Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/ab62e7-7367-4bde-934a-b42522d05895/1/P5vQ_A7oBW7-4EjtfWCnFdGYM08.roa
File:                     P5vQ_A7oBW7-4EjtfWCnFdGYM08.roa (raw, json)
Hash identifier:          98SFrN9CI1NEIyCads60rykJ3j6cIOHVqZNzZKBhuQQ=
Subject key identifier:   3F:9B:D0:FC:0E:E8:05:6E:FE:E0:48:ED:7D:60:A7:15:D1:98:33:4F
Certificate issuer:       /CN=24350aa8a94af666099fd073ec621cd15d04b316
Certificate serial:       018CCA2A98BB6820B708FE8E7048ABB6A856
Authority key identifier: 24:35:0A:A8:A9:4A:F6:66:09:9F:D0:73:EC:62:1C:D1:5D:04:B3:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JDUKqKlK9mYJn9Bz7GIc0V0EsxY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/ab62e7-7367-4bde-934a-b42522d05895/1/P5vQ_A7oBW7-4EjtfWCnFdGYM08.roa
Signing time:             Tue 02 Jan 2024 12:33:58 +0000
ROA not before:           Tue 02 Jan 2024 12:33:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42681
IP address blocks:        193.142.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/ab62e7-7367-4bde-934a-b42522d05895/1/JDUKqKlK9mYJn9Bz7GIc0V0EsxY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/ab62e7-7367-4bde-934a-b42522d05895/1/JDUKqKlK9mYJn9Bz7GIc0V0EsxY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JDUKqKlK9mYJn9Bz7GIc0V0EsxY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 04:03:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:98:bb:68:20:b7:08:fe:8e:70:48:ab:b6:a8:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24350aa8a94af666099fd073ec621cd15d04b316
        Validity
            Not Before: Jan  2 12:33:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f9bd0fc0ee8056efee048ed7d60a715d198334f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:d7:12:49:6c:26:87:25:21:53:f1:46:62:b2:
                    fa:25:bd:cf:61:ec:7a:d6:7b:40:af:f1:6c:b2:57:
                    e2:e5:81:df:1a:57:98:77:9f:c0:1e:78:ca:ae:16:
                    c6:5b:b0:0a:c7:93:a1:46:54:12:c8:17:c4:65:33:
                    f2:c7:91:a4:37:9a:7c:0f:fd:3e:a1:6a:7d:8c:9f:
                    61:3a:ff:05:8a:d6:f5:2a:87:54:c8:55:05:77:65:
                    47:9b:dd:f9:75:8b:b1:63:af:53:5b:8c:3e:20:ad:
                    95:65:72:7a:6e:4a:35:48:96:d9:f1:28:4b:01:3b:
                    2f:f0:bc:8a:c7:e0:6d:11:16:d4:86:54:a1:04:92:
                    d9:9b:1c:63:f7:c4:d2:5f:a4:22:d5:49:29:88:a6:
                    2c:09:96:07:5f:3f:ca:a4:a8:c5:4f:67:53:bf:45:
                    90:be:45:f7:ce:f2:f1:a3:72:9f:37:b7:07:06:55:
                    b4:ab:b5:3f:a3:58:5e:9f:ab:25:2b:15:86:d9:fa:
                    f2:11:b2:b2:45:10:e7:0f:72:a1:1b:6d:23:8d:50:
                    fa:fc:fb:02:80:2a:60:0f:d4:fe:5e:1e:ad:5c:5c:
                    8d:c0:13:51:95:62:14:8b:b3:75:5d:8e:bc:ca:57:
                    64:c8:fc:52:57:2c:5a:c7:f5:77:0d:ed:9e:7a:02:
                    05:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:9B:D0:FC:0E:E8:05:6E:FE:E0:48:ED:7D:60:A7:15:D1:98:33:4F
            X509v3 Authority Key Identifier:
                keyid:24:35:0A:A8:A9:4A:F6:66:09:9F:D0:73:EC:62:1C:D1:5D:04:B3:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JDUKqKlK9mYJn9Bz7GIc0V0EsxY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/ab62e7-7367-4bde-934a-b42522d05895/1/P5vQ_A7oBW7-4EjtfWCnFdGYM08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/ab62e7-7367-4bde-934a-b42522d05895/1/JDUKqKlK9mYJn9Bz7GIc0V0EsxY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.142.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:30:78:7c:fe:01:97:41:2c:50:cd:b8:70:73:50:8b:86:c0:
         e5:c8:2e:39:2e:66:a9:6b:84:b4:70:8d:b0:ee:fc:30:9f:0e:
         21:8c:01:3a:4a:ca:c1:62:4d:85:65:16:99:ad:08:25:92:e5:
         ae:1b:00:04:40:c7:f7:79:b6:07:95:29:0e:d8:a5:f4:90:d5:
         44:3e:82:92:89:1b:4b:73:04:cf:e0:b1:c5:ea:58:26:8a:19:
         de:57:5e:2c:0a:1b:26:52:f4:a5:c2:f6:be:b8:6b:de:a1:56:
         50:cd:4b:7c:67:0a:22:54:4b:df:3f:90:86:a6:35:1e:09:4c:
         15:91:58:3a:87:8a:6f:49:1a:31:8e:6f:4d:95:62:a1:fd:ad:
         2c:48:3e:b5:24:d3:61:ec:a5:86:72:22:0b:8a:8a:a3:c5:18:
         35:8c:66:1f:bb:81:5c:be:4e:52:2d:ca:a0:31:db:99:5d:ff:
         8a:23:16:20:34:1c:d2:16:3e:db:77:10:15:be:ea:a9:64:de:
         c2:20:31:ca:3c:1d:61:d7:b2:de:ef:04:ea:c8:bd:b4:84:9a:
         bf:35:3e:73:9d:d6:43:be:85:fa:31:c8:61:5a:1c:d9:c5:66:
         af:d0:f9:1c:1f:e8:df:e1:fa:a8:73:2d:80:37:05:ba:43:f4:
         9d:2e:0f:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKpi7aCC3CP6OcEirtqhWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0MzUwYWE4YTk0YWY2NjYwOTlmZDA3M2VjNjIxY2QxNWQw
NGIzMTYwHhcNMjQwMTAyMTIzMzU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjliZDBmYzBlZTgwNTZlZmVlMDQ4ZWQ3ZDYwYTcxNWQxOTgzMzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9cSSWwmhyUhU/FGYrL6Jb3PYex6
1ntAr/Fsslfi5YHfGleYd5/AHnjKrhbGW7AKx5OhRlQSyBfEZTPyx5GkN5p8D/0+
oWp9jJ9hOv8Fitb1KodUyFUFd2VHm935dYuxY69TW4w+IK2VZXJ6bko1SJbZ8ShL
ATsv8LyKx+BtERbUhlShBJLZmxxj98TSX6Qi1UkpiKYsCZYHXz/KpKjFT2dTv0WQ
vkX3zvLxo3KfN7cHBlW0q7U/o1hen6slKxWG2fryEbKyRRDnD3KhG20jjVD6/PsC
gCpgD9T+Xh6tXFyNwBNRlWIUi7N1XY68yldkyPxSVyxax/V3De2eegIFxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD+b0PwO6AVu/uBI7X1gpxXRmDNPMB8GA1UdIwQY
MBaAFCQ1CqipSvZmCZ/Qc+xiHNFdBLMWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkRVS3FLbEs5bVlKbjlCejdHSWMwVjBFc3hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS9hYjYyZTctNzM2Ny00YmRlLTkzNGEt
YjQyNTIyZDA1ODk1LzEvUDV2UV9BN29CVzctNEVqdGZXQ25GZEdZTTA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS9hYjYyZTctNzM2Ny00YmRlLTkzNGEtYjQyNTIyZDA1ODk1
LzEvSkRVS3FLbEs5bVlKbjlCejdHSWMwVjBFc3hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwY50MA0G
CSqGSIb3DQEBCwUAA4IBAQBiMHh8/gGXQSxQzbhwc1CLhsDlyC45Lmapa4S0cI2w
7vwwnw4hjAE6SsrBYk2FZRaZrQglkuWuGwAEQMf3ebYHlSkO2KX0kNVEPoKSiRtL
cwTP4LHF6lgmihneV14sChsmUvSlwva+uGveoVZQzUt8ZwoiVEvfP5CGpjUeCUwV
kVg6h4pvSRoxjm9NlWKh/a0sSD61JNNh7KWGciILioqjxRg1jGYfu4Fcvk5SLcqg
MduZXf+KIxYgNBzSFj7bdxAVvuqpZN7CIDHKPB1h17Le7wTqyL20hJq/NT5zndZD
voX6MchhWhzZxWav0PkcH+jf4fqocy2ANwW6Q/SdLg8U
-----END CERTIFICATE-----