Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/e64169-d2bd-4494-b1f9-d69857ef7d1a/1/Dys9xqmGrJtMDL55jTH-KMcSakQ.roa
File:                     Dys9xqmGrJtMDL55jTH-KMcSakQ.roa (raw, json)
Hash identifier:          PH7KOuQP36LxMtfTz9eo/G/9QvP5JhWrKihkhK6i2cc=
Subject key identifier:   0F:2B:3D:C6:A9:86:AC:9B:4C:0C:BE:79:8D:31:FE:28:C7:12:6A:44
Certificate issuer:       /CN=9e481c098a649265291d402f5f02fc43dda0fc8c
Certificate serial:       018CC9BA5B74CAA1C92F72574FDA09C23BC4
Authority key identifier: 9E:48:1C:09:8A:64:92:65:29:1D:40:2F:5F:02:FC:43:DD:A0:FC:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nkgcCYpkkmUpHUAvXwL8Q92g_Iw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/e64169-d2bd-4494-b1f9-d69857ef7d1a/1/Dys9xqmGrJtMDL55jTH-KMcSakQ.roa
Signing time:             Tue 02 Jan 2024 10:31:22 +0000
ROA not before:           Tue 02 Jan 2024 10:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208486
IP address blocks:        194.147.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/e64169-d2bd-4494-b1f9-d69857ef7d1a/1/nkgcCYpkkmUpHUAvXwL8Q92g_Iw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/e64169-d2bd-4494-b1f9-d69857ef7d1a/1/nkgcCYpkkmUpHUAvXwL8Q92g_Iw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nkgcCYpkkmUpHUAvXwL8Q92g_Iw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:5b:74:ca:a1:c9:2f:72:57:4f:da:09:c2:3b:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e481c098a649265291d402f5f02fc43dda0fc8c
        Validity
            Not Before: Jan  2 10:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f2b3dc6a986ac9b4c0cbe798d31fe28c7126a44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:c5:76:69:01:2f:33:d8:55:7b:91:71:04:1d:
                    33:d7:c9:d7:27:5c:39:13:04:8f:28:9f:c3:5b:6d:
                    eb:ea:f0:11:7d:f0:92:bb:9e:e2:d0:ba:ed:8e:33:
                    c2:fa:ca:11:6a:81:80:4b:5f:3b:4d:48:e0:f3:bb:
                    7a:9a:88:e4:55:c3:79:9a:e1:0e:db:78:48:83:7d:
                    5b:b4:35:6e:88:ca:54:1e:00:41:d2:57:a3:39:c8:
                    a3:8b:ba:07:4b:44:28:87:34:cd:70:41:5e:be:00:
                    49:22:ff:f4:10:92:0e:96:e6:5c:0c:e0:86:ef:19:
                    a1:dd:50:7f:5a:cd:4a:de:bc:0e:96:cf:69:fa:1e:
                    f0:a5:92:eb:6b:93:aa:85:de:c9:9c:2a:bb:cb:58:
                    71:c8:2f:77:ba:44:a7:e9:73:a5:47:de:e6:c1:08:
                    8a:f9:28:6b:ac:db:60:61:7d:53:76:65:d9:b7:b1:
                    bc:09:fc:de:c3:0c:8a:b8:87:2a:0f:b9:2f:dd:0c:
                    76:eb:db:ea:d9:04:c3:55:5c:ea:9c:7a:97:00:f5:
                    45:67:b6:ef:03:4f:23:91:d2:69:7c:e9:6b:1b:d7:
                    db:5e:a5:a6:74:71:2c:0b:02:47:5a:fc:80:07:59:
                    e9:72:9e:2d:e0:6c:00:6d:fa:1d:12:5b:05:03:bf:
                    c3:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:2B:3D:C6:A9:86:AC:9B:4C:0C:BE:79:8D:31:FE:28:C7:12:6A:44
            X509v3 Authority Key Identifier:
                keyid:9E:48:1C:09:8A:64:92:65:29:1D:40:2F:5F:02:FC:43:DD:A0:FC:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nkgcCYpkkmUpHUAvXwL8Q92g_Iw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/e64169-d2bd-4494-b1f9-d69857ef7d1a/1/Dys9xqmGrJtMDL55jTH-KMcSakQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/e64169-d2bd-4494-b1f9-d69857ef7d1a/1/nkgcCYpkkmUpHUAvXwL8Q92g_Iw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:d3:a7:b9:50:4e:3a:da:00:e8:96:5c:95:c3:ce:ac:03:ab:
         c1:a8:ca:97:c7:71:ee:d5:a5:da:18:c8:c7:58:f2:80:5c:81:
         73:50:4f:81:ea:f1:14:70:3d:7b:db:78:db:d1:5b:7d:10:2f:
         25:31:48:6d:4e:e3:50:24:87:4b:46:a1:0f:73:1d:d7:b3:61:
         b2:f5:be:16:2f:69:54:e5:66:62:be:3c:26:a1:0c:e5:6a:ec:
         21:f8:da:60:d4:63:03:e0:76:52:5d:94:ca:1e:46:5e:8f:4a:
         1b:b3:2e:59:51:e1:11:49:fd:99:c0:db:ac:45:72:5c:19:3b:
         80:9d:7e:5b:55:92:c8:cb:fb:b3:31:fe:85:77:6e:26:c7:80:
         56:15:d9:72:18:29:0f:a3:32:9d:9b:e3:ab:13:9a:b8:96:72:
         6d:b4:35:e4:8d:86:87:00:f0:f8:9a:29:f5:0c:0c:3f:32:80:
         73:c1:1a:83:3a:7f:2d:ea:ac:71:89:73:0a:49:34:c3:9d:eb:
         0e:4d:1b:0e:41:2c:de:48:dd:4a:7a:cd:1b:6d:8d:e6:01:55:
         91:38:b0:63:fe:b3:3b:2d:eb:c1:66:04:ba:1c:ad:01:2c:fa:
         3e:47:fb:8b:a3:ac:ea:d6:f3:f6:03:4e:08:93:d9:46:e3:ef:
         b5:67:b0:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJult0yqHJL3JXT9oJwjvEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNDgxYzA5OGE2NDkyNjUyOTFkNDAyZjVmMDJmYzQzZGRh
MGZjOGMwHhcNMjQwMTAyMTAzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjJiM2RjNmE5ODZhYzliNGMwY2JlNzk4ZDMxZmUyOGM3MTI2YTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAosV2aQEvM9hVe5FxBB0z18nXJ1w5
EwSPKJ/DW23r6vARffCSu57i0LrtjjPC+soRaoGAS187TUjg87t6mojkVcN5muEO
23hIg31btDVuiMpUHgBB0lejOciji7oHS0QohzTNcEFevgBJIv/0EJIOluZcDOCG
7xmh3VB/Ws1K3rwOls9p+h7wpZLra5Oqhd7JnCq7y1hxyC93ukSn6XOlR97mwQiK
+ShrrNtgYX1TdmXZt7G8CfzewwyKuIcqD7kv3Qx269vq2QTDVVzqnHqXAPVFZ7bv
A08jkdJpfOlrG9fbXqWmdHEsCwJHWvyAB1npcp4t4GwAbfodElsFA7/DowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA8rPcaphqybTAy+eY0x/ijHEmpEMB8GA1UdIwQY
MBaAFJ5IHAmKZJJlKR1AL18C/EPdoPyMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmtnY0NZcGtrbVVwSFVBdlh3TDhROTJnX0l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi9lNjQxNjktZDJiZC00NDk0LWIxZjkt
ZDY5ODU3ZWY3ZDFhLzEvRHlzOXhxbUdySnRNREw1NWpUSC1LTWNTYWtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi9lNjQxNjktZDJiZC00NDk0LWIxZjktZDY5ODU3ZWY3ZDFh
LzEvbmtnY0NZcGtrbVVwSFVBdlh3TDhROTJnX0l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpPiMA0G
CSqGSIb3DQEBCwUAA4IBAQAF06e5UE462gDollyVw86sA6vBqMqXx3Hu1aXaGMjH
WPKAXIFzUE+B6vEUcD1723jb0Vt9EC8lMUhtTuNQJIdLRqEPcx3Xs2Gy9b4WL2lU
5WZivjwmoQzlauwh+Npg1GMD4HZSXZTKHkZej0obsy5ZUeERSf2ZwNusRXJcGTuA
nX5bVZLIy/uzMf6Fd24mx4BWFdlyGCkPozKdm+OrE5q4lnJttDXkjYaHAPD4min1
DAw/MoBzwRqDOn8t6qxxiXMKSTTDnesOTRsOQSzeSN1Kes0bbY3mAVWROLBj/rM7
LevBZgS6HK0BLPo+R/uLo6zq1vP2A04Ik9lG4++1Z7BF
-----END CERTIFICATE-----