Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/CuA0o1eAJzyxVdn5G2rt-2Eh8t8.roa
File:                     CuA0o1eAJzyxVdn5G2rt-2Eh8t8.roa (raw, json)
Hash identifier:          qAEg7tPjyw4ddwEFdNM1vErN1ectoKl3bgEcnJ8lYr8=
Subject key identifier:   0A:E0:34:A3:57:80:27:3C:B1:55:D9:F9:1B:6A:ED:FB:61:21:F2:DF
Certificate issuer:       /CN=23e3d92bfe16619ca500c03267effa9aa7ca0c47
Certificate serial:       018CC56E31E6426101DF059FCDC9C29CA036
Authority key identifier: 23:E3:D9:2B:FE:16:61:9C:A5:00:C0:32:67:EF:FA:9A:A7:CA:0C:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/CuA0o1eAJzyxVdn5G2rt-2Eh8t8.roa
Signing time:             Mon 01 Jan 2024 14:29:42 +0000
ROA not before:           Mon 01 Jan 2024 14:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200264
IP address blocks:        82.194.237.0/24 maxlen: 24
                          81.95.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:31:e6:42:61:01:df:05:9f:cd:c9:c2:9c:a0:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23e3d92bfe16619ca500c03267effa9aa7ca0c47
        Validity
            Not Before: Jan  1 14:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ae034a35780273cb155d9f91b6aedfb6121f2df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:5c:ef:1b:94:07:95:33:2b:9d:d8:64:fa:bd:
                    22:8b:79:62:a6:62:25:73:0e:31:e4:87:33:53:23:
                    1b:50:a7:00:cc:05:d2:50:eb:f3:dd:67:1d:df:e5:
                    ed:63:0d:88:11:13:ca:82:5d:42:43:59:75:47:ab:
                    c6:51:7e:90:34:54:f6:80:d4:30:34:ac:05:ea:14:
                    9e:cd:2b:29:07:08:ab:4d:98:bc:ac:da:1a:31:29:
                    f1:c7:22:fd:6f:d0:9a:be:15:d7:39:30:15:ea:6b:
                    9f:3c:78:f8:59:f6:c4:c6:cc:0e:f3:9a:ac:15:32:
                    37:73:0e:88:e0:50:b8:7b:0b:48:76:6a:9a:3f:aa:
                    3b:de:6b:06:fd:8a:f5:b8:4d:9f:5d:90:6a:6f:e6:
                    c9:82:cb:90:5c:21:59:d2:29:1a:67:b9:28:1b:26:
                    bf:e0:ea:1d:b1:06:4f:aa:e2:d7:db:96:85:59:37:
                    45:c4:bc:52:86:1b:cd:08:b6:96:20:f5:24:b2:5c:
                    1f:8c:03:3e:0d:88:50:44:99:37:6b:dd:2b:37:28:
                    b2:83:c8:bc:0e:35:79:70:24:2b:56:a1:33:9a:60:
                    d7:5a:eb:d0:28:74:c5:69:0c:e1:2d:bf:62:b4:27:
                    3a:78:c2:98:db:e0:bb:30:a7:a7:c3:0f:c8:bb:a0:
                    19:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:E0:34:A3:57:80:27:3C:B1:55:D9:F9:1B:6A:ED:FB:61:21:F2:DF
            X509v3 Authority Key Identifier:
                keyid:23:E3:D9:2B:FE:16:61:9C:A5:00:C0:32:67:EF:FA:9A:A7:CA:0C:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/CuA0o1eAJzyxVdn5G2rt-2Eh8t8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.95.42.0/24
                  82.194.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:f7:36:40:32:41:b7:43:7a:0f:6b:13:0d:0a:af:06:6f:00:
         7a:11:45:c2:5a:26:59:f6:d6:d5:36:cf:64:77:12:3c:0a:65:
         34:fd:ec:30:2f:54:70:e6:c8:fd:00:64:c5:ec:9b:f1:e1:75:
         8b:12:f6:bf:01:75:89:0e:1a:ac:ed:c2:35:04:dd:e7:23:40:
         69:25:e7:ee:05:7d:a5:46:30:89:0f:21:99:94:31:9b:8c:4c:
         1c:ea:63:15:20:a8:a6:f1:4e:eb:26:a8:b4:c3:dc:44:e6:18:
         bc:3a:7c:8f:0c:4c:ac:ee:72:2c:47:1e:2b:f5:43:64:5b:9c:
         3a:00:5c:7a:02:a3:f0:05:01:ad:0e:f8:9a:b3:a2:f4:c9:1d:
         81:d5:35:08:ff:98:83:16:ba:5a:e0:72:70:2c:22:56:b8:96:
         bc:d6:4a:97:62:06:fb:70:39:44:32:67:c2:f7:3f:2b:54:fd:
         78:e2:dc:66:a9:19:69:ec:37:1f:9f:3d:5c:67:b3:0e:0c:38:
         1a:78:01:37:cc:52:45:fb:b0:59:db:ad:3c:65:25:59:ad:17:
         34:7b:da:96:df:d3:db:d4:c5:c3:7a:6b:e4:66:25:2d:57:b4:
         34:50:3b:32:6b:d5:6d:47:6a:1d:d3:cd:b7:c2:bd:c9:72:c8:
         f2:cf:7b:dc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbjHmQmEB3wWfzcnCnKA2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzZTNkOTJiZmUxNjYxOWNhNTAwYzAzMjY3ZWZmYTlhYTdj
YTBjNDcwHhcNMjQwMTAxMTQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWUwMzRhMzU3ODAyNzNjYjE1NWQ5ZjkxYjZhZWRmYjYxMjFmMmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgVzvG5QHlTMrndhk+r0ii3lipmIl
cw4x5IczUyMbUKcAzAXSUOvz3Wcd3+XtYw2IERPKgl1CQ1l1R6vGUX6QNFT2gNQw
NKwF6hSezSspBwirTZi8rNoaMSnxxyL9b9CavhXXOTAV6mufPHj4WfbExswO85qs
FTI3cw6I4FC4ewtIdmqaP6o73msG/Yr1uE2fXZBqb+bJgsuQXCFZ0ikaZ7koGya/
4OodsQZPquLX25aFWTdFxLxShhvNCLaWIPUkslwfjAM+DYhQRJk3a90rNyiyg8i8
DjV5cCQrVqEzmmDXWuvQKHTFaQzhLb9itCc6eMKY2+C7MKenww/Iu6AZAQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFArgNKNXgCc8sVXZ+Rtq7fthIfLfMB8GA1UdIwQY
MBaAFCPj2Sv+FmGcpQDAMmfv+pqnygxHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSS1QWktfNFdZWnlsQU1BeVotXzZtcWZLREVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85YzJjOTAtYzdkNC00OGI3LTliYWYt
ZjFiZjBjMzNhOTA4LzEvQ3VBMG8xZUFKenl4VmRuNUcycnQtMkVoOHQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85YzJjOTAtYzdkNC00OGI3LTliYWYtZjFiZjBjMzNhOTA4
LzEvSS1QWktfNFdZWnlsQU1BeVotXzZtcWZLREVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUV8qAwQA
UsLtMA0GCSqGSIb3DQEBCwUAA4IBAQBJ9zZAMkG3Q3oPaxMNCq8GbwB6EUXCWiZZ
9tbVNs9kdxI8CmU0/ewwL1Rw5sj9AGTF7Jvx4XWLEva/AXWJDhqs7cI1BN3nI0Bp
JefuBX2lRjCJDyGZlDGbjEwc6mMVIKim8U7rJqi0w9xE5hi8OnyPDEys7nIsRx4r
9UNkW5w6AFx6AqPwBQGtDvias6L0yR2B1TUI/5iDFrpa4HJwLCJWuJa81kqXYgb7
cDlEMmfC9z8rVP144txmqRlp7Dcfnz1cZ7MODDgaeAE3zFJF+7BZ2608ZSVZrRc0
e9qW39Pb1MXDemvkZiUtV7Q0UDsya9VtR2od0823wr3Jcsjyz3vc
-----END CERTIFICATE-----