D:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lsVsXqVHj003sw82guQ7fi75DZg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/98aca3-0c7c-4f05-8d03-35c78e70199e/1/8pO6zzRjN33BYTvkOrafzKUq8pY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/98aca3-0c7c-4f05-8d03-35c78e70199e/1/lsVsXqVHj003sw82guQ7fi75DZg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.16.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:65:7a:7f:1a:b3:0c:6b:0b:d5:64:e6:25:1e:30:20:d1:19:
         a3:30:db:55:bc:1c:f7:83:1e:0d:ed:42:30:eb:88:b2:40:d3:
         d0:f9:95:40:dc:39:1c:b4:49:8b:82:8f:26:3b:0c:9a:ea:f8:
         64:d5:71:41:4f:1b:17:d0:64:d6:cf:83:b7:79:35:7f:41:b0:
         d1:d5:3c:78:a0:3b:67:49:6d:6e:c5:33:92:b1:44:fa:44:ec:
         d1:2e:1a:b3:90:35:c7:dd:91:c7:38:36:50:94:ed:f6:62:4e:
         b4:0e:69:df:67:0d:7e:f4:04:11:7b:fa:4c:33:80:ef:19:69:
         9b:44:71:d8:59:80:90:f4:20:91:b9:c3:bc:cd:b4:ea:b5:9e:
         1c:27:6e:7c:98:6c:03:0b:6e:ed:0d:1f:37:a1:0c:d2:79:76:
         8c:04:ab:bb:ed:26:a7:c1:2f:31:f6:50:8a:e4:ce:67:4d:ae:
         d3:4a:d3:08:d5:01:96:5b:bc:33:52:d8:fe:57:df:01:89:7a:
         3d:30:63:71:d4:0e:9f:63:03:4e:6a:97:73:99:8d:6f:ba:36:
         11:21:4f:16:81:c8:9c:28:31:2c:21:64:f5:05:4f:15:02:f2:
         be:30:5f:b4:da:83:00:34:f8:97:57:82:bd:47:de:ef:b2:86:
         cf:ff:76:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAU8WU9LGMWiQYRY8a/T3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2YzU2YzVlYTU0NzhmNGQzN2IzMGYzNjgyZTQzYjdlMmVm
OTBkOTgwHhcNMjQwMTAyMDIyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjkzYmFjZjM0NjMzNzdkYzE2MTNiZTQzYWI2OWZjY2E1MmFmMjk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVKT/itaupKmByOjDxb5XIRhJBSV
vTsPqjXVMyFwb+HqQkgqHMnmkk57p7ArOLk9wxteolpkIU4ch6TwLiB4JG6h+g/D
L7dsRQVE/2Eaft7DxhEHF0VNQuGVBNPqEsTVXuKNUY4QaKHPjgpZar6JMZ2yjyjO
UKwXGkHqcaadPocp6606qHy2PhDzSjmCiYJn1R7IcArLRUIszn+j518n0n4Ph386
p/E0/EAPi+TOL1SzgJWy96u6sPigeCerq9Y8xGM62CmuBSZww7xkwML5oKAu9Pzi
H3Ega9qKaQuN5CpO6nsV678sYfY5vUBcoQM0gYi5Ko4eDRYPlC4NXACcTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPKTus80Yzd9wWE75Dq2n8ylKvKWMB8GA1UdIwQY
MBaAFJbFbF6lR49NN7MPNoLkO34u+Q2YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHNWc1hxVkhqMDAzc3c4Mmd1UTdmaTc1RFpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS85OGFjYTMtMGM3Yy00ZjA1LThkMDMt
MzVjNzhlNzAxOTllLzEvOHBPNnp6UmpOMzNCWVR2a09yYWZ6S1VxOHBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS85OGFjYTMtMGM3Yy00ZjA1LThkMDMtMzVjNzhlNzAxOTll
LzEvbHNWc1hxVkhqMDAzc3c4Mmd1UTdmaTc1RFpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRBmMA0G
CSqGSIb3DQEBCwUAA4IBAQBrZXp/GrMMawvVZOYlHjAg0RmjMNtVvBz3gx4N7UIw
64iyQNPQ+ZVA3DkctEmLgo8mOwya6vhk1XFBTxsX0GTWz4O3eTV/QbDR1Tx4oDtn
SW1uxTOSsUT6ROzRLhqzkDXH3ZHHODZQlO32Yk60DmnfZw1+9AQRe/pMM4DvGWmb
RHHYWYCQ9CCRucO8zbTqtZ4cJ258mGwDC27tDR83oQzSeXaMBKu77SanwS8x9lCK
5M5nTa7TStMI1QGWW7wzUtj+V98BiXo9MGNx1A6fYwNOapdzmY1vujYRIU8Wgcic
KDEsIWT1BU8VAvK+MF+02oMANPiXV4K9R97vsobP/3bu
-----END CERTIFICATE-----