Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/sdKc11A-MUCfqViWcYzRF54cjn4.roa
File:                     sdKc11A-MUCfqViWcYzRF54cjn4.roa (raw, json)
Hash identifier:          Aj10YnpVT/tu8xk8ZCRlmHDDxfHcz9r1j9LO617OKGg=
Subject key identifier:   B1:D2:9C:D7:50:3E:31:40:9F:A9:58:96:71:8C:D1:17:9E:1C:8E:7E
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC7956396D7B90E3C0668C5FFE5282BED
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/sdKc11A-MUCfqViWcYzRF54cjn4.roa
Signing time:             Tue 02 Jan 2024 00:31:45 +0000
ROA not before:           Tue 02 Jan 2024 00:31:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62042
IP address blocks:        188.215.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:63:96:d7:b9:0e:3c:06:68:c5:ff:e5:28:2b:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1d29cd7503e31409fa95896718cd1179e1c8e7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:63:91:95:f2:7b:a3:d1:73:98:72:26:84:12:
                    8e:29:1c:c0:0d:1e:12:f9:e1:f5:c4:a0:96:d1:80:
                    a8:37:c6:ff:9b:98:41:1d:b9:ab:0e:54:eb:4d:da:
                    a3:07:18:85:bd:13:e6:e6:9a:40:95:e7:0f:fe:ac:
                    9a:1e:77:53:8f:28:a1:94:4c:f5:ce:c1:e7:7e:06:
                    3b:94:06:3e:13:7e:80:52:8e:0f:79:ea:38:4e:3e:
                    ce:64:8e:a5:d8:04:52:7e:1a:56:10:ad:b1:04:b2:
                    ee:97:12:cc:d6:73:41:34:8b:83:ff:41:4c:ea:c3:
                    0a:f0:b1:00:9d:27:7f:5a:7c:24:83:fb:24:f1:40:
                    a0:78:8b:d3:03:08:3c:84:01:c7:93:0c:59:7a:57:
                    bc:f5:83:7f:cd:9e:17:39:a3:26:c3:70:e6:f7:9f:
                    10:6c:06:58:71:24:16:3c:7b:5b:b6:e4:46:5c:8b:
                    00:52:d6:2b:e4:91:71:62:d2:ac:91:05:b2:fa:8d:
                    43:cb:83:c8:43:66:bd:a9:4a:d3:f5:29:d4:d9:4e:
                    f0:c7:95:56:16:c5:08:1b:d2:b1:ce:f3:69:df:91:
                    0a:58:fe:54:c6:0e:bc:7c:0e:4d:b5:f8:0e:d6:12:
                    81:28:2e:3e:17:6d:c5:ac:c8:80:03:94:c6:6c:c0:
                    6f:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:D2:9C:D7:50:3E:31:40:9F:A9:58:96:71:8C:D1:17:9E:1C:8E:7E
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/sdKc11A-MUCfqViWcYzRF54cjn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.215.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:c4:2b:65:48:f8:5c:ce:ec:b5:bd:22:ed:3d:e0:7b:ce:c0:
         9b:13:a5:60:60:5d:f8:33:0b:3e:bb:aa:f0:db:25:ff:1e:7c:
         49:e3:b0:d4:7f:ff:fe:81:c3:09:22:ef:95:e6:af:eb:30:19:
         4c:3f:91:a6:16:e5:e0:75:0c:a1:79:fd:79:2c:60:82:a8:1f:
         7e:e8:1b:83:a1:91:fc:c3:14:a0:6e:05:ae:cd:31:8e:08:67:
         2f:eb:70:fe:fd:ec:8d:ca:98:6b:18:fd:ce:45:25:4e:a5:0f:
         bb:36:d3:6a:ed:76:33:eb:0f:cf:b1:ab:35:91:f9:0b:2d:3f:
         46:52:a8:50:8a:9e:be:28:a0:96:54:f5:0d:0a:18:2a:8a:db:
         11:b2:bd:d2:f0:84:86:0e:8d:a6:5b:64:7b:fd:7b:69:e2:84:
         18:d9:da:55:ed:39:88:12:78:70:37:2e:4f:76:43:43:bb:52:
         8b:eb:2a:89:1e:25:c8:d7:73:92:7d:92:35:90:83:93:88:b6:
         99:8c:1c:0e:45:4c:a2:68:c7:a8:68:4d:09:5d:b4:58:86:01:
         84:fc:1c:3d:ae:15:4b:da:c7:e4:64:22:bc:ce:62:b9:a1:f5:
         cf:73:95:e3:c4:26:d2:1d:9c:d7:d1:a1:97:62:ec:f8:f7:a3:
         3c:fb:91:62
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlWOW17kOPAZoxf/lKCvtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWQyOWNkNzUwM2UzMTQwOWZhOTU4OTY3MThjZDExNzllMWM4ZTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgGORlfJ7o9FzmHImhBKOKRzADR4S
+eH1xKCW0YCoN8b/m5hBHbmrDlTrTdqjBxiFvRPm5ppAlecP/qyaHndTjyihlEz1
zsHnfgY7lAY+E36AUo4Peeo4Tj7OZI6l2ARSfhpWEK2xBLLulxLM1nNBNIuD/0FM
6sMK8LEAnSd/Wnwkg/sk8UCgeIvTAwg8hAHHkwxZele89YN/zZ4XOaMmw3Dm958Q
bAZYcSQWPHtbtuRGXIsAUtYr5JFxYtKskQWy+o1Dy4PIQ2a9qUrT9SnU2U7wx5VW
FsUIG9KxzvNp35EKWP5Uxg68fA5NtfgO1hKBKC4+F23FrMiAA5TGbMBvVwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLHSnNdQPjFAn6lYlnGM0ReeHI5+MB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL3NkS2MxMUEtTVVDZnFWaVdjWXpSRjU0Y2puNC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC81ycw
DQYJKoZIhvcNAQELBQADggEBAG7EK2VI+FzO7LW9Iu094HvOwJsTpWBgXfgzCz67
qvDbJf8efEnjsNR///6Bwwki75Xmr+swGUw/kaYW5eB1DKF5/XksYIKoH37oG4Oh
kfzDFKBuBa7NMY4IZy/rcP797I3KmGsY/c5FJU6lD7s202rtdjPrD8+xqzWR+Qst
P0ZSqFCKnr4ooJZU9Q0KGCqK2xGyvdLwhIYOjaZbZHv9e2nihBjZ2lXtOYgSeHA3
Lk92Q0O7UovrKokeJcjXc5J9kjWQg5OItpmMHA5FTKJox6hoTQldtFiGAYT8HD2u
FUvax+RkIrzOYrmh9c9zlePEJtIdnNfRoZdi7Pj3ozz7kWI=
-----END CERTIFICATE-----