Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/283fee-2c36-4e70-bbe4-07e36efc5e42/1/dC04HAlEZwg4HmnZusOjbxjMqAc.roa
File:                     dC04HAlEZwg4HmnZusOjbxjMqAc.roa (raw, json)
Hash identifier:          ykPiX1+6Q7jF8x3c99JcRWnXbFiNync8/XSlxI7JSHM=
Subject key identifier:   74:2D:38:1C:09:44:67:08:38:1E:69:D9:BA:C3:A3:6F:18:CC:A8:07
Certificate issuer:       /CN=846af54e6558cfc86252946e4692ab92777c0e10
Certificate serial:       018CC2DAE61F6575D201F8F08DA7D1C88105
Authority key identifier: 84:6A:F5:4E:65:58:CF:C8:62:52:94:6E:46:92:AB:92:77:7C:0E:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hGr1TmVYz8hiUpRuRpKrknd8DhA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/283fee-2c36-4e70-bbe4-07e36efc5e42/1/dC04HAlEZwg4HmnZusOjbxjMqAc.roa
Signing time:             Mon 01 Jan 2024 02:29:34 +0000
ROA not before:           Mon 01 Jan 2024 02:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8987
IP address blocks:        193.24.42.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/283fee-2c36-4e70-bbe4-07e36efc5e42/1/hGr1TmVYz8hiUpRuRpKrknd8DhA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/283fee-2c36-4e70-bbe4-07e36efc5e42/1/hGr1TmVYz8hiUpRuRpKrknd8DhA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hGr1TmVYz8hiUpRuRpKrknd8DhA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 10:04:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e6:1f:65:75:d2:01:f8:f0:8d:a7:d1:c8:81:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=846af54e6558cfc86252946e4692ab92777c0e10
        Validity
            Not Before: Jan  1 02:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=742d381c09446708381e69d9bac3a36f18cca807
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:6c:a9:a8:30:a2:81:d9:be:b4:ce:d2:44:a5:
                    2e:4d:d4:bd:0b:aa:25:3f:ff:58:dc:c1:29:0b:fd:
                    08:db:a3:eb:db:44:8e:4a:a6:28:d0:88:93:b5:9d:
                    b2:82:58:b7:29:e3:79:ec:11:da:05:c0:82:67:4d:
                    3f:15:e8:ef:54:e8:55:12:6a:b9:c4:b6:b9:ff:92:
                    94:2b:c1:2f:db:b0:34:fc:8e:f1:90:37:8b:4e:80:
                    68:5e:cd:ab:b9:cf:e7:9b:72:90:8f:f8:c3:2f:a0:
                    ad:54:09:0c:6c:31:0e:68:b2:51:47:c6:8b:ac:17:
                    5b:e4:81:65:94:6f:0b:91:d0:98:14:4f:62:41:8f:
                    08:2a:39:fb:e1:df:26:30:ae:28:c7:c6:d7:a0:90:
                    17:97:bf:96:c7:14:4f:09:75:eb:61:9f:ef:e6:a0:
                    77:62:27:3b:12:c7:a3:a6:e2:11:9b:88:be:63:44:
                    ff:0b:77:43:e3:61:40:de:20:ae:3b:38:78:e0:f0:
                    1e:37:10:8a:32:48:f5:65:2b:6a:b2:90:a8:0b:19:
                    f0:df:30:90:02:f2:d5:0e:cb:34:6a:09:cc:64:21:
                    eb:01:c1:29:fe:35:7d:c3:ea:43:d0:4c:fc:3a:5e:
                    ea:fe:ba:6e:0a:77:0e:3f:c1:59:66:f6:55:6a:7c:
                    f2:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:2D:38:1C:09:44:67:08:38:1E:69:D9:BA:C3:A3:6F:18:CC:A8:07
            X509v3 Authority Key Identifier:
                keyid:84:6A:F5:4E:65:58:CF:C8:62:52:94:6E:46:92:AB:92:77:7C:0E:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hGr1TmVYz8hiUpRuRpKrknd8DhA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/283fee-2c36-4e70-bbe4-07e36efc5e42/1/dC04HAlEZwg4HmnZusOjbxjMqAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/283fee-2c36-4e70-bbe4-07e36efc5e42/1/hGr1TmVYz8hiUpRuRpKrknd8DhA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.24.42.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:9a:82:25:7c:ad:43:91:f3:11:d9:a2:e0:f9:66:bf:9d:80:
         87:90:1c:58:60:34:4b:b6:55:c9:8f:e7:27:35:89:5b:f7:8b:
         ca:74:18:6e:fd:e7:80:69:f6:8a:67:a7:37:16:d6:f5:e3:50:
         9b:69:dc:f7:c1:36:bf:65:d3:8e:cf:49:5b:7c:07:86:51:09:
         8f:4a:4f:91:db:02:e5:71:b4:3f:8b:9e:5a:30:29:db:c5:4c:
         2d:7c:92:e9:26:85:d2:6a:9e:95:6a:50:f1:84:5a:2e:28:73:
         9d:89:de:31:ba:2b:17:62:50:31:ee:13:f7:21:c1:a5:4e:2f:
         f0:eb:8d:0b:7c:d5:27:f5:b8:43:9d:fc:43:6a:36:c6:0f:cf:
         da:5d:f0:25:30:6a:a4:8b:6e:04:24:da:d7:0a:ab:31:85:20:
         77:f2:7a:37:b7:f6:63:fb:28:ac:76:4b:05:b3:30:33:05:4a:
         07:18:b9:33:ab:8b:73:6a:73:32:73:3c:2d:cc:15:65:f2:57:
         f4:84:ca:13:ef:9f:36:09:0a:ec:3a:52:eb:1c:15:b9:08:3b:
         02:af:15:91:c3:97:a5:17:77:92:db:01:c2:70:76:df:2b:02:
         ca:e7:18:81:23:6a:9c:3b:1c:db:42:75:39:05:01:23:2f:b5:
         9f:1d:c5:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2uYfZXXSAfjwjafRyIEFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NmFmNTRlNjU1OGNmYzg2MjUyOTQ2ZTQ2OTJhYjkyNzc3
YzBlMTAwHhcNMjQwMTAxMDIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDJkMzgxYzA5NDQ2NzA4MzgxZTY5ZDliYWMzYTM2ZjE4Y2NhODA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk2ypqDCigdm+tM7SRKUuTdS9C6ol
P/9Y3MEpC/0I26Pr20SOSqYo0IiTtZ2ygli3KeN57BHaBcCCZ00/FejvVOhVEmq5
xLa5/5KUK8Ev27A0/I7xkDeLToBoXs2ruc/nm3KQj/jDL6CtVAkMbDEOaLJRR8aL
rBdb5IFllG8LkdCYFE9iQY8IKjn74d8mMK4ox8bXoJAXl7+WxxRPCXXrYZ/v5qB3
Yic7EsejpuIRm4i+Y0T/C3dD42FA3iCuOzh44PAeNxCKMkj1ZStqspCoCxnw3zCQ
AvLVDss0agnMZCHrAcEp/jV9w+pD0Ez8Ol7q/rpuCncOP8FZZvZVanzyNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHQtOBwJRGcIOB5p2brDo28YzKgHMB8GA1UdIwQY
MBaAFIRq9U5lWM/IYlKUbkaSq5J3fA4QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEdyMVRtVll6OGhpVXBSdVJwS3JrbmQ4RGhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8yODNmZWUtMmMzNi00ZTcwLWJiZTQt
MDdlMzZlZmM1ZTQyLzEvZEMwNEhBbEVad2c0SG1uWnVzT2pieGpNcUFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8yODNmZWUtMmMzNi00ZTcwLWJiZTQtMDdlMzZlZmM1ZTQy
LzEvaEdyMVRtVll6OGhpVXBSdVJwS3JrbmQ4RGhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwRgqMA0G
CSqGSIb3DQEBCwUAA4IBAQApmoIlfK1DkfMR2aLg+Wa/nYCHkBxYYDRLtlXJj+cn
NYlb94vKdBhu/eeAafaKZ6c3Ftb141Cbadz3wTa/ZdOOz0lbfAeGUQmPSk+R2wLl
cbQ/i55aMCnbxUwtfJLpJoXSap6ValDxhFouKHOdid4xuisXYlAx7hP3IcGlTi/w
640LfNUn9bhDnfxDajbGD8/aXfAlMGqki24EJNrXCqsxhSB38no3t/Zj+yisdksF
szAzBUoHGLkzq4tzanMyczwtzBVl8lf0hMoT7582CQrsOlLrHBW5CDsCrxWRw5el
F3eS2wHCcHbfKwLK5xiBI2qcOxzbQnU5BQEjL7WfHcVs
-----END CERTIFICATE-----