Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/DTyGn_pqXuVgB8Y7fC4J86WbFfc.roa
File:                     DTyGn_pqXuVgB8Y7fC4J86WbFfc.roa (raw, json)
Hash identifier:          jKVvTemeRgPLcVZBTT3QYH7/BO42FqTppN3e/QSyEhM=
Subject key identifier:   0D:3C:86:9F:FA:6A:5E:E5:60:07:C6:3B:7C:2E:09:F3:A5:9B:15:F7
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018CC79528602BA56A40D0725ABA74B4196B
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/DTyGn_pqXuVgB8Y7fC4J86WbFfc.roa
Signing time:             Tue 02 Jan 2024 00:31:30 +0000
ROA not before:           Tue 02 Jan 2024 00:31:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48430
IP address blocks:        193.233.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:28:60:2b:a5:6a:40:d0:72:5a:ba:74:b4:19:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 00:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d3c869ffa6a5ee56007c63b7c2e09f3a59b15f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:fd:62:64:1a:9c:5d:98:49:14:a6:cc:b4:a8:
                    97:48:3a:8f:fa:04:e8:cd:56:84:ec:40:1f:f1:66:
                    a4:7d:33:cf:59:15:2f:c1:82:2c:29:b0:88:95:b5:
                    34:aa:8a:2c:8d:d6:a7:d7:81:5e:47:c7:47:79:d9:
                    cf:77:06:22:96:68:4f:80:61:ba:5e:a3:94:12:df:
                    5e:14:83:d1:ed:3b:77:31:a4:6b:96:6d:43:32:91:
                    0b:20:d9:c5:94:27:1d:3d:12:54:0a:80:9d:95:7d:
                    9e:86:72:0a:7d:cf:bb:ce:84:1b:26:25:64:86:34:
                    4d:d3:e9:e5:aa:07:46:79:a2:f2:79:47:26:90:3a:
                    b2:14:63:be:ee:e9:f5:d3:21:3b:69:e0:63:cd:9e:
                    e7:6a:54:87:6b:90:55:2e:4b:85:16:9b:2a:6e:95:
                    37:b7:5c:45:cc:0e:06:42:5d:9a:a2:f5:f1:6c:bb:
                    d7:98:76:4f:55:d3:d3:0d:25:29:ac:83:48:22:1b:
                    a8:a4:8a:bd:1b:e4:eb:30:9e:42:d4:0c:bf:30:ca:
                    bc:dd:32:69:59:4e:d7:6e:52:08:2a:b5:d5:62:cf:
                    9c:79:65:46:8e:0a:18:fd:49:20:55:82:63:9c:2a:
                    95:c9:ed:22:48:b5:cd:cd:76:52:45:5d:bb:aa:ac:
                    20:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:3C:86:9F:FA:6A:5E:E5:60:07:C6:3B:7C:2E:09:F3:A5:9B:15:F7
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/DTyGn_pqXuVgB8Y7fC4J86WbFfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:1c:c5:02:18:d1:41:8e:e0:25:77:6b:f0:9f:b0:21:8f:48:
         e9:43:ec:8d:81:24:83:36:b0:b5:0e:64:e1:4a:38:80:f4:ea:
         53:b4:4b:b4:ba:3e:e8:98:85:07:06:95:5f:1e:22:67:fc:3a:
         8b:cb:9c:59:cf:18:88:bf:f4:82:a7:bd:c2:37:98:58:3a:d1:
         8f:60:1a:e4:f6:cc:07:0e:a4:33:9c:d6:6a:0c:da:a3:86:10:
         0d:f1:a9:ce:35:f1:55:78:af:84:56:66:b7:b2:d4:50:30:89:
         e0:48:f0:ab:84:fe:83:0d:88:48:db:b4:d5:1b:b2:8a:e9:b6:
         4f:cf:1d:f4:5c:8b:e7:45:7d:6a:db:64:94:de:8f:80:f7:dc:
         b6:5f:2e:39:5f:19:79:92:55:35:50:b6:df:39:ef:89:06:a8:
         42:b9:26:45:90:17:af:53:49:16:b0:d6:ff:25:44:b2:56:3f:
         ab:20:38:d7:70:41:11:07:e2:60:b1:75:db:41:9b:88:59:0d:
         4b:8c:08:fe:b0:30:42:74:71:57:3f:23:96:3b:61:27:87:60:
         4d:6a:a3:2b:f8:99:5a:f1:cb:0b:7d:a9:96:ea:0d:cc:0c:4b:
         0e:07:3e:36:cd:cd:33:49:7d:f3:f9:a7:01:70:a4:7a:a4:a4:
         fe:ff:8e:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlShgK6VqQNByWrp0tBlrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMTAyMDAzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDNjODY5ZmZhNmE1ZWU1NjAwN2M2M2I3YzJlMDlmM2E1OWIxNWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/1iZBqcXZhJFKbMtKiXSDqP+gTo
zVaE7EAf8WakfTPPWRUvwYIsKbCIlbU0qoosjdan14FeR8dHednPdwYilmhPgGG6
XqOUEt9eFIPR7Tt3MaRrlm1DMpELINnFlCcdPRJUCoCdlX2ehnIKfc+7zoQbJiVk
hjRN0+nlqgdGeaLyeUcmkDqyFGO+7un10yE7aeBjzZ7nalSHa5BVLkuFFpsqbpU3
t1xFzA4GQl2aovXxbLvXmHZPVdPTDSUprINIIhuopIq9G+TrMJ5C1Ay/MMq83TJp
WU7XblIIKrXVYs+ceWVGjgoY/UkgVYJjnCqVye0iSLXNzXZSRV27qqwguQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA08hp/6al7lYAfGO3wuCfOlmxX3MB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvRFR5R25fcHFYdVZnQjhZN2ZDNEo4NldiRmZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwekvMA0G
CSqGSIb3DQEBCwUAA4IBAQBVHMUCGNFBjuAld2vwn7Ahj0jpQ+yNgSSDNrC1DmTh
SjiA9OpTtEu0uj7omIUHBpVfHiJn/DqLy5xZzxiIv/SCp73CN5hYOtGPYBrk9swH
DqQznNZqDNqjhhAN8anONfFVeK+EVma3stRQMIngSPCrhP6DDYhI27TVG7KK6bZP
zx30XIvnRX1q22SU3o+A99y2Xy45Xxl5klU1ULbfOe+JBqhCuSZFkBevU0kWsNb/
JUSyVj+rIDjXcEERB+JgsXXbQZuIWQ1LjAj+sDBCdHFXPyOWO2Enh2BNaqMr+Jla
8csLfamW6g3MDEsOBz42zc0zSX3z+acBcKR6pKT+/44l
-----END CERTIFICATE-----