Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/ofx0dnoPaJugTTIguRt0RP7FbhY.roa
File:                     ofx0dnoPaJugTTIguRt0RP7FbhY.roa (raw, json)
Hash identifier:          UqgzJQuzwcSwTZldihpaYlDw080p86E0f+H2udl5NVM=
Subject key identifier:   A1:FC:74:76:7A:0F:68:9B:A0:4D:32:20:B9:1B:74:44:FE:C5:6E:16
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018CC56DFB359D512CD27D65D629E976C56D
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/ofx0dnoPaJugTTIguRt0RP7FbhY.roa
Signing time:             Mon 01 Jan 2024 14:29:28 +0000
ROA not before:           Mon 01 Jan 2024 14:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14576
IP address blocks:        193.93.192.0/22 maxlen: 22
                          91.243.88.0/22 maxlen: 22
                          91.243.92.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 09:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:fb:35:9d:51:2c:d2:7d:65:d6:29:e9:76:c5:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  1 14:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1fc74767a0f689ba04d3220b91b7444fec56e16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:00:71:ad:f1:87:f5:49:2d:c2:8d:9c:89:95:
                    fd:f5:15:f3:b9:54:32:4f:2c:d3:01:29:21:9d:bd:
                    69:02:a8:9b:c9:bc:8d:0f:7c:da:60:29:f1:9f:56:
                    b8:14:ec:e3:f3:d6:59:5f:42:13:83:44:87:81:9d:
                    70:20:25:ae:c9:76:df:39:27:1d:ef:45:e1:06:4a:
                    15:9c:93:94:1a:ed:2f:61:cf:b6:21:09:4f:6c:3a:
                    07:da:12:91:b6:bc:3c:ef:63:7d:28:e4:8f:f5:95:
                    aa:03:da:0d:9e:2d:ec:10:a7:3b:6e:50:3c:d7:58:
                    c6:5e:df:22:2a:9c:29:65:ab:4e:13:5e:5f:33:df:
                    53:ea:7a:87:1f:2d:a3:d2:13:59:35:8a:d5:4d:cd:
                    ab:3f:95:c8:0b:e8:af:fa:e6:68:ee:b8:ca:e1:d1:
                    f9:e8:a0:d9:3f:ec:72:d3:c2:01:93:a1:8b:87:c3:
                    5b:49:0b:c7:9e:46:68:03:15:80:2a:54:a5:f8:5b:
                    6b:49:f5:4b:f1:33:37:56:eb:f3:7b:ef:6a:21:9d:
                    8b:3d:df:2c:95:ed:1e:1b:f3:f7:07:db:eb:54:ab:
                    b4:7f:a0:e6:fc:7e:bf:72:5b:3f:19:93:fb:b7:80:
                    17:75:a3:42:79:49:42:24:ec:c9:c6:a4:1e:4f:0a:
                    d3:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:FC:74:76:7A:0F:68:9B:A0:4D:32:20:B9:1B:74:44:FE:C5:6E:16
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/ofx0dnoPaJugTTIguRt0RP7FbhY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.243.88.0/21
                  193.93.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         89:5c:4c:cb:b6:a2:81:b9:08:bd:f3:c9:84:18:b6:79:6c:b1:
         4f:e3:fe:11:d7:e4:55:75:fa:6b:b8:47:0a:94:a0:ce:2f:13:
         2d:38:37:78:9f:76:b4:ae:1c:de:53:c3:53:e2:dc:c6:09:f5:
         ed:db:82:27:f5:17:b7:5f:fc:f1:e3:bd:6b:ae:55:47:f6:63:
         28:73:90:da:51:06:e9:aa:11:6a:ee:9a:61:72:cc:31:00:c7:
         db:a4:1d:66:fb:48:3a:d0:69:a8:ca:e4:1d:2e:33:20:3c:48:
         74:0b:e1:b1:23:69:c3:53:24:cf:71:a3:b2:d8:a4:79:b5:8a:
         76:47:8f:1d:b0:4c:2b:cb:8c:86:a4:44:b4:63:60:06:ca:8b:
         5b:6c:18:e1:ef:e5:e9:04:cb:1d:db:7b:c2:07:a3:b6:0a:f4:
         91:69:38:32:3b:37:56:04:3e:75:88:d9:90:31:bb:80:1a:bb:
         ca:f3:9f:c9:96:97:4c:cd:c9:90:5e:71:e1:4e:ef:71:b4:5b:
         96:59:bc:74:26:32:c5:8e:cd:d4:f6:e0:84:25:7c:5d:9d:6b:
         e2:f1:2d:21:b3:e4:7f:06:83:5f:f2:0e:42:aa:e8:36:61:2c:
         25:c6:74:f9:52:fb:c7:8b:b4:1f:be:9e:72:4f:42:39:7d:c8:
         85:63:dc:fb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbfs1nVEs0n1l1inpdsVtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwMTAxMTQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWZjNzQ3NjdhMGY2ODliYTA0ZDMyMjBiOTFiNzQ0NGZlYzU2ZTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArABxrfGH9Uktwo2ciZX99RXzuVQy
TyzTASkhnb1pAqibybyND3zaYCnxn1a4FOzj89ZZX0ITg0SHgZ1wICWuyXbfOScd
70XhBkoVnJOUGu0vYc+2IQlPbDoH2hKRtrw872N9KOSP9ZWqA9oNni3sEKc7blA8
11jGXt8iKpwpZatOE15fM99T6nqHHy2j0hNZNYrVTc2rP5XIC+iv+uZo7rjK4dH5
6KDZP+xy08IBk6GLh8NbSQvHnkZoAxWAKlSl+FtrSfVL8TM3Vuvze+9qIZ2LPd8s
le0eG/P3B9vrVKu0f6Dm/H6/cls/GZP7t4AXdaNCeUlCJOzJxqQeTwrTGQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKH8dHZ6D2iboE0yILkbdET+xW4WMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvb2Z4MGRub1BhSnVnVFRJZ3VSdDBSUDdGYmhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDW/NYAwQC
wV3AMA0GCSqGSIb3DQEBCwUAA4IBAQCJXEzLtqKBuQi988mEGLZ5bLFP4/4R1+RV
dfpruEcKlKDOLxMtODd4n3a0rhzeU8NT4tzGCfXt24In9Re3X/zx471rrlVH9mMo
c5DaUQbpqhFq7pphcswxAMfbpB1m+0g60GmoyuQdLjMgPEh0C+GxI2nDUyTPcaOy
2KR5tYp2R48dsEwry4yGpES0Y2AGyotbbBjh7+XpBMsd23vCB6O2CvSRaTgyOzdW
BD51iNmQMbuAGrvK85/JlpdMzcmQXnHhTu9xtFuWWbx0JjLFjs3U9uCEJXxdnWvi
8S0hs+R/BoNf8g5Cqug2YSwlxnT5UvvHi7Qfvp5yT0I5fciFY9z7
-----END CERTIFICATE-----