Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/9c8631-dc6a-45c2-bcf9-9cd017243a06/1/DkppBJei0x7Bpz97LxMziXp5V7I.roa
File:                     DkppBJei0x7Bpz97LxMziXp5V7I.roa (raw, json)
Hash identifier:          2dGUn0Q32mE9/p854AcYCNGQDHrS+oKmMIu0esSvplU=
Subject key identifier:   0E:4A:69:04:97:A2:D3:1E:C1:A7:3F:7B:2F:13:33:89:7A:79:57:B2
Certificate issuer:       /CN=3e0ccd25047b9cb8b6f01867cdede8256f734a23
Certificate serial:       018CC8DED2FDEBE2067E9491AC67A95DEBC6
Authority key identifier: 3E:0C:CD:25:04:7B:9C:B8:B6:F0:18:67:CD:ED:E8:25:6F:73:4A:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PgzNJQR7nLi28Bhnze3oJW9zSiM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/9c8631-dc6a-45c2-bcf9-9cd017243a06/1/DkppBJei0x7Bpz97LxMziXp5V7I.roa
Signing time:             Tue 02 Jan 2024 06:31:35 +0000
ROA not before:           Tue 02 Jan 2024 06:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5089
IP address blocks:        194.31.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/9c8631-dc6a-45c2-bcf9-9cd017243a06/1/PgzNJQR7nLi28Bhnze3oJW9zSiM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/9c8631-dc6a-45c2-bcf9-9cd017243a06/1/PgzNJQR7nLi28Bhnze3oJW9zSiM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PgzNJQR7nLi28Bhnze3oJW9zSiM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:d2:fd:eb:e2:06:7e:94:91:ac:67:a9:5d:eb:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e0ccd25047b9cb8b6f01867cdede8256f734a23
        Validity
            Not Before: Jan  2 06:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e4a690497a2d31ec1a73f7b2f1333897a7957b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:fe:f0:b2:f6:bf:93:f7:6d:89:25:a3:41:05:
                    eb:bb:f7:79:89:a0:32:eb:a4:f4:2b:00:ad:4a:b3:
                    57:c3:cc:70:37:bc:6e:4b:b2:9d:59:a6:50:9f:9d:
                    d4:08:2b:2a:37:e6:c3:bf:0c:fb:67:fc:04:49:5b:
                    51:21:88:f2:e1:0f:fc:2d:e5:f1:8e:5a:2e:3d:ea:
                    23:3e:88:e2:7b:f6:23:85:12:5b:b8:82:ac:a6:24:
                    58:46:93:1f:ff:fa:80:d6:94:d2:8e:8a:27:3c:f2:
                    fd:1d:92:c6:c3:4a:d5:20:d8:b6:bc:d0:ae:58:00:
                    de:fd:1a:3b:08:b0:6d:55:75:a2:40:0e:e1:a7:f9:
                    af:54:fa:83:94:eb:9c:dc:1b:06:f1:2e:0f:52:81:
                    d6:a6:64:f4:6e:80:b4:e3:1f:85:4b:aa:a0:34:81:
                    c3:7e:74:54:68:80:27:04:b7:46:85:a5:89:39:45:
                    86:1e:a8:56:a5:36:82:e9:dc:7d:95:79:97:1b:60:
                    a2:1b:05:c1:16:f5:4d:92:d2:81:e6:fb:2f:88:e3:
                    92:25:ad:a1:0a:4a:2e:7e:2c:ca:84:bf:f1:11:b9:
                    f7:b8:16:35:80:12:52:4c:c6:a3:59:be:32:9e:90:
                    fe:db:18:b3:73:9e:0b:18:e4:21:37:90:60:7f:64:
                    b2:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:4A:69:04:97:A2:D3:1E:C1:A7:3F:7B:2F:13:33:89:7A:79:57:B2
            X509v3 Authority Key Identifier:
                keyid:3E:0C:CD:25:04:7B:9C:B8:B6:F0:18:67:CD:ED:E8:25:6F:73:4A:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PgzNJQR7nLi28Bhnze3oJW9zSiM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/9c8631-dc6a-45c2-bcf9-9cd017243a06/1/DkppBJei0x7Bpz97LxMziXp5V7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/9c8631-dc6a-45c2-bcf9-9cd017243a06/1/PgzNJQR7nLi28Bhnze3oJW9zSiM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:8d:7d:7d:87:95:8c:49:20:80:fd:a8:64:bf:71:bd:77:b5:
         52:b4:71:38:a0:7a:a1:1c:e9:af:09:9c:ed:15:66:26:ce:3e:
         81:23:20:23:15:36:4e:b5:c0:b0:35:f0:be:af:dd:01:61:87:
         cd:62:1b:e3:85:41:6f:8d:e4:c0:17:ac:f9:0e:cf:e3:f5:58:
         7a:0a:fe:83:84:2a:d5:83:60:e7:89:57:b7:71:ea:e3:ea:70:
         86:04:0c:6e:38:b3:23:ac:a4:34:1f:ba:de:ec:24:40:fd:a7:
         6e:66:1c:5d:a7:75:f9:b0:1d:40:a0:3f:30:9a:02:f4:31:e2:
         8e:01:ae:aa:6b:ae:25:81:eb:a9:79:ba:ab:c3:b0:b5:e9:34:
         2a:e1:ae:b8:5c:50:1b:bf:89:f1:49:4f:ae:0e:88:de:6f:6a:
         32:b2:a4:32:db:1b:6f:37:62:c0:21:f6:f9:db:bc:7b:05:e2:
         fd:0a:e3:6f:d3:96:85:1f:2e:fe:ff:a2:d3:5f:3a:2f:ea:74:
         47:cc:58:b0:55:e4:5c:b0:02:3c:d8:81:46:63:e9:50:3f:b4:
         31:7e:4e:ec:9e:51:0f:24:00:cc:dd:c9:fa:fa:66:27:2d:18:
         9f:a2:ac:af:d7:b5:89:8f:ef:2a:e7:ec:5a:53:8c:18:12:d0:
         e9:57:7e:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3tL96+IGfpSRrGepXevGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMGNjZDI1MDQ3YjljYjhiNmYwMTg2N2NkZWRlODI1NmY3
MzRhMjMwHhcNMjQwMTAyMDYzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTRhNjkwNDk3YTJkMzFlYzFhNzNmN2IyZjEzMzM4OTdhNzk1N2IyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApv7wsva/k/dtiSWjQQXru/d5iaAy
66T0KwCtSrNXw8xwN7xuS7KdWaZQn53UCCsqN+bDvwz7Z/wESVtRIYjy4Q/8LeXx
jlouPeojPojie/YjhRJbuIKspiRYRpMf//qA1pTSjoonPPL9HZLGw0rVINi2vNCu
WADe/Ro7CLBtVXWiQA7hp/mvVPqDlOuc3BsG8S4PUoHWpmT0boC04x+FS6qgNIHD
fnRUaIAnBLdGhaWJOUWGHqhWpTaC6dx9lXmXG2CiGwXBFvVNktKB5vsviOOSJa2h
CkoufizKhL/xEbn3uBY1gBJSTMajWb4ynpD+2xizc54LGOQhN5Bgf2SyiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA5KaQSXotMewac/ey8TM4l6eVeyMB8GA1UdIwQY
MBaAFD4MzSUEe5y4tvAYZ83t6CVvc0ojMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGd6TkpRUjduTGkyOEJobnplM29KVzl6U2lNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC85Yzg2MzEtZGM2YS00NWMyLWJjZjkt
OWNkMDE3MjQzYTA2LzEvRGtwcEJKZWkweDdCcHo5N0x4TXppWHA1VjdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC85Yzg2MzEtZGM2YS00NWMyLWJjZjktOWNkMDE3MjQzYTA2
LzEvUGd6TkpRUjduTGkyOEJobnplM29KVzl6U2lNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwh8yMA0G
CSqGSIb3DQEBCwUAA4IBAQBYjX19h5WMSSCA/ahkv3G9d7VStHE4oHqhHOmvCZzt
FWYmzj6BIyAjFTZOtcCwNfC+r90BYYfNYhvjhUFvjeTAF6z5Ds/j9Vh6Cv6DhCrV
g2DniVe3cerj6nCGBAxuOLMjrKQ0H7re7CRA/aduZhxdp3X5sB1AoD8wmgL0MeKO
Aa6qa64lgeupebqrw7C16TQq4a64XFAbv4nxSU+uDojeb2oysqQy2xtvN2LAIfb5
27x7BeL9CuNv05aFHy7+/6LTXzov6nRHzFiwVeRcsAI82IFGY+lQP7Qxfk7snlEP
JADM3cn6+mYnLRifoqyv17WJj+8q5+xaU4wYEtDpV36L
-----END CERTIFICATE-----