Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/ccc808-14bb-494d-99c8-2f11a651962b/1/OcZ9Lx3ilW0G0iBcnP8Kz2enop8.roa
File:                     OcZ9Lx3ilW0G0iBcnP8Kz2enop8.roa (raw, json)
Hash identifier:          vIpcsd/YHQtGM7MjNNdWBRKVny8rC1bGWBYB43IzRZc=
Subject key identifier:   39:C6:7D:2F:1D:E2:95:6D:06:D2:20:5C:9C:FF:0A:CF:67:A7:A2:9F
Certificate issuer:       /CN=2dc9cb5302d8d13fe91e80f5cbd1fbacbc014827
Certificate serial:       018CC56E0A55423BE8B84AB84DC1BC9310E3
Authority key identifier: 2D:C9:CB:53:02:D8:D1:3F:E9:1E:80:F5:CB:D1:FB:AC:BC:01:48:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LcnLUwLY0T_pHoD1y9H7rLwBSCc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/ccc808-14bb-494d-99c8-2f11a651962b/1/OcZ9Lx3ilW0G0iBcnP8Kz2enop8.roa
Signing time:             Mon 01 Jan 2024 14:29:32 +0000
ROA not before:           Mon 01 Jan 2024 14:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41242
IP address blocks:        81.31.48.0/20 maxlen: 20
                          193.142.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/ccc808-14bb-494d-99c8-2f11a651962b/1/LcnLUwLY0T_pHoD1y9H7rLwBSCc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/ccc808-14bb-494d-99c8-2f11a651962b/1/LcnLUwLY0T_pHoD1y9H7rLwBSCc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LcnLUwLY0T_pHoD1y9H7rLwBSCc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:0a:55:42:3b:e8:b8:4a:b8:4d:c1:bc:93:10:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2dc9cb5302d8d13fe91e80f5cbd1fbacbc014827
        Validity
            Not Before: Jan  1 14:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39c67d2f1de2956d06d2205c9cff0acf67a7a29f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:d8:47:f0:d4:58:a6:8c:1e:ca:89:b0:84:40:
                    7a:36:dc:13:f2:fd:cf:5b:4c:8e:bc:bd:92:db:63:
                    08:f9:fc:b2:b4:41:0c:ca:81:b7:4d:33:4e:24:97:
                    55:d6:43:98:cb:ed:18:5c:15:7c:9e:51:ec:82:4d:
                    33:68:43:a1:19:ce:48:b7:f5:09:26:9e:c2:7f:e8:
                    1d:e2:cf:30:94:e9:94:8e:8c:79:d0:05:63:e0:43:
                    53:f2:ca:2d:ac:b8:f7:09:4b:0f:88:98:27:d9:6b:
                    7b:14:22:68:18:98:5a:26:d0:04:ce:e8:23:bc:89:
                    50:aa:be:97:fd:cc:7c:39:a8:39:60:a9:d0:a9:c6:
                    29:39:aa:33:56:6b:cc:34:4a:5f:a9:4c:ae:d8:89:
                    ba:6c:e7:a6:4b:4e:5e:3f:18:f9:3d:ad:98:26:18:
                    bb:4a:a5:11:ca:49:e8:a1:33:4c:27:4b:98:68:38:
                    fa:cc:29:f2:21:a0:8a:9e:d5:15:f0:c3:50:ff:dd:
                    35:49:0a:6a:ce:72:ec:26:63:e8:0a:92:49:89:96:
                    2d:b8:9e:77:c3:19:41:f9:30:f3:47:98:3d:9f:32:
                    26:49:03:43:82:8e:07:e5:11:5e:cd:ac:7d:34:d7:
                    6a:4d:8d:3a:63:be:0a:45:a8:1e:d7:6f:bc:f3:64:
                    fd:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:C6:7D:2F:1D:E2:95:6D:06:D2:20:5C:9C:FF:0A:CF:67:A7:A2:9F
            X509v3 Authority Key Identifier:
                keyid:2D:C9:CB:53:02:D8:D1:3F:E9:1E:80:F5:CB:D1:FB:AC:BC:01:48:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LcnLUwLY0T_pHoD1y9H7rLwBSCc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/ccc808-14bb-494d-99c8-2f11a651962b/1/OcZ9Lx3ilW0G0iBcnP8Kz2enop8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/ccc808-14bb-494d-99c8-2f11a651962b/1/LcnLUwLY0T_pHoD1y9H7rLwBSCc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.31.48.0/20
                  193.142.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:b3:06:5d:b6:ba:f3:0d:ce:33:48:9a:d6:0a:77:bc:b3:f1:
         05:a3:23:3d:b9:60:b4:12:28:88:a6:17:ff:04:9c:e4:c6:b1:
         72:94:6a:ad:70:75:81:87:36:f1:4a:32:dc:92:ce:18:fd:a1:
         af:87:2c:b3:2f:4e:67:42:22:02:4c:45:bc:f8:d5:b9:11:84:
         0f:4b:91:3b:3b:f7:f3:7f:34:30:94:be:1c:a1:55:48:a4:7a:
         52:48:7d:3f:e7:2d:35:00:d6:7d:4a:d5:3c:cd:d5:19:24:3f:
         cb:3a:73:ef:09:2a:c5:be:24:8c:a5:6e:de:8f:1a:8c:63:f0:
         69:e4:8b:6c:3c:af:ab:88:c1:f9:e2:c1:5c:5c:ba:ff:43:b1:
         9e:71:66:0d:a1:8f:08:fd:01:c2:68:1b:61:70:7b:be:37:f3:
         09:e1:94:1a:68:45:e5:7a:19:8f:2b:12:20:07:07:54:a9:3e:
         97:22:5f:37:09:bd:e0:95:8b:93:4b:d9:eb:e6:7c:9b:ad:93:
         6c:da:85:ad:9c:ce:8c:14:9f:a8:1a:64:87:b7:cd:3c:33:cf:
         38:f5:32:92:0e:f0:cb:b4:a6:91:60:9c:a6:a7:46:04:6d:da:
         23:41:59:42:b4:08:cd:98:b1:43:77:ab:be:04:9c:97:99:c0:
         3b:e2:3a:50
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbgpVQjvouEq4TcG8kxDjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkYzljYjUzMDJkOGQxM2ZlOTFlODBmNWNiZDFmYmFjYmMw
MTQ4MjcwHhcNMjQwMTAxMTQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWM2N2QyZjFkZTI5NTZkMDZkMjIwNWM5Y2ZmMGFjZjY3YTdhMjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu9hH8NRYpoweyomwhEB6NtwT8v3P
W0yOvL2S22MI+fyytEEMyoG3TTNOJJdV1kOYy+0YXBV8nlHsgk0zaEOhGc5It/UJ
Jp7Cf+gd4s8wlOmUjox50AVj4ENT8sotrLj3CUsPiJgn2Wt7FCJoGJhaJtAEzugj
vIlQqr6X/cx8Oag5YKnQqcYpOaozVmvMNEpfqUyu2Im6bOemS05ePxj5Pa2YJhi7
SqURyknooTNMJ0uYaDj6zCnyIaCKntUV8MNQ/901SQpqznLsJmPoCpJJiZYtuJ53
wxlB+TDzR5g9nzImSQNDgo4H5RFezax9NNdqTY06Y74KRage12+882T9wQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDnGfS8d4pVtBtIgXJz/Cs9np6KfMB8GA1UdIwQY
MBaAFC3Jy1MC2NE/6R6A9cvR+6y8AUgnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGNuTFV3TFkwVF9wSG9EMXk5SDdyTHdCU0NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9jY2M4MDgtMTRiYi00OTRkLTk5Yzgt
MmYxMWE2NTE5NjJiLzEvT2NaOUx4M2lsVzBHMGlCY25QOEt6MmVub3A4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9jY2M4MDgtMTRiYi00OTRkLTk5YzgtMmYxMWE2NTE5NjJi
LzEvTGNuTFV3TFkwVF9wSG9EMXk5SDdyTHdCU0NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEUR8wAwQA
wY55MA0GCSqGSIb3DQEBCwUAA4IBAQCJswZdtrrzDc4zSJrWCne8s/EFoyM9uWC0
EiiIphf/BJzkxrFylGqtcHWBhzbxSjLcks4Y/aGvhyyzL05nQiICTEW8+NW5EYQP
S5E7O/fzfzQwlL4coVVIpHpSSH0/5y01ANZ9StU8zdUZJD/LOnPvCSrFviSMpW7e
jxqMY/Bp5ItsPK+riMH54sFcXLr/Q7GecWYNoY8I/QHCaBthcHu+N/MJ4ZQaaEXl
ehmPKxIgBwdUqT6XIl83Cb3glYuTS9nr5nybrZNs2oWtnM6MFJ+oGmSHt808M884
9TKSDvDLtKaRYJymp0YEbdojQVlCtAjNmLFDd6u+BJyXmcA74jpQ
-----END CERTIFICATE-----