Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/cb3e6b-a444-49dd-9f64-17c12273c54a/1/OYuxF5tBNHh9lqdn4I9vnb4G3_Y.roa
File:                     OYuxF5tBNHh9lqdn4I9vnb4G3_Y.roa (raw, json)
Hash identifier:          6RB0qNmLkeNXi5t4PjEXosaVLsEDV4OBD5m/gkL5Skk=
Subject key identifier:   39:8B:B1:17:9B:41:34:78:7D:96:A7:67:E0:8F:6F:9D:BE:06:DF:F6
Certificate issuer:       /CN=4e0a19d48c3547c2adb9f8effdeac6ad9e4f9d19
Certificate serial:       018CCA99AF706B0DD5D640EEE691E47FCAEF
Authority key identifier: 4E:0A:19:D4:8C:35:47:C2:AD:B9:F8:EF:FD:EA:C6:AD:9E:4F:9D:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TgoZ1Iw1R8Ktufjv_erGrZ5PnRk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/cb3e6b-a444-49dd-9f64-17c12273c54a/1/OYuxF5tBNHh9lqdn4I9vnb4G3_Y.roa
Signing time:             Tue 02 Jan 2024 14:35:18 +0000
ROA not before:           Tue 02 Jan 2024 14:35:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42731
IP address blocks:        194.110.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/cb3e6b-a444-49dd-9f64-17c12273c54a/1/TgoZ1Iw1R8Ktufjv_erGrZ5PnRk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/cb3e6b-a444-49dd-9f64-17c12273c54a/1/TgoZ1Iw1R8Ktufjv_erGrZ5PnRk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TgoZ1Iw1R8Ktufjv_erGrZ5PnRk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:af:70:6b:0d:d5:d6:40:ee:e6:91:e4:7f:ca:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e0a19d48c3547c2adb9f8effdeac6ad9e4f9d19
        Validity
            Not Before: Jan  2 14:35:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=398bb1179b4134787d96a767e08f6f9dbe06dff6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:51:0d:1c:2f:3c:29:b8:e3:96:7a:b6:ee:0a:
                    e5:ea:ab:b5:a0:de:5e:fc:e1:a5:82:3e:d7:7b:ed:
                    97:e9:21:5c:54:e3:47:0e:08:91:0c:58:ee:3e:0d:
                    ed:d6:de:6a:58:bf:51:1a:a9:1d:b9:19:24:84:2c:
                    34:12:f2:96:e2:f1:88:b8:47:ce:eb:21:18:54:0f:
                    5e:2a:88:d1:ec:5b:1f:71:7e:41:e6:9a:71:02:87:
                    e7:19:d6:24:81:a5:96:03:0b:c9:fa:bf:e1:bb:89:
                    ba:20:27:91:e9:e3:1f:4e:7c:78:4e:9e:db:5e:c9:
                    e6:3a:fd:dd:50:61:2a:51:b5:56:b2:90:c5:fd:07:
                    51:89:12:6b:f4:a0:30:1e:22:a9:05:e9:ce:9f:39:
                    3e:49:20:4a:ec:c9:2a:97:6c:36:b9:13:a4:d5:04:
                    6b:0d:e0:97:b1:8a:56:a1:d6:31:54:2c:1d:54:07:
                    10:e5:a7:d9:4f:98:0c:0a:fc:92:04:98:d7:b2:4d:
                    6e:ed:59:23:b2:13:49:f2:d2:7b:b9:b4:7a:20:d7:
                    0f:f7:ea:22:3e:f7:6f:17:54:82:93:1f:4c:42:90:
                    68:38:b5:f9:a3:87:8f:df:0a:b7:56:6f:c5:5e:ce:
                    05:c6:3d:2a:d7:8d:9c:40:7d:b9:f7:05:25:65:5e:
                    c9:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:8B:B1:17:9B:41:34:78:7D:96:A7:67:E0:8F:6F:9D:BE:06:DF:F6
            X509v3 Authority Key Identifier:
                keyid:4E:0A:19:D4:8C:35:47:C2:AD:B9:F8:EF:FD:EA:C6:AD:9E:4F:9D:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TgoZ1Iw1R8Ktufjv_erGrZ5PnRk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/cb3e6b-a444-49dd-9f64-17c12273c54a/1/OYuxF5tBNHh9lqdn4I9vnb4G3_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/cb3e6b-a444-49dd-9f64-17c12273c54a/1/TgoZ1Iw1R8Ktufjv_erGrZ5PnRk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.110.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:1d:b6:5a:0b:b1:77:7d:ab:eb:b0:43:cc:1c:2b:79:41:18:
         82:fe:c0:07:cd:41:04:e8:5f:43:89:0b:9a:a6:04:a9:ee:bc:
         48:15:21:40:3f:b9:30:a2:db:c9:52:3a:59:55:ec:24:da:bc:
         93:1c:b1:74:62:fa:c7:2e:1c:c0:8b:3e:6b:cf:49:b1:7a:63:
         5c:04:2d:43:cb:34:32:90:7e:a3:9d:8e:e2:b0:b4:8a:88:da:
         ab:f6:c7:9c:e9:28:cd:2a:3e:50:4d:32:5e:21:1d:d4:06:68:
         1d:aa:4f:54:38:f4:f6:41:07:55:4c:17:08:83:3e:54:45:86:
         08:6c:9c:3c:9f:97:a4:c7:a2:56:2a:1a:d1:86:30:6f:df:76:
         cf:14:45:24:3e:a7:d9:5e:14:4f:d0:b9:6f:cf:9e:aa:93:b2:
         34:ee:f1:c5:39:e2:0c:b1:eb:98:86:92:49:6c:7d:d8:e6:7c:
         2b:46:15:71:ae:90:55:44:d6:c2:65:cf:fb:57:0b:81:b2:cb:
         94:9b:a1:26:60:95:72:c8:1b:64:8b:6a:47:8b:bc:fd:e5:4a:
         1a:06:35:fb:9b:a6:6c:db:c0:a2:e7:f5:09:b1:2c:fe:e9:94:
         70:fe:cb:78:db:95:97:c6:95:7f:63:79:5f:8d:ef:0e:4a:c8:
         c1:99:56:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKma9waw3V1kDu5pHkf8rvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlMGExOWQ0OGMzNTQ3YzJhZGI5ZjhlZmZkZWFjNmFkOWU0
ZjlkMTkwHhcNMjQwMTAyMTQzNTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOThiYjExNzliNDEzNDc4N2Q5NmE3NjdlMDhmNmY5ZGJlMDZkZmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFENHC88Kbjjlnq27grl6qu1oN5e
/OGlgj7Xe+2X6SFcVONHDgiRDFjuPg3t1t5qWL9RGqkduRkkhCw0EvKW4vGIuEfO
6yEYVA9eKojR7FsfcX5B5ppxAofnGdYkgaWWAwvJ+r/hu4m6ICeR6eMfTnx4Tp7b
XsnmOv3dUGEqUbVWspDF/QdRiRJr9KAwHiKpBenOnzk+SSBK7Mkql2w2uROk1QRr
DeCXsYpWodYxVCwdVAcQ5afZT5gMCvySBJjXsk1u7VkjshNJ8tJ7ubR6INcP9+oi
PvdvF1SCkx9MQpBoOLX5o4eP3wq3Vm/FXs4Fxj0q142cQH259wUlZV7JkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDmLsRebQTR4fZanZ+CPb52+Bt/2MB8GA1UdIwQY
MBaAFE4KGdSMNUfCrbn47/3qxq2eT50ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGdvWjFJdzFSOEt0dWZqdl9lckdyWjVQblJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9jYjNlNmItYTQ0NC00OWRkLTlmNjQt
MTdjMTIyNzNjNTRhLzEvT1l1eEY1dEJOSGg5bHFkbjRJOXZuYjRHM19ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9jYjNlNmItYTQ0NC00OWRkLTlmNjQtMTdjMTIyNzNjNTRh
LzEvVGdvWjFJdzFSOEt0dWZqdl9lckdyWjVQblJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwm7UMA0G
CSqGSIb3DQEBCwUAA4IBAQADHbZaC7F3favrsEPMHCt5QRiC/sAHzUEE6F9DiQua
pgSp7rxIFSFAP7kwotvJUjpZVewk2ryTHLF0YvrHLhzAiz5rz0mxemNcBC1DyzQy
kH6jnY7isLSKiNqr9sec6SjNKj5QTTJeIR3UBmgdqk9UOPT2QQdVTBcIgz5URYYI
bJw8n5ekx6JWKhrRhjBv33bPFEUkPqfZXhRP0Llvz56qk7I07vHFOeIMseuYhpJJ
bH3Y5nwrRhVxrpBVRNbCZc/7VwuBssuUm6EmYJVyyBtki2pHi7z95UoaBjX7m6Zs
28Ci5/UJsSz+6ZRw/st425WXxpV/Y3lfje8OSsjBmVZJ
-----END CERTIFICATE-----