Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/d3cb14-30ad-4213-815b-f6a513de2fea/1/dpwKjeDx22lEZzqK_g1t7EYJvCw.roa
File:                     dpwKjeDx22lEZzqK_g1t7EYJvCw.roa (raw, json)
Hash identifier:          kkqFH/v9EBr4mw99mldE3aBWqEwZdUIQH71M+lYpNWo=
Subject key identifier:   76:9C:0A:8D:E0:F1:DB:69:44:67:3A:8A:FE:0D:6D:EC:46:09:BC:2C
Certificate issuer:       /CN=90ccd913a99bafd893e07ba968a67434e3df5420
Certificate serial:       018CC56EB1BFE63BE4CD97406A2EEC79A062
Authority key identifier: 90:CC:D9:13:A9:9B:AF:D8:93:E0:7B:A9:68:A6:74:34:E3:DF:54:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kMzZE6mbr9iT4HupaKZ0NOPfVCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/d3cb14-30ad-4213-815b-f6a513de2fea/1/dpwKjeDx22lEZzqK_g1t7EYJvCw.roa
Signing time:             Mon 01 Jan 2024 14:30:15 +0000
ROA not before:           Mon 01 Jan 2024 14:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51348
IP address blocks:        195.226.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/d3cb14-30ad-4213-815b-f6a513de2fea/1/kMzZE6mbr9iT4HupaKZ0NOPfVCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/d3cb14-30ad-4213-815b-f6a513de2fea/1/kMzZE6mbr9iT4HupaKZ0NOPfVCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kMzZE6mbr9iT4HupaKZ0NOPfVCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:b1:bf:e6:3b:e4:cd:97:40:6a:2e:ec:79:a0:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90ccd913a99bafd893e07ba968a67434e3df5420
        Validity
            Not Before: Jan  1 14:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=769c0a8de0f1db6944673a8afe0d6dec4609bc2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:f6:f4:93:32:89:8b:47:5c:e5:0c:6e:c6:48:
                    ae:b8:8c:30:f8:4d:ff:16:4b:9c:78:e3:30:60:34:
                    7c:c3:a1:4b:2d:b1:f8:ef:dc:b1:69:ef:fe:c8:da:
                    b6:8b:3c:59:94:0a:5a:17:1d:fc:59:6f:f9:8f:8f:
                    af:60:30:32:38:eb:ad:42:0a:8a:20:d3:99:df:ff:
                    67:89:f4:a4:73:f4:6f:13:27:af:48:45:11:b9:c7:
                    0e:d6:85:e3:8d:90:e8:c8:a8:f6:b9:2a:30:a8:65:
                    ef:35:74:78:52:a3:08:30:82:86:50:57:4f:41:57:
                    a0:b6:61:82:87:b2:7d:d7:22:d7:d7:81:c0:9a:a0:
                    9d:2f:8b:bf:ef:e2:cb:03:ec:fd:d4:52:63:6d:95:
                    ef:fc:b0:df:7c:97:29:9d:54:2d:4c:e4:cd:7c:bd:
                    c2:af:25:a1:0d:71:39:4e:55:b9:25:82:45:0d:89:
                    77:bd:14:4b:f5:1d:18:24:a6:63:72:40:58:da:ae:
                    1e:ca:4d:bc:6b:03:06:14:6e:c7:b5:5d:59:a6:3c:
                    54:40:ea:15:7d:ea:b1:be:df:54:93:54:b8:7d:8d:
                    8b:aa:6a:0e:78:f7:c9:fa:ec:7e:d2:03:8e:26:ed:
                    16:d8:17:4b:7d:6b:35:5f:69:46:0d:72:8e:63:f7:
                    f9:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:9C:0A:8D:E0:F1:DB:69:44:67:3A:8A:FE:0D:6D:EC:46:09:BC:2C
            X509v3 Authority Key Identifier:
                keyid:90:CC:D9:13:A9:9B:AF:D8:93:E0:7B:A9:68:A6:74:34:E3:DF:54:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kMzZE6mbr9iT4HupaKZ0NOPfVCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/d3cb14-30ad-4213-815b-f6a513de2fea/1/dpwKjeDx22lEZzqK_g1t7EYJvCw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/d3cb14-30ad-4213-815b-f6a513de2fea/1/kMzZE6mbr9iT4HupaKZ0NOPfVCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.226.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:bb:2c:ee:b6:cf:b1:eb:0d:0e:61:48:7f:49:75:75:c9:df:
         b2:10:5d:4a:01:57:d5:ee:28:62:78:51:3a:16:50:ea:35:b1:
         20:79:09:34:31:d2:33:9f:f2:d0:78:72:5b:c9:1e:66:3d:ef:
         5c:0e:ed:4a:66:bf:80:ba:37:cc:ff:b1:ae:b1:9c:12:39:26:
         df:26:1b:06:69:ce:0f:94:79:12:00:7e:d2:9e:7d:39:ca:35:
         17:9d:5b:94:19:56:17:bb:14:e6:df:45:d8:37:2a:e8:a5:c2:
         eb:42:77:52:91:f1:05:fd:2e:7d:5d:80:f5:19:1c:74:e4:b5:
         cb:33:f1:54:31:86:dd:e3:2e:be:35:47:51:0c:e0:07:73:4f:
         14:0c:ab:1e:68:0d:b9:eb:f7:32:be:b1:cd:92:4c:e3:78:9c:
         d0:5e:c7:19:52:c0:0c:c8:7e:ec:c6:4a:2a:0c:92:5a:32:78:
         d1:57:b5:e6:25:4b:30:42:15:14:e1:bb:1e:60:50:d1:17:0d:
         37:02:25:bf:a3:60:2b:05:10:dc:a3:b4:95:19:1e:cf:d0:f5:
         fa:db:f1:1f:0e:6c:74:86:aa:59:72:68:2b:55:f5:63:0f:98:
         8b:a4:f7:d4:fe:9c:43:7b:98:37:a9:b2:5c:a4:40:48:f9:90:
         18:08:c6:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbrG/5jvkzZdAai7seaBiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwY2NkOTEzYTk5YmFmZDg5M2UwN2JhOTY4YTY3NDM0ZTNk
ZjU0MjAwHhcNMjQwMTAxMTQzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjljMGE4ZGUwZjFkYjY5NDQ2NzNhOGFmZTBkNmRlYzQ2MDliYzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPb0kzKJi0dc5QxuxkiuuIww+E3/
FkuceOMwYDR8w6FLLbH479yxae/+yNq2izxZlApaFx38WW/5j4+vYDAyOOutQgqK
INOZ3/9nifSkc/RvEyevSEURuccO1oXjjZDoyKj2uSowqGXvNXR4UqMIMIKGUFdP
QVegtmGCh7J91yLX14HAmqCdL4u/7+LLA+z91FJjbZXv/LDffJcpnVQtTOTNfL3C
ryWhDXE5TlW5JYJFDYl3vRRL9R0YJKZjckBY2q4eyk28awMGFG7HtV1ZpjxUQOoV
feqxvt9Uk1S4fY2LqmoOePfJ+ux+0gOOJu0W2BdLfWs1X2lGDXKOY/f5nQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHacCo3g8dtpRGc6iv4NbexGCbwsMB8GA1UdIwQY
MBaAFJDM2ROpm6/Yk+B7qWimdDTj31QgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva016WkU2bWJyOWlUNEh1cGFLWjBOT1BmVkNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9kM2NiMTQtMzBhZC00MjEzLTgxNWIt
ZjZhNTEzZGUyZmVhLzEvZHB3S2plRHgyMmxFWnpxS19nMXQ3RVlKdkN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9kM2NiMTQtMzBhZC00MjEzLTgxNWItZjZhNTEzZGUyZmVh
LzEva016WkU2bWJyOWlUNEh1cGFLWjBOT1BmVkNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+LRMA0G
CSqGSIb3DQEBCwUAA4IBAQCduyzuts+x6w0OYUh/SXV1yd+yEF1KAVfV7ihieFE6
FlDqNbEgeQk0MdIzn/LQeHJbyR5mPe9cDu1KZr+AujfM/7GusZwSOSbfJhsGac4P
lHkSAH7Snn05yjUXnVuUGVYXuxTm30XYNyropcLrQndSkfEF/S59XYD1GRx05LXL
M/FUMYbd4y6+NUdRDOAHc08UDKseaA256/cyvrHNkkzjeJzQXscZUsAMyH7sxkoq
DJJaMnjRV7XmJUswQhUU4bseYFDRFw03AiW/o2ArBRDco7SVGR7P0PX62/EfDmx0
hqpZcmgrVfVjD5iLpPfU/pxDe5g3qbJcpEBI+ZAYCMa6
-----END CERTIFICATE-----