Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/36f83e-6be6-42c5-8380-114ad41cf331/1/efw94VkySZl1OLI7lfVK1BW_-cc.roa
File:                     efw94VkySZl1OLI7lfVK1BW_-cc.roa (raw, json)
Hash identifier:          iVe/+lpDDAi7IdhaiYzK+owIU5QDwJ2yg7D6CHtBOwU=
Subject key identifier:   79:FC:3D:E1:59:32:49:99:75:38:B2:3B:95:F5:4A:D4:15:BF:F9:C7
Certificate issuer:       /CN=09253886a0250a04ec69be00bbf8433c2f014b7c
Certificate serial:       018CCA29D250B462B1B7C3F52572E9E49C48
Authority key identifier: 09:25:38:86:A0:25:0A:04:EC:69:BE:00:BB:F8:43:3C:2F:01:4B:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CSU4hqAlCgTsab4Au_hDPC8BS3w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/36f83e-6be6-42c5-8380-114ad41cf331/1/efw94VkySZl1OLI7lfVK1BW_-cc.roa
Signing time:             Tue 02 Jan 2024 12:33:07 +0000
ROA not before:           Tue 02 Jan 2024 12:33:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203576
IP address blocks:        194.110.169.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/36f83e-6be6-42c5-8380-114ad41cf331/1/CSU4hqAlCgTsab4Au_hDPC8BS3w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/36f83e-6be6-42c5-8380-114ad41cf331/1/CSU4hqAlCgTsab4Au_hDPC8BS3w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CSU4hqAlCgTsab4Au_hDPC8BS3w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 10:02:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:d2:50:b4:62:b1:b7:c3:f5:25:72:e9:e4:9c:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09253886a0250a04ec69be00bbf8433c2f014b7c
        Validity
            Not Before: Jan  2 12:33:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79fc3de1593249997538b23b95f54ad415bff9c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:e1:a6:d8:b2:02:cd:cd:1a:5a:49:c2:4e:95:
                    ad:c9:d3:3a:14:8f:b7:09:a8:5f:99:b5:a2:d0:1b:
                    a7:77:50:43:83:80:68:05:0f:1b:70:e0:0d:5a:83:
                    7f:58:31:ed:e3:08:db:38:cb:47:f7:39:ac:fb:7d:
                    b3:67:46:c4:3b:ec:15:0a:f4:e3:9f:f5:99:c6:7c:
                    6b:da:cc:1d:33:80:96:3f:ff:0a:05:c8:d9:4d:ea:
                    ff:ce:ab:91:bd:c1:4d:02:4a:ae:7a:f3:31:36:85:
                    80:a8:3e:48:63:e0:6c:dc:41:86:c4:a0:ad:88:d4:
                    5f:38:e5:29:7d:9a:33:bc:91:89:6f:a4:f7:2d:48:
                    86:a4:58:31:b4:32:b2:cc:bd:8a:e2:34:76:d7:d3:
                    41:c4:0c:3d:28:f5:69:9e:ad:87:d6:0b:04:18:b7:
                    32:b0:e2:60:8a:af:ad:87:d6:78:42:f7:ab:1e:43:
                    d2:cb:2a:a2:f2:c3:19:cf:a4:14:52:7d:c5:8a:3e:
                    c7:69:f7:7c:f5:b2:10:eb:95:32:84:64:fa:bf:32:
                    50:39:ce:f2:d8:50:65:02:38:8c:ce:c1:b2:38:6a:
                    65:0d:82:8b:5c:b4:a8:3f:b8:ad:47:07:29:25:82:
                    28:55:26:8f:ea:c1:5a:3d:e3:e4:48:3d:72:f6:d5:
                    63:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:FC:3D:E1:59:32:49:99:75:38:B2:3B:95:F5:4A:D4:15:BF:F9:C7
            X509v3 Authority Key Identifier:
                keyid:09:25:38:86:A0:25:0A:04:EC:69:BE:00:BB:F8:43:3C:2F:01:4B:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CSU4hqAlCgTsab4Au_hDPC8BS3w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/36f83e-6be6-42c5-8380-114ad41cf331/1/efw94VkySZl1OLI7lfVK1BW_-cc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/36f83e-6be6-42c5-8380-114ad41cf331/1/CSU4hqAlCgTsab4Au_hDPC8BS3w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.110.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:8c:43:4b:43:4c:88:e0:1c:8c:2c:36:63:48:78:a5:6f:81:
         53:80:5c:d8:79:1e:46:7a:8b:38:f9:6b:38:d3:a1:3f:92:7f:
         e4:4a:1a:f5:17:1b:8f:32:70:73:85:55:8c:86:75:1c:74:1c:
         50:d2:66:f6:f5:70:bf:01:a9:c5:c0:fd:d0:f3:13:4a:d0:de:
         45:1e:ad:47:8b:de:e2:68:bb:59:50:2a:b0:55:8b:45:f9:25:
         9d:81:f3:46:fc:13:4c:5a:53:6f:c6:e3:7a:ae:8a:15:5e:fa:
         b3:83:62:51:ea:c7:8b:9d:a9:e6:1e:9e:ae:61:e0:51:0c:7e:
         37:02:4a:7a:a3:15:b4:f6:c4:21:25:26:3e:0f:50:07:15:4f:
         83:79:ff:bf:20:6e:0d:00:48:42:cc:78:db:55:f6:94:21:7a:
         3b:9f:b9:63:39:7a:22:5c:6c:a8:24:38:09:5f:49:95:b3:42:
         83:8c:34:5b:1d:99:0f:08:36:cb:18:53:b9:24:04:6b:fb:8b:
         0d:3c:b3:4b:c9:11:45:7a:fb:b9:b0:ab:13:9a:71:87:44:6d:
         c7:84:cc:44:06:72:64:1b:13:64:7f:dc:7c:8c:59:15:41:24:
         d0:c7:f9:11:b1:b0:3b:7f:4d:c4:93:a7:05:ce:08:45:a3:4f:
         bd:9b:8a:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKdJQtGKxt8P1JXLp5JxIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MjUzODg2YTAyNTBhMDRlYzY5YmUwMGJiZjg0MzNjMmYw
MTRiN2MwHhcNMjQwMTAyMTIzMzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWZjM2RlMTU5MzI0OTk5NzUzOGIyM2I5NWY1NGFkNDE1YmZmOWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzOGm2LICzc0aWknCTpWtydM6FI+3
CahfmbWi0Bund1BDg4BoBQ8bcOANWoN/WDHt4wjbOMtH9zms+32zZ0bEO+wVCvTj
n/WZxnxr2swdM4CWP/8KBcjZTer/zquRvcFNAkquevMxNoWAqD5IY+Bs3EGGxKCt
iNRfOOUpfZozvJGJb6T3LUiGpFgxtDKyzL2K4jR219NBxAw9KPVpnq2H1gsEGLcy
sOJgiq+th9Z4QverHkPSyyqi8sMZz6QUUn3Fij7Hafd89bIQ65UyhGT6vzJQOc7y
2FBlAjiMzsGyOGplDYKLXLSoP7itRwcpJYIoVSaP6sFaPePkSD1y9tVj5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHn8PeFZMkmZdTiyO5X1StQVv/nHMB8GA1UdIwQY
MBaAFAklOIagJQoE7Gm+ALv4QzwvAUt8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1NVNGhxQWxDZ1RzYWI0QXVfaERQQzhCUzN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS8zNmY4M2UtNmJlNi00MmM1LTgzODAt
MTE0YWQ0MWNmMzMxLzEvZWZ3OTRWa3lTWmwxT0xJN2xmVksxQldfLWNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS8zNmY4M2UtNmJlNi00MmM1LTgzODAtMTE0YWQ0MWNmMzMx
LzEvQ1NVNGhxQWxDZ1RzYWI0QXVfaERQQzhCUzN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwm6pMA0G
CSqGSIb3DQEBCwUAA4IBAQCvjENLQ0yI4ByMLDZjSHilb4FTgFzYeR5Geos4+Ws4
06E/kn/kShr1FxuPMnBzhVWMhnUcdBxQ0mb29XC/AanFwP3Q8xNK0N5FHq1Hi97i
aLtZUCqwVYtF+SWdgfNG/BNMWlNvxuN6rooVXvqzg2JR6seLnanmHp6uYeBRDH43
Akp6oxW09sQhJSY+D1AHFU+Def+/IG4NAEhCzHjbVfaUIXo7n7ljOXoiXGyoJDgJ
X0mVs0KDjDRbHZkPCDbLGFO5JARr+4sNPLNLyRFFevu5sKsTmnGHRG3HhMxEBnJk
GxNkf9x8jFkVQSTQx/kRsbA7f03Ek6cFzghFo0+9m4pn
-----END CERTIFICATE-----