Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/pItqBKm98UokN8r6CaB96uYXGGM.roa
File:                     pItqBKm98UokN8r6CaB96uYXGGM.roa (raw, json)
Hash identifier:          wHE3vSu/kkBvwkQoJDnD1CnLicYYZaCcxJ6snNSulFU=
Subject key identifier:   A4:8B:6A:04:A9:BD:F1:4A:24:37:CA:FA:09:A0:7D:EA:E6:17:18:63
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       018CC794404B26F43C929B35E5C85384990F
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/pItqBKm98UokN8r6CaB96uYXGGM.roa
Signing time:             Tue 02 Jan 2024 00:30:30 +0000
ROA not before:           Tue 02 Jan 2024 00:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12480
IP address blocks:        194.121.203.0/24 maxlen: 24
                          194.120.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:40:4b:26:f4:3c:92:9b:35:e5:c8:53:84:99:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  2 00:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a48b6a04a9bdf14a2437cafa09a07deae6171863
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:07:16:2d:da:9a:df:90:a0:46:f8:f1:e0:a2:
                    ab:64:21:22:a0:36:d4:98:b6:a1:fb:a9:74:84:ed:
                    b1:7f:30:ba:98:d2:fe:c9:30:03:ff:0a:fe:f9:17:
                    ae:3a:08:d6:82:fb:5c:ba:59:32:b0:d9:d4:df:7c:
                    40:51:ae:ff:c3:44:b2:6f:33:69:fc:4d:4c:ce:23:
                    9e:e5:01:5d:f1:20:d8:87:49:b8:1d:07:46:53:7b:
                    f3:7f:42:52:18:d0:e0:91:c9:36:10:e1:ed:84:2a:
                    b0:c1:96:f6:c3:64:cc:b1:c6:7f:1a:18:d5:c8:18:
                    3e:28:0e:71:0f:bc:36:a2:ae:80:03:62:bc:98:dd:
                    d1:07:c9:b6:ee:b7:93:3d:f3:35:8c:58:8e:4d:43:
                    a5:8b:bd:29:b0:d0:e5:7d:02:a9:34:7e:85:2e:12:
                    b0:14:99:4d:1d:be:fc:cb:71:1c:a0:77:b2:08:70:
                    e8:87:ed:53:a5:9f:f0:91:98:0b:05:c2:9e:17:f7:
                    87:ce:33:a8:80:c9:68:46:12:7b:98:f5:2e:72:01:
                    5f:01:f2:58:bb:f1:de:39:be:09:ad:40:2d:34:9e:
                    8f:e6:06:d5:85:a3:bb:71:1b:da:ce:a5:12:9a:3e:
                    05:46:57:63:ac:36:fe:d2:af:fa:08:6a:b1:aa:9f:
                    13:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:8B:6A:04:A9:BD:F1:4A:24:37:CA:FA:09:A0:7D:EA:E6:17:18:63
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/pItqBKm98UokN8r6CaB96uYXGGM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.120.43.0/24
                  194.121.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:d7:d7:15:84:1d:23:79:26:6e:ff:d2:44:a5:49:6e:25:f6:
         61:50:95:b8:4b:76:51:c4:6a:76:13:ef:50:39:e9:e8:92:89:
         fe:3d:39:70:26:ee:a0:79:a5:92:4d:cf:25:14:e0:58:05:82:
         96:ae:70:35:91:90:3c:d8:4b:38:3d:f0:3f:8f:a3:dd:bb:e8:
         28:ae:15:96:cc:ea:79:26:2f:66:52:5e:00:5c:d6:95:ce:a0:
         2e:5f:0e:7b:83:32:68:b7:7e:50:9e:90:9f:5a:51:90:e2:a3:
         e7:32:fb:62:f7:62:23:d0:40:2b:63:e9:bd:c7:44:d6:0f:3e:
         d2:30:bf:be:02:50:3b:c9:5a:0a:b3:64:79:af:dc:66:1b:46:
         76:f4:f7:a0:e8:dd:dd:46:2f:55:cc:78:b7:93:84:0b:12:d7:
         40:fb:21:31:16:c0:11:d9:41:af:83:33:6f:27:28:5c:63:5b:
         13:f2:4e:09:65:5e:30:ac:94:6a:ae:91:e3:80:5f:8f:35:83:
         12:c2:6f:68:96:4e:46:61:fc:92:4d:0b:de:d1:21:bf:e6:9c:
         f1:b5:88:99:28:a9:44:1c:57:14:5c:e1:3f:c7:e7:90:61:fd:
         79:30:c7:94:f5:dc:2a:99:cd:dd:1a:50:57:75:16:3c:ef:fc:
         fd:74:ea:14
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlEBLJvQ8kps15chThJkPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjQwMTAyMDAzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDhiNmEwNGE5YmRmMTRhMjQzN2NhZmEwOWEwN2RlYWU2MTcxODYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1QcWLdqa35CgRvjx4KKrZCEioDbU
mLah+6l0hO2xfzC6mNL+yTAD/wr++ReuOgjWgvtculkysNnU33xAUa7/w0SybzNp
/E1MziOe5QFd8SDYh0m4HQdGU3vzf0JSGNDgkck2EOHthCqwwZb2w2TMscZ/GhjV
yBg+KA5xD7w2oq6AA2K8mN3RB8m27reTPfM1jFiOTUOli70psNDlfQKpNH6FLhKw
FJlNHb78y3EcoHeyCHDoh+1TpZ/wkZgLBcKeF/eHzjOogMloRhJ7mPUucgFfAfJY
u/HeOb4JrUAtNJ6P5gbVhaO7cRvazqUSmj4FRldjrDb+0q/6CGqxqp8TZwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKSLagSpvfFKJDfK+gmgfermFxhjMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvcEl0cUJLbTk4VW9rTjhyNkNhQjk2dVlYR0dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwngrAwQA
wnnLMA0GCSqGSIb3DQEBCwUAA4IBAQC519cVhB0jeSZu/9JEpUluJfZhUJW4S3ZR
xGp2E+9QOenokon+PTlwJu6geaWSTc8lFOBYBYKWrnA1kZA82Es4PfA/j6Pdu+go
rhWWzOp5Ji9mUl4AXNaVzqAuXw57gzJot35QnpCfWlGQ4qPnMvti92Ij0EArY+m9
x0TWDz7SML++AlA7yVoKs2R5r9xmG0Z29Peg6N3dRi9VzHi3k4QLEtdA+yExFsAR
2UGvgzNvJyhcY1sT8k4JZV4wrJRqrpHjgF+PNYMSwm9olk5GYfySTQve0SG/5pzx
tYiZKKlEHFcUXOE/x+eQYf15MMeU9dwqmc3dGlBXdRY87/z9dOoU
-----END CERTIFICATE-----