Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/5cb473-35a1-4727-8773-a0d6f0eeb5c2/1/3KqmGVEw2oDEhX-Vk4Y7jFRN-oI.roa
File:                     3KqmGVEw2oDEhX-Vk4Y7jFRN-oI.roa (raw, json)
Hash identifier:          3m3km5Xdz2JD29H6/ChIM8Urssu+zp2KSEgVSE7PndI=
Subject key identifier:   DC:AA:A6:19:51:30:DA:80:C4:85:7F:95:93:86:3B:8C:54:4D:FA:82
Certificate issuer:       /CN=43a438813750133e55001bf89670a0db3ae5be1f
Certificate serial:       018CC34900B0138EF9A72DD3786BD18D7A55
Authority key identifier: 43:A4:38:81:37:50:13:3E:55:00:1B:F8:96:70:A0:DB:3A:E5:BE:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q6Q4gTdQEz5VABv4lnCg2zrlvh8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/5cb473-35a1-4727-8773-a0d6f0eeb5c2/1/3KqmGVEw2oDEhX-Vk4Y7jFRN-oI.roa
Signing time:             Mon 01 Jan 2024 04:29:50 +0000
ROA not before:           Mon 01 Jan 2024 04:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39923
IP address blocks:        194.50.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/5cb473-35a1-4727-8773-a0d6f0eeb5c2/1/Q6Q4gTdQEz5VABv4lnCg2zrlvh8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/5cb473-35a1-4727-8773-a0d6f0eeb5c2/1/Q6Q4gTdQEz5VABv4lnCg2zrlvh8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q6Q4gTdQEz5VABv4lnCg2zrlvh8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:00:b0:13:8e:f9:a7:2d:d3:78:6b:d1:8d:7a:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43a438813750133e55001bf89670a0db3ae5be1f
        Validity
            Not Before: Jan  1 04:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dcaaa6195130da80c4857f9593863b8c544dfa82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:f9:f4:62:18:bb:6b:ef:dd:5b:db:76:8e:0d:
                    ce:f4:67:ee:a5:bc:87:96:b2:c4:d6:a9:7c:6f:fb:
                    13:95:b5:7c:5b:21:98:73:e2:28:a8:b0:94:91:45:
                    4a:4a:f2:05:08:e8:6f:91:18:c0:f6:e1:e5:03:47:
                    64:34:43:3d:8d:0d:08:a4:f5:9f:c8:c1:86:69:90:
                    f2:8e:15:5e:84:a4:e4:c3:4d:71:cb:ca:80:44:1d:
                    48:2c:f1:ed:69:35:4b:98:c4:3a:ef:03:fc:ab:50:
                    a9:37:a8:5e:70:13:84:cd:6e:b1:08:d2:60:58:23:
                    31:f0:76:7a:a4:62:f7:22:12:0e:0e:30:65:d4:de:
                    7d:5b:72:57:90:89:3a:c2:56:32:6a:ac:05:e7:ad:
                    69:ea:38:e9:c2:54:ac:ba:20:97:19:99:3d:03:4b:
                    65:65:ac:28:01:21:ad:d4:26:d2:68:a3:eb:71:4a:
                    82:1a:8f:6b:51:f6:b4:2d:a4:81:08:ce:da:69:1d:
                    0b:07:55:f6:a6:f7:07:22:7a:99:5b:96:ae:61:ee:
                    64:e9:ad:97:12:06:e5:13:3f:34:a9:51:b1:9e:82:
                    d7:81:ae:2f:b3:d9:93:56:4e:e5:d9:ba:2a:99:fc:
                    8d:64:71:94:a6:b9:06:0f:4d:2f:dd:91:c1:7c:d4:
                    8d:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:AA:A6:19:51:30:DA:80:C4:85:7F:95:93:86:3B:8C:54:4D:FA:82
            X509v3 Authority Key Identifier:
                keyid:43:A4:38:81:37:50:13:3E:55:00:1B:F8:96:70:A0:DB:3A:E5:BE:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q6Q4gTdQEz5VABv4lnCg2zrlvh8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/5cb473-35a1-4727-8773-a0d6f0eeb5c2/1/3KqmGVEw2oDEhX-Vk4Y7jFRN-oI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/5cb473-35a1-4727-8773-a0d6f0eeb5c2/1/Q6Q4gTdQEz5VABv4lnCg2zrlvh8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:26:3d:ec:e3:7a:52:9d:77:08:19:31:b4:09:41:bc:5b:27:
         b7:9e:c2:5f:b2:e0:7a:bd:3f:72:7c:43:17:19:ee:36:f9:b7:
         60:85:92:29:b0:90:47:93:78:c9:e3:b5:24:f4:d0:3e:13:48:
         1e:ea:6b:d7:60:0a:bf:c2:14:88:7e:9e:43:38:a6:5d:3e:c1:
         db:86:89:f1:41:3a:de:b8:c7:15:e2:b5:2f:dd:1e:74:64:75:
         4e:76:0a:96:9e:f3:8c:51:d7:84:1e:3c:72:32:bf:92:d0:d3:
         5e:c4:5d:01:ca:e8:53:4d:ce:3b:a2:c6:76:a9:f6:99:17:a1:
         61:fd:5f:37:9c:77:ec:14:9e:85:52:60:e1:8c:a2:2a:fd:bb:
         d6:f5:7e:20:a3:f9:44:1a:bd:9a:4c:9c:65:cf:c0:ad:c1:b6:
         e4:f6:5e:49:bf:b2:48:ad:01:fa:6a:c7:5c:c0:31:b4:ac:c8:
         8d:1d:91:bb:19:6c:95:f1:89:8e:83:ff:08:0b:be:60:b4:52:
         73:d6:66:5b:3b:d3:a5:b0:8b:c4:ee:f8:31:5b:57:12:5b:d9:
         21:95:0a:8d:6b:bb:de:fc:6c:86:88:52:b3:01:ec:0c:45:d3:
         1d:6e:bd:52:ee:1e:b3:63:37:cf:c3:be:77:f2:b8:96:31:69:
         6c:2e:a1:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSQCwE475py3TeGvRjXpVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzYTQzODgxMzc1MDEzM2U1NTAwMWJmODk2NzBhMGRiM2Fl
NWJlMWYwHhcNMjQwMTAxMDQyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2FhYTYxOTUxMzBkYTgwYzQ4NTdmOTU5Mzg2M2I4YzU0NGRmYTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlPn0Yhi7a+/dW9t2jg3O9GfupbyH
lrLE1ql8b/sTlbV8WyGYc+IoqLCUkUVKSvIFCOhvkRjA9uHlA0dkNEM9jQ0IpPWf
yMGGaZDyjhVehKTkw01xy8qARB1ILPHtaTVLmMQ67wP8q1CpN6hecBOEzW6xCNJg
WCMx8HZ6pGL3IhIODjBl1N59W3JXkIk6wlYyaqwF561p6jjpwlSsuiCXGZk9A0tl
ZawoASGt1CbSaKPrcUqCGo9rUfa0LaSBCM7aaR0LB1X2pvcHInqZW5auYe5k6a2X
EgblEz80qVGxnoLXga4vs9mTVk7l2boqmfyNZHGUprkGD00v3ZHBfNSNeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNyqphlRMNqAxIV/lZOGO4xUTfqCMB8GA1UdIwQY
MBaAFEOkOIE3UBM+VQAb+JZwoNs65b4fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTZRNGdUZFFFejVWQUJ2NGxuQ2cyenJsdmg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81Y2I0NzMtMzVhMS00NzI3LTg3NzMt
YTBkNmYwZWViNWMyLzEvM0txbUdWRXcyb0RFaFgtVms0WTdqRlJOLW9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81Y2I0NzMtMzVhMS00NzI3LTg3NzMtYTBkNmYwZWViNWMy
LzEvUTZRNGdUZFFFejVWQUJ2NGxuQ2cyenJsdmg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjKxMA0G
CSqGSIb3DQEBCwUAA4IBAQAfJj3s43pSnXcIGTG0CUG8Wye3nsJfsuB6vT9yfEMX
Ge42+bdghZIpsJBHk3jJ47Uk9NA+E0ge6mvXYAq/whSIfp5DOKZdPsHbhonxQTre
uMcV4rUv3R50ZHVOdgqWnvOMUdeEHjxyMr+S0NNexF0ByuhTTc47osZ2qfaZF6Fh
/V83nHfsFJ6FUmDhjKIq/bvW9X4go/lEGr2aTJxlz8Ctwbbk9l5Jv7JIrQH6asdc
wDG0rMiNHZG7GWyV8YmOg/8IC75gtFJz1mZbO9OlsIvE7vgxW1cSW9khlQqNa7ve
/GyGiFKzAewMRdMdbr1S7h6zYzfPw7538riWMWlsLqER
-----END CERTIFICATE-----