Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/40e5f4-d056-44f2-899e-2286b89e7a7e/1/oaT3wa1qDaUMv1f7UCdWbxxv1Dk.roa
File:                     oaT3wa1qDaUMv1f7UCdWbxxv1Dk.roa (raw, json)
Hash identifier:          u6RGitc4Rvk1ybXuc7w5+av7rq63hwVeDy/OlW51NYU=
Subject key identifier:   A1:A4:F7:C1:AD:6A:0D:A5:0C:BF:57:FB:50:27:56:6F:1C:6F:D4:39
Certificate issuer:       /CN=57c76a80ec2912a568935cb57b6a650f03dfd8d2
Certificate serial:       018CC26D0F47378ADB1155302ACF12A71916
Authority key identifier: 57:C7:6A:80:EC:29:12:A5:68:93:5C:B5:7B:6A:65:0F:03:DF:D8:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V8dqgOwpEqVok1y1e2plDwPf2NI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/40e5f4-d056-44f2-899e-2286b89e7a7e/1/oaT3wa1qDaUMv1f7UCdWbxxv1Dk.roa
Signing time:             Mon 01 Jan 2024 00:29:36 +0000
ROA not before:           Mon 01 Jan 2024 00:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48705
IP address blocks:        193.39.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/40e5f4-d056-44f2-899e-2286b89e7a7e/1/V8dqgOwpEqVok1y1e2plDwPf2NI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/40e5f4-d056-44f2-899e-2286b89e7a7e/1/V8dqgOwpEqVok1y1e2plDwPf2NI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V8dqgOwpEqVok1y1e2plDwPf2NI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:03:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:0f:47:37:8a:db:11:55:30:2a:cf:12:a7:19:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57c76a80ec2912a568935cb57b6a650f03dfd8d2
        Validity
            Not Before: Jan  1 00:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1a4f7c1ad6a0da50cbf57fb5027566f1c6fd439
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:e3:13:77:56:03:19:f9:b1:0f:f3:c7:a3:57:
                    0e:67:95:25:ae:13:72:70:39:2c:b6:be:9c:58:de:
                    3f:14:7c:ab:79:f1:3e:46:90:fe:55:b9:03:80:d7:
                    0e:7a:68:28:82:04:34:fa:c9:db:95:5a:12:37:5d:
                    82:da:ad:37:2e:d7:7a:b4:1f:ba:30:01:66:fa:39:
                    1d:ab:c6:d7:e6:e7:80:59:89:57:c1:3d:44:cb:d7:
                    da:fc:8c:4e:40:64:b4:69:72:d8:03:b4:66:29:0f:
                    e7:60:50:5a:b0:aa:3f:00:36:6c:41:8f:3f:e7:50:
                    d1:11:49:f0:16:70:5f:f5:44:60:ef:48:45:e9:0d:
                    14:f8:f5:f6:5b:f6:37:fa:71:4d:ea:25:5d:35:32:
                    a4:92:bc:ec:10:f9:4f:27:16:0e:eb:d1:e8:95:7a:
                    14:08:b2:11:18:62:ec:18:7a:41:bf:e5:fa:a3:39:
                    85:da:2d:2a:7a:34:ff:51:b3:ad:06:af:8a:3e:df:
                    74:0e:e2:ec:44:69:41:c2:e6:86:e4:75:45:92:6e:
                    cb:cd:43:e4:b6:01:2a:61:b6:0b:0a:d2:11:d0:36:
                    d6:f0:44:4b:a0:20:41:20:a5:13:49:eb:22:6d:7e:
                    e6:9e:4f:81:72:66:af:04:72:0a:cb:8e:3e:0a:5a:
                    a8:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:A4:F7:C1:AD:6A:0D:A5:0C:BF:57:FB:50:27:56:6F:1C:6F:D4:39
            X509v3 Authority Key Identifier:
                keyid:57:C7:6A:80:EC:29:12:A5:68:93:5C:B5:7B:6A:65:0F:03:DF:D8:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8dqgOwpEqVok1y1e2plDwPf2NI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/40e5f4-d056-44f2-899e-2286b89e7a7e/1/oaT3wa1qDaUMv1f7UCdWbxxv1Dk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/40e5f4-d056-44f2-899e-2286b89e7a7e/1/V8dqgOwpEqVok1y1e2plDwPf2NI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.39.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:17:9a:76:1e:8a:7b:71:90:05:2a:96:98:b3:ed:e7:c3:8b:
         2a:99:74:84:98:94:1c:ac:47:46:72:28:76:e8:4c:25:24:1f:
         ff:d7:ba:f9:2e:b6:ed:04:cc:09:4b:38:f0:86:ad:a9:f8:a5:
         d3:27:e5:a0:26:61:c3:9a:9f:cc:9c:bb:dd:c8:d6:b5:e9:2e:
         0a:d2:98:8e:72:f4:46:6f:b2:95:14:87:5a:e5:ef:5f:96:8b:
         b3:60:3d:77:82:69:a5:0e:2e:6b:b9:f0:45:49:eb:db:c8:cb:
         b6:ed:23:e2:72:33:e9:65:bc:ac:d3:44:b6:24:d1:85:e6:9f:
         e5:a6:0d:eb:2e:de:95:ef:88:0b:d2:38:a6:cf:1c:71:8d:f5:
         36:c8:e4:e9:74:ea:fe:81:ed:cb:d5:d8:c0:59:be:ae:e9:34:
         ee:97:17:17:74:3b:84:3a:2e:c2:91:0d:88:9b:7e:9f:24:41:
         31:a5:5c:e8:8d:83:84:23:92:cd:1d:7a:62:c9:ac:68:2a:23:
         ab:a2:9f:f6:0e:14:08:dd:81:58:59:3c:e1:43:9f:e7:c5:be:
         b0:5a:30:44:a2:79:ae:01:ec:41:3e:47:95:f0:97:1a:55:3e:
         f2:0c:cb:91:72:46:c0:ff:da:37:23:cf:6d:2c:17:41:07:cd:
         7b:dc:b8:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbQ9HN4rbEVUwKs8SpxkWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3Yzc2YTgwZWMyOTEyYTU2ODkzNWNiNTdiNmE2NTBmMDNk
ZmQ4ZDIwHhcNMjQwMTAxMDAyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWE0ZjdjMWFkNmEwZGE1MGNiZjU3ZmI1MDI3NTY2ZjFjNmZkNDM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1OMTd1YDGfmxD/PHo1cOZ5UlrhNy
cDkstr6cWN4/FHyrefE+RpD+VbkDgNcOemgoggQ0+snblVoSN12C2q03Ltd6tB+6
MAFm+jkdq8bX5ueAWYlXwT1Ey9fa/IxOQGS0aXLYA7RmKQ/nYFBasKo/ADZsQY8/
51DREUnwFnBf9URg70hF6Q0U+PX2W/Y3+nFN6iVdNTKkkrzsEPlPJxYO69HolXoU
CLIRGGLsGHpBv+X6ozmF2i0qejT/UbOtBq+KPt90DuLsRGlBwuaG5HVFkm7LzUPk
tgEqYbYLCtIR0DbW8ERLoCBBIKUTSesibX7mnk+BcmavBHIKy44+ClqogQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKGk98Gtag2lDL9X+1AnVm8cb9Q5MB8GA1UdIwQY
MBaAFFfHaoDsKRKlaJNctXtqZQ8D39jSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhkcWdPd3BFcVZvazF5MWUycGxEd1BmMk5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS80MGU1ZjQtZDA1Ni00NGYyLTg5OWUt
MjI4NmI4OWU3YTdlLzEvb2FUM3dhMXFEYVVNdjFmN1VDZFdieHh2MURrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS80MGU1ZjQtZDA1Ni00NGYyLTg5OWUtMjI4NmI4OWU3YTdl
LzEvVjhkcWdPd3BFcVZvazF5MWUycGxEd1BmMk5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSdCMA0G
CSqGSIb3DQEBCwUAA4IBAQCSF5p2Hop7cZAFKpaYs+3nw4sqmXSEmJQcrEdGcih2
6EwlJB//17r5LrbtBMwJSzjwhq2p+KXTJ+WgJmHDmp/MnLvdyNa16S4K0piOcvRG
b7KVFIda5e9flouzYD13gmmlDi5rufBFSevbyMu27SPicjPpZbys00S2JNGF5p/l
pg3rLt6V74gL0jimzxxxjfU2yOTpdOr+ge3L1djAWb6u6TTulxcXdDuEOi7CkQ2I
m36fJEExpVzojYOEI5LNHXpiyaxoKiOrop/2DhQI3YFYWTzhQ5/nxb6wWjBEonmu
AexBPkeV8JcaVT7yDMuRckbA/9o3I89tLBdBB8173Lgv
-----END CERTIFICATE-----