Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/c4f0cf-782d-4cb4-925f-fb235aff4618/1/Ov7ZKAKBIubodt3v14zkXcgJItY.roa
File:                     Ov7ZKAKBIubodt3v14zkXcgJItY.roa (raw, json)
Hash identifier:          8sKhKs7LAbNpGThUNt9oVQstLUak+hPRtPJWlJRaq/8=
Subject key identifier:   3A:FE:D9:28:02:81:22:E6:E8:76:DD:EF:D7:8C:E4:5D:C8:09:22:D6
Certificate issuer:       /CN=852f70c0ec21010dbd6fe915f3326300fe314b23
Certificate serial:       018CC6B92AE043095766212D4B06A0095879
Authority key identifier: 85:2F:70:C0:EC:21:01:0D:BD:6F:E9:15:F3:32:63:00:FE:31:4B:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hS9wwOwhAQ29b-kV8zJjAP4xSyM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/c4f0cf-782d-4cb4-925f-fb235aff4618/1/Ov7ZKAKBIubodt3v14zkXcgJItY.roa
Signing time:             Mon 01 Jan 2024 20:31:13 +0000
ROA not before:           Mon 01 Jan 2024 20:31:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50350
IP address blocks:        193.104.238.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/c4f0cf-782d-4cb4-925f-fb235aff4618/1/hS9wwOwhAQ29b-kV8zJjAP4xSyM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/c4f0cf-782d-4cb4-925f-fb235aff4618/1/hS9wwOwhAQ29b-kV8zJjAP4xSyM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hS9wwOwhAQ29b-kV8zJjAP4xSyM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:2a:e0:43:09:57:66:21:2d:4b:06:a0:09:58:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=852f70c0ec21010dbd6fe915f3326300fe314b23
        Validity
            Not Before: Jan  1 20:31:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3afed928028122e6e876ddefd78ce45dc80922d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:7a:9a:9c:52:93:f8:b5:3c:c9:64:b0:01:93:
                    ae:ba:2e:49:08:63:9a:51:d2:5d:31:f5:07:96:d7:
                    0b:6b:42:46:22:f1:c0:d2:4a:cf:dd:23:af:fb:8d:
                    65:e0:02:55:42:8d:39:d5:a4:66:5d:2b:72:cf:f4:
                    04:e2:1f:90:3d:14:8a:65:9d:47:f3:d3:90:3e:8b:
                    c1:8a:44:e8:6a:33:c1:26:15:7d:36:4f:ef:42:23:
                    bc:c7:1b:3f:25:59:cb:cc:f2:8f:eb:2c:d1:9f:b3:
                    51:99:09:6a:7d:b7:51:3c:ce:95:e1:dd:46:3a:bd:
                    9b:6f:96:29:61:ed:74:d4:ee:cc:d8:1c:6b:f5:0a:
                    9a:cc:95:69:88:7f:1b:de:80:4b:36:b6:16:81:12:
                    28:b1:82:f0:e8:da:99:c1:db:5a:b4:48:45:1d:68:
                    73:c3:ec:b1:19:5f:c2:cb:4f:5b:87:3b:5b:c3:02:
                    29:6c:13:03:e3:e2:d3:68:d7:e3:de:87:73:9a:30:
                    2c:8e:5e:08:80:16:08:5d:76:39:31:e5:0d:f6:d7:
                    06:cf:39:9c:75:86:82:e9:e7:03:d4:10:1e:56:58:
                    eb:01:88:91:06:97:50:54:ab:c9:de:f9:1d:ee:1c:
                    8c:77:f3:67:4c:31:46:a4:81:10:28:1c:34:6c:c3:
                    7d:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:FE:D9:28:02:81:22:E6:E8:76:DD:EF:D7:8C:E4:5D:C8:09:22:D6
            X509v3 Authority Key Identifier:
                keyid:85:2F:70:C0:EC:21:01:0D:BD:6F:E9:15:F3:32:63:00:FE:31:4B:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hS9wwOwhAQ29b-kV8zJjAP4xSyM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/c4f0cf-782d-4cb4-925f-fb235aff4618/1/Ov7ZKAKBIubodt3v14zkXcgJItY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/c4f0cf-782d-4cb4-925f-fb235aff4618/1/hS9wwOwhAQ29b-kV8zJjAP4xSyM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:85:da:63:d0:8c:e1:6c:9c:5f:20:5f:e4:b1:39:ee:9e:05:
         6c:99:34:b0:c1:3d:1c:b0:77:fe:89:9b:b2:2d:ff:ac:73:19:
         cb:cc:54:1f:24:10:ad:0b:82:43:37:1b:5d:f5:7e:7c:d2:d4:
         a2:f3:de:56:72:cc:ad:5a:e7:9a:74:a3:8a:27:59:4b:cc:61:
         b2:f7:4a:73:01:ac:6d:83:9e:92:3b:ff:63:93:00:3b:64:52:
         fd:02:d5:4d:a5:c4:e8:8b:72:8b:63:72:04:a7:0f:9f:54:27:
         fe:0f:12:20:db:4d:b3:7b:39:a1:73:c0:f0:cc:23:33:b9:9d:
         95:e4:fe:6d:4f:9b:b4:2b:28:ed:09:2b:97:5c:23:b4:76:11:
         1f:28:bc:fd:b7:de:48:c8:ab:0b:55:ca:30:a1:3b:92:c2:4e:
         7a:51:67:f1:c5:fa:fc:d4:4b:3f:32:31:26:7b:6c:ce:69:24:
         a4:9a:1f:cd:b7:9f:7c:fd:bc:df:a9:df:ad:f5:e6:1e:34:91:
         f3:d8:a4:3c:eb:af:f8:09:fb:cd:c6:72:17:00:1d:a1:b1:d6:
         2a:c1:b2:c8:6a:2c:02:27:0f:d9:8d:4a:9a:9c:b0:57:41:ce:
         35:f4:5a:d2:df:1f:11:4e:4e:96:68:6c:03:b8:07:11:28:a9:
         12:8f:40:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuSrgQwlXZiEtSwagCVh5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MmY3MGMwZWMyMTAxMGRiZDZmZTkxNWYzMzI2MzAwZmUz
MTRiMjMwHhcNMjQwMTAxMjAzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWZlZDkyODAyODEyMmU2ZTg3NmRkZWZkNzhjZTQ1ZGM4MDkyMmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhnqanFKT+LU8yWSwAZOuui5JCGOa
UdJdMfUHltcLa0JGIvHA0krP3SOv+41l4AJVQo051aRmXStyz/QE4h+QPRSKZZ1H
89OQPovBikToajPBJhV9Nk/vQiO8xxs/JVnLzPKP6yzRn7NRmQlqfbdRPM6V4d1G
Or2bb5YpYe101O7M2Bxr9QqazJVpiH8b3oBLNrYWgRIosYLw6NqZwdtatEhFHWhz
w+yxGV/Cy09bhztbwwIpbBMD4+LTaNfj3odzmjAsjl4IgBYIXXY5MeUN9tcGzzmc
dYaC6ecD1BAeVljrAYiRBpdQVKvJ3vkd7hyMd/NnTDFGpIEQKBw0bMN9hQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDr+2SgCgSLm6Hbd79eM5F3ICSLWMB8GA1UdIwQY
MBaAFIUvcMDsIQENvW/pFfMyYwD+MUsjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFM5d3dPd2hBUTI5Yi1rVjh6SmpBUDR4U3lNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9jNGYwY2YtNzgyZC00Y2I0LTkyNWYt
ZmIyMzVhZmY0NjE4LzEvT3Y3WktBS0JJdWJvZHQzdjE0emtYY2dKSXRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9jNGYwY2YtNzgyZC00Y2I0LTkyNWYtZmIyMzVhZmY0NjE4
LzEvaFM5d3dPd2hBUTI5Yi1rVjh6SmpBUDR4U3lNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWjuMA0G
CSqGSIb3DQEBCwUAA4IBAQAShdpj0IzhbJxfIF/ksTnungVsmTSwwT0csHf+iZuy
Lf+scxnLzFQfJBCtC4JDNxtd9X580tSi895WcsytWueadKOKJ1lLzGGy90pzAaxt
g56SO/9jkwA7ZFL9AtVNpcToi3KLY3IEpw+fVCf+DxIg202zezmhc8DwzCMzuZ2V
5P5tT5u0KyjtCSuXXCO0dhEfKLz9t95IyKsLVcowoTuSwk56UWfxxfr81Es/MjEm
e2zOaSSkmh/Nt598/bzfqd+t9eYeNJHz2KQ866/4CfvNxnIXAB2hsdYqwbLIaiwC
Jw/ZjUqanLBXQc419FrS3x8RTk6WaGwDuAcRKKkSj0An
-----END CERTIFICATE-----