Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/02f8a1-3383-4d21-aa25-e733c262a382/1/DAyOCTi2f9EadheTVrjpT2dEFK0.roa
File:                     DAyOCTi2f9EadheTVrjpT2dEFK0.roa (raw, json)
Hash identifier:          sb+5+X+/RMjuyHF3yAJUpgNXhapRBw1IqbKB9X8Quu0=
Subject key identifier:   0C:0C:8E:09:38:B6:7F:D1:1A:76:17:93:56:B8:E9:4F:67:44:14:AD
Certificate issuer:       /CN=e31f3656c6ed9a3f9a42c678a78a2e374f8e57d3
Certificate serial:       018CF30BE5F6919D93B64102F777CF20FBEB
Authority key identifier: E3:1F:36:56:C6:ED:9A:3F:9A:42:C6:78:A7:8A:2E:37:4F:8E:57:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4x82Vsbtmj-aQsZ4p4ouN0-OV9M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/02f8a1-3383-4d21-aa25-e733c262a382/1/DAyOCTi2f9EadheTVrjpT2dEFK0.roa
Signing time:             Wed 10 Jan 2024 11:04:52 +0000
ROA not before:           Wed 10 Jan 2024 11:04:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209961
IP address blocks:        92.249.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/02f8a1-3383-4d21-aa25-e733c262a382/1/4x82Vsbtmj-aQsZ4p4ouN0-OV9M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/02f8a1-3383-4d21-aa25-e733c262a382/1/4x82Vsbtmj-aQsZ4p4ouN0-OV9M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4x82Vsbtmj-aQsZ4p4ouN0-OV9M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f3:0b:e5:f6:91:9d:93:b6:41:02:f7:77:cf:20:fb:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e31f3656c6ed9a3f9a42c678a78a2e374f8e57d3
        Validity
            Not Before: Jan 10 11:04:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c0c8e0938b67fd11a76179356b8e94f674414ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:d1:2c:7f:d9:a9:f6:88:ee:96:cd:e3:df:94:
                    e2:ac:9b:be:60:11:ad:9c:05:7a:71:31:0b:a3:f3:
                    09:f9:8c:50:82:57:4f:7f:8c:ca:db:cf:75:8b:79:
                    01:67:64:ca:00:ca:e4:64:d7:c6:63:71:68:0d:54:
                    6a:d8:73:ea:8a:79:ff:44:c6:8d:df:3d:24:1e:cd:
                    fa:e8:b9:6f:dc:58:02:7e:68:6c:30:bd:d4:c0:13:
                    db:4a:ef:9a:2a:8e:c5:25:18:eb:1b:ab:d8:8b:53:
                    06:eb:b6:aa:1d:d5:38:c1:de:d5:43:c6:d6:7e:fe:
                    ce:bd:04:19:73:29:91:b7:0a:fc:24:32:80:1d:93:
                    1f:e5:5b:63:98:af:9e:b8:52:8b:b1:d7:da:83:99:
                    4c:f8:8a:42:7e:ef:3c:78:90:0d:0b:e3:77:00:fd:
                    7d:00:b9:c6:5a:62:a7:45:5b:79:64:75:7b:c2:2c:
                    84:73:f2:bd:f9:ee:94:79:6b:39:ad:28:8e:11:63:
                    6b:58:b3:fb:20:23:bd:54:fe:af:f2:55:22:8b:28:
                    4d:45:6e:03:16:93:4d:e1:cc:ee:32:1c:6f:f3:e8:
                    1e:df:62:a7:c9:cb:db:db:04:84:80:3b:d7:8b:32:
                    91:2e:7c:b0:b4:40:3c:39:06:2d:1c:90:2d:c5:2e:
                    55:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:0C:8E:09:38:B6:7F:D1:1A:76:17:93:56:B8:E9:4F:67:44:14:AD
            X509v3 Authority Key Identifier:
                keyid:E3:1F:36:56:C6:ED:9A:3F:9A:42:C6:78:A7:8A:2E:37:4F:8E:57:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4x82Vsbtmj-aQsZ4p4ouN0-OV9M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/02f8a1-3383-4d21-aa25-e733c262a382/1/DAyOCTi2f9EadheTVrjpT2dEFK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/02f8a1-3383-4d21-aa25-e733c262a382/1/4x82Vsbtmj-aQsZ4p4ouN0-OV9M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.249.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:48:be:73:1a:03:c4:36:41:e8:d6:26:6d:7a:5e:b2:82:ac:
         56:3e:ff:59:74:fa:3a:4f:85:6c:04:dc:07:88:93:0a:a5:a7:
         e7:e9:52:3e:9e:50:6a:20:45:2e:23:8b:f8:91:98:eb:65:05:
         be:a9:13:19:99:12:42:16:c0:67:1d:5d:1d:8b:8a:26:01:88:
         8f:4f:ab:52:f3:b1:52:91:ff:c5:dc:9d:d8:a0:aa:36:26:83:
         89:96:79:31:66:27:23:fe:6f:45:e5:0a:d8:fb:6d:a0:f0:cd:
         d5:4e:3b:f2:d9:18:e8:dd:3f:e4:3b:39:9c:1e:c2:34:6b:77:
         c1:c3:72:86:c3:ee:be:9f:c2:bb:34:f2:dd:51:46:b3:50:38:
         9c:79:3e:a7:65:8b:93:36:64:82:25:fa:02:d0:8d:5f:d2:29:
         be:49:b4:1a:8f:0f:f6:5d:99:84:67:4a:71:22:48:83:4f:6c:
         ad:dd:90:e6:12:30:78:2e:07:d3:91:c0:19:00:3b:b2:f7:e6:
         12:b2:53:fb:b5:39:fc:de:01:31:6c:23:1b:51:5c:c1:b2:f1:
         89:06:f2:cd:36:ed:45:53:76:60:66:a5:97:99:83:a3:50:c6:
         4f:47:11:b7:fb:fa:ef:90:7f:69:3e:fb:c0:bf:17:c3:18:1b:
         1f:eb:b2:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzzC+X2kZ2TtkEC93fPIPvrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMWYzNjU2YzZlZDlhM2Y5YTQyYzY3OGE3OGEyZTM3NGY4
ZTU3ZDMwHhcNMjQwMTEwMTEwNDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzBjOGUwOTM4YjY3ZmQxMWE3NjE3OTM1NmI4ZTk0ZjY3NDQxNGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9Esf9mp9ojuls3j35TirJu+YBGt
nAV6cTELo/MJ+YxQgldPf4zK2891i3kBZ2TKAMrkZNfGY3FoDVRq2HPqinn/RMaN
3z0kHs366Llv3FgCfmhsML3UwBPbSu+aKo7FJRjrG6vYi1MG67aqHdU4wd7VQ8bW
fv7OvQQZcymRtwr8JDKAHZMf5VtjmK+euFKLsdfag5lM+IpCfu88eJANC+N3AP19
ALnGWmKnRVt5ZHV7wiyEc/K9+e6UeWs5rSiOEWNrWLP7ICO9VP6v8lUiiyhNRW4D
FpNN4czuMhxv8+ge32Knycvb2wSEgDvXizKRLnywtEA8OQYtHJAtxS5VkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAwMjgk4tn/RGnYXk1a46U9nRBStMB8GA1UdIwQY
MBaAFOMfNlbG7Zo/mkLGeKeKLjdPjlfTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHg4MlZzYnRtai1hUXNaNHA0b3VOMC1PVjlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8wMmY4YTEtMzM4My00ZDIxLWFhMjUt
ZTczM2MyNjJhMzgyLzEvREF5T0NUaTJmOUVhZGhlVFZyanBUMmRFRkswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8wMmY4YTEtMzM4My00ZDIxLWFhMjUtZTczM2MyNjJhMzgy
LzEvNHg4MlZzYnRtai1hUXNaNHA0b3VOMC1PVjlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXPkZMA0G
CSqGSIb3DQEBCwUAA4IBAQAwSL5zGgPENkHo1iZtel6ygqxWPv9ZdPo6T4VsBNwH
iJMKpafn6VI+nlBqIEUuI4v4kZjrZQW+qRMZmRJCFsBnHV0di4omAYiPT6tS87FS
kf/F3J3YoKo2JoOJlnkxZicj/m9F5QrY+22g8M3VTjvy2Rjo3T/kOzmcHsI0a3fB
w3KGw+6+n8K7NPLdUUazUDiceT6nZYuTNmSCJfoC0I1f0im+SbQajw/2XZmEZ0px
IkiDT2yt3ZDmEjB4LgfTkcAZADuy9+YSslP7tTn83gExbCMbUVzBsvGJBvLNNu1F
U3ZgZqWXmYOjUMZPRxG3+/rvkH9pPvvAvxfDGBsf67Ki
-----END CERTIFICATE-----