Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/oEuFWyc9utN__hAQfKKQnbh1-nk.roa
File:                     oEuFWyc9utN__hAQfKKQnbh1-nk.roa (raw, json)
Hash identifier:          H1ZiY2VIaifJOSqnnawVWcWD7V4d9XfIQL8UJFVekzo=
Subject key identifier:   A0:4B:85:5B:27:3D:BA:D3:7F:FE:10:10:7C:A2:90:9D:B8:75:FA:79
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       01928684F12093EFAFEA66EED93A3760CA9E
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/oEuFWyc9utN__hAQfKKQnbh1-nk.roa
Signing time:             Sun 13 Oct 2024 15:35:12 +0000
ROA not before:           Sun 13 Oct 2024 15:35:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42831
IP address blocks:        147.185.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:86:84:f1:20:93:ef:af:ea:66:ee:d9:3a:37:60:ca:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Oct 13 15:35:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a04b855b273dbad37ffe10107ca2909db875fa79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:85:fc:be:c3:68:82:30:92:66:e2:8f:0d:64:
                    5c:b9:d0:1c:2b:1f:40:db:4c:b3:a9:00:ee:52:fc:
                    aa:23:59:d7:02:56:1e:38:7c:b0:0b:09:a7:da:87:
                    cf:3d:2a:ab:ab:f7:3a:d3:6b:8a:e2:a8:b7:89:24:
                    de:d5:77:7b:c7:80:c4:0f:d5:de:3c:99:78:fe:18:
                    c4:af:0c:9f:9a:47:0e:4c:76:10:da:f1:1a:ba:e0:
                    35:d4:2f:03:db:60:82:b6:91:4f:4d:e1:59:40:7d:
                    4f:7e:ff:9e:0a:88:75:11:34:0b:bd:9b:2b:a1:34:
                    57:ad:97:71:de:45:bb:cd:e3:ba:9a:73:90:7f:33:
                    dd:75:14:f2:e9:3d:a8:1a:11:a2:49:d9:5c:2a:12:
                    68:d4:8f:01:5a:4d:27:0f:b7:ba:6c:73:a3:58:67:
                    3d:6b:b8:d2:2c:a5:76:14:f8:43:f3:3c:9d:42:fc:
                    94:0a:98:e0:63:e9:c9:95:a3:ea:1e:7a:c4:87:c5:
                    b6:62:99:53:8f:52:23:9b:74:47:80:d6:fd:ef:9b:
                    b7:a5:e3:4f:35:23:58:c6:3e:c5:18:7f:cb:0c:ea:
                    79:73:6a:9d:49:f6:50:02:4f:11:dc:af:7b:33:33:
                    5b:f3:dd:3c:1d:76:18:b1:ea:69:b6:28:69:6c:a9:
                    aa:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:4B:85:5B:27:3D:BA:D3:7F:FE:10:10:7C:A2:90:9D:B8:75:FA:79
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/oEuFWyc9utN__hAQfKKQnbh1-nk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.185.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:d1:e6:ca:22:9d:2c:d1:6d:f0:43:2a:e2:a1:74:72:fc:f0:
         be:46:9a:0f:f4:2e:81:49:f1:47:9f:50:32:c1:aa:d3:9b:d9:
         eb:f4:7e:bd:00:18:45:88:79:90:22:5b:63:dd:d6:7f:21:6b:
         29:5a:5d:49:42:25:02:9d:b0:8d:80:bc:f1:9f:99:68:b4:7f:
         9d:f6:40:b6:4e:91:44:73:95:98:33:29:0b:e7:70:39:56:c1:
         78:33:32:09:fa:f8:a3:0d:60:b5:06:82:19:67:0e:98:f1:bb:
         80:e2:58:f6:90:d5:b8:c3:a4:6e:27:8f:f0:24:06:d6:99:ab:
         74:51:7d:c3:7f:c7:bf:a9:46:95:4e:c8:03:fa:d7:fc:74:80:
         a3:6c:6c:cf:95:c4:fc:cf:5e:58:4c:cc:22:5d:2e:cb:e3:71:
         d4:42:ad:0c:3a:e7:e1:84:df:a7:7f:8a:f4:61:d2:61:99:7c:
         34:a1:f5:fa:05:06:a8:ed:46:c8:57:92:a1:c2:9e:71:7e:57:
         68:e3:fd:1b:0d:b5:ab:b7:70:aa:12:e0:2a:3d:96:6f:8d:01:
         bf:a1:26:6f:bd:c6:a2:c2:55:cb:54:21:74:1d:ab:e2:e2:43:
         73:98:ed:41:72:0f:20:c5:ad:33:c5:af:8f:82:88:f6:1a:b2:
         97:f7:b4:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKGhPEgk++v6mbu2To3YMqeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjQxMDEzMTUzNTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDRiODU1YjI3M2RiYWQzN2ZmZTEwMTA3Y2EyOTA5ZGI4NzVmYTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlIX8vsNogjCSZuKPDWRcudAcKx9A
20yzqQDuUvyqI1nXAlYeOHywCwmn2ofPPSqrq/c602uK4qi3iSTe1Xd7x4DED9Xe
PJl4/hjErwyfmkcOTHYQ2vEauuA11C8D22CCtpFPTeFZQH1Pfv+eCoh1ETQLvZsr
oTRXrZdx3kW7zeO6mnOQfzPddRTy6T2oGhGiSdlcKhJo1I8BWk0nD7e6bHOjWGc9
a7jSLKV2FPhD8zydQvyUCpjgY+nJlaPqHnrEh8W2YplTj1Ijm3RHgNb975u3peNP
NSNYxj7FGH/LDOp5c2qdSfZQAk8R3K97MzNb8908HXYYsepptihpbKmqVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKBLhVsnPbrTf/4QEHyikJ24dfp5MB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvb0V1Rld5Yzl1dE5fX2hBUWZLS1FuYmgxLW5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk7nFMA0G
CSqGSIb3DQEBCwUAA4IBAQA40ebKIp0s0W3wQyrioXRy/PC+RpoP9C6BSfFHn1Ay
warTm9nr9H69ABhFiHmQIltj3dZ/IWspWl1JQiUCnbCNgLzxn5lotH+d9kC2TpFE
c5WYMykL53A5VsF4MzIJ+vijDWC1BoIZZw6Y8buA4lj2kNW4w6RuJ4/wJAbWmat0
UX3Df8e/qUaVTsgD+tf8dICjbGzPlcT8z15YTMwiXS7L43HUQq0MOufhhN+nf4r0
YdJhmXw0ofX6BQao7UbIV5Khwp5xfldo4/0bDbWrt3CqEuAqPZZvjQG/oSZvvcai
wlXLVCF0Havi4kNzmO1Bcg8gxa0zxa+Pgoj2GrKX97Tj
-----END CERTIFICATE-----