Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/5e9df7-1c88-4449-93da-b6427395d29f/1/0PmaIqvXKOpzMFUR_YgctK9voww.roa
File:                     0PmaIqvXKOpzMFUR_YgctK9voww.roa (raw, json)
Hash identifier:          DUivdrTLootL7uZBfRv8fhcsv4SI97bsqOR3Ujrt6v8=
Subject key identifier:   D0:F9:9A:22:AB:D7:28:EA:73:30:55:11:FD:88:1C:B4:AF:6F:A3:0C
Certificate issuer:       /CN=a3742347c73e7b3d500f60fb650b82a01c21f749
Certificate serial:       018CC5DBEFCE4A3E774DF15550108E7CB9C7
Authority key identifier: A3:74:23:47:C7:3E:7B:3D:50:0F:60:FB:65:0B:82:A0:1C:21:F7:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o3QjR8c-ez1QD2D7ZQuCoBwh90k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/5e9df7-1c88-4449-93da-b6427395d29f/1/0PmaIqvXKOpzMFUR_YgctK9voww.roa
Signing time:             Mon 01 Jan 2024 16:29:34 +0000
ROA not before:           Mon 01 Jan 2024 16:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205376
IP address blocks:        194.45.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/5e9df7-1c88-4449-93da-b6427395d29f/1/o3QjR8c-ez1QD2D7ZQuCoBwh90k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/5e9df7-1c88-4449-93da-b6427395d29f/1/o3QjR8c-ez1QD2D7ZQuCoBwh90k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o3QjR8c-ez1QD2D7ZQuCoBwh90k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 04:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:ef:ce:4a:3e:77:4d:f1:55:50:10:8e:7c:b9:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3742347c73e7b3d500f60fb650b82a01c21f749
        Validity
            Not Before: Jan  1 16:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0f99a22abd728ea73305511fd881cb4af6fa30c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:30:df:bc:d8:b1:75:59:be:ff:5d:5c:8b:c2:
                    0e:68:70:90:62:b2:88:c1:7c:ad:56:e7:76:bd:39:
                    f7:6e:64:f8:70:3a:66:89:a4:90:4d:18:b4:c2:16:
                    83:aa:07:38:b5:96:92:c6:f9:b3:00:5f:29:f2:09:
                    76:6f:fa:3a:a3:5b:1a:96:f9:24:45:25:23:3c:d5:
                    9f:25:04:8c:4f:af:b4:4b:60:34:79:18:8b:38:dd:
                    b5:79:42:ef:c0:88:5d:b4:08:31:34:6d:8f:df:f4:
                    70:10:fd:56:48:fa:94:dc:67:4c:59:96:69:68:ca:
                    9b:29:c2:a1:07:62:1c:35:bf:ac:76:64:ce:54:cc:
                    45:0f:2b:2d:0d:92:f0:cf:f2:6c:e5:18:96:ce:be:
                    c8:e3:06:e0:8e:a4:b7:7d:a7:b6:d3:c5:7c:18:85:
                    ad:6d:7a:12:8c:eb:64:44:0f:cb:9f:36:cc:65:cf:
                    07:7f:2d:33:25:b7:dc:3b:67:de:e9:e2:1a:cd:ca:
                    2e:3d:49:23:2d:e9:5c:19:7b:ee:07:98:f8:3d:15:
                    8c:2a:10:80:4d:62:7a:f3:c6:ea:a8:34:7e:8c:8c:
                    79:83:2f:34:48:e3:7e:e2:21:c3:8a:49:e0:c9:74:
                    3d:7c:3f:23:ad:ba:89:cf:59:1d:7f:8e:68:3b:03:
                    6e:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:F9:9A:22:AB:D7:28:EA:73:30:55:11:FD:88:1C:B4:AF:6F:A3:0C
            X509v3 Authority Key Identifier:
                keyid:A3:74:23:47:C7:3E:7B:3D:50:0F:60:FB:65:0B:82:A0:1C:21:F7:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o3QjR8c-ez1QD2D7ZQuCoBwh90k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/5e9df7-1c88-4449-93da-b6427395d29f/1/0PmaIqvXKOpzMFUR_YgctK9voww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/5e9df7-1c88-4449-93da-b6427395d29f/1/o3QjR8c-ez1QD2D7ZQuCoBwh90k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.45.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:ce:59:5e:a3:79:ba:a8:4d:57:d7:1f:f1:24:93:98:94:c2:
         e0:fd:08:2e:c4:59:ef:aa:7e:04:f8:55:29:62:46:9d:cf:64:
         fa:73:1c:8b:2e:19:c2:00:d5:50:45:df:77:66:d3:17:3d:40:
         af:b1:63:b4:c4:99:6f:4f:fc:28:e4:56:23:8e:e7:65:ae:e5:
         39:f1:2b:43:db:71:16:6c:61:d1:91:1d:34:ef:e2:bd:a5:e2:
         5d:ff:32:25:60:ae:e8:a6:f8:b8:d6:96:c1:64:06:1d:c8:4e:
         73:7f:4f:be:cd:fb:3a:d6:a7:34:8b:7a:79:24:1c:6d:19:2e:
         51:0f:c9:23:5d:0a:84:4f:6d:51:c4:44:77:96:2a:ef:a6:1d:
         57:7d:e0:25:29:6e:e6:96:b1:45:cf:a6:4c:65:53:8f:eb:d7:
         fd:5a:cb:b3:d8:c7:89:82:b2:42:5e:26:52:66:69:ae:55:12:
         7a:1b:51:a6:c9:a1:d6:b0:df:d4:e0:fe:fd:e6:87:b1:d3:60:
         a9:d6:09:91:a3:a1:80:8e:cc:55:b9:ae:6d:af:12:f9:66:b7:
         f5:72:83:80:8d:74:25:80:20:3f:09:8e:a4:e6:55:78:af:0a:
         39:a8:86:0f:fc:d9:10:16:26:aa:d5:7e:7e:c1:ba:0f:54:82:
         1c:d6:fb:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2+/OSj53TfFVUBCOfLnHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNzQyMzQ3YzczZTdiM2Q1MDBmNjBmYjY1MGI4MmEwMWMy
MWY3NDkwHhcNMjQwMTAxMTYyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGY5OWEyMmFiZDcyOGVhNzMzMDU1MTFmZDg4MWNiNGFmNmZhMzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmDDfvNixdVm+/11ci8IOaHCQYrKI
wXytVud2vTn3bmT4cDpmiaSQTRi0whaDqgc4tZaSxvmzAF8p8gl2b/o6o1salvkk
RSUjPNWfJQSMT6+0S2A0eRiLON21eULvwIhdtAgxNG2P3/RwEP1WSPqU3GdMWZZp
aMqbKcKhB2IcNb+sdmTOVMxFDystDZLwz/Js5RiWzr7I4wbgjqS3fae208V8GIWt
bXoSjOtkRA/LnzbMZc8Hfy0zJbfcO2fe6eIazcouPUkjLelcGXvuB5j4PRWMKhCA
TWJ688bqqDR+jIx5gy80SON+4iHDikngyXQ9fD8jrbqJz1kdf45oOwNuzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFND5miKr1yjqczBVEf2IHLSvb6MMMB8GA1UdIwQY
MBaAFKN0I0fHPns9UA9g+2ULgqAcIfdJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzNRalI4Yy1lejFRRDJEN1pRdUNvQndoOTBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC81ZTlkZjctMWM4OC00NDQ5LTkzZGEt
YjY0MjczOTVkMjlmLzEvMFBtYUlxdlhLT3B6TUZVUl9ZZ2N0Szl2b3d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC81ZTlkZjctMWM4OC00NDQ5LTkzZGEtYjY0MjczOTVkMjlm
LzEvbzNRalI4Yy1lejFRRDJEN1pRdUNvQndoOTBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwi1HMA0G
CSqGSIb3DQEBCwUAA4IBAQBCzlleo3m6qE1X1x/xJJOYlMLg/QguxFnvqn4E+FUp
Ykadz2T6cxyLLhnCANVQRd93ZtMXPUCvsWO0xJlvT/wo5FYjjudlruU58StD23EW
bGHRkR007+K9peJd/zIlYK7opvi41pbBZAYdyE5zf0++zfs61qc0i3p5JBxtGS5R
D8kjXQqET21RxER3lirvph1XfeAlKW7mlrFFz6ZMZVOP69f9Wsuz2MeJgrJCXiZS
ZmmuVRJ6G1GmyaHWsN/U4P795oex02Cp1gmRo6GAjsxVua5trxL5Zrf1coOAjXQl
gCA/CY6k5lV4rwo5qIYP/NkQFiaq1X5+wboPVIIc1vv3
-----END CERTIFICATE-----