Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/aDEfeqV98-NL5_Pd-REnBjHb07g.roa
File:                     aDEfeqV98-NL5_Pd-REnBjHb07g.roa (raw, json)
Hash identifier:          yDsnt0nyfuFlB7TcgKXI3Utjfu44wMy1d+jzUrdSPqA=
Subject key identifier:   68:31:1F:7A:A5:7D:F3:E3:4B:E7:F3:DD:F9:11:27:06:31:DB:D3:B8
Certificate issuer:       /CN=42ce759320195b9cc18ccfcb1b532aea949258f1
Certificate serial:       018CCA99EA97D720C00821A38DB402EAF766
Authority key identifier: 42:CE:75:93:20:19:5B:9C:C1:8C:CF:CB:1B:53:2A:EA:94:92:58:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/aDEfeqV98-NL5_Pd-REnBjHb07g.roa
Signing time:             Tue 02 Jan 2024 14:35:33 +0000
ROA not before:           Tue 02 Jan 2024 14:35:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        194.53.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:04:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:ea:97:d7:20:c0:08:21:a3:8d:b4:02:ea:f7:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42ce759320195b9cc18ccfcb1b532aea949258f1
        Validity
            Not Before: Jan  2 14:35:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68311f7aa57df3e34be7f3ddf911270631dbd3b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:10:00:15:b4:d9:b3:5c:5d:12:6d:1a:b6:c7:
                    40:45:20:07:4a:57:2a:f1:ef:67:80:09:c3:f8:08:
                    b6:3c:a3:d0:c6:de:12:47:05:d7:ae:13:f8:b2:ad:
                    4a:ea:07:e9:40:0b:55:e7:96:75:22:86:0a:4a:ff:
                    86:b0:3b:87:7d:5b:92:24:6d:a4:dc:2d:ae:fe:8f:
                    6a:4e:f8:a9:68:5a:0a:95:2f:ff:bc:b6:b0:62:69:
                    71:01:89:35:a9:1a:a7:87:1d:27:29:f7:f7:40:ad:
                    d6:fa:3b:5e:db:9a:61:e3:6b:36:48:ad:4f:e1:69:
                    77:20:c3:5d:00:7b:3d:b4:94:e3:2b:d8:69:74:ac:
                    68:2b:e6:ef:54:41:5c:a1:bf:6b:70:98:69:d4:c7:
                    2a:69:5c:31:ab:ab:62:31:dc:7a:2f:e2:6c:16:e8:
                    80:db:ba:d5:08:46:19:c6:7b:10:a2:91:b6:b5:d5:
                    e1:20:c0:f3:a7:d4:80:e2:2c:3e:b2:b6:67:83:c5:
                    53:ca:df:99:93:4f:c3:87:2c:c4:ae:0f:ab:8b:c5:
                    f2:cd:7c:e8:c6:2a:54:aa:50:8b:f9:97:8f:f0:b0:
                    a9:a3:1a:17:f2:e4:dc:ae:eb:ef:69:fc:c9:58:aa:
                    53:4f:d4:b3:2f:cc:5b:8d:79:a4:96:c3:a1:d8:ac:
                    e8:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:31:1F:7A:A5:7D:F3:E3:4B:E7:F3:DD:F9:11:27:06:31:DB:D3:B8
            X509v3 Authority Key Identifier:
                keyid:42:CE:75:93:20:19:5B:9C:C1:8C:CF:CB:1B:53:2A:EA:94:92:58:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/aDEfeqV98-NL5_Pd-REnBjHb07g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.53.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:b9:66:14:4b:74:7e:3a:6a:bb:8d:f8:50:3b:f4:cf:98:72:
         38:c0:2f:27:73:08:20:70:b3:74:1d:bf:40:f1:e4:db:36:0b:
         21:1a:bd:07:87:6b:92:55:b9:2d:5f:30:a6:a7:eb:5e:f9:af:
         6e:17:43:21:da:9f:0a:e8:90:d6:59:6b:97:5a:f9:5c:ed:9c:
         b9:2f:c0:8d:22:35:e2:8c:86:0c:9f:cb:88:2e:ae:98:58:09:
         41:cd:85:8d:f1:24:d7:c4:02:af:fc:a0:3b:39:00:6e:95:51:
         ec:18:ec:da:3f:06:9e:2f:24:79:d3:da:6b:b1:72:73:3f:ae:
         0e:e6:f4:59:4c:bf:d5:e7:8d:d2:ce:1a:36:27:c6:5a:11:e2:
         ba:a7:e4:fd:02:5e:9e:3c:dc:11:05:87:64:b0:ee:77:38:fd:
         54:50:6d:da:a7:25:5a:31:bc:8a:ee:80:b3:f6:cc:7b:05:59:
         0c:92:b4:3a:91:d6:f7:0e:9a:3f:b8:9a:46:03:7a:58:97:51:
         f1:fd:62:fb:e1:b9:c6:cd:46:79:ad:ed:b6:68:0a:1f:25:36:
         d4:38:30:4f:30:bf:59:1a:b9:42:d4:9d:61:10:65:46:b9:8f:
         51:e8:5e:3d:15:b1:c4:19:03:5d:86:88:cb:c2:8b:18:0a:b4:
         dc:80:37:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmeqX1yDACCGjjbQC6vdmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyY2U3NTkzMjAxOTViOWNjMThjY2ZjYjFiNTMyYWVhOTQ5
MjU4ZjEwHhcNMjQwMTAyMTQzNTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODMxMWY3YWE1N2RmM2UzNGJlN2YzZGRmOTExMjcwNjMxZGJkM2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgBAAFbTZs1xdEm0atsdARSAHSlcq
8e9ngAnD+Ai2PKPQxt4SRwXXrhP4sq1K6gfpQAtV55Z1IoYKSv+GsDuHfVuSJG2k
3C2u/o9qTvipaFoKlS//vLawYmlxAYk1qRqnhx0nKff3QK3W+jte25ph42s2SK1P
4Wl3IMNdAHs9tJTjK9hpdKxoK+bvVEFcob9rcJhp1McqaVwxq6tiMdx6L+JsFuiA
27rVCEYZxnsQopG2tdXhIMDzp9SA4iw+srZng8VTyt+Zk0/DhyzErg+ri8XyzXzo
xipUqlCL+ZeP8LCpoxoX8uTcruvvafzJWKpTT9SzL8xbjXmklsOh2KzooQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGgxH3qlffPjS+fz3fkRJwYx29O4MB8GA1UdIwQY
MBaAFELOdZMgGVucwYzPyxtTKuqUkljxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXM1MWt5QVpXNXpCak1fTEcxTXE2cFNTV1BFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9hNTIwNDgtMTJjYS00YTAzLTk1YmUt
Njk3OTQ4ZWE3MWY1LzEvYURFZmVxVjk4LU5MNV9QZC1SRW5CakhiMDdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9hNTIwNDgtMTJjYS00YTAzLTk1YmUtNjk3OTQ4ZWE3MWY1
LzEvUXM1MWt5QVpXNXpCak1fTEcxTXE2cFNTV1BFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjXIMA0G
CSqGSIb3DQEBCwUAA4IBAQALuWYUS3R+Omq7jfhQO/TPmHI4wC8ncwggcLN0Hb9A
8eTbNgshGr0Hh2uSVbktXzCmp+te+a9uF0Mh2p8K6JDWWWuXWvlc7Zy5L8CNIjXi
jIYMn8uILq6YWAlBzYWN8STXxAKv/KA7OQBulVHsGOzaPwaeLyR509prsXJzP64O
5vRZTL/V543Szho2J8ZaEeK6p+T9Al6ePNwRBYdksO53OP1UUG3apyVaMbyK7oCz
9sx7BVkMkrQ6kdb3Dpo/uJpGA3pYl1Hx/WL74bnGzUZ5re22aAofJTbUODBPML9Z
GrlC1J1hEGVGuY9R6F49FbHEGQNdhojLwosYCrTcgDfW
-----END CERTIFICATE-----