Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/onJ1qNZV9VBfZ7EesWQZrihzNOQ.roa
File:                     onJ1qNZV9VBfZ7EesWQZrihzNOQ.roa (raw, json)
Hash identifier:          aEfzhEK0o6qV+91B5H5FLFKpFhwCQb6iDqhLgdzBPlM=
Subject key identifier:   A2:72:75:A8:D6:55:F5:50:5F:67:B1:1E:B1:64:19:AE:28:73:34:E4
Certificate issuer:       /CN=c3fb403a241883e58fced52d39d80eabd52bb36f
Certificate serial:       018CC726EC5D85591BB819225C7682251FFD
Authority key identifier: C3:FB:40:3A:24:18:83:E5:8F:CE:D5:2D:39:D8:0E:AB:D5:2B:B3:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w_tAOiQYg-WPztUtOdgOq9Urs28.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/onJ1qNZV9VBfZ7EesWQZrihzNOQ.roa
Signing time:             Mon 01 Jan 2024 22:31:06 +0000
ROA not before:           Mon 01 Jan 2024 22:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197610
IP address blocks:        213.174.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/w_tAOiQYg-WPztUtOdgOq9Urs28.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/w_tAOiQYg-WPztUtOdgOq9Urs28.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w_tAOiQYg-WPztUtOdgOq9Urs28.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:ec:5d:85:59:1b:b8:19:22:5c:76:82:25:1f:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3fb403a241883e58fced52d39d80eabd52bb36f
        Validity
            Not Before: Jan  1 22:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a27275a8d655f5505f67b11eb16419ae287334e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:77:66:63:bd:aa:0e:44:70:82:86:3d:4b:af:
                    1f:df:98:d5:bf:8c:02:56:a2:38:a3:14:6d:29:10:
                    05:0d:1c:81:75:e5:fa:48:7c:f5:36:83:db:86:bd:
                    f0:da:86:6b:fc:75:c0:eb:17:04:a8:55:8e:e3:be:
                    1f:da:ce:72:0a:de:17:c1:1e:72:4d:a9:00:4f:82:
                    c7:96:20:ec:13:fc:0d:89:ea:b3:3b:80:04:66:d7:
                    d6:a0:d7:46:cb:d6:14:c3:e1:d9:34:35:09:3e:65:
                    17:60:35:c7:6c:08:aa:0a:f0:f7:cb:e6:99:0b:90:
                    cc:41:06:16:e7:a4:47:7f:70:20:07:2b:f2:32:25:
                    11:9b:6a:22:f7:c3:27:28:df:f0:24:8c:a6:21:ea:
                    f0:d8:04:25:2f:35:6d:09:37:c4:82:58:20:9d:0d:
                    0b:10:09:cb:0c:cb:8c:cd:81:c8:db:7f:34:bb:5f:
                    f7:cd:d0:0d:da:ee:1c:ae:60:8b:31:fc:0f:67:ae:
                    c6:de:9c:b6:a3:3a:be:8e:0e:b6:de:bb:7e:5a:b7:
                    05:4d:15:68:2a:f1:00:f8:1e:44:53:72:69:4a:b7:
                    bc:5e:50:81:5f:83:7e:48:f4:d4:d3:22:a4:1d:ec:
                    50:93:e9:c2:5e:2b:06:95:b8:e6:6f:af:15:28:e0:
                    f0:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:72:75:A8:D6:55:F5:50:5F:67:B1:1E:B1:64:19:AE:28:73:34:E4
            X509v3 Authority Key Identifier:
                keyid:C3:FB:40:3A:24:18:83:E5:8F:CE:D5:2D:39:D8:0E:AB:D5:2B:B3:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w_tAOiQYg-WPztUtOdgOq9Urs28.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/onJ1qNZV9VBfZ7EesWQZrihzNOQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/w_tAOiQYg-WPztUtOdgOq9Urs28.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.174.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:0a:1c:36:45:cb:fa:92:48:35:c9:66:32:67:64:6a:5b:7d:
         2e:b3:35:a7:54:1b:ba:9a:e2:c7:38:56:0c:b4:8e:2a:7e:28:
         29:15:2d:c7:33:79:8a:55:a4:66:83:e1:8b:81:63:72:94:d6:
         9a:81:ec:40:3c:97:3b:96:c7:0e:06:0c:9e:33:dc:87:21:97:
         1d:a6:d1:d1:37:ed:26:dd:cd:63:73:fd:10:8d:00:af:7d:93:
         58:7e:00:60:59:ba:46:b8:02:c9:44:64:c4:a6:bc:44:3c:3c:
         1f:6a:52:a1:cb:fa:29:03:0a:23:d1:48:ea:ae:35:d1:b4:3c:
         2d:a3:de:89:71:0d:df:47:f5:d3:4b:35:89:f8:35:11:ab:42:
         ba:c3:00:b4:b1:a0:0c:e8:42:84:9f:d1:be:26:1a:fc:51:d9:
         b5:5e:f2:bc:a7:58:b0:c0:e8:d4:7b:87:a1:2c:f3:8a:78:9e:
         92:55:e8:57:44:31:ec:4f:a4:72:d7:f7:ff:32:b0:e8:ef:e0:
         44:98:da:1f:81:9a:41:c7:f9:57:56:c5:e0:67:ec:1b:52:e0:
         ce:a6:06:85:ee:35:2c:a3:49:27:d9:e7:b4:64:fb:d1:87:07:
         8d:e8:4e:f2:17:8c:4d:61:48:61:cf:fb:17:5c:d2:eb:8b:cf:
         71:67:70:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJuxdhVkbuBkiXHaCJR/9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzZmI0MDNhMjQxODgzZTU4ZmNlZDUyZDM5ZDgwZWFiZDUy
YmIzNmYwHhcNMjQwMTAxMjIzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjcyNzVhOGQ2NTVmNTUwNWY2N2IxMWViMTY0MTlhZTI4NzMzNGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3dmY72qDkRwgoY9S68f35jVv4wC
VqI4oxRtKRAFDRyBdeX6SHz1NoPbhr3w2oZr/HXA6xcEqFWO474f2s5yCt4XwR5y
TakAT4LHliDsE/wNieqzO4AEZtfWoNdGy9YUw+HZNDUJPmUXYDXHbAiqCvD3y+aZ
C5DMQQYW56RHf3AgByvyMiURm2oi98MnKN/wJIymIerw2AQlLzVtCTfEglggnQ0L
EAnLDMuMzYHI2380u1/3zdAN2u4crmCLMfwPZ67G3py2ozq+jg623rt+WrcFTRVo
KvEA+B5EU3JpSre8XlCBX4N+SPTU0yKkHexQk+nCXisGlbjmb68VKODwTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJydajWVfVQX2exHrFkGa4oczTkMB8GA1UdIwQY
MBaAFMP7QDokGIPlj87VLTnYDqvVK7NvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd190QU9pUVlnLVdQenRVdE9kZ09xOVVyczI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC80ZGM2MjUtN2MxYy00ZGFjLTg5OWUt
YTlhNzc5MDI2ZjBhLzEvb25KMXFOWlY5VkJmWjdFZXNXUVpyaWh6Tk9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC80ZGM2MjUtN2MxYy00ZGFjLTg5OWUtYTlhNzc5MDI2ZjBh
LzEvd190QU9pUVlnLVdQenRVdE9kZ09xOVVyczI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1a4cMA0G
CSqGSIb3DQEBCwUAA4IBAQA1Chw2Rcv6kkg1yWYyZ2RqW30uszWnVBu6muLHOFYM
tI4qfigpFS3HM3mKVaRmg+GLgWNylNaagexAPJc7lscOBgyeM9yHIZcdptHRN+0m
3c1jc/0QjQCvfZNYfgBgWbpGuALJRGTEprxEPDwfalKhy/opAwoj0UjqrjXRtDwt
o96JcQ3fR/XTSzWJ+DURq0K6wwC0saAM6EKEn9G+Jhr8Udm1XvK8p1iwwOjUe4eh
LPOKeJ6SVehXRDHsT6Ry1/f/MrDo7+BEmNofgZpBx/lXVsXgZ+wbUuDOpgaF7jUs
o0kn2ee0ZPvRhweN6E7yF4xNYUhhz/sXXNLri89xZ3Ct
-----END CERTIFICATE-----