Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/df56ee-dd71-4ca7-98ed-327f831945fd/1/0hxUEl_DOwtZybjX4CDgQyrrEHs.roa
File:                     0hxUEl_DOwtZybjX4CDgQyrrEHs.roa (raw, json)
Hash identifier:          ZPR4l4FXLtex5a1B8VmTMYku5op0ghFNkhGJFkemRNA=
Subject key identifier:   D2:1C:54:12:5F:C3:3B:0B:59:C9:B8:D7:E0:20:E0:43:2A:EB:10:7B
Certificate issuer:       /CN=f0d03098b8356fffc5a597e9c45b84edf87cf994
Certificate serial:       018CC8DEB39B7C8253D10CD4176D78F5F27B
Authority key identifier: F0:D0:30:98:B8:35:6F:FF:C5:A5:97:E9:C4:5B:84:ED:F8:7C:F9:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8NAwmLg1b__FpZfpxFuE7fh8-ZQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/df56ee-dd71-4ca7-98ed-327f831945fd/1/0hxUEl_DOwtZybjX4CDgQyrrEHs.roa
Signing time:             Tue 02 Jan 2024 06:31:27 +0000
ROA not before:           Tue 02 Jan 2024 06:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8758
IP address blocks:        193.221.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/df56ee-dd71-4ca7-98ed-327f831945fd/1/8NAwmLg1b__FpZfpxFuE7fh8-ZQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/df56ee-dd71-4ca7-98ed-327f831945fd/1/8NAwmLg1b__FpZfpxFuE7fh8-ZQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8NAwmLg1b__FpZfpxFuE7fh8-ZQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:b3:9b:7c:82:53:d1:0c:d4:17:6d:78:f5:f2:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0d03098b8356fffc5a597e9c45b84edf87cf994
        Validity
            Not Before: Jan  2 06:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d21c54125fc33b0b59c9b8d7e020e0432aeb107b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:f8:02:87:da:88:d0:51:60:b9:4f:2d:69:ee:
                    fb:76:25:2f:2e:65:14:29:6b:3a:4d:17:47:24:cb:
                    57:87:2f:8e:e5:54:a1:f7:13:df:6b:46:3d:34:f2:
                    66:49:eb:96:17:4f:20:e5:96:26:63:a3:e3:9d:66:
                    8a:00:0f:29:cd:d9:7c:63:8f:82:b4:0a:0c:6c:3f:
                    b3:32:a3:d4:f0:80:07:17:9a:f5:78:6c:bb:74:ae:
                    bf:8e:97:2a:70:8f:1d:33:3f:5b:cd:49:29:49:9e:
                    8d:73:51:90:b1:5b:9b:7a:b3:c4:ff:b6:a3:60:48:
                    a7:48:f6:48:a8:95:28:04:03:dc:ed:6d:5a:3b:0a:
                    e5:54:d3:b1:db:0b:25:1c:a6:40:43:e1:81:2b:96:
                    88:fb:da:4a:94:eb:43:07:01:1a:27:53:d4:5a:90:
                    9c:3a:1b:6d:05:fb:49:b0:40:42:cb:9b:fe:38:de:
                    dc:11:38:78:89:9f:46:82:fc:64:27:69:e2:80:0f:
                    a1:91:4f:45:d6:6c:a2:59:35:c9:e4:ba:bf:b5:d0:
                    ab:41:c7:34:ad:a5:34:44:b6:d4:8e:74:c7:76:96:
                    10:78:e9:d9:13:0f:2d:65:7d:b0:4f:36:ae:3f:7d:
                    a3:6d:59:07:fa:f0:a7:13:33:9d:6c:45:74:1b:f3:
                    01:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:1C:54:12:5F:C3:3B:0B:59:C9:B8:D7:E0:20:E0:43:2A:EB:10:7B
            X509v3 Authority Key Identifier:
                keyid:F0:D0:30:98:B8:35:6F:FF:C5:A5:97:E9:C4:5B:84:ED:F8:7C:F9:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8NAwmLg1b__FpZfpxFuE7fh8-ZQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/df56ee-dd71-4ca7-98ed-327f831945fd/1/0hxUEl_DOwtZybjX4CDgQyrrEHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/df56ee-dd71-4ca7-98ed-327f831945fd/1/8NAwmLg1b__FpZfpxFuE7fh8-ZQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.221.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:e2:3e:df:39:bc:b1:71:a6:5d:3e:d5:b6:10:1a:32:60:ac:
         4f:17:b6:95:12:15:9c:b6:c3:3b:ad:0b:6b:f3:4a:87:b7:47:
         56:22:65:8b:12:ee:c4:10:bc:04:f5:31:e6:f0:c7:ec:d7:50:
         cc:6b:7e:97:16:2f:b9:e7:74:6a:df:6e:56:70:64:0e:ff:fb:
         c5:ee:3b:d4:f6:1d:87:16:fb:7a:c3:20:d0:49:27:d7:06:0d:
         08:32:f6:01:e5:00:df:a0:ab:69:fc:04:6f:40:e9:61:ee:27:
         2b:02:b2:17:fa:89:90:54:ba:e6:bd:ef:61:26:18:f3:35:86:
         c7:2a:db:70:e4:05:fc:e6:ed:a3:d4:aa:c4:68:c0:97:23:8a:
         dc:f2:d0:32:64:f6:70:ee:a5:a1:c2:e7:fa:be:6c:52:7b:b1:
         71:f4:dd:0f:2a:db:e1:14:d0:5e:07:a6:5a:e8:35:fb:e0:c4:
         4b:65:f4:c7:32:9a:24:80:36:ad:de:a0:cf:e1:c3:0e:72:2c:
         7c:90:d3:99:1e:77:9d:b5:f5:fe:5a:56:5b:6f:ab:77:58:69:
         30:4f:a6:14:e5:9f:ce:59:bb:6c:d5:16:e6:a9:b3:22:21:ba:
         4b:70:34:47:34:11:73:ad:96:c5:87:df:23:d4:62:f7:cb:75:
         e7:dc:5a:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3rObfIJT0QzUF2149fJ7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZDAzMDk4YjgzNTZmZmZjNWE1OTdlOWM0NWI4NGVkZjg3
Y2Y5OTQwHhcNMjQwMTAyMDYzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjFjNTQxMjVmYzMzYjBiNTljOWI4ZDdlMDIwZTA0MzJhZWIxMDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjvgCh9qI0FFguU8tae77diUvLmUU
KWs6TRdHJMtXhy+O5VSh9xPfa0Y9NPJmSeuWF08g5ZYmY6PjnWaKAA8pzdl8Y4+C
tAoMbD+zMqPU8IAHF5r1eGy7dK6/jpcqcI8dMz9bzUkpSZ6Nc1GQsVuberPE/7aj
YEinSPZIqJUoBAPc7W1aOwrlVNOx2wslHKZAQ+GBK5aI+9pKlOtDBwEaJ1PUWpCc
OhttBftJsEBCy5v+ON7cETh4iZ9GgvxkJ2nigA+hkU9F1myiWTXJ5Lq/tdCrQcc0
raU0RLbUjnTHdpYQeOnZEw8tZX2wTzauP32jbVkH+vCnEzOdbEV0G/MBBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNIcVBJfwzsLWcm41+Ag4EMq6xB7MB8GA1UdIwQY
MBaAFPDQMJi4NW//xaWX6cRbhO34fPmUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE5Bd21MZzFiX19GcFpmcHhGdUU3Zmg4LVpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kZjU2ZWUtZGQ3MS00Y2E3LTk4ZWQt
MzI3ZjgzMTk0NWZkLzEvMGh4VUVsX0RPd3RaeWJqWDRDRGdReXJyRUhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kZjU2ZWUtZGQ3MS00Y2E3LTk4ZWQtMzI3ZjgzMTk0NWZk
LzEvOE5Bd21MZzFiX19GcFpmcHhGdUU3Zmg4LVpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwd10MA0G
CSqGSIb3DQEBCwUAA4IBAQCE4j7fObyxcaZdPtW2EBoyYKxPF7aVEhWctsM7rQtr
80qHt0dWImWLEu7EELwE9THm8Mfs11DMa36XFi+553Rq325WcGQO//vF7jvU9h2H
Fvt6wyDQSSfXBg0IMvYB5QDfoKtp/ARvQOlh7icrArIX+omQVLrmve9hJhjzNYbH
Kttw5AX85u2j1KrEaMCXI4rc8tAyZPZw7qWhwuf6vmxSe7Fx9N0PKtvhFNBeB6Za
6DX74MRLZfTHMpokgDat3qDP4cMOcix8kNOZHnedtfX+WlZbb6t3WGkwT6YU5Z/O
Wbts1RbmqbMiIbpLcDRHNBFzrZbFh98j1GL3y3Xn3Foj
-----END CERTIFICATE-----