Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/Dw9nZLgDSRnwAM3fiw4oKjbFDMA.roa
File:                     Dw9nZLgDSRnwAM3fiw4oKjbFDMA.roa (raw, json)
Hash identifier:          PvgXT8Vy0+YHV9O5My1PoXUwdE6EN0JTqT0aFZh5Qak=
Subject key identifier:   0F:0F:67:64:B8:03:49:19:F0:00:CD:DF:8B:0E:28:2A:36:C5:0C:C0
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       018DC775C37FFFEA6FF1D261403F2CC199C4
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/Dw9nZLgDSRnwAM3fiw4oKjbFDMA.roa
Signing time:             Tue 20 Feb 2024 17:00:00 +0000
ROA not before:           Tue 20 Feb 2024 17:00:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49295
IP address blocks:        85.122.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 02:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c7:75:c3:7f:ff:ea:6f:f1:d2:61:40:3f:2c:c1:99:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Feb 20 17:00:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f0f6764b8034919f000cddf8b0e282a36c50cc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:ce:d5:01:d2:e4:16:6e:3c:2d:3d:b0:24:a1:
                    a6:6b:67:27:eb:86:51:3d:48:d6:65:96:43:52:3d:
                    f6:95:55:4a:b5:42:e9:57:04:ac:8c:a7:69:3f:70:
                    21:dd:9a:1f:b2:65:36:26:78:f3:7d:c0:86:e4:ba:
                    ae:5e:98:3d:07:eb:9e:ea:00:0c:80:d9:d2:53:f4:
                    23:0f:5d:9d:c1:5b:01:17:3f:f9:95:80:18:05:51:
                    a9:13:7d:63:f7:5b:45:63:2f:22:b4:4a:ec:55:dd:
                    2c:9d:48:43:d1:82:b6:ef:61:f0:be:83:a7:56:e1:
                    06:9f:52:55:b7:7b:d3:c9:01:6b:96:58:3a:ea:77:
                    22:6b:6c:42:44:0e:02:6e:b8:2c:61:5e:93:61:d6:
                    3c:45:75:84:2c:a8:7e:35:09:9d:d6:8f:9a:87:6e:
                    1b:6a:b7:e6:7d:a0:23:92:f7:3a:f6:04:83:7a:6d:
                    e3:ca:b4:39:f5:88:b4:21:f1:b5:09:8c:26:53:ca:
                    95:e9:5e:69:5c:15:7b:b5:17:42:ee:14:73:1a:36:
                    b6:7e:25:2e:05:84:40:ee:26:8b:6d:d9:76:8c:d7:
                    3f:3a:0f:97:73:a5:09:90:7e:c7:d6:19:da:24:6f:
                    f1:64:38:de:e1:6c:94:50:83:d5:99:3d:5a:09:3c:
                    23:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:0F:67:64:B8:03:49:19:F0:00:CD:DF:8B:0E:28:2A:36:C5:0C:C0
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/Dw9nZLgDSRnwAM3fiw4oKjbFDMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.122.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:39:d1:a0:c9:08:c0:e6:1f:ac:87:bc:dd:4d:9d:4c:3a:dc:
         06:4f:ad:c7:39:f6:fe:20:e5:77:66:13:48:e7:c9:08:6b:f0:
         02:7a:ed:5b:64:66:a1:b2:77:7e:c2:3b:8d:3b:23:35:4d:ee:
         fe:93:dd:37:c1:94:a2:9a:16:ab:28:eb:dd:a5:fe:d5:e3:7d:
         46:0d:42:39:ab:c5:9a:ae:dd:fe:04:91:66:64:ad:fc:6c:09:
         5e:a6:37:6a:d9:16:eb:8a:24:a9:b4:4b:93:01:f3:68:56:0d:
         6c:f1:24:cf:bd:be:90:96:15:cb:ab:38:54:30:05:64:6b:30:
         9c:0b:e8:4f:21:42:2d:e4:ad:e7:e2:a8:59:18:25:7f:f8:77:
         52:cb:6b:53:2e:66:ce:f4:c1:61:0e:ba:e1:72:45:ea:0b:fa:
         0d:b6:41:9d:06:19:9b:95:03:1d:f0:f2:40:55:f1:16:f9:a7:
         6d:45:33:60:51:4a:5d:18:66:5a:8b:fe:ee:7c:a7:91:00:d7:
         e1:76:86:2b:83:25:ea:99:bb:21:47:86:b5:62:34:5d:b1:69:
         e6:1a:4e:b6:bb:bf:bc:57:c0:65:16:e6:4f:26:e5:fb:20:85:
         27:c8:8b:c8:f8:76:12:fe:17:4e:3a:0c:c2:94:08:ce:68:47:
         c7:b5:6b:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3HdcN//+pv8dJhQD8swZnEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQwMjIwMTcwMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjBmNjc2NGI4MDM0OTE5ZjAwMGNkZGY4YjBlMjgyYTM2YzUwY2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAys7VAdLkFm48LT2wJKGma2cn64ZR
PUjWZZZDUj32lVVKtULpVwSsjKdpP3Ah3ZofsmU2JnjzfcCG5LquXpg9B+ue6gAM
gNnSU/QjD12dwVsBFz/5lYAYBVGpE31j91tFYy8itErsVd0snUhD0YK272HwvoOn
VuEGn1JVt3vTyQFrllg66ncia2xCRA4CbrgsYV6TYdY8RXWELKh+NQmd1o+ah24b
arfmfaAjkvc69gSDem3jyrQ59Yi0IfG1CYwmU8qV6V5pXBV7tRdC7hRzGja2fiUu
BYRA7iaLbdl2jNc/Og+Xc6UJkH7H1hnaJG/xZDje4WyUUIPVmT1aCTwjswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA8PZ2S4A0kZ8ADN34sOKCo2xQzAMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvRHc5blpMZ0RTUm53QU0zZml3NG9LamJGRE1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVXpzMA0G
CSqGSIb3DQEBCwUAA4IBAQCuOdGgyQjA5h+sh7zdTZ1MOtwGT63HOfb+IOV3ZhNI
58kIa/ACeu1bZGahsnd+wjuNOyM1Te7+k903wZSimharKOvdpf7V431GDUI5q8Wa
rt3+BJFmZK38bAlepjdq2RbriiSptEuTAfNoVg1s8STPvb6QlhXLqzhUMAVkazCc
C+hPIUIt5K3n4qhZGCV/+HdSy2tTLmbO9MFhDrrhckXqC/oNtkGdBhmblQMd8PJA
VfEW+adtRTNgUUpdGGZai/7ufKeRANfhdoYrgyXqmbshR4a1YjRdsWnmGk62u7+8
V8BlFuZPJuX7IIUnyIvI+HYS/hdOOgzClAjOaEfHtWvO
-----END CERTIFICATE-----