Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/14ead9-cbb1-4639-81a7-d8b8202d7786/1/DFAFbMZBhISg-f5r84LK-HqijgA.roa
File:                     DFAFbMZBhISg-f5r84LK-HqijgA.roa (raw, json)
Hash identifier:          SEBU+TMvz/xiznLoz5t+2xJsGYGUjl84zXnrj6gr+6A=
Subject key identifier:   0C:50:05:6C:C6:41:84:84:A0:F9:FE:6B:F3:82:CA:F8:7A:A2:8E:00
Certificate issuer:       /CN=9f1bd9732e6cdd6e7494d79187fca855b5199909
Certificate serial:       018CC424DA49A5F623C9AF034167A47AC42C
Authority key identifier: 9F:1B:D9:73:2E:6C:DD:6E:74:94:D7:91:87:FC:A8:55:B5:19:99:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nxvZcy5s3W50lNeRh_yoVbUZmQk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/14ead9-cbb1-4639-81a7-d8b8202d7786/1/DFAFbMZBhISg-f5r84LK-HqijgA.roa
Signing time:             Mon 01 Jan 2024 08:29:58 +0000
ROA not before:           Mon 01 Jan 2024 08:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        193.33.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/14ead9-cbb1-4639-81a7-d8b8202d7786/1/nxvZcy5s3W50lNeRh_yoVbUZmQk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/14ead9-cbb1-4639-81a7-d8b8202d7786/1/nxvZcy5s3W50lNeRh_yoVbUZmQk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nxvZcy5s3W50lNeRh_yoVbUZmQk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:da:49:a5:f6:23:c9:af:03:41:67:a4:7a:c4:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f1bd9732e6cdd6e7494d79187fca855b5199909
        Validity
            Not Before: Jan  1 08:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c50056cc6418484a0f9fe6bf382caf87aa28e00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:56:9b:8f:70:53:f9:ee:b1:63:9a:89:11:8e:
                    96:4f:cc:6c:38:45:95:59:2f:e3:a9:e5:66:a3:4c:
                    11:e1:49:1b:82:42:c1:0f:74:0f:23:32:d8:71:81:
                    f5:35:3c:21:4d:57:b9:65:dd:b8:44:ae:f8:e5:fd:
                    b2:d2:77:ce:f9:ca:2d:87:d5:e5:f2:f3:be:6b:53:
                    ec:8c:fc:ad:c2:0c:9e:cb:21:f2:d4:4f:1b:79:95:
                    c3:a4:45:4a:3a:ec:0e:ad:ba:bc:44:f8:2a:bb:73:
                    86:43:4a:8d:39:f4:7e:41:b6:ee:dc:e3:07:c8:7a:
                    ed:c8:09:2c:ff:54:b8:2b:83:7c:70:87:5c:1c:a7:
                    e0:82:8d:e3:6d:14:0f:16:0b:c2:7d:c6:70:0c:50:
                    39:b7:3f:b4:01:d3:22:05:49:04:68:4b:2e:98:13:
                    da:e6:7a:24:6d:3a:8e:17:05:f8:3f:19:95:53:70:
                    fb:df:32:a6:f9:e1:ef:26:fb:85:0a:67:c1:96:d9:
                    1a:d8:64:ae:dd:0e:55:ea:b7:b4:94:88:9f:3d:a5:
                    6f:3c:03:d9:07:3b:8a:85:8f:02:8b:31:3c:05:56:
                    d9:c6:cb:5e:20:58:9f:a9:26:03:b7:d8:81:59:c5:
                    ac:11:a2:9a:3d:1a:08:44:45:74:28:c4:aa:c8:8f:
                    f8:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:50:05:6C:C6:41:84:84:A0:F9:FE:6B:F3:82:CA:F8:7A:A2:8E:00
            X509v3 Authority Key Identifier:
                keyid:9F:1B:D9:73:2E:6C:DD:6E:74:94:D7:91:87:FC:A8:55:B5:19:99:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nxvZcy5s3W50lNeRh_yoVbUZmQk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/14ead9-cbb1-4639-81a7-d8b8202d7786/1/DFAFbMZBhISg-f5r84LK-HqijgA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/14ead9-cbb1-4639-81a7-d8b8202d7786/1/nxvZcy5s3W50lNeRh_yoVbUZmQk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.33.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:a8:3d:bd:ce:09:35:ac:cd:de:f5:a6:ff:0e:d9:ad:bb:1e:
         98:00:c0:0f:40:7d:f9:a0:f0:0d:e9:30:a8:24:3a:23:78:fe:
         62:da:7e:99:51:0f:1b:a8:97:48:b2:49:76:24:ca:f9:76:08:
         2b:dc:bf:31:87:e5:f7:1b:97:a3:48:02:8b:db:5f:8a:60:8d:
         d1:b4:78:bf:e8:01:89:b8:05:86:77:d0:6e:e3:03:60:04:9f:
         a3:0d:cb:d1:0a:87:14:a8:00:2c:39:a5:d5:46:50:0e:09:64:
         8b:4d:2d:78:91:09:8b:36:1b:6e:1c:0d:de:e6:2b:2a:c5:22:
         f2:40:04:a2:b8:37:ad:05:c0:f3:29:90:38:79:5f:58:5b:ad:
         7f:04:0b:38:8e:30:9c:7a:f7:11:b9:bd:a2:ee:94:ec:b4:36:
         7e:2c:24:49:45:ff:af:57:02:28:79:7d:b6:5d:78:37:8c:0e:
         3d:46:4d:c2:6a:08:7f:6a:30:d3:2d:16:07:c0:b3:0c:6c:44:
         88:6d:de:50:de:c0:aa:99:a1:34:85:a4:20:cd:b3:ad:fd:ca:
         16:49:a2:9d:36:a7:e3:44:19:3c:12:db:22:83:83:1d:28:25:
         f8:e6:25:7e:44:87:33:77:bf:c7:d3:44:b0:03:2f:3f:a8:72:
         90:0f:4a:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJNpJpfYjya8DQWekesQsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMWJkOTczMmU2Y2RkNmU3NDk0ZDc5MTg3ZmNhODU1YjUx
OTk5MDkwHhcNMjQwMTAxMDgyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzUwMDU2Y2M2NDE4NDg0YTBmOWZlNmJmMzgyY2FmODdhYTI4ZTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhlabj3BT+e6xY5qJEY6WT8xsOEWV
WS/jqeVmo0wR4UkbgkLBD3QPIzLYcYH1NTwhTVe5Zd24RK745f2y0nfO+coth9Xl
8vO+a1PsjPytwgyeyyHy1E8beZXDpEVKOuwOrbq8RPgqu3OGQ0qNOfR+Qbbu3OMH
yHrtyAks/1S4K4N8cIdcHKfggo3jbRQPFgvCfcZwDFA5tz+0AdMiBUkEaEsumBPa
5nokbTqOFwX4PxmVU3D73zKm+eHvJvuFCmfBltka2GSu3Q5V6re0lIifPaVvPAPZ
BzuKhY8CizE8BVbZxsteIFifqSYDt9iBWcWsEaKaPRoIREV0KMSqyI/4+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAxQBWzGQYSEoPn+a/OCyvh6oo4AMB8GA1UdIwQY
MBaAFJ8b2XMubN1udJTXkYf8qFW1GZkJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnh2WmN5NXMzVzUwbE5lUmhfeW9WYlVabVFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi8xNGVhZDktY2JiMS00NjM5LTgxYTct
ZDhiODIwMmQ3Nzg2LzEvREZBRmJNWkJoSVNnLWY1cjg0TEstSHFpamdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi8xNGVhZDktY2JiMS00NjM5LTgxYTctZDhiODIwMmQ3Nzg2
LzEvbnh2WmN5NXMzVzUwbE5lUmhfeW9WYlVabVFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSGJMA0G
CSqGSIb3DQEBCwUAA4IBAQB8qD29zgk1rM3e9ab/Dtmtux6YAMAPQH35oPAN6TCo
JDojeP5i2n6ZUQ8bqJdIskl2JMr5dggr3L8xh+X3G5ejSAKL21+KYI3RtHi/6AGJ
uAWGd9Bu4wNgBJ+jDcvRCocUqAAsOaXVRlAOCWSLTS14kQmLNhtuHA3e5isqxSLy
QASiuDetBcDzKZA4eV9YW61/BAs4jjCcevcRub2i7pTstDZ+LCRJRf+vVwIoeX22
XXg3jA49Rk3Cagh/ajDTLRYHwLMMbESIbd5Q3sCqmaE0haQgzbOt/coWSaKdNqfj
RBk8Etsig4MdKCX45iV+RIczd7/H00SwAy8/qHKQD0pP
-----END CERTIFICATE-----