Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/dCHVQlXPikIGSKUMGyYeBQHrEjo.roa
File:                     dCHVQlXPikIGSKUMGyYeBQHrEjo.roa (raw, json)
Hash identifier:          PVMXPksQznJvQ3kfRNMF5kIULr76jPSIMzsRW+0Rtq8=
Subject key identifier:   74:21:D5:42:55:CF:8A:42:06:48:A5:0C:1B:26:1E:05:01:EB:12:3A
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348D7B60FC0008B8DD037902BF0F429
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/dCHVQlXPikIGSKUMGyYeBQHrEjo.roa
Signing time:             Mon 01 Jan 2024 04:29:40 +0000
ROA not before:           Mon 01 Jan 2024 04:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35610
IP address blocks:        194.209.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:d7:b6:0f:c0:00:8b:8d:d0:37:90:2b:f0:f4:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7421d54255cf8a420648a50c1b261e0501eb123a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:dd:08:f1:06:5c:da:75:45:41:a0:cb:fc:0f:
                    0d:49:e5:c9:a5:89:fd:0c:ab:ff:a5:74:e5:41:82:
                    49:b8:52:7e:4a:13:8b:8e:e4:a8:51:ba:e0:78:0d:
                    a9:67:94:af:46:4c:4e:ee:50:d7:21:0c:e6:b6:94:
                    47:51:21:61:7f:96:34:2c:34:56:97:53:9b:e2:6d:
                    66:1e:c0:2d:8a:b2:dd:26:d7:3d:12:d3:48:bc:1d:
                    71:56:c2:4d:94:04:68:2c:61:7c:8e:c2:48:ea:05:
                    ae:92:23:5a:40:a5:07:f3:9d:53:ee:2f:65:57:e7:
                    da:29:06:ed:9d:3b:95:61:0b:5c:53:f0:c6:e7:2d:
                    d9:c4:0c:6d:f0:4b:5b:b3:ee:b9:65:95:41:b8:f3:
                    ed:c5:3a:2a:0a:dd:8b:64:d7:32:15:ef:af:f0:82:
                    77:ae:d7:9a:37:2a:e8:6e:49:c5:92:cc:ec:5a:9f:
                    03:7a:2c:c2:c7:87:04:31:8d:86:05:fb:aa:67:04:
                    04:68:83:72:72:91:24:2c:54:8d:8f:d5:dc:75:43:
                    12:6d:42:fe:d2:3b:ab:99:5f:69:d2:c5:eb:27:5a:
                    91:f8:74:91:c2:0d:5b:9f:f4:db:16:8c:ac:03:d1:
                    fb:b1:b3:ee:14:12:30:db:85:ed:44:af:c1:c8:b9:
                    1b:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:21:D5:42:55:CF:8A:42:06:48:A5:0C:1B:26:1E:05:01:EB:12:3A
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/dCHVQlXPikIGSKUMGyYeBQHrEjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.209.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:c7:e5:a7:a9:ee:89:db:5c:2d:c0:14:04:e9:d8:59:67:d4:
         ae:77:f0:08:c9:65:56:04:ca:05:2f:80:bc:21:0a:c9:2e:21:
         11:d0:f6:4e:c5:74:6d:70:4c:1f:0c:d6:29:93:38:04:4c:77:
         04:ad:b3:02:21:15:99:56:62:10:8e:d5:37:03:4d:ac:55:86:
         03:78:17:2f:05:d1:1a:0a:4b:97:d8:e6:3f:f9:d5:35:62:43:
         70:5e:2a:60:1d:42:84:04:15:93:1b:26:44:b7:a8:7e:5a:04:
         33:09:a9:8d:b7:49:95:cb:f9:5a:5b:f8:56:2c:36:be:36:b7:
         cd:fa:c8:c6:da:b7:73:03:ce:6b:a8:68:e8:17:69:ad:d6:b4:
         04:3b:22:81:17:e7:b2:c4:ed:30:42:cd:9d:df:02:19:99:f9:
         1f:7c:67:c8:07:b1:5d:99:c4:00:f5:af:3d:cc:32:79:df:df:
         57:ae:c2:fd:24:25:b6:75:2e:8d:1b:ff:00:e9:00:47:4c:d8:
         11:8e:2e:40:d6:fe:95:04:c2:3c:f8:a1:a1:bc:81:aa:be:f3:
         e6:e6:e6:5b:e8:1b:ba:c5:b1:9b:7d:9f:2c:fd:65:3f:5f:ec:
         12:20:44:3f:b7:ff:b2:27:8b:8b:b7:6a:de:a4:3b:c7:17:ec:
         db:6c:c0:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSNe2D8AAi43QN5Ar8PQpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDIxZDU0MjU1Y2Y4YTQyMDY0OGE1MGMxYjI2MWUwNTAxZWIxMjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh90I8QZc2nVFQaDL/A8NSeXJpYn9
DKv/pXTlQYJJuFJ+ShOLjuSoUbrgeA2pZ5SvRkxO7lDXIQzmtpRHUSFhf5Y0LDRW
l1Ob4m1mHsAtirLdJtc9EtNIvB1xVsJNlARoLGF8jsJI6gWukiNaQKUH851T7i9l
V+faKQbtnTuVYQtcU/DG5y3ZxAxt8Etbs+65ZZVBuPPtxToqCt2LZNcyFe+v8IJ3
rteaNyrobknFkszsWp8DeizCx4cEMY2GBfuqZwQEaINycpEkLFSNj9XcdUMSbUL+
0jurmV9p0sXrJ1qR+HSRwg1bn/TbFoysA9H7sbPuFBIw24XtRK/ByLkbnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHQh1UJVz4pCBkilDBsmHgUB6xI6MB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvZENIVlFsWFBpa0lHU0tVTUd5WWVCUUhyRWpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwtE0MA0G
CSqGSIb3DQEBCwUAA4IBAQB+x+Wnqe6J21wtwBQE6dhZZ9Sud/AIyWVWBMoFL4C8
IQrJLiER0PZOxXRtcEwfDNYpkzgETHcErbMCIRWZVmIQjtU3A02sVYYDeBcvBdEa
CkuX2OY/+dU1YkNwXipgHUKEBBWTGyZEt6h+WgQzCamNt0mVy/laW/hWLDa+NrfN
+sjG2rdzA85rqGjoF2mt1rQEOyKBF+eyxO0wQs2d3wIZmfkffGfIB7FdmcQA9a89
zDJ5399XrsL9JCW2dS6NG/8A6QBHTNgRji5A1v6VBMI8+KGhvIGqvvPm5uZb6Bu6
xbGbfZ8s/WU/X+wSIEQ/t/+yJ4uLt2repDvHF+zbbMCz
-----END CERTIFICATE-----