Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/fdd688-3e23-46f4-a073-35b0c96524fa/1/ayTnCuIgW_KM8gBrtyPZ-WSV0H0.roa
File:                     ayTnCuIgW_KM8gBrtyPZ-WSV0H0.roa (raw, json)
Hash identifier:          ynyYOCw6pfFAD6LdYSaDG+TP6cNfj6f3cai8ODPWb6k=
Subject key identifier:   6B:24:E7:0A:E2:20:5B:F2:8C:F2:00:6B:B7:23:D9:F9:64:95:D0:7D
Certificate issuer:       /CN=94c86c9b35d782116b2cd8583a27ceb403b8f61a
Certificate serial:       018CC2DACA5609D2B8B3E1AB2E2D471CEF94
Authority key identifier: 94:C8:6C:9B:35:D7:82:11:6B:2C:D8:58:3A:27:CE:B4:03:B8:F6:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lMhsmzXXghFrLNhYOifOtAO49ho.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/fdd688-3e23-46f4-a073-35b0c96524fa/1/ayTnCuIgW_KM8gBrtyPZ-WSV0H0.roa
Signing time:             Mon 01 Jan 2024 02:29:27 +0000
ROA not before:           Mon 01 Jan 2024 02:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29256
IP address blocks:        188.247.0.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/fdd688-3e23-46f4-a073-35b0c96524fa/1/lMhsmzXXghFrLNhYOifOtAO49ho.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/fdd688-3e23-46f4-a073-35b0c96524fa/1/lMhsmzXXghFrLNhYOifOtAO49ho.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lMhsmzXXghFrLNhYOifOtAO49ho.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 19:03:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:ca:56:09:d2:b8:b3:e1:ab:2e:2d:47:1c:ef:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94c86c9b35d782116b2cd8583a27ceb403b8f61a
        Validity
            Not Before: Jan  1 02:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b24e70ae2205bf28cf2006bb723d9f96495d07d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:2b:e0:5d:d3:3c:5d:8e:68:ed:8b:41:91:3c:
                    dc:36:66:49:01:18:8c:f3:f9:74:0c:43:74:28:13:
                    41:88:f8:04:7d:2c:50:f1:cf:66:24:f5:85:49:6b:
                    93:63:41:39:a1:3e:81:42:b5:61:d6:47:99:1a:da:
                    f3:93:91:41:b1:8e:0d:74:57:93:d7:07:b8:31:a9:
                    68:b0:42:ae:d4:a4:56:31:f0:93:63:53:d0:8c:ce:
                    ca:00:e7:3e:38:3c:64:dd:86:a8:6e:d4:02:6d:d5:
                    4c:fd:2e:76:9c:9a:76:89:17:c0:43:39:b6:22:df:
                    85:0f:3c:7d:b7:20:db:f1:e5:e6:54:ff:bb:54:e2:
                    b1:28:47:52:b1:96:74:7e:d8:ca:c4:e1:cc:d7:c8:
                    71:af:7d:6c:fd:cb:ad:69:06:c8:64:4b:17:d1:de:
                    b0:50:8f:f6:88:4d:93:ad:c4:76:61:6f:9a:cf:c1:
                    03:33:13:dd:82:e5:bf:b9:c7:43:3f:2a:1d:79:42:
                    73:19:45:03:08:86:e3:f9:13:e3:b8:24:ae:ee:56:
                    02:bd:3e:f3:9a:b7:95:88:30:10:56:b8:ad:7c:56:
                    38:f2:b2:55:cf:7c:dc:ba:4f:7f:bb:e0:0b:ae:b3:
                    6f:e9:d7:50:5e:51:1f:79:04:be:aa:44:89:64:96:
                    dc:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:24:E7:0A:E2:20:5B:F2:8C:F2:00:6B:B7:23:D9:F9:64:95:D0:7D
            X509v3 Authority Key Identifier:
                keyid:94:C8:6C:9B:35:D7:82:11:6B:2C:D8:58:3A:27:CE:B4:03:B8:F6:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lMhsmzXXghFrLNhYOifOtAO49ho.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/fdd688-3e23-46f4-a073-35b0c96524fa/1/ayTnCuIgW_KM8gBrtyPZ-WSV0H0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/fdd688-3e23-46f4-a073-35b0c96524fa/1/lMhsmzXXghFrLNhYOifOtAO49ho.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.247.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         39:15:dd:e0:7e:5b:31:dd:cd:58:d9:a0:07:04:0a:13:52:33:
         9d:19:0b:8b:49:f5:11:a5:3a:70:c9:ca:eb:38:1e:1e:99:bb:
         8a:62:7c:8e:86:8d:9d:ec:da:db:43:f7:d0:41:c2:ba:4a:22:
         32:da:06:22:b1:21:b1:9f:48:16:3f:79:04:fc:df:cd:7b:7f:
         46:f9:00:ee:98:d3:ce:a5:f8:0a:e5:c1:01:dc:a4:0f:ff:03:
         a9:05:48:91:cb:c9:9d:0b:50:54:5e:2d:be:7d:35:0a:62:38:
         96:7b:d7:f3:00:6e:4f:2b:be:49:d6:e1:95:d0:f2:ff:a2:24:
         5e:19:80:1d:8f:ab:cd:ec:08:29:98:e3:f3:15:50:3e:19:84:
         a1:03:32:7b:63:da:20:d1:13:4e:86:80:a6:8c:ef:8a:e4:48:
         a3:cd:d3:0b:bc:6c:27:14:8c:5a:c6:bc:9c:d0:79:0e:91:bc:
         28:0b:6a:a9:d8:32:75:38:ae:c0:53:ee:73:b7:fe:3c:a8:27:
         04:5e:43:67:c2:fd:03:6f:75:79:6b:b9:9d:a7:de:29:39:57:
         3c:fe:7d:9f:38:0d:a4:b8:a5:fd:1b:86:5b:4e:8f:af:f3:94:
         0b:5f:5f:e0:09:4d:e8:80:56:ac:18:d7:fa:de:ee:69:8c:b9:
         12:9e:f3:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2spWCdK4s+GrLi1HHO+UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0Yzg2YzliMzVkNzgyMTE2YjJjZDg1ODNhMjdjZWI0MDNi
OGY2MWEwHhcNMjQwMTAxMDIyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjI0ZTcwYWUyMjA1YmYyOGNmMjAwNmJiNzIzZDlmOTY0OTVkMDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjivgXdM8XY5o7YtBkTzcNmZJARiM
8/l0DEN0KBNBiPgEfSxQ8c9mJPWFSWuTY0E5oT6BQrVh1keZGtrzk5FBsY4NdFeT
1we4MalosEKu1KRWMfCTY1PQjM7KAOc+ODxk3YaobtQCbdVM/S52nJp2iRfAQzm2
It+FDzx9tyDb8eXmVP+7VOKxKEdSsZZ0ftjKxOHM18hxr31s/cutaQbIZEsX0d6w
UI/2iE2TrcR2YW+az8EDMxPdguW/ucdDPyodeUJzGUUDCIbj+RPjuCSu7lYCvT7z
mreViDAQVritfFY48rJVz3zcuk9/u+ALrrNv6ddQXlEfeQS+qkSJZJbc0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGsk5wriIFvyjPIAa7cj2flkldB9MB8GA1UdIwQY
MBaAFJTIbJs114IRayzYWDonzrQDuPYaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbE1oc216WFhnaEZyTE5oWU9pZk90QU80OWhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9mZGQ2ODgtM2UyMy00NmY0LWEwNzMt
MzViMGM5NjUyNGZhLzEvYXlUbkN1SWdXX0tNOGdCcnR5UFotV1NWMEgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9mZGQ2ODgtM2UyMy00NmY0LWEwNzMtMzViMGM5NjUyNGZh
LzEvbE1oc216WFhnaEZyTE5oWU9pZk90QU80OWhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFvPcAMA0G
CSqGSIb3DQEBCwUAA4IBAQA5Fd3gflsx3c1Y2aAHBAoTUjOdGQuLSfURpTpwycrr
OB4embuKYnyOho2d7NrbQ/fQQcK6SiIy2gYisSGxn0gWP3kE/N/Ne39G+QDumNPO
pfgK5cEB3KQP/wOpBUiRy8mdC1BUXi2+fTUKYjiWe9fzAG5PK75J1uGV0PL/oiRe
GYAdj6vN7AgpmOPzFVA+GYShAzJ7Y9og0RNOhoCmjO+K5EijzdMLvGwnFIxaxryc
0HkOkbwoC2qp2DJ1OK7AU+5zt/48qCcEXkNnwv0Db3V5a7mdp94pOVc8/n2fOA2k
uKX9G4ZbTo+v85QLX1/gCU3ogFasGNf63u5pjLkSnvNV
-----END CERTIFICATE-----