Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/618399-c53b-4cf2-930e-63eebe0325ec/1/oC7_5K2Z4vcAWOQX3WS4XLRh25Y.roa
File:                     oC7_5K2Z4vcAWOQX3WS4XLRh25Y.roa (raw, json)
Hash identifier:          O5pvkwX25y34Ve06sYUhlf6krcERM4Pfr7OAXs8XzNM=
Subject key identifier:   A0:2E:FF:E4:AD:99:E2:F7:00:58:E4:17:DD:64:B8:5C:B4:61:DB:96
Certificate issuer:       /CN=19fb56adc9071d5e9fda2b669438b92bf863e58f
Certificate serial:       018CC56EF7D9776C4252EA529C4D201B035D
Authority key identifier: 19:FB:56:AD:C9:07:1D:5E:9F:DA:2B:66:94:38:B9:2B:F8:63:E5:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GftWrckHHV6f2itmlDi5K_hj5Y8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/618399-c53b-4cf2-930e-63eebe0325ec/1/oC7_5K2Z4vcAWOQX3WS4XLRh25Y.roa
Signing time:             Mon 01 Jan 2024 14:30:33 +0000
ROA not before:           Mon 01 Jan 2024 14:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21083
IP address blocks:        194.8.57.0/24 maxlen: 24
                          2001:67c:14d::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/618399-c53b-4cf2-930e-63eebe0325ec/1/GftWrckHHV6f2itmlDi5K_hj5Y8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/618399-c53b-4cf2-930e-63eebe0325ec/1/GftWrckHHV6f2itmlDi5K_hj5Y8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GftWrckHHV6f2itmlDi5K_hj5Y8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:f7:d9:77:6c:42:52:ea:52:9c:4d:20:1b:03:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19fb56adc9071d5e9fda2b669438b92bf863e58f
        Validity
            Not Before: Jan  1 14:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a02effe4ad99e2f70058e417dd64b85cb461db96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:84:42:59:88:25:16:d9:39:a5:0c:06:b3:21:
                    cc:c2:25:27:91:dc:17:2f:af:d1:e9:c8:e3:29:06:
                    a8:b7:49:1a:7b:a2:e3:06:aa:4f:65:dd:ec:2c:2a:
                    e1:78:dd:7b:76:a4:66:fb:54:33:a2:35:ef:b5:02:
                    1d:cd:1e:da:13:ea:76:31:d6:6b:5b:52:02:f0:77:
                    86:fa:21:dc:83:68:24:33:1e:1d:58:d2:8f:25:01:
                    36:30:05:af:24:7c:34:c2:4c:34:84:f1:ee:17:b2:
                    37:01:b0:65:39:6d:4d:19:69:65:17:ad:87:d0:e6:
                    58:e2:5d:d7:e0:de:d1:01:f8:bb:8e:38:da:6b:c1:
                    62:03:06:55:49:99:ce:94:d8:67:99:a2:17:29:14:
                    8b:3c:bc:a4:fe:4c:3e:9e:f5:c7:6f:69:b2:39:67:
                    8f:de:bd:0e:db:76:e6:71:f9:a5:58:b3:34:72:b7:
                    0c:09:99:77:81:9a:39:0e:3f:f1:ec:ca:b4:55:3e:
                    c7:4b:1d:d2:5e:33:17:67:e1:7c:96:0a:f9:67:6d:
                    38:67:fd:23:20:db:15:06:c9:77:c7:34:f5:68:b3:
                    30:c6:3a:b6:da:56:f9:d1:a1:63:56:6d:ce:16:e4:
                    67:3a:5d:aa:c1:25:d0:5a:25:f7:79:44:b4:3a:0e:
                    f6:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:2E:FF:E4:AD:99:E2:F7:00:58:E4:17:DD:64:B8:5C:B4:61:DB:96
            X509v3 Authority Key Identifier:
                keyid:19:FB:56:AD:C9:07:1D:5E:9F:DA:2B:66:94:38:B9:2B:F8:63:E5:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GftWrckHHV6f2itmlDi5K_hj5Y8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/618399-c53b-4cf2-930e-63eebe0325ec/1/oC7_5K2Z4vcAWOQX3WS4XLRh25Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/618399-c53b-4cf2-930e-63eebe0325ec/1/GftWrckHHV6f2itmlDi5K_hj5Y8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.8.57.0/24
                IPv6:
                  2001:67c:14d::/48

    Signature Algorithm: sha256WithRSAEncryption
         5d:7e:46:5b:55:e1:bc:31:d4:83:70:c3:4e:ba:0e:4a:8b:86:
         ad:c0:f4:3f:75:ef:9c:9f:e7:7d:c1:77:bf:e5:2d:04:10:e1:
         c3:e0:e2:68:16:81:00:d0:0e:3e:22:42:07:cc:e4:47:da:f1:
         65:89:93:6b:33:24:13:54:fb:0b:16:7d:39:b9:4d:dd:45:07:
         58:f4:e4:ba:08:f2:6e:a9:c0:19:68:8a:ab:a2:43:c1:41:14:
         ea:7d:d8:af:f6:da:b9:4e:f1:c1:02:be:e7:96:d3:01:65:ef:
         ea:a3:df:23:bf:39:19:6f:a1:22:3b:d5:9e:a8:f3:56:d7:a2:
         25:e5:3d:c7:dd:c3:fd:19:a0:38:c3:f1:45:f6:44:4a:92:c1:
         fd:10:4b:8a:86:21:90:42:cd:4f:e1:0c:a2:3d:e9:25:36:52:
         96:3c:60:3c:76:c1:04:2f:13:21:d4:d6:91:a2:f7:b8:2f:54:
         b4:8a:ef:01:8c:87:12:9e:18:98:ae:e1:58:ad:6c:4e:bf:77:
         74:14:ec:7d:5e:65:fe:90:c1:9a:21:fc:fe:6d:ac:a2:8c:55:
         a0:d0:6e:c0:a2:d5:2f:dc:1d:07:54:01:d7:b6:c1:8e:bf:99:
         6f:5f:27:a6:1f:10:e5:5a:42:ec:9c:2d:a8:55:74:9a:83:af:
         8d:97:a8:83
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzFbvfZd2xCUupSnE0gGwNdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5ZmI1NmFkYzkwNzFkNWU5ZmRhMmI2Njk0MzhiOTJiZjg2
M2U1OGYwHhcNMjQwMTAxMTQzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDJlZmZlNGFkOTllMmY3MDA1OGU0MTdkZDY0Yjg1Y2I0NjFkYjk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4RCWYglFtk5pQwGsyHMwiUnkdwX
L6/R6cjjKQaot0kae6LjBqpPZd3sLCrheN17dqRm+1QzojXvtQIdzR7aE+p2MdZr
W1IC8HeG+iHcg2gkMx4dWNKPJQE2MAWvJHw0wkw0hPHuF7I3AbBlOW1NGWllF62H
0OZY4l3X4N7RAfi7jjjaa8FiAwZVSZnOlNhnmaIXKRSLPLyk/kw+nvXHb2myOWeP
3r0O23bmcfmlWLM0crcMCZl3gZo5Dj/x7Mq0VT7HSx3SXjMXZ+F8lgr5Z204Z/0j
INsVBsl3xzT1aLMwxjq22lb50aFjVm3OFuRnOl2qwSXQWiX3eUS0Og72uQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKAu/+StmeL3AFjkF91kuFy0YduWMB8GA1UdIwQY
MBaAFBn7Vq3JBx1en9orZpQ4uSv4Y+WPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2Z0V3Jja0hIVjZmMml0bWxEaTVLX2hqNVk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS82MTgzOTktYzUzYi00Y2YyLTkzMGUt
NjNlZWJlMDMyNWVjLzEvb0M3XzVLMlo0dmNBV09RWDNXUzRYTFJoMjVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS82MTgzOTktYzUzYi00Y2YyLTkzMGUtNjNlZWJlMDMyNWVj
LzEvR2Z0V3Jja0hIVjZmMml0bWxEaTVLX2hqNVk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwgg5MA8E
AgACMAkDBwAgAQZ8AU0wDQYJKoZIhvcNAQELBQADggEBAF1+RltV4bwx1INww066
DkqLhq3A9D9175yf533Bd7/lLQQQ4cPg4mgWgQDQDj4iQgfM5Efa8WWJk2szJBNU
+wsWfTm5Td1FB1j05LoI8m6pwBloiquiQ8FBFOp92K/22rlO8cECvueW0wFl7+qj
3yO/ORlvoSI71Z6o81bXoiXlPcfdw/0ZoDjD8UX2REqSwf0QS4qGIZBCzU/hDKI9
6SU2UpY8YDx2wQQvEyHU1pGi97gvVLSK7wGMhxKeGJiu4VitbE6/d3QU7H1eZf6Q
wZoh/P5trKKMVaDQbsCi1S/cHQdUAde2wY6/mW9fJ6YfEOVaQuycLahVdJqDr42X
qIM=
-----END CERTIFICATE-----