Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/79ab76-9bf9-47cd-b544-5ee09fead561/1/dAKA6jfAVut3tDJyZS4qbkmRNlQ.roa
File:                     dAKA6jfAVut3tDJyZS4qbkmRNlQ.roa (raw, json)
Hash identifier:          OLASj41a4hyJx6XqJjvBIJEVVy/McuM5Uo7fB0SF6w4=
Subject key identifier:   74:02:80:EA:37:C0:56:EB:77:B4:32:72:65:2E:2A:6E:49:91:36:54
Certificate issuer:       /CN=9912d945ac2a49f3b4da2221c27b829aafccb2f2
Certificate serial:       018CC9BC9C08C6D752223B30418135D7FE22
Authority key identifier: 99:12:D9:45:AC:2A:49:F3:B4:DA:22:21:C2:7B:82:9A:AF:CC:B2:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mRLZRawqSfO02iIhwnuCmq_MsvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/79ab76-9bf9-47cd-b544-5ee09fead561/1/dAKA6jfAVut3tDJyZS4qbkmRNlQ.roa
Signing time:             Tue 02 Jan 2024 10:33:50 +0000
ROA not before:           Tue 02 Jan 2024 10:33:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24929
IP address blocks:        195.177.100.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/79ab76-9bf9-47cd-b544-5ee09fead561/1/mRLZRawqSfO02iIhwnuCmq_MsvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/79ab76-9bf9-47cd-b544-5ee09fead561/1/mRLZRawqSfO02iIhwnuCmq_MsvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mRLZRawqSfO02iIhwnuCmq_MsvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:9c:08:c6:d7:52:22:3b:30:41:81:35:d7:fe:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9912d945ac2a49f3b4da2221c27b829aafccb2f2
        Validity
            Not Before: Jan  2 10:33:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=740280ea37c056eb77b43272652e2a6e49913654
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:b5:c8:d9:78:84:e8:7d:63:c6:d3:c4:28:c5:
                    eb:d4:a3:53:1b:a8:34:23:5a:dd:e2:9c:72:6d:22:
                    3c:15:7d:f5:2f:fc:ae:fc:68:52:ec:6c:83:6b:02:
                    90:32:17:5f:86:fa:0f:33:c6:b9:5f:14:1a:29:4a:
                    54:36:6d:ee:ef:a6:a6:0e:7c:83:cc:f1:b6:17:c7:
                    ea:c9:ce:d1:d5:a0:02:8a:5d:62:2f:0c:1a:0b:cd:
                    7e:de:f6:9d:00:0d:35:ed:f9:8e:02:c0:9d:fa:b3:
                    56:ab:70:ce:28:eb:97:51:c6:fe:ef:95:de:27:77:
                    6f:6d:04:a6:04:e7:9a:33:b5:16:61:c6:c4:07:d2:
                    e6:85:64:21:51:f3:37:7e:a7:99:7d:3b:bc:8b:02:
                    b8:f3:71:e8:5b:0c:2a:f9:2d:f0:04:5b:85:60:26:
                    66:50:d0:3a:0a:75:21:5e:cf:b4:76:4b:56:83:f8:
                    9c:d0:97:c9:0c:d4:78:fe:52:ec:f0:fb:b3:04:d5:
                    e6:54:55:ae:ae:73:15:c0:a8:c9:15:aa:82:43:10:
                    08:cd:3b:c8:6a:39:96:16:73:9d:2c:ea:06:43:ae:
                    d9:5e:fb:48:b7:79:9f:1d:6a:32:d9:ab:6e:b5:dd:
                    49:c3:cf:e9:ef:2c:b6:da:9c:bc:1f:2a:7c:7a:3b:
                    d0:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:02:80:EA:37:C0:56:EB:77:B4:32:72:65:2E:2A:6E:49:91:36:54
            X509v3 Authority Key Identifier:
                keyid:99:12:D9:45:AC:2A:49:F3:B4:DA:22:21:C2:7B:82:9A:AF:CC:B2:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mRLZRawqSfO02iIhwnuCmq_MsvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/79ab76-9bf9-47cd-b544-5ee09fead561/1/dAKA6jfAVut3tDJyZS4qbkmRNlQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/79ab76-9bf9-47cd-b544-5ee09fead561/1/mRLZRawqSfO02iIhwnuCmq_MsvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.177.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:b6:05:46:8e:b5:9a:8b:96:e6:02:f7:1e:08:b4:b7:a9:5c:
         a6:d0:43:1c:06:70:c9:e2:a8:0f:11:fb:39:89:7c:3e:75:72:
         ae:ba:3f:c9:41:f0:07:d1:52:af:63:27:f4:03:3e:60:b1:7c:
         05:f1:05:24:d9:4a:db:61:87:26:20:69:e1:e6:ae:71:d9:15:
         31:2c:9a:f6:86:01:fb:a1:4f:f7:4c:a3:b9:a4:cc:77:d9:d5:
         78:58:b3:31:9e:e6:b2:34:3b:68:cb:f6:68:4c:62:47:99:c2:
         43:04:7a:7d:95:f8:1f:e7:ce:22:b8:5c:0a:f2:0b:33:0f:20:
         c2:cf:7b:6d:54:06:f1:05:31:22:69:33:f5:36:b3:28:24:f9:
         ed:45:98:d4:24:ab:58:c1:5b:37:d8:40:d5:ca:04:f7:1c:30:
         42:f4:f5:15:fe:6b:cd:4d:e1:52:8d:6f:d1:0b:b9:d6:f8:af:
         db:19:e7:aa:f8:f6:e1:15:05:5b:77:26:22:97:18:f0:65:d8:
         57:d1:19:e5:91:00:88:7e:e4:72:dd:0a:a7:77:20:37:2e:d5:
         02:5c:24:a6:1c:3e:f4:9a:d5:b9:a7:ca:46:ff:ba:5c:a9:aa:
         44:e0:d3:1d:48:1d:e0:aa:92:d0:88:d4:9b:84:d0:d2:68:96:
         f9:4b:0a:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvJwIxtdSIjswQYE11/4iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MTJkOTQ1YWMyYTQ5ZjNiNGRhMjIyMWMyN2I4MjlhYWZj
Y2IyZjIwHhcNMjQwMTAyMTAzMzUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDAyODBlYTM3YzA1NmViNzdiNDMyNzI2NTJlMmE2ZTQ5OTEzNjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlbXI2XiE6H1jxtPEKMXr1KNTG6g0
I1rd4pxybSI8FX31L/yu/GhS7GyDawKQMhdfhvoPM8a5XxQaKUpUNm3u76amDnyD
zPG2F8fqyc7R1aACil1iLwwaC81+3vadAA017fmOAsCd+rNWq3DOKOuXUcb+75Xe
J3dvbQSmBOeaM7UWYcbEB9LmhWQhUfM3fqeZfTu8iwK483HoWwwq+S3wBFuFYCZm
UNA6CnUhXs+0dktWg/ic0JfJDNR4/lLs8PuzBNXmVFWurnMVwKjJFaqCQxAIzTvI
ajmWFnOdLOoGQ67ZXvtIt3mfHWoy2atutd1Jw8/p7yy22py8Hyp8ejvQ7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHQCgOo3wFbrd7QycmUuKm5JkTZUMB8GA1UdIwQY
MBaAFJkS2UWsKknztNoiIcJ7gpqvzLLyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVJMWlJhd3FTZk8wMmlJaHdudUNtcV9Nc3ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS83OWFiNzYtOWJmOS00N2NkLWI1NDQt
NWVlMDlmZWFkNTYxLzEvZEFLQTZqZkFWdXQzdERKeVpTNHFia21STmxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS83OWFiNzYtOWJmOS00N2NkLWI1NDQtNWVlMDlmZWFkNTYx
LzEvbVJMWlJhd3FTZk8wMmlJaHdudUNtcV9Nc3ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw7FkMA0G
CSqGSIb3DQEBCwUAA4IBAQBrtgVGjrWai5bmAvceCLS3qVym0EMcBnDJ4qgPEfs5
iXw+dXKuuj/JQfAH0VKvYyf0Az5gsXwF8QUk2UrbYYcmIGnh5q5x2RUxLJr2hgH7
oU/3TKO5pMx32dV4WLMxnuayNDtoy/ZoTGJHmcJDBHp9lfgf584iuFwK8gszDyDC
z3ttVAbxBTEiaTP1NrMoJPntRZjUJKtYwVs32EDVygT3HDBC9PUV/mvNTeFSjW/R
C7nW+K/bGeeq+PbhFQVbdyYilxjwZdhX0RnlkQCIfuRy3QqndyA3LtUCXCSmHD70
mtW5p8pG/7pcqapE4NMdSB3gqpLQiNSbhNDSaJb5SwoA
-----END CERTIFICATE-----