Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/cc66b2-1267-4516-a39f-376b49d52d7e/1/DhQBul3XPpXxawZCFFRt59msnZY.roa
File:                     DhQBul3XPpXxawZCFFRt59msnZY.roa (raw, json)
Hash identifier:          hhtAYXOQ4mfi7zmPR4iGwoVBPN0+DrTTxLMtnRd3vE4=
Subject key identifier:   0E:14:01:BA:5D:D7:3E:95:F1:6B:06:42:14:54:6D:E7:D9:AC:9D:96
Certificate issuer:       /CN=769d5c52c3157e5945e663b92ed4402c60616e3b
Certificate serial:       0192B8782EDAB0F165716A949DE05A09E47F
Authority key identifier: 76:9D:5C:52:C3:15:7E:59:45:E6:63:B9:2E:D4:40:2C:60:61:6E:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dp1cUsMVfllF5mO5LtRALGBhbjs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/cc66b2-1267-4516-a39f-376b49d52d7e/1/DhQBul3XPpXxawZCFFRt59msnZY.roa
Signing time:             Wed 23 Oct 2024 08:22:17 +0000
ROA not before:           Wed 23 Oct 2024 08:22:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2116
IP address blocks:        193.161.145.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/cc66b2-1267-4516-a39f-376b49d52d7e/1/dp1cUsMVfllF5mO5LtRALGBhbjs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/cc66b2-1267-4516-a39f-376b49d52d7e/1/dp1cUsMVfllF5mO5LtRALGBhbjs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dp1cUsMVfllF5mO5LtRALGBhbjs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b8:78:2e:da:b0:f1:65:71:6a:94:9d:e0:5a:09:e4:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=769d5c52c3157e5945e663b92ed4402c60616e3b
        Validity
            Not Before: Oct 23 08:22:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e1401ba5dd73e95f16b064214546de7d9ac9d96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:44:3d:83:dd:a7:62:03:b5:13:de:77:f4:f1:
                    da:19:f3:34:65:ac:fc:98:01:66:ad:3a:90:05:d7:
                    ab:71:3b:55:18:0f:7d:af:9a:b4:b1:44:8e:8f:22:
                    65:10:f8:f3:c1:f6:f1:c8:8d:fd:4d:58:a4:58:0d:
                    e7:66:b7:8a:24:b4:c1:8c:ad:c7:e0:5a:8d:63:a1:
                    23:b4:bf:3d:43:73:56:8b:ba:36:37:59:53:f8:12:
                    ef:f0:0d:f7:c5:36:7d:69:39:72:33:bc:a2:07:c3:
                    2b:6a:6d:96:e0:21:ba:43:1e:eb:37:5f:b2:c0:69:
                    a1:48:77:de:3f:a4:71:40:33:67:40:5f:ab:1f:c0:
                    ac:fc:24:c8:a4:ab:9a:6a:c9:1a:ba:38:8a:fc:8c:
                    30:c6:f9:46:76:d1:ce:7b:2b:a5:08:ad:b5:cb:78:
                    1b:5c:06:34:9e:90:df:d4:83:84:9a:54:60:fd:4b:
                    34:43:86:8c:c3:20:3d:b6:98:f2:5e:c5:28:56:dc:
                    9a:47:6a:ec:cd:12:c6:25:ba:0e:79:b9:cf:98:a3:
                    d2:e3:98:1f:d0:8e:36:2d:1e:a7:14:4d:58:c6:6a:
                    e1:16:9d:40:c1:70:f6:3a:6b:36:7a:28:48:4e:7e:
                    3d:8d:64:98:61:81:04:56:98:48:ba:58:1d:e8:42:
                    38:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:14:01:BA:5D:D7:3E:95:F1:6B:06:42:14:54:6D:E7:D9:AC:9D:96
            X509v3 Authority Key Identifier:
                keyid:76:9D:5C:52:C3:15:7E:59:45:E6:63:B9:2E:D4:40:2C:60:61:6E:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dp1cUsMVfllF5mO5LtRALGBhbjs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/cc66b2-1267-4516-a39f-376b49d52d7e/1/DhQBul3XPpXxawZCFFRt59msnZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/cc66b2-1267-4516-a39f-376b49d52d7e/1/dp1cUsMVfllF5mO5LtRALGBhbjs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.161.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:3b:6a:6e:30:46:6e:e4:a2:0f:08:f2:0e:ec:78:5c:cf:ae:
         d7:03:7e:c1:71:d0:5a:86:df:80:d0:11:49:4b:81:8a:fe:bf:
         06:59:c8:4c:67:f4:24:33:6e:a3:ab:12:db:f8:e2:07:0e:29:
         31:59:f8:a2:8b:37:86:5f:53:4f:1d:49:35:46:7d:ea:3f:2d:
         6b:af:7b:07:90:fd:ad:31:ba:97:e2:3c:ea:03:15:18:af:d2:
         e6:fa:58:8a:ed:41:de:e0:be:92:e9:49:ef:90:2f:3b:7f:91:
         c2:03:81:60:22:1b:c0:43:85:5d:87:26:82:6e:31:e5:b7:68:
         3d:d6:3c:af:7e:e2:2e:dc:5f:e1:3e:bd:14:14:23:0c:b0:b5:
         b3:a4:5d:c9:d9:81:d7:90:80:aa:9f:33:78:af:c3:9f:c2:d6:
         e7:a3:cc:f7:f9:f1:78:d9:4c:80:02:b2:9b:6d:79:55:c4:48:
         c2:53:69:9b:0f:96:f0:a3:65:df:5f:c0:e4:d7:17:80:1f:ed:
         14:8c:da:88:e5:70:5a:6f:63:89:c9:12:63:ec:76:77:3f:77:
         55:d3:2e:97:d0:af:eb:23:8b:16:53:46:65:32:f0:0c:68:9e:
         a6:4c:6d:86:3a:b1:dd:22:5a:fa:93:f7:cf:e1:95:d4:43:10:
         1e:d0:24:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZK4eC7asPFlcWqUneBaCeR/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2OWQ1YzUyYzMxNTdlNTk0NWU2NjNiOTJlZDQ0MDJjNjA2
MTZlM2IwHhcNMjQxMDIzMDgyMjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTE0MDFiYTVkZDczZTk1ZjE2YjA2NDIxNDU0NmRlN2Q5YWM5ZDk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4EQ9g92nYgO1E9539PHaGfM0Zaz8
mAFmrTqQBdercTtVGA99r5q0sUSOjyJlEPjzwfbxyI39TVikWA3nZreKJLTBjK3H
4FqNY6EjtL89Q3NWi7o2N1lT+BLv8A33xTZ9aTlyM7yiB8Mram2W4CG6Qx7rN1+y
wGmhSHfeP6RxQDNnQF+rH8Cs/CTIpKuaaskaujiK/IwwxvlGdtHOeyulCK21y3gb
XAY0npDf1IOEmlRg/Us0Q4aMwyA9tpjyXsUoVtyaR2rszRLGJboOebnPmKPS45gf
0I42LR6nFE1YxmrhFp1AwXD2Oms2eihITn49jWSYYYEEVphIulgd6EI4fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA4UAbpd1z6V8WsGQhRUbefZrJ2WMB8GA1UdIwQY
MBaAFHadXFLDFX5ZReZjuS7UQCxgYW47MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHAxY1VzTVZmbGxGNW1PNUx0UkFMR0JoYmpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9jYzY2YjItMTI2Ny00NTE2LWEzOWYt
Mzc2YjQ5ZDUyZDdlLzEvRGhRQnVsM1hQcFh4YXdaQ0ZGUnQ1OW1zblpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9jYzY2YjItMTI2Ny00NTE2LWEzOWYtMzc2YjQ5ZDUyZDdl
LzEvZHAxY1VzTVZmbGxGNW1PNUx0UkFMR0JoYmpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaGRMA0G
CSqGSIb3DQEBCwUAA4IBAQChO2puMEZu5KIPCPIO7Hhcz67XA37BcdBaht+A0BFJ
S4GK/r8GWchMZ/QkM26jqxLb+OIHDikxWfiiizeGX1NPHUk1Rn3qPy1rr3sHkP2t
MbqX4jzqAxUYr9Lm+liK7UHe4L6S6UnvkC87f5HCA4FgIhvAQ4VdhyaCbjHlt2g9
1jyvfuIu3F/hPr0UFCMMsLWzpF3J2YHXkICqnzN4r8Ofwtbno8z3+fF42UyAArKb
bXlVxEjCU2mbD5bwo2XfX8Dk1xeAH+0UjNqI5XBab2OJyRJj7HZ3P3dV0y6X0K/r
I4sWU0ZlMvAMaJ6mTG2GOrHdIlr6k/fP4ZXUQxAe0CRy
-----END CERTIFICATE-----