Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/dd6518-bf35-4c58-b81b-94b1493df1f2/1/1-OD0nVj2EFSuGY6U_TGqItk6x4.roa
File:                     1-OD0nVj2EFSuGY6U_TGqItk6x4.roa (raw, json)
Hash identifier:          abCjdw/dF1dwCbM6SgnT0xrbXLS71mouiXw0qZpE0uQ=
Subject key identifier:   D7:E3:83:D2:75:63:D8:41:52:B8:66:3A:53:F4:C6:A8:8B:64:EB:1E
Certificate issuer:       /CN=3ca6a9d4b59246b4e33614e1a4b591b6118e8a15
Certificate serial:       018CC424EF669AD5C12EF23C12412CCF3503
Authority key identifier: 3C:A6:A9:D4:B5:92:46:B4:E3:36:14:E1:A4:B5:91:B6:11:8E:8A:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PKap1LWSRrTjNhThpLWRthGOihU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/dd6518-bf35-4c58-b81b-94b1493df1f2/1/1-OD0nVj2EFSuGY6U_TGqItk6x4.roa
Signing time:             Mon 01 Jan 2024 08:30:04 +0000
ROA not before:           Mon 01 Jan 2024 08:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212404
IP address blocks:        193.163.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/dd6518-bf35-4c58-b81b-94b1493df1f2/1/PKap1LWSRrTjNhThpLWRthGOihU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/dd6518-bf35-4c58-b81b-94b1493df1f2/1/PKap1LWSRrTjNhThpLWRthGOihU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PKap1LWSRrTjNhThpLWRthGOihU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:02:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:ef:66:9a:d5:c1:2e:f2:3c:12:41:2c:cf:35:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ca6a9d4b59246b4e33614e1a4b591b6118e8a15
        Validity
            Not Before: Jan  1 08:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7e383d27563d84152b8663a53f4c6a88b64eb1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:cc:79:97:5d:cb:dc:28:fd:41:e2:04:e4:86:
                    87:cc:70:45:e8:95:a9:55:0d:07:33:2a:08:14:5e:
                    85:18:07:78:28:4d:9f:09:25:3f:9c:9e:96:8f:6b:
                    4f:8c:46:88:ed:96:32:7d:ec:7d:19:31:85:72:5e:
                    11:49:1f:90:4d:e2:79:6e:af:ae:3c:92:c4:93:3e:
                    7a:1d:e7:eb:ca:fc:7a:93:17:9a:c9:58:df:52:99:
                    0b:8d:7d:00:3b:52:2c:fa:92:1c:e4:1b:df:89:8f:
                    0e:51:a6:36:a9:6b:7d:22:cd:32:c4:3d:0b:c2:f5:
                    76:d3:a5:92:cc:da:66:60:f6:b7:a4:8f:d1:7f:59:
                    d8:c4:bf:a0:d7:4f:62:05:97:78:39:d8:e5:24:12:
                    7a:62:09:e3:0a:53:63:39:52:fe:92:2b:81:bd:a3:
                    b6:e3:7d:b8:1e:cf:b9:e2:e3:b8:42:28:a5:a4:e6:
                    59:d3:b7:bb:5f:fb:b3:5b:60:a8:16:78:86:55:62:
                    ee:3b:4c:ed:c7:67:fb:e3:cb:94:0f:1e:c6:f7:8e:
                    1a:24:b6:51:b9:1f:a4:46:25:b5:be:b4:79:b3:17:
                    20:64:44:c8:80:df:1a:36:6e:26:e4:30:bd:fe:94:
                    dc:cf:ea:6f:cc:d5:9c:0b:7c:3d:df:52:58:ef:2f:
                    fd:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:E3:83:D2:75:63:D8:41:52:B8:66:3A:53:F4:C6:A8:8B:64:EB:1E
            X509v3 Authority Key Identifier:
                keyid:3C:A6:A9:D4:B5:92:46:B4:E3:36:14:E1:A4:B5:91:B6:11:8E:8A:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PKap1LWSRrTjNhThpLWRthGOihU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/dd6518-bf35-4c58-b81b-94b1493df1f2/1/1-OD0nVj2EFSuGY6U_TGqItk6x4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/dd6518-bf35-4c58-b81b-94b1493df1f2/1/PKap1LWSRrTjNhThpLWRthGOihU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:e2:12:31:50:fc:f4:64:63:e6:71:35:8d:a4:65:54:32:6d:
         81:34:64:ae:d4:f8:1c:6e:5c:57:cf:1a:92:9f:7d:26:8b:90:
         c1:3d:14:40:b9:25:34:e2:49:c5:97:3e:30:25:e2:29:03:14:
         dc:a3:6b:38:0f:cc:cb:c4:ed:b6:7a:5c:4b:3e:44:0d:50:40:
         54:f2:1f:53:4f:64:98:82:6e:1e:3a:1e:cc:05:0e:22:31:f5:
         ec:46:e9:1d:cf:f2:9e:b0:4a:98:e4:46:83:2f:72:2c:93:b8:
         22:61:d1:50:cf:30:a8:fb:70:77:46:90:71:30:d7:ad:45:1a:
         20:78:7a:e6:87:2e:97:07:fc:6e:a0:29:9c:c6:05:52:72:ba:
         cf:e1:f6:ec:15:b1:ea:3e:32:50:cb:63:34:92:f2:24:30:d7:
         96:14:0c:6e:00:2e:c3:e9:ad:37:69:37:f6:09:0f:0a:69:7e:
         0e:97:91:81:6a:47:e9:92:1f:2b:0c:25:f5:85:ea:49:08:f6:
         70:ec:d5:f4:a8:0e:23:02:78:63:fe:a3:3a:b5:1b:ee:16:b2:
         2d:70:0e:42:ae:07:48:e6:74:7e:97:00:1b:36:59:f7:42:dc:
         d4:c0:23:5b:a6:b4:8b:ac:ac:6b:36:db:96:c9:30:f1:40:60:
         14:bd:f2:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJO9mmtXBLvI8EkEszzUDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjYTZhOWQ0YjU5MjQ2YjRlMzM2MTRlMWE0YjU5MWI2MTE4
ZThhMTUwHhcNMjQwMTAxMDgzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2UzODNkMjc1NjNkODQxNTJiODY2M2E1M2Y0YzZhODhiNjRlYjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMx5l13L3Cj9QeIE5IaHzHBF6JWp
VQ0HMyoIFF6FGAd4KE2fCSU/nJ6Wj2tPjEaI7ZYyfex9GTGFcl4RSR+QTeJ5bq+u
PJLEkz56Hefryvx6kxeayVjfUpkLjX0AO1Is+pIc5BvfiY8OUaY2qWt9Is0yxD0L
wvV206WSzNpmYPa3pI/Rf1nYxL+g109iBZd4OdjlJBJ6YgnjClNjOVL+kiuBvaO2
4324Hs+54uO4QiilpOZZ07e7X/uzW2CoFniGVWLuO0ztx2f748uUDx7G944aJLZR
uR+kRiW1vrR5sxcgZETIgN8aNm4m5DC9/pTcz+pvzNWcC3w931JY7y/9aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNfjg9J1Y9hBUrhmOlP0xqiLZOseMB8GA1UdIwQY
MBaAFDymqdS1kka04zYU4aS1kbYRjooVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEthcDFMV1NSclRqTmhUaHBMV1J0aEdPaWhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9kZDY1MTgtYmYzNS00YzU4LWI4MWIt
OTRiMTQ5M2RmMWYyLzEvMS1PRDBuVmoyRUZTdUdZNlVfVEdxSXRrNng0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9kZDY1MTgtYmYzNS00YzU4LWI4MWItOTRiMTQ5M2RmMWYy
LzEvUEthcDFMV1NSclRqTmhUaHBMV1J0aEdPaWhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaNwMA0G
CSqGSIb3DQEBCwUAA4IBAQCb4hIxUPz0ZGPmcTWNpGVUMm2BNGSu1PgcblxXzxqS
n30mi5DBPRRAuSU04knFlz4wJeIpAxTco2s4D8zLxO22elxLPkQNUEBU8h9TT2SY
gm4eOh7MBQ4iMfXsRukdz/KesEqY5EaDL3Isk7giYdFQzzCo+3B3RpBxMNetRRog
eHrmhy6XB/xuoCmcxgVScrrP4fbsFbHqPjJQy2M0kvIkMNeWFAxuAC7D6a03aTf2
CQ8KaX4Ol5GBakfpkh8rDCX1hepJCPZw7NX0qA4jAnhj/qM6tRvuFrItcA5CrgdI
5nR+lwAbNln3QtzUwCNbprSLrKxrNtuWyTDxQGAUvfJN
-----END CERTIFICATE-----