Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/fe05b4-0873-4f1f-ba1f-7e9c0b02248e/1/Oz25DazZQsq9CPeeM4iXZDWNf2o.roa
File:                     Oz25DazZQsq9CPeeM4iXZDWNf2o.roa (raw, json)
Hash identifier:          1ffQwGjByK1loJiZP+fH4xcEqUBk73fZ8Cbhg8qUMTQ=
Subject key identifier:   3B:3D:B9:0D:AC:D9:42:CA:BD:08:F7:9E:33:88:97:64:35:8D:7F:6A
Certificate issuer:       /CN=011bf02928cccb516b719fe558884842f19c0877
Certificate serial:       018CC6B7DC54611A998C84ED5EA52F815AAE
Authority key identifier: 01:1B:F0:29:28:CC:CB:51:6B:71:9F:E5:58:88:48:42:F1:9C:08:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ARvwKSjMy1FrcZ_lWIhIQvGcCHc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/fe05b4-0873-4f1f-ba1f-7e9c0b02248e/1/Oz25DazZQsq9CPeeM4iXZDWNf2o.roa
Signing time:             Mon 01 Jan 2024 20:29:47 +0000
ROA not before:           Mon 01 Jan 2024 20:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        194.33.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/fe05b4-0873-4f1f-ba1f-7e9c0b02248e/1/ARvwKSjMy1FrcZ_lWIhIQvGcCHc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/fe05b4-0873-4f1f-ba1f-7e9c0b02248e/1/ARvwKSjMy1FrcZ_lWIhIQvGcCHc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ARvwKSjMy1FrcZ_lWIhIQvGcCHc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:dc:54:61:1a:99:8c:84:ed:5e:a5:2f:81:5a:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=011bf02928cccb516b719fe558884842f19c0877
        Validity
            Not Before: Jan  1 20:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b3db90dacd942cabd08f79e33889764358d7f6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:a1:8d:20:75:d8:9f:db:10:30:f1:60:e9:5e:
                    29:6e:85:8b:a0:11:e9:13:0d:d6:58:bd:74:79:e3:
                    c2:ac:3b:22:5c:2d:47:8c:0e:ea:40:87:3c:1c:b8:
                    81:f2:5b:46:ca:e2:38:d6:a0:05:3b:d4:94:c8:a9:
                    22:d9:41:5a:d5:6e:97:a0:cf:f5:5d:20:f6:8e:cf:
                    fa:f1:22:01:b4:44:52:60:da:c1:58:81:20:db:e6:
                    e4:d2:8c:1d:66:67:37:7c:53:d6:5e:63:de:2e:c5:
                    86:1b:82:92:b2:ba:ee:5f:5f:82:c8:2d:e3:cc:3c:
                    84:14:f2:c8:7b:1a:8b:a8:9b:0e:b2:3a:56:92:73:
                    13:c7:83:f2:ca:69:a7:c3:0f:60:9b:cc:55:bb:f9:
                    47:b0:cc:df:a4:90:a6:a3:dc:39:94:5b:27:01:52:
                    40:ab:c0:b7:ea:fb:79:ed:0d:c9:25:69:a6:38:38:
                    a7:bd:1b:46:bc:9d:8e:8a:1e:1b:fa:8b:f6:f2:87:
                    94:d2:a2:d7:6a:d3:10:17:e2:04:9b:09:7b:c1:d4:
                    98:96:5b:2f:9d:75:20:d7:34:e5:9b:60:0b:cd:2b:
                    aa:aa:aa:e3:2c:02:7d:36:06:61:11:db:f5:38:05:
                    f1:f2:92:55:57:02:cb:34:8c:8e:d8:d9:57:37:8c:
                    62:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:3D:B9:0D:AC:D9:42:CA:BD:08:F7:9E:33:88:97:64:35:8D:7F:6A
            X509v3 Authority Key Identifier:
                keyid:01:1B:F0:29:28:CC:CB:51:6B:71:9F:E5:58:88:48:42:F1:9C:08:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ARvwKSjMy1FrcZ_lWIhIQvGcCHc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/fe05b4-0873-4f1f-ba1f-7e9c0b02248e/1/Oz25DazZQsq9CPeeM4iXZDWNf2o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/fe05b4-0873-4f1f-ba1f-7e9c0b02248e/1/ARvwKSjMy1FrcZ_lWIhIQvGcCHc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.33.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:04:7c:bc:8c:68:d1:65:42:b3:98:b3:6b:14:ba:c2:d6:e0:
         8d:e9:f9:d1:0f:4c:e6:71:86:12:ff:27:3c:5b:7a:7a:1e:2e:
         eb:cd:7e:01:2f:67:12:70:56:af:57:32:2c:23:06:69:d1:be:
         a7:4d:1c:74:ca:21:1b:8f:6c:60:ce:50:98:17:21:26:28:0e:
         3e:04:dd:f2:d3:a4:38:a0:57:3a:59:30:8b:48:c5:34:f6:cc:
         31:8f:99:b4:cd:a7:f9:39:12:08:0a:00:1c:97:79:b9:c3:8f:
         7d:78:95:9e:76:fd:2c:f9:53:71:a0:ce:ed:e9:b4:ca:dc:24:
         d2:c8:1e:a5:37:6b:92:3c:ea:94:9d:ac:ef:ed:7c:ee:7b:6a:
         57:03:33:df:67:fa:35:a9:ac:be:d4:5b:ed:d7:63:65:3c:d1:
         5b:cc:45:45:9b:95:5f:da:1d:ff:68:38:24:6c:d0:87:e3:a2:
         5e:c7:f2:2c:7c:d9:bc:85:e2:f5:6b:dc:98:8f:bb:d0:6f:9d:
         64:58:02:a9:83:70:49:3e:ba:1b:c9:2e:b0:e4:33:e9:93:2a:
         78:ac:94:c1:e0:00:96:87:1f:70:b1:45:ac:27:df:2c:87:98:
         b8:74:d7:18:ef:1b:2e:41:71:67:11:62:56:dc:38:d5:4a:50:
         e7:39:5c:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt9xUYRqZjITtXqUvgVquMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxMWJmMDI5MjhjY2NiNTE2YjcxOWZlNTU4ODg0ODQyZjE5
YzA4NzcwHhcNMjQwMTAxMjAyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjNkYjkwZGFjZDk0MmNhYmQwOGY3OWUzMzg4OTc2NDM1OGQ3ZjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiqGNIHXYn9sQMPFg6V4pboWLoBHp
Ew3WWL10eePCrDsiXC1HjA7qQIc8HLiB8ltGyuI41qAFO9SUyKki2UFa1W6XoM/1
XSD2js/68SIBtERSYNrBWIEg2+bk0owdZmc3fFPWXmPeLsWGG4KSsrruX1+CyC3j
zDyEFPLIexqLqJsOsjpWknMTx4Pyymmnww9gm8xVu/lHsMzfpJCmo9w5lFsnAVJA
q8C36vt57Q3JJWmmODinvRtGvJ2Oih4b+ov28oeU0qLXatMQF+IEmwl7wdSYllsv
nXUg1zTlm2ALzSuqqqrjLAJ9NgZhEdv1OAXx8pJVVwLLNIyO2NlXN4xigwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDs9uQ2s2ULKvQj3njOIl2Q1jX9qMB8GA1UdIwQY
MBaAFAEb8CkozMtRa3Gf5ViISELxnAh3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVJ2d0tTak15MUZyY1pfbFdJaElRdkdjQ0hjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9mZTA1YjQtMDg3My00ZjFmLWJhMWYt
N2U5YzBiMDIyNDhlLzEvT3oyNURhelpRc3E5Q1BlZU00aVhaRFdOZjJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9mZTA1YjQtMDg3My00ZjFmLWJhMWYtN2U5YzBiMDIyNDhl
LzEvQVJ2d0tTak15MUZyY1pfbFdJaElRdkdjQ0hjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiG3MA0G
CSqGSIb3DQEBCwUAA4IBAQBwBHy8jGjRZUKzmLNrFLrC1uCN6fnRD0zmcYYS/yc8
W3p6Hi7rzX4BL2cScFavVzIsIwZp0b6nTRx0yiEbj2xgzlCYFyEmKA4+BN3y06Q4
oFc6WTCLSMU09swxj5m0zaf5ORIICgAcl3m5w499eJWedv0s+VNxoM7t6bTK3CTS
yB6lN2uSPOqUnazv7Xzue2pXAzPfZ/o1qay+1Fvt12NlPNFbzEVFm5Vf2h3/aDgk
bNCH46Jex/IsfNm8heL1a9yYj7vQb51kWAKpg3BJProbyS6w5DPpkyp4rJTB4ACW
hx9wsUWsJ98sh5i4dNcY7xsuQXFnEWJW3DjVSlDnOVzU
-----END CERTIFICATE-----