Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/d0d2fd-aa90-4207-9104-3ef02d5140b7/1/_DPipThGD68CVoCdFKNVgyd2hHY.roa
File:                     _DPipThGD68CVoCdFKNVgyd2hHY.roa (raw, json)
Hash identifier:          DFzQUVd04qWuJY4SAnr4S+BYxqIAS2Vfoq8U3RuKXcc=
Subject key identifier:   FC:33:E2:A5:38:46:0F:AF:02:56:80:9D:14:A3:55:83:27:76:84:76
Certificate issuer:       /CN=9d066cb8488dae7e4234aa7c892430dad11fe5b1
Certificate serial:       018CC26D1BA74A27A9AC6A12986C9762CE6A
Authority key identifier: 9D:06:6C:B8:48:8D:AE:7E:42:34:AA:7C:89:24:30:DA:D1:1F:E5:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nQZsuEiNrn5CNKp8iSQw2tEf5bE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/d0d2fd-aa90-4207-9104-3ef02d5140b7/1/_DPipThGD68CVoCdFKNVgyd2hHY.roa
Signing time:             Mon 01 Jan 2024 00:29:39 +0000
ROA not before:           Mon 01 Jan 2024 00:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9132
IP address blocks:        212.110.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/d0d2fd-aa90-4207-9104-3ef02d5140b7/1/nQZsuEiNrn5CNKp8iSQw2tEf5bE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/d0d2fd-aa90-4207-9104-3ef02d5140b7/1/nQZsuEiNrn5CNKp8iSQw2tEf5bE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nQZsuEiNrn5CNKp8iSQw2tEf5bE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 18:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:1b:a7:4a:27:a9:ac:6a:12:98:6c:97:62:ce:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d066cb8488dae7e4234aa7c892430dad11fe5b1
        Validity
            Not Before: Jan  1 00:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc33e2a538460faf0256809d14a3558327768476
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:0d:4a:86:ab:7f:60:93:4f:7b:93:f9:b1:ad:
                    8f:ce:88:5b:8d:54:96:40:ca:0b:e3:5e:de:02:51:
                    41:9d:62:8e:28:66:95:54:56:e7:d7:c9:29:8d:f1:
                    26:dc:93:ed:7a:48:15:b9:d5:b2:f0:4f:c9:af:e9:
                    4f:4b:7f:3b:55:e7:1c:d5:41:eb:f8:d9:a2:4b:c5:
                    46:cd:32:f9:24:5a:e2:41:23:28:b9:ac:2a:0f:44:
                    d6:e9:a0:55:58:6b:c3:6c:b2:aa:83:98:61:33:2e:
                    2c:01:0d:90:e5:82:57:08:66:8f:d2:fd:b4:f9:12:
                    62:78:34:62:56:18:80:82:4f:e3:d0:ca:63:72:d6:
                    28:76:c0:c6:c1:a2:12:10:04:4b:6a:3b:74:d5:b8:
                    76:71:5f:a6:b7:a6:eb:c8:35:d3:9f:28:3f:50:6c:
                    24:aa:75:a6:e2:04:e5:a1:00:ca:86:b7:d8:2d:6f:
                    fc:48:48:cb:de:19:2d:94:2e:34:55:b3:a2:3c:8b:
                    97:49:ce:fa:0c:36:e6:a1:c6:20:36:d0:a7:ae:d4:
                    fe:a6:81:dd:ee:77:06:ed:22:0f:14:b5:1a:0e:90:
                    8c:3c:ec:d3:d1:c1:43:0c:12:a6:83:af:98:0f:36:
                    16:de:3a:a5:00:2a:a0:15:42:77:a0:ea:47:64:b3:
                    f5:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:33:E2:A5:38:46:0F:AF:02:56:80:9D:14:A3:55:83:27:76:84:76
            X509v3 Authority Key Identifier:
                keyid:9D:06:6C:B8:48:8D:AE:7E:42:34:AA:7C:89:24:30:DA:D1:1F:E5:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nQZsuEiNrn5CNKp8iSQw2tEf5bE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/d0d2fd-aa90-4207-9104-3ef02d5140b7/1/_DPipThGD68CVoCdFKNVgyd2hHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/d0d2fd-aa90-4207-9104-3ef02d5140b7/1/nQZsuEiNrn5CNKp8iSQw2tEf5bE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.110.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:49:2f:f3:10:95:a9:22:36:f6:ba:89:5c:ac:25:b6:26:dc:
         26:be:e4:a5:ba:4c:0d:0c:f2:06:63:2c:8c:03:15:64:cc:b0:
         3c:b2:72:2a:c5:33:a0:c3:a9:c1:c6:3c:fc:02:19:13:c7:e5:
         d5:4b:6e:2f:7d:16:d1:0d:9e:e1:6e:36:98:76:8c:d1:0a:86:
         e2:35:55:76:9a:b1:24:00:cf:b7:9c:a3:e8:77:21:f9:fe:c5:
         67:fc:64:0e:39:07:cf:24:5f:41:92:da:90:26:2b:d7:b0:02:
         0a:f4:19:00:ca:ae:7a:19:46:9a:13:e6:6e:6b:1b:e8:59:8b:
         34:ff:9a:da:d3:64:32:54:42:6b:cd:a6:e4:8f:7e:c8:27:bd:
         fa:21:f6:85:22:ea:c6:13:3d:8a:26:38:bb:43:aa:6c:10:8c:
         a0:fe:0e:be:51:aa:82:a3:32:32:ae:fd:8b:ec:17:87:5d:1f:
         a8:88:92:4e:b6:63:52:ac:27:9c:a5:45:79:ad:84:16:94:93:
         2b:1a:ed:a6:f7:d5:69:fd:21:a0:aa:a7:52:50:d5:ec:63:d2:
         c4:60:ad:d2:d8:d0:77:bb:ea:bf:ba:9c:ad:50:b1:3c:86:7c:
         be:ea:ad:12:98:04:37:ab:0e:56:76:d1:f7:f5:de:55:20:70:
         4f:79:96:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbRunSieprGoSmGyXYs5qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMDY2Y2I4NDg4ZGFlN2U0MjM0YWE3Yzg5MjQzMGRhZDEx
ZmU1YjEwHhcNMjQwMTAxMDAyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzMzZTJhNTM4NDYwZmFmMDI1NjgwOWQxNGEzNTU4MzI3NzY4NDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAog1Khqt/YJNPe5P5sa2PzohbjVSW
QMoL417eAlFBnWKOKGaVVFbn18kpjfEm3JPtekgVudWy8E/Jr+lPS387Vecc1UHr
+NmiS8VGzTL5JFriQSMouawqD0TW6aBVWGvDbLKqg5hhMy4sAQ2Q5YJXCGaP0v20
+RJieDRiVhiAgk/j0MpjctYodsDGwaISEARLajt01bh2cV+mt6bryDXTnyg/UGwk
qnWm4gTloQDKhrfYLW/8SEjL3hktlC40VbOiPIuXSc76DDbmocYgNtCnrtT+poHd
7ncG7SIPFLUaDpCMPOzT0cFDDBKmg6+YDzYW3jqlACqgFUJ3oOpHZLP14wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPwz4qU4Rg+vAlaAnRSjVYMndoR2MB8GA1UdIwQY
MBaAFJ0GbLhIja5+QjSqfIkkMNrRH+WxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblFac3VFaU5ybjVDTktwOGlTUXcydEVmNWJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9kMGQyZmQtYWE5MC00MjA3LTkxMDQt
M2VmMDJkNTE0MGI3LzEvX0RQaXBUaEdENjhDVm9DZEZLTlZneWQyaEhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9kMGQyZmQtYWE5MC00MjA3LTkxMDQtM2VmMDJkNTE0MGI3
LzEvblFac3VFaU5ybjVDTktwOGlTUXcydEVmNWJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1G7BMA0G
CSqGSIb3DQEBCwUAA4IBAQA/SS/zEJWpIjb2uolcrCW2JtwmvuSlukwNDPIGYyyM
AxVkzLA8snIqxTOgw6nBxjz8AhkTx+XVS24vfRbRDZ7hbjaYdozRCobiNVV2mrEk
AM+3nKPodyH5/sVn/GQOOQfPJF9BktqQJivXsAIK9BkAyq56GUaaE+ZuaxvoWYs0
/5ra02QyVEJrzabkj37IJ736IfaFIurGEz2KJji7Q6psEIyg/g6+UaqCozIyrv2L
7BeHXR+oiJJOtmNSrCecpUV5rYQWlJMrGu2m99Vp/SGgqqdSUNXsY9LEYK3S2NB3
u+q/upytULE8hny+6q0SmAQ3qw5WdtH39d5VIHBPeZYa
-----END CERTIFICATE-----