Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/ec56f9-7ff0-429b-b069-1f245002d640/1/AwNOKfmqmyqjEjDtIY116K3p0bI.roa
File:                     AwNOKfmqmyqjEjDtIY116K3p0bI.roa (raw, json)
Hash identifier:          4X6Juw0BQ/LLracZLCK3g3aWvjoq2DfOVpAGh4geHNc=
Subject key identifier:   03:03:4E:29:F9:AA:9B:2A:A3:12:30:ED:21:8D:75:E8:AD:E9:D1:B2
Certificate issuer:       /CN=9ffc17f87ceafa878fce3bde68a715dde17c3e3d
Certificate serial:       018D9DF47C15B7FF508A9E92D514BB3EC049
Authority key identifier: 9F:FC:17:F8:7C:EA:FA:87:8F:CE:3B:DE:68:A7:15:DD:E1:7C:3E:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n_wX-Hzq-oePzjveaKcV3eF8Pj0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/ec56f9-7ff0-429b-b069-1f245002d640/1/AwNOKfmqmyqjEjDtIY116K3p0bI.roa
Signing time:             Mon 12 Feb 2024 15:34:21 +0000
ROA not before:           Mon 12 Feb 2024 15:34:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34863
IP address blocks:        193.26.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/ec56f9-7ff0-429b-b069-1f245002d640/1/n_wX-Hzq-oePzjveaKcV3eF8Pj0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/ec56f9-7ff0-429b-b069-1f245002d640/1/n_wX-Hzq-oePzjveaKcV3eF8Pj0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n_wX-Hzq-oePzjveaKcV3eF8Pj0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:9d:f4:7c:15:b7:ff:50:8a:9e:92:d5:14:bb:3e:c0:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ffc17f87ceafa878fce3bde68a715dde17c3e3d
        Validity
            Not Before: Feb 12 15:34:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03034e29f9aa9b2aa31230ed218d75e8ade9d1b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:e9:74:5f:07:70:72:54:c9:ad:92:d4:19:d2:
                    9b:88:4a:1c:24:99:55:65:3a:84:87:8e:f7:74:cb:
                    08:6b:52:82:60:8d:96:d1:bd:58:2b:b0:2d:be:bd:
                    ff:c8:4f:57:fe:c3:77:29:e2:4f:db:41:f1:46:79:
                    6c:79:bc:63:24:da:be:63:c5:0e:6d:44:92:96:53:
                    1f:7f:97:a4:de:68:c9:db:be:75:4f:57:66:13:e6:
                    55:d9:df:67:a0:dc:97:75:7f:ac:27:c3:e9:00:2e:
                    38:c0:40:98:ce:57:d8:9e:24:73:f1:c6:27:35:c1:
                    8d:cf:bc:8f:38:43:41:ee:53:a8:fb:33:1f:ea:ca:
                    cd:e7:c9:2a:40:86:b2:d9:c4:d0:dd:88:49:02:51:
                    1e:de:60:20:4e:bd:0a:cc:ef:4c:d6:e9:ad:cc:67:
                    53:dd:f2:77:ba:88:f8:c0:1f:f7:4d:82:b2:80:41:
                    79:65:40:22:a6:36:e8:13:f3:74:01:21:f1:7c:c8:
                    f3:81:cf:03:50:a5:b8:ae:a9:9b:52:d4:ca:06:46:
                    3a:bd:7d:10:45:59:52:28:88:5b:f0:cc:87:9c:fd:
                    b0:92:72:90:cd:e7:67:77:4e:e0:ad:b0:a1:97:e4:
                    6e:f4:fa:96:d5:ab:68:dd:22:e9:db:f7:21:d5:7c:
                    90:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:03:4E:29:F9:AA:9B:2A:A3:12:30:ED:21:8D:75:E8:AD:E9:D1:B2
            X509v3 Authority Key Identifier:
                keyid:9F:FC:17:F8:7C:EA:FA:87:8F:CE:3B:DE:68:A7:15:DD:E1:7C:3E:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n_wX-Hzq-oePzjveaKcV3eF8Pj0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/ec56f9-7ff0-429b-b069-1f245002d640/1/AwNOKfmqmyqjEjDtIY116K3p0bI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/ec56f9-7ff0-429b-b069-1f245002d640/1/n_wX-Hzq-oePzjveaKcV3eF8Pj0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.26.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:bf:0a:ee:95:2f:11:41:ee:bb:3a:86:de:80:77:4f:98:bc:
         d6:41:89:e0:14:d6:33:ac:33:a5:20:a6:f2:37:84:76:eb:64:
         18:46:28:fc:d5:ce:44:b3:2c:6a:be:aa:95:54:17:db:20:af:
         97:8d:00:d3:06:52:6f:eb:d2:66:11:0b:21:3e:98:f3:53:37:
         7d:9f:6d:5f:53:5b:b1:38:32:83:e5:e9:bc:be:3f:fb:22:ef:
         e4:77:4c:89:4c:39:58:69:3d:14:d2:eb:e3:58:97:f2:74:10:
         25:48:c8:b7:1f:fa:f3:d1:4d:60:bb:66:fe:c7:47:06:8a:e1:
         ca:2b:9f:45:d2:69:a0:53:09:87:92:2d:3b:c5:41:46:8f:89:
         74:62:3f:07:2d:05:5e:e0:0e:f0:c2:4a:fb:e6:81:94:b2:92:
         6c:c6:3e:ca:32:4f:b2:7e:18:54:15:a8:2f:87:7b:eb:97:b0:
         52:01:3f:9d:3e:5b:00:5d:e8:f9:dd:ec:12:2d:07:6c:4f:73:
         8c:fc:3a:db:59:2d:01:f2:73:08:58:34:22:e5:f5:0b:eb:ad:
         10:4c:7c:d3:1b:85:47:ec:20:ef:9f:45:ba:49:f6:3b:43:05:
         4b:aa:02:4f:72:e3:78:85:dd:be:65:83:d5:a4:51:75:b6:0b:
         25:24:d0:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2d9HwVt/9Qip6S1RS7PsBJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmZmMxN2Y4N2NlYWZhODc4ZmNlM2JkZTY4YTcxNWRkZTE3
YzNlM2QwHhcNMjQwMjEyMTUzNDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzAzNGUyOWY5YWE5YjJhYTMxMjMwZWQyMThkNzVlOGFkZTlkMWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqul0XwdwclTJrZLUGdKbiEocJJlV
ZTqEh473dMsIa1KCYI2W0b1YK7Atvr3/yE9X/sN3KeJP20HxRnlsebxjJNq+Y8UO
bUSSllMff5ek3mjJ2751T1dmE+ZV2d9noNyXdX+sJ8PpAC44wECYzlfYniRz8cYn
NcGNz7yPOENB7lOo+zMf6srN58kqQIay2cTQ3YhJAlEe3mAgTr0KzO9M1umtzGdT
3fJ3uoj4wB/3TYKygEF5ZUAipjboE/N0ASHxfMjzgc8DUKW4rqmbUtTKBkY6vX0Q
RVlSKIhb8MyHnP2wknKQzednd07grbChl+Ru9PqW1ato3SLp2/ch1XyQgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAMDTin5qpsqoxIw7SGNdeit6dGyMB8GA1UdIwQY
MBaAFJ/8F/h86vqHj8473minFd3hfD49MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbl93WC1IenEtb2VQemp2ZWFLY1YzZUY4UGowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9lYzU2ZjktN2ZmMC00MjliLWIwNjkt
MWYyNDUwMDJkNjQwLzEvQXdOT0tmbXFteXFqRWpEdElZMTE2SzNwMGJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9lYzU2ZjktN2ZmMC00MjliLWIwNjktMWYyNDUwMDJkNjQw
LzEvbl93WC1IenEtb2VQemp2ZWFLY1YzZUY4UGowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRocMA0G
CSqGSIb3DQEBCwUAA4IBAQA7vwrulS8RQe67OobegHdPmLzWQYngFNYzrDOlIKby
N4R262QYRij81c5EsyxqvqqVVBfbIK+XjQDTBlJv69JmEQshPpjzUzd9n21fU1ux
ODKD5em8vj/7Iu/kd0yJTDlYaT0U0uvjWJfydBAlSMi3H/rz0U1gu2b+x0cGiuHK
K59F0mmgUwmHki07xUFGj4l0Yj8HLQVe4A7wwkr75oGUspJsxj7KMk+yfhhUFagv
h3vrl7BSAT+dPlsAXej53ewSLQdsT3OM/DrbWS0B8nMIWDQi5fUL660QTHzTG4VH
7CDvn0W6SfY7QwVLqgJPcuN4hd2+ZYPVpFF1tgslJNDB
-----END CERTIFICATE-----