Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2d2c57-0fa5-43e6-b7b1-f99c33d6a60f/1/3oAeNWy6PYbk92k4scKk0X807qU.roa
File:                     3oAeNWy6PYbk92k4scKk0X807qU.roa (raw, json)
Hash identifier:          Zo37FF6HkWDPefh3vep2yJeu3ABlxtUVEMS6dbrYLWE=
Subject key identifier:   DE:80:1E:35:6C:BA:3D:86:E4:F7:69:38:B1:C2:A4:D1:7F:34:EE:A5
Certificate issuer:       /CN=81d11c9d402e12ea94aea8d13d5360caf7c43b21
Certificate serial:       018CC64B3FB0B02CF2620A97F63FA9290ED9
Authority key identifier: 81:D1:1C:9D:40:2E:12:EA:94:AE:A8:D1:3D:53:60:CA:F7:C4:3B:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gdEcnUAuEuqUrqjRPVNgyvfEOyE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2d2c57-0fa5-43e6-b7b1-f99c33d6a60f/1/3oAeNWy6PYbk92k4scKk0X807qU.roa
Signing time:             Mon 01 Jan 2024 18:31:09 +0000
ROA not before:           Mon 01 Jan 2024 18:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200019
IP address blocks:        193.27.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2d2c57-0fa5-43e6-b7b1-f99c33d6a60f/1/gdEcnUAuEuqUrqjRPVNgyvfEOyE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2d2c57-0fa5-43e6-b7b1-f99c33d6a60f/1/gdEcnUAuEuqUrqjRPVNgyvfEOyE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gdEcnUAuEuqUrqjRPVNgyvfEOyE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 15 May 2024 07:02:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:3f:b0:b0:2c:f2:62:0a:97:f6:3f:a9:29:0e:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81d11c9d402e12ea94aea8d13d5360caf7c43b21
        Validity
            Not Before: Jan  1 18:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de801e356cba3d86e4f76938b1c2a4d17f34eea5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:5c:b1:c1:45:9a:1f:01:d2:8a:2c:5b:85:cf:
                    99:15:62:73:b0:be:99:a6:78:c3:7c:a2:8f:97:f9:
                    3f:53:3a:05:bb:f4:da:a2:08:a2:5a:30:04:64:75:
                    61:4e:ad:66:af:4e:82:8f:37:5d:a1:cd:59:0f:e6:
                    da:de:c4:0c:40:c1:f8:c1:4a:ad:7a:33:55:10:f0:
                    9a:56:d7:ce:7d:3c:08:64:a2:5c:16:2e:0a:e9:ab:
                    6d:a4:41:91:d0:0a:8f:38:be:4a:ad:82:34:5c:93:
                    46:9d:b2:2d:e6:3f:1d:bc:d7:f8:94:29:26:bf:7d:
                    b7:71:65:ea:55:05:45:4b:ef:f8:40:96:27:7f:c8:
                    a1:6c:72:c4:99:94:21:fe:65:3d:1a:c9:58:13:36:
                    ad:e3:6d:0a:50:15:7a:d9:77:0e:cb:7e:8b:d3:60:
                    ea:4b:f1:4d:94:36:9f:1c:95:99:a3:a4:bf:ab:05:
                    6b:46:9d:f5:72:83:60:da:65:7b:d2:2b:71:99:06:
                    fb:d8:39:b2:f5:ef:cc:76:1c:5e:1c:22:ab:0d:46:
                    fa:38:5d:98:e1:51:69:5c:07:cf:d7:4f:42:50:ec:
                    1c:44:e0:79:43:b9:2c:06:ec:bd:e9:a2:44:4d:9f:
                    a3:ac:63:41:7c:91:5d:1f:dc:64:ff:27:8b:3b:65:
                    5b:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:80:1E:35:6C:BA:3D:86:E4:F7:69:38:B1:C2:A4:D1:7F:34:EE:A5
            X509v3 Authority Key Identifier:
                keyid:81:D1:1C:9D:40:2E:12:EA:94:AE:A8:D1:3D:53:60:CA:F7:C4:3B:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gdEcnUAuEuqUrqjRPVNgyvfEOyE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2d2c57-0fa5-43e6-b7b1-f99c33d6a60f/1/3oAeNWy6PYbk92k4scKk0X807qU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2d2c57-0fa5-43e6-b7b1-f99c33d6a60f/1/gdEcnUAuEuqUrqjRPVNgyvfEOyE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.27.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:88:60:0c:ed:54:52:91:d8:84:86:d5:2d:9f:a9:e9:8b:e5:
         87:46:71:b2:bf:2a:9c:0d:a3:78:e0:9b:66:55:dd:6b:02:1b:
         94:98:f4:15:12:32:e1:64:12:18:0d:09:b5:9c:4c:31:9c:07:
         f4:ed:90:7a:fa:66:95:66:51:b2:99:33:d6:9c:31:49:07:1f:
         bf:c9:d8:72:3a:2e:84:a0:28:3c:a8:4f:82:6f:44:bc:ef:96:
         a1:76:ed:f0:b7:07:16:d7:44:79:7d:cc:df:f6:dd:26:84:26:
         36:c1:1a:7b:cf:b7:61:61:e2:8f:c5:10:ae:19:67:d7:b6:75:
         ed:92:58:c0:ae:2f:88:1e:5e:a6:3a:3a:30:63:2a:94:e0:c3:
         73:70:17:40:f7:cc:30:e3:0f:38:31:a3:85:fd:bc:3d:87:43:
         6e:1e:ed:c3:bc:2f:47:c2:e8:7f:54:43:2c:07:b3:32:37:41:
         4e:f2:15:06:24:9f:8f:57:55:b7:a0:be:a5:b8:f1:29:13:41:
         17:5f:25:51:11:83:d0:79:e9:3a:cf:b6:2b:6c:ed:4b:a9:a5:
         bb:91:0c:1b:ee:79:e9:b1:ea:b2:2e:75:41:ee:f4:4c:c2:99:
         15:a9:25:14:0b:da:30:77:eb:e6:a3:5c:7d:d1:d1:00:ce:4c:
         38:f0:84:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSz+wsCzyYgqX9j+pKQ7ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxZDExYzlkNDAyZTEyZWE5NGFlYThkMTNkNTM2MGNhZjdj
NDNiMjEwHhcNMjQwMTAxMTgzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTgwMWUzNTZjYmEzZDg2ZTRmNzY5MzhiMWMyYTRkMTdmMzRlZWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg1yxwUWaHwHSiixbhc+ZFWJzsL6Z
pnjDfKKPl/k/UzoFu/TaogiiWjAEZHVhTq1mr06Cjzddoc1ZD+ba3sQMQMH4wUqt
ejNVEPCaVtfOfTwIZKJcFi4K6attpEGR0AqPOL5KrYI0XJNGnbIt5j8dvNf4lCkm
v323cWXqVQVFS+/4QJYnf8ihbHLEmZQh/mU9GslYEzat420KUBV62XcOy36L02Dq
S/FNlDafHJWZo6S/qwVrRp31coNg2mV70itxmQb72Dmy9e/MdhxeHCKrDUb6OF2Y
4VFpXAfP109CUOwcROB5Q7ksBuy96aJETZ+jrGNBfJFdH9xk/yeLO2VbqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN6AHjVsuj2G5PdpOLHCpNF/NO6lMB8GA1UdIwQY
MBaAFIHRHJ1ALhLqlK6o0T1TYMr3xDshMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2RFY25VQXVFdXFVcnFqUlBWTmd5dmZFT3lFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yZDJjNTctMGZhNS00M2U2LWI3YjEt
Zjk5YzMzZDZhNjBmLzEvM29BZU5XeTZQWWJrOTJrNHNjS2swWDgwN3FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yZDJjNTctMGZhNS00M2U2LWI3YjEtZjk5YzMzZDZhNjBm
LzEvZ2RFY25VQXVFdXFVcnFqUlBWTmd5dmZFT3lFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRtaMA0G
CSqGSIb3DQEBCwUAA4IBAQAziGAM7VRSkdiEhtUtn6npi+WHRnGyvyqcDaN44Jtm
Vd1rAhuUmPQVEjLhZBIYDQm1nEwxnAf07ZB6+maVZlGymTPWnDFJBx+/ydhyOi6E
oCg8qE+Cb0S875ahdu3wtwcW10R5fczf9t0mhCY2wRp7z7dhYeKPxRCuGWfXtnXt
kljAri+IHl6mOjowYyqU4MNzcBdA98ww4w84MaOF/bw9h0NuHu3DvC9Hwuh/VEMs
B7MyN0FO8hUGJJ+PV1W3oL6luPEpE0EXXyVREYPQeek6z7YrbO1LqaW7kQwb7nnp
seqyLnVB7vRMwpkVqSUUC9owd+vmo1x90dEAzkw48IR2
-----END CERTIFICATE-----