Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/c7c51d-4f90-4087-a13a-f3c1a9a11d73/1/uOnjrtiWRyXrVynoQUA4voG9xjU.roa
File:                     uOnjrtiWRyXrVynoQUA4voG9xjU.roa (raw, json)
Hash identifier:          duL6Byz/19quzcetXyVUHVEN2bi8hDa6Jm1dbuPbaNM=
Subject key identifier:   B8:E9:E3:AE:D8:96:47:25:EB:57:29:E8:41:40:38:BE:81:BD:C6:35
Certificate issuer:       /CN=9c47ee73c28780b12f152cfa259ade3d8ae0d13b
Certificate serial:       018CC56E114581308956A1ECB54DDB91BE42
Authority key identifier: 9C:47:EE:73:C2:87:80:B1:2F:15:2C:FA:25:9A:DE:3D:8A:E0:D1:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nEfuc8KHgLEvFSz6JZrePYrg0Ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/c7c51d-4f90-4087-a13a-f3c1a9a11d73/1/uOnjrtiWRyXrVynoQUA4voG9xjU.roa
Signing time:             Mon 01 Jan 2024 14:29:34 +0000
ROA not before:           Mon 01 Jan 2024 14:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44400
IP address blocks:        194.33.106.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/c7c51d-4f90-4087-a13a-f3c1a9a11d73/1/nEfuc8KHgLEvFSz6JZrePYrg0Ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/c7c51d-4f90-4087-a13a-f3c1a9a11d73/1/nEfuc8KHgLEvFSz6JZrePYrg0Ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nEfuc8KHgLEvFSz6JZrePYrg0Ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:11:45:81:30:89:56:a1:ec:b5:4d:db:91:be:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c47ee73c28780b12f152cfa259ade3d8ae0d13b
        Validity
            Not Before: Jan  1 14:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b8e9e3aed8964725eb5729e8414038be81bdc635
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:17:30:17:35:e1:76:c7:99:b8:f3:55:8e:54:
                    8d:b0:90:ea:32:b9:0a:8b:68:1f:5c:46:6f:75:f1:
                    e6:c2:b1:bb:75:86:0b:40:e1:57:51:23:30:15:d1:
                    e9:be:a8:c3:0d:7c:c8:15:e6:3b:c9:ec:d6:ad:a9:
                    03:69:24:c3:3b:08:6c:0a:76:98:fd:a2:2c:40:6e:
                    6e:ba:69:2a:40:68:5b:33:25:83:93:60:e4:85:50:
                    02:c8:71:12:1f:2d:44:75:69:9d:84:07:fd:57:a5:
                    f4:7d:04:df:26:8c:06:73:9d:3f:60:70:22:91:6b:
                    33:49:98:77:5d:b1:14:7d:ca:a7:b4:57:fc:89:ad:
                    a5:b3:69:6b:d4:c8:ad:d5:63:fc:49:71:5f:6c:28:
                    9d:e4:1a:50:e7:69:ac:c2:e4:ef:bb:34:08:13:6d:
                    2e:a9:39:57:5e:4b:1b:bc:40:e4:bc:45:77:a3:d3:
                    ab:d9:c0:75:50:27:8f:d5:47:12:a3:e2:54:92:36:
                    ad:1b:49:ce:35:78:a0:23:72:e7:61:73:f8:d9:66:
                    39:9b:30:a0:49:61:53:43:ad:57:41:51:f0:e5:04:
                    37:39:d5:ca:9e:cd:0e:87:96:7f:94:5e:f1:ab:6f:
                    ca:da:f7:f4:cb:b5:b6:3c:92:c0:0a:87:cc:ef:7b:
                    c2:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:E9:E3:AE:D8:96:47:25:EB:57:29:E8:41:40:38:BE:81:BD:C6:35
            X509v3 Authority Key Identifier:
                keyid:9C:47:EE:73:C2:87:80:B1:2F:15:2C:FA:25:9A:DE:3D:8A:E0:D1:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nEfuc8KHgLEvFSz6JZrePYrg0Ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/c7c51d-4f90-4087-a13a-f3c1a9a11d73/1/uOnjrtiWRyXrVynoQUA4voG9xjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/c7c51d-4f90-4087-a13a-f3c1a9a11d73/1/nEfuc8KHgLEvFSz6JZrePYrg0Ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.33.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:75:f1:e4:9b:cf:05:38:09:5a:72:17:13:f2:de:e2:04:55:
         bd:7a:ad:06:9b:17:e6:af:78:b1:f4:95:05:c8:c2:ae:d2:0d:
         12:00:e6:9f:63:d4:fd:db:8d:fd:17:92:83:17:c3:b5:43:e8:
         af:fe:ef:0f:e5:52:ca:e0:54:67:7a:c2:e7:89:3c:c3:30:f0:
         ea:ab:81:f8:c8:77:43:99:e7:50:58:f9:8c:d4:52:ee:58:b5:
         b8:d9:2c:92:b2:c3:b3:e0:e5:0b:1a:59:97:78:ea:ba:82:66:
         dc:75:5a:03:ab:24:cc:64:e2:b7:d6:f8:bf:62:34:06:01:cd:
         79:b8:bf:fa:ec:63:16:84:10:0f:0f:e1:6f:11:2d:22:b8:b9:
         2c:21:19:a3:d3:52:80:bf:0b:46:f9:28:6e:73:b9:8b:bb:2a:
         11:4e:5b:b3:f9:fc:59:10:be:90:8e:07:52:5f:5f:36:93:47:
         95:15:d1:43:1a:5f:83:10:e1:7d:36:b9:77:56:37:eb:6c:04:
         21:5b:ac:fc:d0:44:92:8a:06:57:9e:22:c3:74:48:64:e8:50:
         67:33:01:a8:4e:8e:b4:09:8b:89:8f:cf:99:04:be:37:72:42:
         2b:45:3e:13:33:78:74:d2:45:39:0e:a1:74:5b:d4:57:88:2b:
         81:62:6c:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhFFgTCJVqHstU3bkb5CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNDdlZTczYzI4NzgwYjEyZjE1MmNmYTI1OWFkZTNkOGFl
MGQxM2IwHhcNMjQwMTAxMTQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGU5ZTNhZWQ4OTY0NzI1ZWI1NzI5ZTg0MTQwMzhiZTgxYmRjNjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmBcwFzXhdseZuPNVjlSNsJDqMrkK
i2gfXEZvdfHmwrG7dYYLQOFXUSMwFdHpvqjDDXzIFeY7yezWrakDaSTDOwhsCnaY
/aIsQG5uumkqQGhbMyWDk2DkhVACyHESHy1EdWmdhAf9V6X0fQTfJowGc50/YHAi
kWszSZh3XbEUfcqntFf8ia2ls2lr1Mit1WP8SXFfbCid5BpQ52mswuTvuzQIE20u
qTlXXksbvEDkvEV3o9Or2cB1UCeP1UcSo+JUkjatG0nONXigI3LnYXP42WY5mzCg
SWFTQ61XQVHw5QQ3OdXKns0Oh5Z/lF7xq2/K2vf0y7W2PJLACofM73vCAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLjp467Ylkcl61cp6EFAOL6BvcY1MB8GA1UdIwQY
MBaAFJxH7nPCh4CxLxUs+iWa3j2K4NE7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkVmdWM4S0hnTEV2RlN6NkpacmVQWXJnMFRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9jN2M1MWQtNGY5MC00MDg3LWExM2Et
ZjNjMWE5YTExZDczLzEvdU9uanJ0aVdSeVhyVnlub1FVQTR2b0c5eGpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9jN2M1MWQtNGY5MC00MDg3LWExM2EtZjNjMWE5YTExZDcz
LzEvbkVmdWM4S0hnTEV2RlN6NkpacmVQWXJnMFRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiFqMA0G
CSqGSIb3DQEBCwUAA4IBAQBrdfHkm88FOAlachcT8t7iBFW9eq0Gmxfmr3ix9JUF
yMKu0g0SAOafY9T92439F5KDF8O1Q+iv/u8P5VLK4FRnesLniTzDMPDqq4H4yHdD
medQWPmM1FLuWLW42SySssOz4OULGlmXeOq6gmbcdVoDqyTMZOK31vi/YjQGAc15
uL/67GMWhBAPD+FvES0iuLksIRmj01KAvwtG+Shuc7mLuyoRTluz+fxZEL6QjgdS
X182k0eVFdFDGl+DEOF9Nrl3VjfrbAQhW6z80ESSigZXniLDdEhk6FBnMwGoTo60
CYuJj8+ZBL43ckIrRT4TM3h00kU5DqF0W9RXiCuBYmwI
-----END CERTIFICATE-----