Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/4ef2c3-06d8-4f11-84b7-338196935050/1/rvQFpMic63gGWSkK-mEMdKta5iI.roa
File:                     rvQFpMic63gGWSkK-mEMdKta5iI.roa (raw, json)
Hash identifier:          o/JPI6pA6zop/5OEPdHJH2+G9x+Y8BsB37JmpqylMqo=
Subject key identifier:   AE:F4:05:A4:C8:9C:EB:78:06:59:29:0A:FA:61:0C:74:AB:5A:E6:22
Certificate issuer:       /CN=102282537eb00130b79651f408000edca56450ea
Certificate serial:       018CC9BC8C389268FA3755D4928FDED88054
Authority key identifier: 10:22:82:53:7E:B0:01:30:B7:96:51:F4:08:00:0E:DC:A5:64:50:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ECKCU36wATC3llH0CAAO3KVkUOo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/4ef2c3-06d8-4f11-84b7-338196935050/1/rvQFpMic63gGWSkK-mEMdKta5iI.roa
Signing time:             Tue 02 Jan 2024 10:33:46 +0000
ROA not before:           Tue 02 Jan 2024 10:33:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5617
IP address blocks:        194.127.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/4ef2c3-06d8-4f11-84b7-338196935050/1/ECKCU36wATC3llH0CAAO3KVkUOo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/4ef2c3-06d8-4f11-84b7-338196935050/1/ECKCU36wATC3llH0CAAO3KVkUOo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ECKCU36wATC3llH0CAAO3KVkUOo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:8c:38:92:68:fa:37:55:d4:92:8f:de:d8:80:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=102282537eb00130b79651f408000edca56450ea
        Validity
            Not Before: Jan  2 10:33:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aef405a4c89ceb780659290afa610c74ab5ae622
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:47:f1:7d:b6:85:13:1c:c1:24:52:f6:fa:15:
                    a1:92:d3:77:ad:17:79:e2:f7:e9:5d:f4:d2:fb:5e:
                    66:fb:bf:57:2d:96:31:d0:d0:35:45:c4:1f:41:29:
                    7d:6a:55:49:3a:00:d8:63:1e:76:80:4b:d5:dc:de:
                    41:94:9c:53:e9:99:a9:de:ae:f7:d0:b1:f1:ac:98:
                    d3:f7:6c:57:82:d1:44:27:e4:9e:1b:f2:f9:58:f4:
                    3a:59:3b:bd:aa:17:42:5a:2b:ba:18:0e:1e:d9:76:
                    9f:f2:62:cd:8a:1f:1d:db:2d:c9:22:f9:bb:20:ec:
                    35:f7:83:8c:53:a1:9b:e8:9c:75:f7:42:9b:0c:24:
                    f8:ec:4b:05:59:c0:45:7b:28:38:e9:45:af:6e:00:
                    63:c2:ed:52:93:80:48:53:bd:3a:5e:6a:da:fb:48:
                    2e:97:dc:ff:2d:93:fa:5b:7c:eb:c3:1c:de:e2:35:
                    ec:d6:c0:3f:8a:09:fc:56:5c:fa:2e:ab:2b:24:e5:
                    bb:67:7e:ff:b8:2f:d0:6c:46:9a:52:21:e7:f4:b3:
                    d4:11:23:a2:60:7a:98:75:fa:17:91:3e:41:26:64:
                    f6:87:bb:64:58:6c:37:56:aa:3d:67:f6:7e:59:82:
                    00:d8:8b:5e:64:65:67:9d:a9:2f:6d:ca:74:e6:13:
                    b0:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:F4:05:A4:C8:9C:EB:78:06:59:29:0A:FA:61:0C:74:AB:5A:E6:22
            X509v3 Authority Key Identifier:
                keyid:10:22:82:53:7E:B0:01:30:B7:96:51:F4:08:00:0E:DC:A5:64:50:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ECKCU36wATC3llH0CAAO3KVkUOo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/4ef2c3-06d8-4f11-84b7-338196935050/1/rvQFpMic63gGWSkK-mEMdKta5iI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/4ef2c3-06d8-4f11-84b7-338196935050/1/ECKCU36wATC3llH0CAAO3KVkUOo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:3e:12:1a:5e:e0:0c:71:4a:80:2c:f0:63:5a:3f:52:d2:e5:
         54:a5:c2:6f:c2:66:a1:53:ed:72:c7:43:24:83:bf:91:ec:b2:
         68:7e:8c:70:95:08:20:5d:a8:d6:6b:a0:8b:ce:f6:52:14:0e:
         ea:08:01:24:0e:69:0d:5e:c7:c1:2c:9c:53:e8:03:47:6b:99:
         f0:3f:2b:a4:02:2d:fb:9c:ba:84:0c:52:aa:84:4c:ae:43:b5:
         fe:d6:48:a4:09:20:e2:01:71:5f:86:b8:63:6a:88:2f:33:d1:
         0b:4f:bc:e5:57:4b:2c:e1:05:0f:df:a5:05:c0:49:0b:58:18:
         6b:02:cc:e2:2b:4a:54:53:6f:e9:45:61:47:78:9a:58:71:6b:
         02:e7:b2:ee:12:a2:87:b8:33:51:e0:77:49:5f:a6:5a:c1:ba:
         97:f3:61:81:ed:68:a2:39:30:16:ff:07:f4:0b:e9:9b:df:95:
         87:0c:34:ca:95:96:43:31:97:73:4a:ca:a5:56:72:80:ed:fe:
         bd:36:2b:07:45:d2:11:87:91:42:3b:ba:5b:9e:28:12:6f:b0:
         96:05:4b:f4:eb:fe:11:4d:06:c0:02:bb:59:71:00:29:3b:62:
         3d:5f:d8:01:36:c5:a2:05:70:81:01:8a:54:25:8e:2b:6f:ec:
         1e:d0:92:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvIw4kmj6N1XUko/e2IBUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwMjI4MjUzN2ViMDAxMzBiNzk2NTFmNDA4MDAwZWRjYTU2
NDUwZWEwHhcNMjQwMTAyMTAzMzQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWY0MDVhNGM4OWNlYjc4MDY1OTI5MGFmYTYxMGM3NGFiNWFlNjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkfxfbaFExzBJFL2+hWhktN3rRd5
4vfpXfTS+15m+79XLZYx0NA1RcQfQSl9alVJOgDYYx52gEvV3N5BlJxT6Zmp3q73
0LHxrJjT92xXgtFEJ+SeG/L5WPQ6WTu9qhdCWiu6GA4e2Xaf8mLNih8d2y3JIvm7
IOw194OMU6Gb6Jx190KbDCT47EsFWcBFeyg46UWvbgBjwu1Sk4BIU706Xmra+0gu
l9z/LZP6W3zrwxze4jXs1sA/ign8Vlz6LqsrJOW7Z37/uC/QbEaaUiHn9LPUESOi
YHqYdfoXkT5BJmT2h7tkWGw3Vqo9Z/Z+WYIA2IteZGVnnakvbcp05hOwxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK70BaTInOt4BlkpCvphDHSrWuYiMB8GA1UdIwQY
MBaAFBAiglN+sAEwt5ZR9AgADtylZFDqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUNLQ1UzNndBVEMzbGxIMENBQU8zS1ZrVU9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi80ZWYyYzMtMDZkOC00ZjExLTg0Yjct
MzM4MTk2OTM1MDUwLzEvcnZRRnBNaWM2M2dHV1NrSy1tRU1kS3RhNWlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi80ZWYyYzMtMDZkOC00ZjExLTg0YjctMzM4MTk2OTM1MDUw
LzEvRUNLQ1UzNndBVEMzbGxIMENBQU8zS1ZrVU9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn+IMA0G
CSqGSIb3DQEBCwUAA4IBAQBDPhIaXuAMcUqALPBjWj9S0uVUpcJvwmahU+1yx0Mk
g7+R7LJofoxwlQggXajWa6CLzvZSFA7qCAEkDmkNXsfBLJxT6ANHa5nwPyukAi37
nLqEDFKqhEyuQ7X+1kikCSDiAXFfhrhjaogvM9ELT7zlV0ss4QUP36UFwEkLWBhr
AsziK0pUU2/pRWFHeJpYcWsC57LuEqKHuDNR4HdJX6ZawbqX82GB7WiiOTAW/wf0
C+mb35WHDDTKlZZDMZdzSsqlVnKA7f69NisHRdIRh5FCO7pbnigSb7CWBUv06/4R
TQbAArtZcQApO2I9X9gBNsWiBXCBAYpUJY4rb+we0JKL
-----END CERTIFICATE-----