Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/9qeyOEXDxskWV5_iK8dAAT6Lfdg.roa
File:                     9qeyOEXDxskWV5_iK8dAAT6Lfdg.roa (raw, json)
Hash identifier:          ZBPDfewyOTdy4Ul7GCm5RmdfaCwcB6JLNK0LR8m49FQ=
Subject key identifier:   F6:A7:B2:38:45:C3:C6:C9:16:57:9F:E2:2B:C7:40:01:3E:8B:7D:D8
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC795447E0CAD5A63AB3C77DD4E3AA921
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/9qeyOEXDxskWV5_iK8dAAT6Lfdg.roa
Signing time:             Tue 02 Jan 2024 00:31:37 +0000
ROA not before:           Tue 02 Jan 2024 00:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33829
IP address blocks:        188.241.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:44:7e:0c:ad:5a:63:ab:3c:77:dd:4e:3a:a9:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6a7b23845c3c6c916579fe22bc740013e8b7dd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:53:85:0c:0b:df:05:46:43:6a:36:e1:b4:03:
                    4e:42:8c:96:52:3f:25:e3:61:fe:2b:a9:f3:5c:b2:
                    6e:6e:db:fa:9e:94:77:93:68:b9:48:b1:f5:a7:0f:
                    63:f7:66:ba:c2:34:3d:b6:c0:93:00:af:7c:34:f4:
                    a2:e8:ad:bf:9b:43:a0:a0:ab:e3:21:af:91:34:7d:
                    0b:d8:14:bd:76:58:1e:d8:e6:9d:71:07:2f:37:47:
                    bd:b0:85:24:ea:9b:e7:08:ff:11:23:30:9f:c4:f5:
                    fd:2e:42:bb:91:21:ed:d5:96:9b:14:ef:87:e3:e2:
                    db:71:f7:0c:bd:be:cf:d8:83:6b:98:c6:31:87:4b:
                    97:a5:e7:38:ad:cf:e4:14:56:59:8a:41:0e:05:07:
                    b7:3d:4c:37:54:ca:b3:e6:fd:63:2d:1e:af:a8:ca:
                    b5:14:c6:c8:b2:65:89:47:ba:03:d9:1c:a1:fc:6a:
                    81:7d:0a:ca:59:37:e9:58:be:1b:07:21:3f:f9:aa:
                    a7:80:6f:dc:07:ba:76:10:41:ab:99:b6:84:ff:d5:
                    d0:18:12:4a:a9:f0:83:5e:54:03:2f:ea:e4:a4:af:
                    4f:97:4a:85:43:8f:75:7f:7b:f2:b6:6d:f7:14:97:
                    3b:86:94:b6:d0:7c:17:05:54:62:3c:a2:1a:61:4c:
                    fa:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:A7:B2:38:45:C3:C6:C9:16:57:9F:E2:2B:C7:40:01:3E:8B:7D:D8
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/9qeyOEXDxskWV5_iK8dAAT6Lfdg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.241.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d1:3e:b8:7c:2f:98:dd:80:91:0b:ab:e1:67:49:71:37:01:05:
         4a:4b:32:dd:bb:0f:fa:aa:a0:d8:44:b7:5d:6e:2b:df:79:28:
         87:dd:6c:c8:ef:0a:28:a7:95:59:b0:ee:31:5f:8e:c1:c6:95:
         f9:92:4c:e4:20:41:69:5e:37:e0:99:44:a6:df:32:9a:91:23:
         2e:65:ff:1d:75:ed:7a:15:6a:b6:1a:f3:7f:77:92:2f:8f:bd:
         f4:d1:e8:45:27:e5:ec:a1:af:58:6e:94:ea:64:5a:9a:f4:e1:
         e4:f6:1d:c3:4d:85:d6:c5:69:ed:0e:98:2e:ec:41:5e:58:fe:
         51:0a:f3:17:79:0b:51:0d:b6:a2:e3:76:ce:eb:49:c6:d3:5d:
         ff:06:dc:f8:63:05:3f:3c:61:09:86:e2:39:fe:a2:10:71:7c:
         60:69:32:33:be:01:ce:6c:e3:cd:27:18:c8:0a:a8:90:8e:91:
         5f:85:db:3f:59:73:a7:6d:da:55:a0:81:1b:c6:31:57:fa:c5:
         2d:45:d5:b9:0f:21:7b:0d:26:38:2e:30:fc:a5:ff:d6:24:5a:
         4d:d3:be:23:18:d1:6a:33:08:90:69:49:0f:8e:14:5f:f5:a3:
         cd:87:6f:36:21:07:56:0e:84:d6:1a:d0:19:17:bc:24:a9:a3:
         54:f9:33:6e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlUR+DK1aY6s8d91OOqkhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmE3YjIzODQ1YzNjNmM5MTY1NzlmZTIyYmM3NDAwMTNlOGI3ZGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlOFDAvfBUZDajbhtANOQoyWUj8l
42H+K6nzXLJubtv6npR3k2i5SLH1pw9j92a6wjQ9tsCTAK98NPSi6K2/m0OgoKvj
Ia+RNH0L2BS9dlge2OadcQcvN0e9sIUk6pvnCP8RIzCfxPX9LkK7kSHt1ZabFO+H
4+LbcfcMvb7P2INrmMYxh0uXpec4rc/kFFZZikEOBQe3PUw3VMqz5v1jLR6vqMq1
FMbIsmWJR7oD2Ryh/GqBfQrKWTfpWL4bByE/+aqngG/cB7p2EEGrmbaE/9XQGBJK
qfCDXlQDL+rkpK9Pl0qFQ491f3vytm33FJc7hpS20HwXBVRiPKIaYUz6DwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPansjhFw8bJFlef4ivHQAE+i33YMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xLzlxZXlPRVhEeHNrV1Y1X2lLOGRBQVQ2TGZkZy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC88UAw
DQYJKoZIhvcNAQELBQADggEBANE+uHwvmN2AkQur4WdJcTcBBUpLMt27D/qqoNhE
t11uK995KIfdbMjvCiinlVmw7jFfjsHGlfmSTOQgQWleN+CZRKbfMpqRIy5l/x11
7XoVarYa8393ki+PvfTR6EUn5eyhr1hulOpkWpr04eT2HcNNhdbFae0OmC7sQV5Y
/lEK8xd5C1ENtqLjds7rScbTXf8G3PhjBT88YQmG4jn+ohBxfGBpMjO+Ac5s480n
GMgKqJCOkV+F2z9Zc6dt2lWggRvGMVf6xS1F1bkPIXsNJjguMPyl/9YkWk3TviMY
0WozCJBpSQ+OFF/1o82HbzYhB1YOhNYa0BkXvCSpo1T5M24=
-----END CERTIFICATE-----