Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/2231d2-cd9a-4cf1-80d0-51b2aa5980be/1/0o-3CV_od5fqEdn1x4FRNg2Owsw.roa
File:                     0o-3CV_od5fqEdn1x4FRNg2Owsw.roa (raw, json)
Hash identifier:          /q4P1CiIkZ+ZEe3uKSglkgonM7eD5GjklIVczrIkb70=
Subject key identifier:   D2:8F:B7:09:5F:E8:77:97:EA:11:D9:F5:C7:81:51:36:0D:8E:C2:CC
Certificate issuer:       /CN=d6eeff69011ad01a1b179a6dd70d59a1116f51f3
Certificate serial:       018CC2DB12A9346722F2B8787690C9F2255E
Authority key identifier: D6:EE:FF:69:01:1A:D0:1A:1B:17:9A:6D:D7:0D:59:A1:11:6F:51:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1u7_aQEa0BobF5pt1w1ZoRFvUfM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/2231d2-cd9a-4cf1-80d0-51b2aa5980be/1/0o-3CV_od5fqEdn1x4FRNg2Owsw.roa
Signing time:             Mon 01 Jan 2024 02:29:46 +0000
ROA not before:           Mon 01 Jan 2024 02:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        188.244.120.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/2231d2-cd9a-4cf1-80d0-51b2aa5980be/1/1u7_aQEa0BobF5pt1w1ZoRFvUfM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/2231d2-cd9a-4cf1-80d0-51b2aa5980be/1/1u7_aQEa0BobF5pt1w1ZoRFvUfM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1u7_aQEa0BobF5pt1w1ZoRFvUfM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:12:a9:34:67:22:f2:b8:78:76:90:c9:f2:25:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6eeff69011ad01a1b179a6dd70d59a1116f51f3
        Validity
            Not Before: Jan  1 02:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d28fb7095fe87797ea11d9f5c78151360d8ec2cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:c2:4f:3d:56:a6:46:41:42:20:75:ff:62:5a:
                    60:3e:db:9f:d3:ee:b4:af:dc:b0:0f:90:ac:90:3f:
                    93:61:f5:71:09:24:35:e0:6e:51:51:69:84:df:64:
                    5f:48:98:7c:bf:cf:92:bb:f1:f0:94:ad:05:b7:75:
                    1e:0c:d5:58:8e:3c:4a:e7:98:78:6a:48:47:44:27:
                    b7:20:74:e8:48:d0:b2:a6:f1:b6:c6:ae:c0:4d:d9:
                    e7:3f:00:e8:21:cb:81:42:1a:74:67:db:c6:d7:1b:
                    6c:6f:02:ed:f4:48:13:88:7f:bf:2a:bf:b7:c3:a2:
                    f3:83:7e:4e:a3:41:11:9a:8f:81:c7:ba:6f:bb:e0:
                    a2:37:e6:ed:2d:e5:fb:93:56:ae:28:0a:53:b1:55:
                    ba:ad:df:fe:14:d4:01:dd:79:d3:96:75:e3:37:93:
                    b6:db:08:4b:aa:65:f4:48:ba:15:7d:4c:0f:9b:ad:
                    c6:71:e5:17:b8:bc:e1:fa:4d:87:2f:ad:6c:2c:1b:
                    bb:1c:ff:ca:0d:c7:89:89:fd:9e:66:f8:75:15:0c:
                    bd:7a:c4:a5:53:d0:6d:02:75:e0:5c:a5:b3:27:ad:
                    d8:e3:96:94:45:ce:68:34:24:26:de:ad:78:e2:10:
                    bb:63:8e:9e:60:c2:56:dc:2f:d6:b9:84:d8:b1:d6:
                    e3:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:8F:B7:09:5F:E8:77:97:EA:11:D9:F5:C7:81:51:36:0D:8E:C2:CC
            X509v3 Authority Key Identifier:
                keyid:D6:EE:FF:69:01:1A:D0:1A:1B:17:9A:6D:D7:0D:59:A1:11:6F:51:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1u7_aQEa0BobF5pt1w1ZoRFvUfM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/2231d2-cd9a-4cf1-80d0-51b2aa5980be/1/0o-3CV_od5fqEdn1x4FRNg2Owsw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/2231d2-cd9a-4cf1-80d0-51b2aa5980be/1/1u7_aQEa0BobF5pt1w1ZoRFvUfM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.244.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:ce:ce:85:2a:40:5c:e1:12:ba:2a:f7:1d:3d:67:36:86:72:
         c0:79:fd:48:68:76:3f:6e:f1:df:c0:3d:6d:39:67:9c:1f:66:
         ae:e4:85:4b:65:94:47:45:2b:9f:e1:a9:17:4b:62:6b:61:64:
         65:90:19:d6:58:8a:7d:a6:d0:ec:9f:e7:9b:ad:da:c9:9e:ca:
         4e:c2:45:0e:fe:90:35:73:46:62:67:bb:d9:aa:55:b8:b3:52:
         fb:f3:f3:67:a9:c0:7a:5c:3d:5f:39:ec:a8:ef:05:2a:65:f0:
         8d:11:8a:3d:8b:d6:66:41:12:69:a5:89:c7:6a:03:5e:4a:83:
         10:82:71:1b:22:a6:24:8a:54:b5:db:27:c2:99:b1:33:d0:fe:
         47:bd:7d:fb:bf:17:8c:40:b8:fc:d8:4a:25:f9:33:db:ca:55:
         67:a7:b2:a2:f0:7d:e4:91:e6:24:08:ba:39:4b:d9:dd:58:b9:
         26:0c:4a:30:69:6d:ce:dc:52:ce:34:7d:c9:a8:81:ca:aa:ee:
         a7:59:25:09:89:b1:59:00:84:be:53:3d:e2:b2:26:be:06:49:
         2b:5f:6f:84:e9:d6:9d:09:12:b7:d2:d9:d5:cf:4e:d9:17:a4:
         68:f2:3c:ae:0c:01:98:9c:02:fc:ba:43:6b:12:42:79:62:91:
         0b:c5:35:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2xKpNGci8rh4dpDJ8iVeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2ZWVmZjY5MDExYWQwMWExYjE3OWE2ZGQ3MGQ1OWExMTE2
ZjUxZjMwHhcNMjQwMTAxMDIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjhmYjcwOTVmZTg3Nzk3ZWExMWQ5ZjVjNzgxNTEzNjBkOGVjMmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgsJPPVamRkFCIHX/YlpgPtuf0+60
r9ywD5CskD+TYfVxCSQ14G5RUWmE32RfSJh8v8+Su/HwlK0Ft3UeDNVYjjxK55h4
akhHRCe3IHToSNCypvG2xq7ATdnnPwDoIcuBQhp0Z9vG1xtsbwLt9EgTiH+/Kr+3
w6Lzg35Oo0ERmo+Bx7pvu+CiN+btLeX7k1auKApTsVW6rd/+FNQB3XnTlnXjN5O2
2whLqmX0SLoVfUwPm63GceUXuLzh+k2HL61sLBu7HP/KDceJif2eZvh1FQy9esSl
U9BtAnXgXKWzJ63Y45aURc5oNCQm3q144hC7Y46eYMJW3C/WuYTYsdbj9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNKPtwlf6HeX6hHZ9ceBUTYNjsLMMB8GA1UdIwQY
MBaAFNbu/2kBGtAaGxeabdcNWaERb1HzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXU3X2FRRWEwQm9iRjVwdDF3MVpvUkZ2VWZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8yMjMxZDItY2Q5YS00Y2YxLTgwZDAt
NTFiMmFhNTk4MGJlLzEvMG8tM0NWX29kNWZxRWRuMXg0RlJOZzJPd3N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8yMjMxZDItY2Q5YS00Y2YxLTgwZDAtNTFiMmFhNTk4MGJl
LzEvMXU3X2FRRWEwQm9iRjVwdDF3MVpvUkZ2VWZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvPR4MA0G
CSqGSIb3DQEBCwUAA4IBAQClzs6FKkBc4RK6KvcdPWc2hnLAef1IaHY/bvHfwD1t
OWecH2au5IVLZZRHRSuf4akXS2JrYWRlkBnWWIp9ptDsn+ebrdrJnspOwkUO/pA1
c0ZiZ7vZqlW4s1L78/NnqcB6XD1fOeyo7wUqZfCNEYo9i9ZmQRJppYnHagNeSoMQ
gnEbIqYkilS12yfCmbEz0P5HvX37vxeMQLj82Eol+TPbylVnp7Ki8H3kkeYkCLo5
S9ndWLkmDEowaW3O3FLONH3JqIHKqu6nWSUJibFZAIS+Uz3isia+BkkrX2+E6dad
CRK30tnVz07ZF6Ro8jyuDAGYnAL8ukNrEkJ5YpELxTVN
-----END CERTIFICATE-----