Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/88f926-895c-46ce-9e6b-00ce9f08ad83/1/koqjumXF7KRiCAu060QYkwqXDSE.roa
File:                     koqjumXF7KRiCAu060QYkwqXDSE.roa (raw, json)
Hash identifier:          rDNGzDU7fPKv9xgRSlmvowLy6jAhNv92QvxXzUI3nPU=
Subject key identifier:   92:8A:A3:BA:65:C5:EC:A4:62:08:0B:B4:EB:44:18:93:0A:97:0D:21
Certificate issuer:       /CN=d1113af3f36bb92a0f2fbdafe3b671f6b9fcefa8
Certificate serial:       018D8383E4D1F9F8BAAEA2B4ABC9FA7C632D
Authority key identifier: D1:11:3A:F3:F3:6B:B9:2A:0F:2F:BD:AF:E3:B6:71:F6:B9:FC:EF:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0RE68_NruSoPL72v47Zx9rn876g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/88f926-895c-46ce-9e6b-00ce9f08ad83/1/koqjumXF7KRiCAu060QYkwqXDSE.roa
Signing time:             Wed 07 Feb 2024 12:21:15 +0000
ROA not before:           Wed 07 Feb 2024 12:21:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42333
IP address blocks:        193.25.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/88f926-895c-46ce-9e6b-00ce9f08ad83/1/0RE68_NruSoPL72v47Zx9rn876g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/88f926-895c-46ce-9e6b-00ce9f08ad83/1/0RE68_NruSoPL72v47Zx9rn876g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0RE68_NruSoPL72v47Zx9rn876g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:83:83:e4:d1:f9:f8:ba:ae:a2:b4:ab:c9:fa:7c:63:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1113af3f36bb92a0f2fbdafe3b671f6b9fcefa8
        Validity
            Not Before: Feb  7 12:21:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=928aa3ba65c5eca462080bb4eb4418930a970d21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:7d:45:0e:3f:cd:4a:bb:d9:62:b4:5c:8c:a6:
                    40:0e:4e:9a:59:35:45:6a:60:07:b6:35:65:a1:ae:
                    eb:6b:db:93:b2:21:d1:c9:6e:ea:46:b8:66:bd:67:
                    bf:fa:a7:0a:92:74:09:43:cf:94:66:ef:8a:d3:4a:
                    eb:e7:c7:bb:78:55:19:68:9d:3c:0e:eb:3a:bc:c3:
                    96:a0:c3:b8:62:ce:be:41:45:db:7e:e2:32:26:02:
                    9e:83:fa:48:f9:a1:12:a1:5e:17:10:1f:0e:25:c9:
                    f7:52:c4:90:d9:08:d2:d7:1a:16:ae:d9:6c:a3:05:
                    4e:1b:b6:a1:e8:a6:8b:99:be:6d:e9:8a:cc:79:10:
                    75:e8:56:3d:5b:d7:07:48:9c:9b:05:b8:35:60:ca:
                    57:d8:6b:d1:a3:34:4b:14:79:75:ec:87:6c:66:43:
                    a9:9e:3d:f0:3c:c2:fb:a7:41:c5:11:48:46:4f:ee:
                    40:55:59:69:62:b7:be:3e:84:7d:46:94:67:cc:69:
                    a0:74:8f:5c:2e:6b:ac:37:bf:f0:8b:67:87:7f:88:
                    c7:01:b7:57:21:f7:83:e6:b5:27:4b:e0:86:68:ea:
                    75:f2:09:bc:77:29:f1:b3:36:97:6d:ae:52:7c:8a:
                    76:90:df:4b:b2:f1:14:db:57:3e:01:29:4c:d9:24:
                    e9:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:8A:A3:BA:65:C5:EC:A4:62:08:0B:B4:EB:44:18:93:0A:97:0D:21
            X509v3 Authority Key Identifier:
                keyid:D1:11:3A:F3:F3:6B:B9:2A:0F:2F:BD:AF:E3:B6:71:F6:B9:FC:EF:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0RE68_NruSoPL72v47Zx9rn876g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/88f926-895c-46ce-9e6b-00ce9f08ad83/1/koqjumXF7KRiCAu060QYkwqXDSE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/88f926-895c-46ce-9e6b-00ce9f08ad83/1/0RE68_NruSoPL72v47Zx9rn876g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.25.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:21:6b:c2:8d:ae:01:07:33:64:24:a7:6b:31:ed:4f:93:a5:
         54:80:45:80:be:f6:d6:aa:4e:2f:e0:1e:4e:b9:67:51:47:f7:
         a7:d2:d8:5d:b4:82:f1:b1:f8:64:86:1d:7e:c6:ce:14:7a:46:
         32:f9:d9:c4:08:71:86:ce:29:d9:81:f8:3e:f8:28:d2:16:67:
         41:bf:5b:1a:66:a7:fa:5b:d2:a0:11:4b:90:50:df:74:5c:4a:
         38:d0:e7:f0:54:e3:89:6a:0c:aa:1d:fa:5c:80:b0:1b:a4:31:
         ab:1d:b3:4a:5a:22:91:f2:46:e5:da:a3:ce:0d:11:73:95:51:
         e5:a7:34:3a:96:d7:6e:02:71:bc:b2:cd:f1:89:ae:53:33:9c:
         09:1e:3c:cf:82:1c:72:0c:f6:3d:12:31:4f:28:c2:50:85:12:
         d0:ee:4b:8e:27:c5:26:6b:fd:ef:b4:e7:b8:ee:35:a3:fa:00:
         e6:54:22:fa:dc:8c:94:41:29:46:8a:e3:45:7b:66:4b:31:65:
         67:5e:57:04:ce:ba:00:e2:0c:12:89:1a:96:3c:37:61:8c:d3:
         88:39:e8:25:e7:4e:c2:16:68:f7:94:ac:c3:27:06:4b:dc:d2:
         24:be:1f:b0:fb:69:0a:38:5b:bd:ba:12:64:33:45:21:21:fc:
         bd:49:33:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2Dg+TR+fi6rqK0q8n6fGMtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxMTEzYWYzZjM2YmI5MmEwZjJmYmRhZmUzYjY3MWY2Yjlm
Y2VmYTgwHhcNMjQwMjA3MTIyMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjhhYTNiYTY1YzVlY2E0NjIwODBiYjRlYjQ0MTg5MzBhOTcwZDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnn1FDj/NSrvZYrRcjKZADk6aWTVF
amAHtjVloa7ra9uTsiHRyW7qRrhmvWe/+qcKknQJQ8+UZu+K00rr58e7eFUZaJ08
Dus6vMOWoMO4Ys6+QUXbfuIyJgKeg/pI+aESoV4XEB8OJcn3UsSQ2QjS1xoWrtls
owVOG7ah6KaLmb5t6YrMeRB16FY9W9cHSJybBbg1YMpX2GvRozRLFHl17IdsZkOp
nj3wPML7p0HFEUhGT+5AVVlpYre+PoR9RpRnzGmgdI9cLmusN7/wi2eHf4jHAbdX
IfeD5rUnS+CGaOp18gm8dynxszaXba5SfIp2kN9LsvEU21c+ASlM2STpuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJKKo7plxeykYggLtOtEGJMKlw0hMB8GA1UdIwQY
MBaAFNEROvPza7kqDy+9r+O2cfa5/O+oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFJFNjhfTnJ1U29QTDcydjQ3Wng5cm44NzZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi84OGY5MjYtODk1Yy00NmNlLTllNmIt
MDBjZTlmMDhhZDgzLzEva29xanVtWEY3S1JpQ0F1MDYwUVlrd3FYRFNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi84OGY5MjYtODk1Yy00NmNlLTllNmItMDBjZTlmMDhhZDgz
LzEvMFJFNjhfTnJ1U29QTDcydjQ3Wng5cm44NzZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRnNMA0G
CSqGSIb3DQEBCwUAA4IBAQBwIWvCja4BBzNkJKdrMe1Pk6VUgEWAvvbWqk4v4B5O
uWdRR/en0thdtILxsfhkhh1+xs4UekYy+dnECHGGzinZgfg++CjSFmdBv1saZqf6
W9KgEUuQUN90XEo40OfwVOOJagyqHfpcgLAbpDGrHbNKWiKR8kbl2qPODRFzlVHl
pzQ6ltduAnG8ss3xia5TM5wJHjzPghxyDPY9EjFPKMJQhRLQ7kuOJ8Uma/3vtOe4
7jWj+gDmVCL63IyUQSlGiuNFe2ZLMWVnXlcEzroA4gwSiRqWPDdhjNOIOegl507C
Fmj3lKzDJwZL3NIkvh+w+2kKOFu9uhJkM0UhIfy9STPX
-----END CERTIFICATE-----