Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/596120-b25d-4279-8ea1-6f7c0ec91d8a/1/DcTGNYd9iwelTCif0u27Ym-zexc.roa
File:                     DcTGNYd9iwelTCif0u27Ym-zexc.roa (raw, json)
Hash identifier:          gcN/dK13nokjDAQiztXm990FRrZiUzN+5RtqgUJu/Nk=
Subject key identifier:   0D:C4:C6:35:87:7D:8B:07:A5:4C:28:9F:D2:ED:BB:62:6F:B3:7B:17
Certificate issuer:       /CN=0dff499ecdb8e15733bb7110959959ac0e166008
Certificate serial:       018CC94E1F7AF2528F011CF46FB5444269FE
Authority key identifier: 0D:FF:49:9E:CD:B8:E1:57:33:BB:71:10:95:99:59:AC:0E:16:60:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Df9Jns244Vczu3EQlZlZrA4WYAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/596120-b25d-4279-8ea1-6f7c0ec91d8a/1/DcTGNYd9iwelTCif0u27Ym-zexc.roa
Signing time:             Tue 02 Jan 2024 08:33:09 +0000
ROA not before:           Tue 02 Jan 2024 08:33:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12886
IP address blocks:        193.96.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/596120-b25d-4279-8ea1-6f7c0ec91d8a/1/Df9Jns244Vczu3EQlZlZrA4WYAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/596120-b25d-4279-8ea1-6f7c0ec91d8a/1/Df9Jns244Vczu3EQlZlZrA4WYAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Df9Jns244Vczu3EQlZlZrA4WYAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:1f:7a:f2:52:8f:01:1c:f4:6f:b5:44:42:69:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0dff499ecdb8e15733bb7110959959ac0e166008
        Validity
            Not Before: Jan  2 08:33:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0dc4c635877d8b07a54c289fd2edbb626fb37b17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:c0:0c:bc:92:bc:49:2d:9c:6c:a9:35:3e:f9:
                    52:1b:65:b3:7b:ff:a3:24:05:b2:21:34:7b:7b:f1:
                    6f:6a:a8:bc:fe:4c:9e:8f:fb:97:70:f6:89:2a:b8:
                    aa:da:43:ee:3a:3a:ac:e2:20:71:2d:d3:de:a0:c9:
                    5d:dc:86:87:df:96:18:7c:db:62:24:15:68:d8:ae:
                    f5:e7:e9:da:7d:29:96:81:2b:d4:be:4d:9b:77:7c:
                    92:86:ab:2a:8b:f1:6d:95:17:36:de:5a:ae:01:bd:
                    42:71:e8:65:12:da:f1:19:5c:58:7d:cb:2e:b7:fb:
                    70:d7:28:3d:23:fb:53:8d:21:57:45:9e:d7:79:04:
                    e2:e7:10:a0:05:aa:2e:17:0b:c8:03:a4:71:6f:83:
                    b9:a5:62:8b:d6:6a:72:71:29:1b:cc:43:36:db:5f:
                    64:ca:ec:28:44:eb:46:d0:51:3b:72:12:37:1f:0b:
                    fe:2d:81:8c:1b:13:84:a6:f9:2a:c3:db:90:4c:53:
                    ff:b5:8a:98:24:ab:aa:88:4d:f3:b1:0b:92:6f:82:
                    9e:87:c3:48:f9:64:78:83:46:91:81:cd:e6:a7:83:
                    4f:02:02:c0:f9:7e:df:32:ca:32:65:47:f7:6f:df:
                    c4:28:2b:72:ba:f2:6f:e8:39:65:87:2c:89:ac:85:
                    29:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:C4:C6:35:87:7D:8B:07:A5:4C:28:9F:D2:ED:BB:62:6F:B3:7B:17
            X509v3 Authority Key Identifier:
                keyid:0D:FF:49:9E:CD:B8:E1:57:33:BB:71:10:95:99:59:AC:0E:16:60:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Df9Jns244Vczu3EQlZlZrA4WYAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/596120-b25d-4279-8ea1-6f7c0ec91d8a/1/DcTGNYd9iwelTCif0u27Ym-zexc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/596120-b25d-4279-8ea1-6f7c0ec91d8a/1/Df9Jns244Vczu3EQlZlZrA4WYAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.96.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:fc:e7:90:1e:7f:78:a2:26:6e:af:2f:84:91:5f:9e:f4:81:
         f0:96:93:a1:55:72:8f:16:86:58:9d:73:01:de:a6:c2:d5:1a:
         59:f4:43:7e:5b:c9:22:b0:e3:a5:ae:61:f6:56:a7:ee:df:d0:
         74:0d:a8:5b:48:4d:b5:4a:c8:f2:0e:58:ae:4c:9d:66:6a:60:
         c9:34:99:02:c8:c8:46:4c:dd:91:91:fa:f7:36:8b:5b:9f:16:
         d0:1b:94:b4:4c:52:a0:1e:ff:c5:3c:f9:fb:92:48:68:fe:dd:
         f6:93:52:e6:b9:a2:3a:c7:f3:8d:c9:2d:2f:35:69:aa:57:2b:
         1b:87:eb:eb:ef:1b:7c:24:21:e3:4c:65:49:93:6b:2c:ed:8f:
         91:f2:c4:07:57:b0:a9:6e:b8:4c:48:38:c3:cb:50:3e:21:88:
         92:c4:e0:f5:45:42:24:48:90:bc:c7:53:92:00:77:f1:ce:b3:
         30:d9:8a:9d:f1:66:1e:61:62:98:96:a6:6e:ce:12:68:71:9b:
         74:b3:48:7f:f1:a4:57:be:af:3a:d1:e3:c2:21:cc:38:58:b8:
         47:4c:fc:68:0f:21:73:00:4e:db:21:0d:7c:34:16:da:e9:7a:
         7c:9a:14:5a:9d:f3:5c:82:1a:e3:86:76:09:4d:4a:a1:c5:2c:
         60:3d:f8:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTh968lKPARz0b7VEQmn+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkZmY0OTllY2RiOGUxNTczM2JiNzExMDk1OTk1OWFjMGUx
NjYwMDgwHhcNMjQwMTAyMDgzMzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGM0YzYzNTg3N2Q4YjA3YTU0YzI4OWZkMmVkYmI2MjZmYjM3YjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxsAMvJK8SS2cbKk1PvlSG2Wze/+j
JAWyITR7e/Fvaqi8/kyej/uXcPaJKriq2kPuOjqs4iBxLdPeoMld3IaH35YYfNti
JBVo2K715+nafSmWgSvUvk2bd3yShqsqi/FtlRc23lquAb1CcehlEtrxGVxYfcsu
t/tw1yg9I/tTjSFXRZ7XeQTi5xCgBaouFwvIA6Rxb4O5pWKL1mpycSkbzEM2219k
yuwoROtG0FE7chI3Hwv+LYGMGxOEpvkqw9uQTFP/tYqYJKuqiE3zsQuSb4Keh8NI
+WR4g0aRgc3mp4NPAgLA+X7fMsoyZUf3b9/EKCtyuvJv6DllhyyJrIUpRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA3ExjWHfYsHpUwon9Ltu2Jvs3sXMB8GA1UdIwQY
MBaAFA3/SZ7NuOFXM7txEJWZWawOFmAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGY5Sm5zMjQ0VmN6dTNFUWxabFpyQTRXWUFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi81OTYxMjAtYjI1ZC00Mjc5LThlYTEt
NmY3YzBlYzkxZDhhLzEvRGNUR05ZZDlpd2VsVENpZjB1MjdZbS16ZXhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi81OTYxMjAtYjI1ZC00Mjc5LThlYTEtNmY3YzBlYzkxZDhh
LzEvRGY5Sm5zMjQ0VmN6dTNFUWxabFpyQTRXWUFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWCtMA0G
CSqGSIb3DQEBCwUAA4IBAQA//OeQHn94oiZury+EkV+e9IHwlpOhVXKPFoZYnXMB
3qbC1RpZ9EN+W8kisOOlrmH2Vqfu39B0DahbSE21SsjyDliuTJ1mamDJNJkCyMhG
TN2Rkfr3NotbnxbQG5S0TFKgHv/FPPn7kkho/t32k1LmuaI6x/ONyS0vNWmqVysb
h+vr7xt8JCHjTGVJk2ss7Y+R8sQHV7CpbrhMSDjDy1A+IYiSxOD1RUIkSJC8x1OS
AHfxzrMw2Yqd8WYeYWKYlqZuzhJocZt0s0h/8aRXvq860ePCIcw4WLhHTPxoDyFz
AE7bIQ18NBba6Xp8mhRanfNcghrjhnYJTUqhxSxgPfi0
-----END CERTIFICATE-----