Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/af1b93-d6e3-453d-91cc-41d735bd8c03/1/Ic9xLKy4pZKpIIj9AdeQHcMLMaU.roa
File:                     Ic9xLKy4pZKpIIj9AdeQHcMLMaU.roa (raw, json)
Hash identifier:          ZQU1Cnz8a2T2GH0XybVdXhkz5SPUkQ0X1m4g+rPLbsc=
Subject key identifier:   21:CF:71:2C:AC:B8:A5:92:A9:20:88:FD:01:D7:90:1D:C3:0B:31:A5
Certificate issuer:       /CN=e4f51741df136f9389254efde4ba9adcfb0de6bf
Certificate serial:       018CC94D5D4A67EB086DFF00C6901474926C
Authority key identifier: E4:F5:17:41:DF:13:6F:93:89:25:4E:FD:E4:BA:9A:DC:FB:0D:E6:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5PUXQd8Tb5OJJU795Lqa3PsN5r8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/af1b93-d6e3-453d-91cc-41d735bd8c03/1/Ic9xLKy4pZKpIIj9AdeQHcMLMaU.roa
Signing time:             Tue 02 Jan 2024 08:32:19 +0000
ROA not before:           Tue 02 Jan 2024 08:32:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20712
IP address blocks:        194.62.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/af1b93-d6e3-453d-91cc-41d735bd8c03/1/5PUXQd8Tb5OJJU795Lqa3PsN5r8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/af1b93-d6e3-453d-91cc-41d735bd8c03/1/5PUXQd8Tb5OJJU795Lqa3PsN5r8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5PUXQd8Tb5OJJU795Lqa3PsN5r8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 14:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:5d:4a:67:eb:08:6d:ff:00:c6:90:14:74:92:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4f51741df136f9389254efde4ba9adcfb0de6bf
        Validity
            Not Before: Jan  2 08:32:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=21cf712cacb8a592a92088fd01d7901dc30b31a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:3a:38:f4:9b:65:24:84:b6:af:ab:da:b2:38:
                    f3:62:b2:2e:03:68:b7:82:42:3f:83:f1:49:10:42:
                    5a:58:ac:8b:23:3f:3f:c3:65:ed:fb:cd:30:bf:6a:
                    92:c3:b4:a1:2e:ba:b3:06:99:eb:57:5a:10:38:41:
                    c0:cd:84:c0:04:08:b4:70:80:09:f0:87:3f:d0:62:
                    60:a0:19:3b:77:87:f3:44:e5:c0:44:07:dc:b0:2c:
                    89:e4:01:92:87:9e:43:41:31:45:55:12:d4:43:74:
                    de:a4:47:f5:1a:e8:67:ba:cf:fd:fb:b2:3a:35:a9:
                    d8:53:f8:c8:e4:d1:c7:1c:28:b7:7f:b6:06:9a:b8:
                    a1:d3:d8:26:1b:f4:ce:37:28:3e:db:37:68:93:5b:
                    63:91:81:f3:ce:c8:5e:2d:96:f5:06:58:75:26:3c:
                    60:fa:82:32:e2:40:98:56:12:6f:9e:9a:4d:23:a8:
                    b1:8f:80:04:f3:5a:93:1b:27:03:2d:ff:c8:0c:ae:
                    83:2b:9b:de:21:38:f1:59:75:b1:d7:52:5d:69:a0:
                    42:4e:53:77:1f:dc:2c:ed:c9:e2:4c:63:1b:d8:ac:
                    47:31:e2:9d:38:c3:9a:af:90:d8:28:08:cd:64:ef:
                    14:b1:bb:04:5a:30:1d:aa:8b:62:b8:e2:6d:8f:8c:
                    73:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:CF:71:2C:AC:B8:A5:92:A9:20:88:FD:01:D7:90:1D:C3:0B:31:A5
            X509v3 Authority Key Identifier:
                keyid:E4:F5:17:41:DF:13:6F:93:89:25:4E:FD:E4:BA:9A:DC:FB:0D:E6:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5PUXQd8Tb5OJJU795Lqa3PsN5r8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/af1b93-d6e3-453d-91cc-41d735bd8c03/1/Ic9xLKy4pZKpIIj9AdeQHcMLMaU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/af1b93-d6e3-453d-91cc-41d735bd8c03/1/5PUXQd8Tb5OJJU795Lqa3PsN5r8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.62.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:82:b8:68:fa:46:c9:13:84:00:c0:7b:46:fd:65:86:a0:04:
         cb:37:02:4e:25:d6:e3:d0:1e:47:31:3a:2a:5c:df:26:51:cb:
         94:ac:86:58:04:ce:48:c1:00:dd:78:6f:00:f3:0d:66:12:72:
         4d:e1:8c:8a:d6:8f:8b:8b:d2:34:1d:0b:8c:52:69:f3:82:0f:
         5d:7c:fe:27:37:ba:73:8f:d1:17:7d:f5:84:22:08:62:04:16:
         9a:7e:77:a7:96:9a:f2:97:a3:83:2c:3e:3a:2e:6f:d1:df:97:
         7b:78:fe:31:70:de:ff:e4:92:f9:fa:11:a5:27:85:d4:fe:38:
         a5:b1:ad:89:dd:1e:61:5f:19:ce:b6:5e:c3:8d:2f:88:78:b1:
         fb:fd:80:0b:25:72:92:90:a6:a9:05:f1:ca:0c:c3:20:38:85:
         3e:95:46:c1:c2:00:dd:51:fb:8c:ae:68:7f:10:03:5d:c6:b8:
         88:99:7e:b9:35:d3:d7:3f:ed:56:e3:76:cc:b0:a1:f4:84:8b:
         47:46:a9:b0:96:e8:ed:b3:e0:c5:b3:60:6f:fb:3e:65:15:0a:
         bd:8c:2d:c1:1e:94:ae:2a:d2:59:21:c3:7e:a6:a2:54:ff:d8:
         46:ee:79:01:fb:a9:24:58:e1:b6:51:c9:fa:63:bc:94:70:72:
         c7:f6:68:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTV1KZ+sIbf8AxpAUdJJsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0ZjUxNzQxZGYxMzZmOTM4OTI1NGVmZGU0YmE5YWRjZmIw
ZGU2YmYwHhcNMjQwMTAyMDgzMjE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWNmNzEyY2FjYjhhNTkyYTkyMDg4ZmQwMWQ3OTAxZGMzMGIzMWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjo49JtlJIS2r6vasjjzYrIuA2i3
gkI/g/FJEEJaWKyLIz8/w2Xt+80wv2qSw7ShLrqzBpnrV1oQOEHAzYTABAi0cIAJ
8Ic/0GJgoBk7d4fzROXARAfcsCyJ5AGSh55DQTFFVRLUQ3TepEf1Guhnus/9+7I6
NanYU/jI5NHHHCi3f7YGmrih09gmG/TONyg+2zdok1tjkYHzzsheLZb1Blh1Jjxg
+oIy4kCYVhJvnppNI6ixj4AE81qTGycDLf/IDK6DK5veITjxWXWx11JdaaBCTlN3
H9ws7cniTGMb2KxHMeKdOMOar5DYKAjNZO8UsbsEWjAdqotiuOJtj4xzjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCHPcSysuKWSqSCI/QHXkB3DCzGlMB8GA1UdIwQY
MBaAFOT1F0HfE2+TiSVO/eS6mtz7Dea/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVBVWFFkOFRiNU9KSlU3OTVMcWEzUHNONXI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hZjFiOTMtZDZlMy00NTNkLTkxY2Mt
NDFkNzM1YmQ4YzAzLzEvSWM5eExLeTRwWktwSUlqOUFkZVFIY01MTWFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hZjFiOTMtZDZlMy00NTNkLTkxY2MtNDFkNzM1YmQ4YzAz
LzEvNVBVWFFkOFRiNU9KSlU3OTVMcWEzUHNONXI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwj58MA0G
CSqGSIb3DQEBCwUAA4IBAQAGgrho+kbJE4QAwHtG/WWGoATLNwJOJdbj0B5HMToq
XN8mUcuUrIZYBM5IwQDdeG8A8w1mEnJN4YyK1o+Li9I0HQuMUmnzgg9dfP4nN7pz
j9EXffWEIghiBBaafnenlpryl6ODLD46Lm/R35d7eP4xcN7/5JL5+hGlJ4XU/jil
sa2J3R5hXxnOtl7DjS+IeLH7/YALJXKSkKapBfHKDMMgOIU+lUbBwgDdUfuMrmh/
EANdxriImX65NdPXP+1W43bMsKH0hItHRqmwlujts+DFs2Bv+z5lFQq9jC3BHpSu
KtJZIcN+pqJU/9hG7nkB+6kkWOG2Ucn6Y7yUcHLH9mg5
-----END CERTIFICATE-----