Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/rpPObXxx5bOq5Po7WGWgReVRYQA.roa
File:                     rpPObXxx5bOq5Po7WGWgReVRYQA.roa (raw, json)
Hash identifier:          IOHAdL9+bZktE2RKxmSvBMUGEQSLCjb+fIQENbNsbqg=
Subject key identifier:   AE:93:CE:6D:7C:71:E5:B3:AA:E4:FA:3B:58:65:A0:45:E5:51:61:00
Certificate issuer:       /CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
Certificate serial:       018CC64A762F888A0C5E1B9B80AD09DF472E
Authority key identifier: 1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/rpPObXxx5bOq5Po7WGWgReVRYQA.roa
Signing time:             Mon 01 Jan 2024 18:30:17 +0000
ROA not before:           Mon 01 Jan 2024 18:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29217
IP address blocks:        194.18.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 13:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:76:2f:88:8a:0c:5e:1b:9b:80:ad:09:df:47:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
        Validity
            Not Before: Jan  1 18:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae93ce6d7c71e5b3aae4fa3b5865a045e5516100
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:17:45:c0:94:13:17:1a:a2:2a:12:1c:0d:5f:
                    dc:ad:47:5a:7d:d7:a7:c0:e6:7e:1f:7d:15:8c:f2:
                    cf:ef:98:38:08:85:c8:06:91:9c:9f:48:cf:3d:23:
                    54:a7:06:17:91:3c:17:73:4c:62:36:fb:0e:33:7d:
                    7e:88:a1:dd:a5:9c:2a:e5:aa:fe:67:62:27:b8:30:
                    65:bc:2d:9c:51:3c:5b:ea:52:20:3d:22:07:79:92:
                    70:9c:cf:9e:9a:f0:ae:51:bf:b4:35:1e:46:fd:c6:
                    65:24:d4:20:83:9c:20:7f:41:28:e2:e0:de:5b:30:
                    14:74:38:bd:0d:0a:97:91:85:97:46:b8:30:2a:4d:
                    02:b1:d2:79:ec:32:f1:b2:14:51:e3:af:bd:b9:4a:
                    a7:3c:2d:55:51:c3:a6:24:18:f1:ff:ad:d3:cd:23:
                    a9:ed:98:6d:dd:75:fe:f2:a4:56:11:95:db:b3:10:
                    27:0a:c1:6a:55:e2:19:34:00:8d:27:42:9a:ce:7e:
                    b0:cc:ae:7f:a7:9f:bd:73:0c:82:6c:5f:9c:e3:e9:
                    ee:ef:c0:6f:54:db:eb:bc:47:c8:5c:a4:c8:8e:2e:
                    7e:3a:c2:00:0e:dc:60:d1:fd:b8:90:ea:97:2e:ff:
                    22:83:db:6f:6f:66:88:57:76:7b:b7:a0:28:d0:54:
                    07:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:93:CE:6D:7C:71:E5:B3:AA:E4:FA:3B:58:65:A0:45:E5:51:61:00
            X509v3 Authority Key Identifier:
                keyid:1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/rpPObXxx5bOq5Po7WGWgReVRYQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.18.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:0e:0a:ce:5d:a9:e2:6b:34:51:e8:03:86:ac:a5:e8:d4:6d:
         87:d0:a0:16:89:5b:22:6a:c4:bc:89:f3:d4:d5:12:e3:82:f2:
         e7:46:d0:16:53:e6:7e:95:80:6f:a6:48:e2:4b:6b:6d:ba:0c:
         23:3b:1d:c8:bc:1b:cf:dd:03:6e:1c:ce:3f:d0:2f:70:80:51:
         ac:51:ac:f1:f4:1e:2d:b1:01:bc:27:6e:46:3f:54:bb:94:f2:
         d7:76:dd:f1:f9:fc:b1:2d:f7:92:db:22:cd:aa:3f:da:6d:e4:
         97:12:fd:2e:ba:10:e8:e0:45:e2:b5:14:49:5d:33:7e:c2:26:
         94:01:c7:ad:8e:27:49:26:a2:ec:9f:19:e5:52:19:b1:3a:86:
         d0:e4:c3:00:50:17:58:21:95:ad:cf:1f:ef:f5:70:f0:de:0d:
         2a:86:10:d5:f3:e4:96:2c:19:b0:de:36:c2:a4:ae:5b:3f:6a:
         3e:9f:28:bf:bd:86:a5:98:d4:41:1c:3a:1b:da:6a:9c:5d:42:
         e8:9c:f2:21:79:2c:27:c4:eb:db:3a:24:bd:c6:23:46:bc:5f:
         89:34:6a:eb:34:8f:71:8f:07:06:6b:ce:75:74:cf:c3:0d:04:
         d4:85:71:e5:51:11:f6:bc:6c:ca:7d:f0:31:41:59:62:0e:8e:
         9d:ba:e5:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSnYviIoMXhubgK0J30cuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNjgxMzhkNGVjMmVhNTFjYWNlZjA5ZmYxMDU4YTM3MGE1
YmUxOTAwHhcNMjQwMTAxMTgzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTkzY2U2ZDdjNzFlNWIzYWFlNGZhM2I1ODY1YTA0NWU1NTE2MTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhRdFwJQTFxqiKhIcDV/crUdafden
wOZ+H30VjPLP75g4CIXIBpGcn0jPPSNUpwYXkTwXc0xiNvsOM31+iKHdpZwq5ar+
Z2InuDBlvC2cUTxb6lIgPSIHeZJwnM+emvCuUb+0NR5G/cZlJNQgg5wgf0Eo4uDe
WzAUdDi9DQqXkYWXRrgwKk0CsdJ57DLxshRR46+9uUqnPC1VUcOmJBjx/63TzSOp
7Zht3XX+8qRWEZXbsxAnCsFqVeIZNACNJ0Kazn6wzK5/p5+9cwyCbF+c4+nu78Bv
VNvrvEfIXKTIji5+OsIADtxg0f24kOqXLv8ig9tvb2aIV3Z7t6Ao0FQHUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK6Tzm18ceWzquT6O1hloEXlUWEAMB8GA1UdIwQY
MBaAFB9oE41OwupRys7wn/EFijcKW+GQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDJnVGpVN0M2bEhLenZDZjhRV0tOd3BiNFpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9iOWFkZjQtZjkxMC00MzU1LWJmYzgt
NjA4NTY0ODM5ZmQwLzEvcnBQT2JYeHg1Yk9xNVBvN1dHV2dSZVZSWVFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9iOWFkZjQtZjkxMC00MzU1LWJmYzgtNjA4NTY0ODM5ZmQw
LzEvSDJnVGpVN0M2bEhLenZDZjhRV0tOd3BiNFpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhLgMA0G
CSqGSIb3DQEBCwUAA4IBAQAHDgrOXaniazRR6AOGrKXo1G2H0KAWiVsiasS8ifPU
1RLjgvLnRtAWU+Z+lYBvpkjiS2ttugwjOx3IvBvP3QNuHM4/0C9wgFGsUazx9B4t
sQG8J25GP1S7lPLXdt3x+fyxLfeS2yLNqj/abeSXEv0uuhDo4EXitRRJXTN+wiaU
AcetjidJJqLsnxnlUhmxOobQ5MMAUBdYIZWtzx/v9XDw3g0qhhDV8+SWLBmw3jbC
pK5bP2o+nyi/vYalmNRBHDob2mqcXULonPIheSwnxOvbOiS9xiNGvF+JNGrrNI9x
jwcGa851dM/DDQTUhXHlURH2vGzKffAxQVliDo6duuWP
-----END CERTIFICATE-----