Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/MD0-yNaqDjWwKQ9Ov-m52l5TYcE.roa
File:                     MD0-yNaqDjWwKQ9Ov-m52l5TYcE.roa (raw, json)
Hash identifier:          yK5aFhfzHKVtMh4toLMKAANIe7rPl0Q0NGI1ewoo0c8=
Subject key identifier:   30:3D:3E:C8:D6:AA:0E:35:B0:29:0F:4E:BF:E9:B9:DA:5E:53:61:C1
Certificate issuer:       /CN=4ee843a85dd664e9dc0310892bd7dd9ce52591c7
Certificate serial:       018CC500E68444B1BFCB0E88D70DF06B6182
Authority key identifier: 4E:E8:43:A8:5D:D6:64:E9:DC:03:10:89:2B:D7:DD:9C:E5:25:91:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TuhDqF3WZOncAxCJK9fdnOUlkcc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/MD0-yNaqDjWwKQ9Ov-m52l5TYcE.roa
Signing time:             Mon 01 Jan 2024 12:30:19 +0000
ROA not before:           Mon 01 Jan 2024 12:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198440
IP address blocks:        206.245.192.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/TuhDqF3WZOncAxCJK9fdnOUlkcc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/TuhDqF3WZOncAxCJK9fdnOUlkcc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TuhDqF3WZOncAxCJK9fdnOUlkcc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:e6:84:44:b1:bf:cb:0e:88:d7:0d:f0:6b:61:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ee843a85dd664e9dc0310892bd7dd9ce52591c7
        Validity
            Not Before: Jan  1 12:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=303d3ec8d6aa0e35b0290f4ebfe9b9da5e5361c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:41:4b:52:e3:ce:bb:c3:1f:d6:b5:d7:1c:54:
                    37:b9:36:8d:82:22:94:35:21:88:60:f6:e2:4d:64:
                    51:19:fc:21:9e:c3:4c:d8:a5:04:28:02:23:39:22:
                    b7:2b:53:1d:4e:40:23:8a:c8:24:62:8c:eb:c7:11:
                    3b:c2:da:f6:1d:12:5d:e0:4c:1c:c4:dd:6e:2e:f2:
                    9b:9c:b6:c2:04:34:d1:dc:7d:b6:44:b0:18:e6:7b:
                    52:55:be:40:17:20:74:84:d0:53:a9:ca:f6:59:17:
                    3c:e8:9c:8b:a4:be:28:5a:cd:0e:03:f2:e4:e6:5d:
                    82:20:ba:e5:99:76:08:a3:ee:af:6f:bb:46:88:68:
                    82:43:99:22:7b:02:e3:a5:d8:63:16:f0:2b:70:7e:
                    f6:da:38:fd:db:dd:96:aa:5d:96:17:3d:67:70:bd:
                    da:18:1b:26:8e:11:05:9c:7a:9b:40:00:77:01:aa:
                    0d:5f:1c:5c:f5:60:ab:c8:f1:52:14:27:97:87:0d:
                    99:b7:8d:b6:c1:13:63:7c:96:80:e4:91:83:27:98:
                    1e:85:35:6b:6e:5b:4d:2d:69:26:4f:b3:0b:15:ec:
                    eb:1e:e8:3f:42:be:70:41:44:a8:f2:ac:63:e0:57:
                    ce:a6:fa:12:68:da:0f:01:99:8f:c9:e0:40:ab:52:
                    fb:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:3D:3E:C8:D6:AA:0E:35:B0:29:0F:4E:BF:E9:B9:DA:5E:53:61:C1
            X509v3 Authority Key Identifier:
                keyid:4E:E8:43:A8:5D:D6:64:E9:DC:03:10:89:2B:D7:DD:9C:E5:25:91:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TuhDqF3WZOncAxCJK9fdnOUlkcc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/MD0-yNaqDjWwKQ9Ov-m52l5TYcE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/TuhDqF3WZOncAxCJK9fdnOUlkcc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  206.245.192.0/20

    Signature Algorithm: sha256WithRSAEncryption
         4b:d0:02:d5:c7:6d:8f:7d:d7:4f:7d:44:9c:64:60:58:80:01:
         b7:a8:31:ed:5c:7e:4f:c9:6f:13:be:1c:e0:7e:75:42:93:6b:
         62:6d:86:72:97:7f:fb:7e:39:8c:e0:24:ad:a7:37:b0:6c:0e:
         ad:ab:e9:28:f4:f0:e9:db:df:37:65:90:d2:f6:b3:3f:3c:3f:
         89:f6:cd:14:a8:a2:97:53:78:81:d9:c9:df:05:e0:c8:68:f4:
         fe:82:f3:74:aa:78:d1:ac:33:23:b6:33:e2:9c:c2:a6:65:2b:
         32:cd:a9:51:4e:22:75:82:a4:6e:75:b0:ed:f0:35:e6:39:76:
         75:79:24:d6:59:cd:3d:f4:82:f6:a7:fd:29:10:cd:6a:42:d1:
         ed:15:9d:bf:86:1a:b0:71:6b:5f:c3:b0:70:68:88:78:b1:60:
         8a:48:a1:ad:46:83:48:b4:9f:21:6f:2e:83:14:30:b4:cc:36:
         57:84:bd:a6:8b:39:32:ad:20:f2:4e:7c:ff:88:6d:f2:95:37:
         b5:df:24:77:8e:d8:be:b4:c0:b7:a2:75:a5:b4:c3:db:35:fb:
         69:82:15:0b:3b:90:6e:05:5d:10:7f:a5:fc:b2:c8:1d:40:ed:
         d4:4a:e8:21:8d:b8:72:4f:81:3a:33:e0:7b:53:57:c9:64:69:
         df:57:5b:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAOaERLG/yw6I1w3wa2GCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlZTg0M2E4NWRkNjY0ZTlkYzAzMTA4OTJiZDdkZDljZTUy
NTkxYzcwHhcNMjQwMTAxMTIzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDNkM2VjOGQ2YWEwZTM1YjAyOTBmNGViZmU5YjlkYTVlNTM2MWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuUFLUuPOu8Mf1rXXHFQ3uTaNgiKU
NSGIYPbiTWRRGfwhnsNM2KUEKAIjOSK3K1MdTkAjisgkYozrxxE7wtr2HRJd4Ewc
xN1uLvKbnLbCBDTR3H22RLAY5ntSVb5AFyB0hNBTqcr2WRc86JyLpL4oWs0OA/Lk
5l2CILrlmXYIo+6vb7tGiGiCQ5kiewLjpdhjFvArcH722jj9292Wql2WFz1ncL3a
GBsmjhEFnHqbQAB3AaoNXxxc9WCryPFSFCeXhw2Zt422wRNjfJaA5JGDJ5gehTVr
bltNLWkmT7MLFezrHug/Qr5wQUSo8qxj4FfOpvoSaNoPAZmPyeBAq1L7SwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDA9PsjWqg41sCkPTr/pudpeU2HBMB8GA1UdIwQY
MBaAFE7oQ6hd1mTp3AMQiSvX3ZzlJZHHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHVoRHFGM1daT25jQXhDSks5ZmRuT1Vsa2NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9hZGFkMjAtYzUxMi00ZmIwLWExMjct
NDhjZjQxMmIzODdiLzEvTUQwLXlOYXFEald3S1E5T3YtbTUybDVUWWNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9hZGFkMjAtYzUxMi00ZmIwLWExMjctNDhjZjQxMmIzODdi
LzEvVHVoRHFGM1daT25jQXhDSks5ZmRuT1Vsa2NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEzvXAMA0G
CSqGSIb3DQEBCwUAA4IBAQBL0ALVx22PfddPfUScZGBYgAG3qDHtXH5PyW8Tvhzg
fnVCk2tibYZyl3/7fjmM4CStpzewbA6tq+ko9PDp2983ZZDS9rM/PD+J9s0UqKKX
U3iB2cnfBeDIaPT+gvN0qnjRrDMjtjPinMKmZSsyzalRTiJ1gqRudbDt8DXmOXZ1
eSTWWc099IL2p/0pEM1qQtHtFZ2/hhqwcWtfw7BwaIh4sWCKSKGtRoNItJ8hby6D
FDC0zDZXhL2mizkyrSDyTnz/iG3ylTe13yR3jti+tMC3onWltMPbNftpghULO5Bu
BV0Qf6X8ssgdQO3USughjbhyT4E6M+B7U1fJZGnfV1u3
-----END CERTIFICATE-----