Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/3edb47-fd6e-4c59-a7ab-e42a58064a63/1/_dtUfY7RWHoqoH6YYz_BcZZHlAc.roa
File:                     _dtUfY7RWHoqoH6YYz_BcZZHlAc.roa (raw, json)
Hash identifier:          TvA0yRF8ROIljrMUGk0OmF+JwuAtONiPqW5v6G4yNGc=
Subject key identifier:   FD:DB:54:7D:8E:D1:58:7A:2A:A0:7E:98:63:3F:C1:71:96:47:94:07
Certificate issuer:       /CN=e10d5c29a3439703d89b5abf03a75d861771bef4
Certificate serial:       018CC56EE225B0ACC07CBD99466FC29C1DE9
Authority key identifier: E1:0D:5C:29:A3:43:97:03:D8:9B:5A:BF:03:A7:5D:86:17:71:BE:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4Q1cKaNDlwPYm1q_A6ddhhdxvvQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/3edb47-fd6e-4c59-a7ab-e42a58064a63/1/_dtUfY7RWHoqoH6YYz_BcZZHlAc.roa
Signing time:             Mon 01 Jan 2024 14:30:27 +0000
ROA not before:           Mon 01 Jan 2024 14:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34736
IP address blocks:        188.119.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/3edb47-fd6e-4c59-a7ab-e42a58064a63/1/4Q1cKaNDlwPYm1q_A6ddhhdxvvQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/3edb47-fd6e-4c59-a7ab-e42a58064a63/1/4Q1cKaNDlwPYm1q_A6ddhhdxvvQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4Q1cKaNDlwPYm1q_A6ddhhdxvvQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:e2:25:b0:ac:c0:7c:bd:99:46:6f:c2:9c:1d:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e10d5c29a3439703d89b5abf03a75d861771bef4
        Validity
            Not Before: Jan  1 14:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fddb547d8ed1587a2aa07e98633fc17196479407
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:8b:3f:76:59:bc:b8:df:9e:65:ec:32:ca:a1:
                    de:d6:84:10:5b:5c:14:c6:7f:4a:41:f0:40:e6:2b:
                    60:fc:ad:b2:c2:29:02:64:ae:37:96:80:7d:b5:5f:
                    e6:85:0a:52:87:be:8e:10:e4:63:7f:a3:be:84:66:
                    ac:28:d9:ee:70:44:5b:30:fc:c3:4b:1d:8a:f1:c0:
                    3e:7c:d8:2e:bc:89:06:ae:bb:4b:ab:cd:d4:45:24:
                    26:77:61:04:6e:9a:76:91:dd:04:16:f4:51:5a:71:
                    91:cb:fd:12:de:c7:a2:5f:5b:fe:8b:b7:da:b0:9a:
                    07:c5:bb:bc:a4:69:fd:ce:da:5d:e0:41:81:95:81:
                    89:2c:ae:59:3d:37:74:ab:1a:ba:15:e1:9a:36:ac:
                    ad:63:e0:87:91:b9:29:82:a3:ff:4e:c2:e3:2f:a8:
                    4c:28:2b:02:6f:bf:5b:a2:cb:9d:af:a1:b2:f3:95:
                    34:e0:5d:54:59:3d:1c:d1:cc:22:64:ca:7b:ad:1f:
                    4c:1c:15:e3:d3:06:b0:a6:87:31:38:bd:7b:35:7d:
                    c0:53:c5:33:22:91:15:74:02:66:af:46:34:ee:23:
                    16:a7:68:79:a7:b4:76:0c:18:e8:0b:47:18:5a:a2:
                    7b:19:47:a4:89:81:e6:ee:e3:94:61:1f:22:9d:6c:
                    d7:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:DB:54:7D:8E:D1:58:7A:2A:A0:7E:98:63:3F:C1:71:96:47:94:07
            X509v3 Authority Key Identifier:
                keyid:E1:0D:5C:29:A3:43:97:03:D8:9B:5A:BF:03:A7:5D:86:17:71:BE:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4Q1cKaNDlwPYm1q_A6ddhhdxvvQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/3edb47-fd6e-4c59-a7ab-e42a58064a63/1/_dtUfY7RWHoqoH6YYz_BcZZHlAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/3edb47-fd6e-4c59-a7ab-e42a58064a63/1/4Q1cKaNDlwPYm1q_A6ddhhdxvvQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.119.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:fb:f6:e4:85:ec:8d:60:0c:0a:ee:ea:f5:0c:23:21:dd:08:
         0b:1e:75:4d:36:b5:1d:5e:3b:16:fd:9a:bd:c8:2a:61:87:07:
         c3:16:d0:85:bf:dc:08:99:d6:3f:c8:9a:a1:38:cb:52:e7:05:
         9e:7d:df:da:de:de:ac:62:16:01:8d:db:2b:98:1b:f9:55:72:
         87:cb:7f:a6:6e:07:ae:d2:43:58:34:5b:63:e8:85:a5:53:dd:
         a4:65:31:68:b6:9a:80:1e:d4:00:ee:44:61:3a:17:0a:a0:56:
         a0:a7:cf:65:44:f7:8e:33:06:27:c7:cb:6f:34:3f:d6:08:27:
         0f:35:46:9b:19:77:86:f4:a5:36:ed:da:7a:a1:45:33:59:3c:
         dd:dd:96:73:e3:4d:e6:7e:81:17:02:2e:00:cc:a1:9e:b0:56:
         90:57:9a:1a:d4:5a:b2:92:95:44:5f:91:34:3f:e9:18:01:d3:
         6c:5f:f4:7e:0c:cd:c1:9e:02:b2:05:d0:51:d5:66:d2:2e:45:
         4a:34:86:2a:db:32:b3:a2:95:bf:ed:b6:b5:dd:4c:dd:33:eb:
         60:47:62:65:cd:4d:bf:43:30:d0:45:6e:9f:25:76:16:14:42:
         7a:28:b7:c4:7d:5f:7f:36:e5:58:9f:87:75:64:2f:2f:c6:a5:
         15:f8:4c:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbuIlsKzAfL2ZRm/CnB3pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxMGQ1YzI5YTM0Mzk3MDNkODliNWFiZjAzYTc1ZDg2MTc3
MWJlZjQwHhcNMjQwMTAxMTQzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGRiNTQ3ZDhlZDE1ODdhMmFhMDdlOTg2MzNmYzE3MTk2NDc5NDA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Is/dlm8uN+eZewyyqHe1oQQW1wU
xn9KQfBA5itg/K2ywikCZK43loB9tV/mhQpSh76OEORjf6O+hGasKNnucERbMPzD
Sx2K8cA+fNguvIkGrrtLq83URSQmd2EEbpp2kd0EFvRRWnGRy/0S3seiX1v+i7fa
sJoHxbu8pGn9ztpd4EGBlYGJLK5ZPTd0qxq6FeGaNqytY+CHkbkpgqP/TsLjL6hM
KCsCb79bosudr6Gy85U04F1UWT0c0cwiZMp7rR9MHBXj0wawpocxOL17NX3AU8Uz
IpEVdAJmr0Y07iMWp2h5p7R2DBjoC0cYWqJ7GUekiYHm7uOUYR8inWzXcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP3bVH2O0Vh6KqB+mGM/wXGWR5QHMB8GA1UdIwQY
MBaAFOENXCmjQ5cD2JtavwOnXYYXcb70MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFExY0thTkRsd1BZbTFxX0E2ZGRoaGR4dnZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8zZWRiNDctZmQ2ZS00YzU5LWE3YWIt
ZTQyYTU4MDY0YTYzLzEvX2R0VWZZN1JXSG9xb0g2WVl6X0JjWlpIbEFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8zZWRiNDctZmQ2ZS00YzU5LWE3YWItZTQyYTU4MDY0YTYz
LzEvNFExY0thTkRsd1BZbTFxX0E2ZGRoaGR4dnZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvHccMA0G
CSqGSIb3DQEBCwUAA4IBAQBh+/bkheyNYAwK7ur1DCMh3QgLHnVNNrUdXjsW/Zq9
yCphhwfDFtCFv9wImdY/yJqhOMtS5wWefd/a3t6sYhYBjdsrmBv5VXKHy3+mbgeu
0kNYNFtj6IWlU92kZTFotpqAHtQA7kRhOhcKoFagp89lRPeOMwYnx8tvND/WCCcP
NUabGXeG9KU27dp6oUUzWTzd3ZZz403mfoEXAi4AzKGesFaQV5oa1FqykpVEX5E0
P+kYAdNsX/R+DM3BngKyBdBR1WbSLkVKNIYq2zKzopW/7ba13UzdM+tgR2JlzU2/
QzDQRW6fJXYWFEJ6KLfEfV9/NuVYn4d1ZC8vxqUV+Ew6
-----END CERTIFICATE-----