Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/09c4b2-46a9-4f88-99b8-1ccc9c295e8e/1/otKuOrCHqCGuWhhqjXZc0xag20E.roa
File:                     otKuOrCHqCGuWhhqjXZc0xag20E.roa (raw, json)
Hash identifier:          WCcAMuZ9IFXFybGMUJf4Z+22XtM/gncwSMkYkd1NbTc=
Subject key identifier:   A2:D2:AE:3A:B0:87:A8:21:AE:5A:18:6A:8D:76:5C:D3:16:A0:DB:41
Certificate issuer:       /CN=0c86662b752c8a3be72e8544394ff926f68fbf7e
Certificate serial:       018CC4250A747EE9BB52622BC1EBCC0846F6
Authority key identifier: 0C:86:66:2B:75:2C:8A:3B:E7:2E:85:44:39:4F:F9:26:F6:8F:BF:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DIZmK3UsijvnLoVEOU_5JvaPv34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/09c4b2-46a9-4f88-99b8-1ccc9c295e8e/1/otKuOrCHqCGuWhhqjXZc0xag20E.roa
Signing time:             Mon 01 Jan 2024 08:30:11 +0000
ROA not before:           Mon 01 Jan 2024 08:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31424
IP address blocks:        193.9.122.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/09c4b2-46a9-4f88-99b8-1ccc9c295e8e/1/DIZmK3UsijvnLoVEOU_5JvaPv34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/09c4b2-46a9-4f88-99b8-1ccc9c295e8e/1/DIZmK3UsijvnLoVEOU_5JvaPv34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DIZmK3UsijvnLoVEOU_5JvaPv34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 10:03:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:0a:74:7e:e9:bb:52:62:2b:c1:eb:cc:08:46:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c86662b752c8a3be72e8544394ff926f68fbf7e
        Validity
            Not Before: Jan  1 08:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2d2ae3ab087a821ae5a186a8d765cd316a0db41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:c7:6e:28:2f:59:f8:27:e0:90:30:f1:2b:7c:
                    f5:b6:c8:6a:e7:9a:00:4e:e8:eb:61:f0:f1:ec:50:
                    3b:34:0a:99:1a:af:5e:c9:e2:d4:f1:9b:2b:f7:bb:
                    5f:e7:7e:41:72:90:13:9f:da:28:00:c7:09:26:b7:
                    0c:e4:fa:fc:db:c8:af:c8:b9:fd:75:61:5d:26:8c:
                    81:9a:29:9f:9b:c5:22:23:ad:57:e7:ba:ce:e6:75:
                    e2:c0:43:3c:1c:3a:e2:6c:0e:34:ee:80:9b:60:ce:
                    89:1a:bf:70:36:f2:bc:73:cd:ee:e5:71:fd:46:f4:
                    76:1a:46:38:29:29:b3:e0:69:87:58:60:46:ad:ab:
                    72:ee:3b:36:3e:54:5d:0f:7c:a0:af:29:11:0f:c2:
                    82:60:5c:5a:d5:5c:b8:a9:4b:b5:ca:7d:04:63:cf:
                    ca:88:c2:ec:3b:6e:5c:a3:e4:a8:7e:29:67:d4:1c:
                    a2:8d:bb:af:84:60:dc:23:d1:40:01:0f:c0:16:ef:
                    c6:ed:cd:23:63:7a:ad:05:23:cf:44:8b:f7:1e:aa:
                    17:1b:ee:db:36:a9:6d:21:5a:14:9d:48:88:64:b7:
                    c9:3b:38:ff:2c:e2:32:af:0f:cb:32:64:35:56:ac:
                    8c:bd:61:71:ea:38:28:1a:99:ed:c5:8d:7d:39:78:
                    79:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:D2:AE:3A:B0:87:A8:21:AE:5A:18:6A:8D:76:5C:D3:16:A0:DB:41
            X509v3 Authority Key Identifier:
                keyid:0C:86:66:2B:75:2C:8A:3B:E7:2E:85:44:39:4F:F9:26:F6:8F:BF:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DIZmK3UsijvnLoVEOU_5JvaPv34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/09c4b2-46a9-4f88-99b8-1ccc9c295e8e/1/otKuOrCHqCGuWhhqjXZc0xag20E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/09c4b2-46a9-4f88-99b8-1ccc9c295e8e/1/DIZmK3UsijvnLoVEOU_5JvaPv34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.9.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:2e:d9:2b:42:20:86:9f:a0:ce:83:b5:7f:3c:67:6d:3f:5e:
         fa:29:9e:0b:c4:d6:33:f6:03:9e:25:ce:d3:78:72:43:17:45:
         2c:a7:c3:0e:3d:84:63:50:0b:ac:2b:bf:d9:43:7c:4c:67:bb:
         b2:ba:ad:dc:b9:f9:91:2c:4f:de:65:4c:34:4b:3f:7c:10:55:
         b0:77:2a:7b:3e:c7:26:da:b6:bf:ca:cc:45:9d:13:fe:3c:02:
         65:4b:f7:88:8a:ba:ef:6b:00:6f:13:67:43:93:67:50:36:34:
         25:2b:2f:b4:f2:26:54:27:ea:3a:30:ee:98:0b:39:12:c6:71:
         11:ee:51:6b:ba:b5:f2:8e:5d:54:84:35:9c:01:94:4f:1e:d0:
         37:69:16:bd:68:60:e8:d9:3f:32:ea:b5:13:48:3e:63:71:bc:
         be:62:7a:01:6b:3d:de:93:2c:86:dc:40:52:22:12:cd:7e:6e:
         8b:5c:be:77:04:b6:e3:76:02:00:96:d0:04:01:94:da:86:20:
         37:53:a8:f1:0c:6f:e6:ce:4b:c2:b4:f3:0f:7b:06:51:51:8c:
         7e:af:3e:a1:56:95:c6:18:3a:42:75:10:40:e8:75:64:ae:7c:
         7d:53:53:46:4f:94:35:e8:e8:4f:cd:92:d1:61:94:eb:4e:4a:
         57:dc:97:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJQp0fum7UmIrwevMCEb2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjODY2NjJiNzUyYzhhM2JlNzJlODU0NDM5NGZmOTI2ZjY4
ZmJmN2UwHhcNMjQwMTAxMDgzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmQyYWUzYWIwODdhODIxYWU1YTE4NmE4ZDc2NWNkMzE2YTBkYjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsduKC9Z+CfgkDDxK3z1tshq55oA
TujrYfDx7FA7NAqZGq9eyeLU8Zsr97tf535BcpATn9ooAMcJJrcM5Pr828ivyLn9
dWFdJoyBmimfm8UiI61X57rO5nXiwEM8HDribA407oCbYM6JGr9wNvK8c83u5XH9
RvR2GkY4KSmz4GmHWGBGraty7js2PlRdD3ygrykRD8KCYFxa1Vy4qUu1yn0EY8/K
iMLsO25co+Sofiln1ByijbuvhGDcI9FAAQ/AFu/G7c0jY3qtBSPPRIv3HqoXG+7b
NqltIVoUnUiIZLfJOzj/LOIyrw/LMmQ1VqyMvWFx6jgoGpntxY19OXh5xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKLSrjqwh6ghrloYao12XNMWoNtBMB8GA1UdIwQY
MBaAFAyGZit1LIo75y6FRDlP+Sb2j79+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRElabUszVXNpanZuTG9WRU9VXzVKdmFQdjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My8wOWM0YjItNDZhOS00Zjg4LTk5Yjgt
MWNjYzljMjk1ZThlLzEvb3RLdU9yQ0hxQ0d1V2hocWpYWmMweGFnMjBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My8wOWM0YjItNDZhOS00Zjg4LTk5YjgtMWNjYzljMjk1ZThl
LzEvRElabUszVXNpanZuTG9WRU9VXzVKdmFQdjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQl6MA0G
CSqGSIb3DQEBCwUAA4IBAQAtLtkrQiCGn6DOg7V/PGdtP176KZ4LxNYz9gOeJc7T
eHJDF0Usp8MOPYRjUAusK7/ZQ3xMZ7uyuq3cufmRLE/eZUw0Sz98EFWwdyp7Pscm
2ra/ysxFnRP+PAJlS/eIirrvawBvE2dDk2dQNjQlKy+08iZUJ+o6MO6YCzkSxnER
7lFrurXyjl1UhDWcAZRPHtA3aRa9aGDo2T8y6rUTSD5jcby+YnoBaz3ekyyG3EBS
IhLNfm6LXL53BLbjdgIAltAEAZTahiA3U6jxDG/mzkvCtPMPewZRUYx+rz6hVpXG
GDpCdRBA6HVkrnx9U1NGT5Q16OhPzZLRYZTrTkpX3JeW
-----END CERTIFICATE-----