Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/12c13e-f675-4882-bbe6-48d3ca161bb0/1/Att4oS7qsrNahmdXMbBalfPlmgQ.roa
File:                     Att4oS7qsrNahmdXMbBalfPlmgQ.roa (raw, json)
Hash identifier:          jIrVXmv68UO+W3Q6xl3Q6AtKFyesHEzUZ5R7BYVWeRM=
Subject key identifier:   02:DB:78:A1:2E:EA:B2:B3:5A:86:67:57:31:B0:5A:95:F3:E5:9A:04
Certificate issuer:       /CN=65121c3f9207a37345e38702c89d179bf444aa08
Certificate serial:       018CC8DF577FE91EA6650F1ED60AAD05D532
Authority key identifier: 65:12:1C:3F:92:07:A3:73:45:E3:87:02:C8:9D:17:9B:F4:44:AA:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZRIcP5IHo3NF44cCyJ0Xm_REqgg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/12c13e-f675-4882-bbe6-48d3ca161bb0/1/Att4oS7qsrNahmdXMbBalfPlmgQ.roa
Signing time:             Tue 02 Jan 2024 06:32:09 +0000
ROA not before:           Tue 02 Jan 2024 06:32:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     17621
IP address blocks:        194.138.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/12c13e-f675-4882-bbe6-48d3ca161bb0/1/ZRIcP5IHo3NF44cCyJ0Xm_REqgg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/12c13e-f675-4882-bbe6-48d3ca161bb0/1/ZRIcP5IHo3NF44cCyJ0Xm_REqgg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZRIcP5IHo3NF44cCyJ0Xm_REqgg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 18:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:57:7f:e9:1e:a6:65:0f:1e:d6:0a:ad:05:d5:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65121c3f9207a37345e38702c89d179bf444aa08
        Validity
            Not Before: Jan  2 06:32:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02db78a12eeab2b35a86675731b05a95f3e59a04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d1:d3:16:6f:a8:18:a7:e1:65:01:50:a4:dd:
                    8a:b0:77:9c:79:fa:9d:a6:f1:bb:c3:51:1d:07:28:
                    33:62:66:fa:70:b1:00:8a:35:44:9d:5b:36:42:d6:
                    c3:56:81:8e:3e:fd:b4:e1:73:f2:eb:01:97:b7:22:
                    64:61:3e:20:c3:00:30:68:17:75:75:35:a3:0d:a1:
                    3f:cf:ce:41:b0:1a:6a:f8:30:4a:b2:92:32:38:0c:
                    0d:a6:b9:3b:7a:dd:f6:a7:99:5d:d7:04:4c:8b:1b:
                    dd:ec:b1:f8:ce:9f:d4:3c:d6:68:f9:07:cb:c3:d3:
                    48:f0:ea:01:4a:e8:d1:ed:2a:9f:b2:19:9e:0f:64:
                    5f:5b:62:92:ae:f7:62:d4:aa:59:67:73:b4:09:e8:
                    18:15:a4:4e:47:99:10:6c:7b:f3:34:26:e4:ca:d2:
                    47:b1:40:f3:18:88:7c:9b:a6:70:24:d3:cf:30:40:
                    5b:f6:5b:20:69:cc:c0:c0:9c:91:78:7b:f0:19:a7:
                    ce:63:86:d1:e1:6d:01:98:8c:6e:45:ec:d4:ae:59:
                    17:4e:b1:a9:30:3e:c0:0b:24:af:8e:c8:f4:54:7a:
                    fc:27:91:62:b2:3d:be:49:5e:12:af:3c:8a:56:53:
                    eb:f3:29:de:ac:3f:b7:08:90:d8:68:d9:2e:ba:23:
                    c4:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:DB:78:A1:2E:EA:B2:B3:5A:86:67:57:31:B0:5A:95:F3:E5:9A:04
            X509v3 Authority Key Identifier:
                keyid:65:12:1C:3F:92:07:A3:73:45:E3:87:02:C8:9D:17:9B:F4:44:AA:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZRIcP5IHo3NF44cCyJ0Xm_REqgg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/12c13e-f675-4882-bbe6-48d3ca161bb0/1/Att4oS7qsrNahmdXMbBalfPlmgQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/12c13e-f675-4882-bbe6-48d3ca161bb0/1/ZRIcP5IHo3NF44cCyJ0Xm_REqgg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.138.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:4e:2b:12:27:2a:35:16:b4:c3:f5:25:68:02:d9:a8:f9:45:
         d0:aa:24:70:0e:9c:ff:63:e3:3c:67:79:75:14:0e:eb:cc:62:
         c8:2c:60:21:89:0e:6f:4e:40:7e:b2:9b:3d:d3:7c:10:c9:d4:
         20:50:3a:b1:a5:c2:50:1c:61:60:5b:83:67:ff:9a:d1:be:1d:
         47:2a:a1:ad:77:67:c0:b5:62:5a:c5:f8:55:bc:82:8b:37:a2:
         b5:17:09:12:38:22:d2:13:b3:68:fb:77:41:0f:a5:21:4d:09:
         5c:d9:1c:dc:9a:96:51:10:9c:26:08:15:b6:9f:fd:da:b0:72:
         d1:54:62:79:35:cb:61:98:3e:e1:c7:de:30:1a:47:d8:b3:b5:
         c5:cc:b5:ff:20:53:e2:a3:ad:84:c8:59:51:43:19:bf:e2:57:
         16:ff:51:84:43:b4:6e:63:f5:98:21:3a:c1:19:83:80:34:a6:
         70:d8:bf:30:b9:2b:54:20:0e:24:bd:0a:31:e6:99:b6:d7:bb:
         74:a6:00:3e:b0:b7:e7:75:10:9f:ab:17:f9:b1:f0:d1:62:69:
         c7:fb:25:4d:25:72:e4:76:85:c6:ba:82:3e:1d:ef:25:9d:56:
         d3:2d:8a:d2:8e:62:4f:7a:bd:16:56:68:21:38:c6:6b:30:f6:
         ae:ab:31:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI31d/6R6mZQ8e1gqtBdUyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1MTIxYzNmOTIwN2EzNzM0NWUzODcwMmM4OWQxNzliZjQ0
NGFhMDgwHhcNMjQwMTAyMDYzMjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmRiNzhhMTJlZWFiMmIzNWE4NjY3NTczMWIwNWE5NWYzZTU5YTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdHTFm+oGKfhZQFQpN2KsHecefqd
pvG7w1EdBygzYmb6cLEAijVEnVs2QtbDVoGOPv204XPy6wGXtyJkYT4gwwAwaBd1
dTWjDaE/z85BsBpq+DBKspIyOAwNprk7et32p5ld1wRMixvd7LH4zp/UPNZo+QfL
w9NI8OoBSujR7SqfshmeD2RfW2KSrvdi1KpZZ3O0CegYFaROR5kQbHvzNCbkytJH
sUDzGIh8m6ZwJNPPMEBb9lsgaczAwJyReHvwGafOY4bR4W0BmIxuRezUrlkXTrGp
MD7ACySvjsj0VHr8J5Fisj2+SV4SrzyKVlPr8ynerD+3CJDYaNkuuiPEHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFALbeKEu6rKzWoZnVzGwWpXz5ZoEMB8GA1UdIwQY
MBaAFGUSHD+SB6NzReOHAsidF5v0RKoIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlJJY1A1SUhvM05GNDRjQ3lKMFhtX1JFcWdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy8xMmMxM2UtZjY3NS00ODgyLWJiZTYt
NDhkM2NhMTYxYmIwLzEvQXR0NG9TN3Fzck5haG1kWE1iQmFsZlBsbWdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy8xMmMxM2UtZjY3NS00ODgyLWJiZTYtNDhkM2NhMTYxYmIw
LzEvWlJJY1A1SUhvM05GNDRjQ3lKMFhtX1JFcWdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAworLMA0G
CSqGSIb3DQEBCwUAA4IBAQAnTisSJyo1FrTD9SVoAtmo+UXQqiRwDpz/Y+M8Z3l1
FA7rzGLILGAhiQ5vTkB+sps903wQydQgUDqxpcJQHGFgW4Nn/5rRvh1HKqGtd2fA
tWJaxfhVvIKLN6K1FwkSOCLSE7No+3dBD6UhTQlc2RzcmpZREJwmCBW2n/3asHLR
VGJ5NcthmD7hx94wGkfYs7XFzLX/IFPio62EyFlRQxm/4lcW/1GEQ7RuY/WYITrB
GYOANKZw2L8wuStUIA4kvQox5pm217t0pgA+sLfndRCfqxf5sfDRYmnH+yVNJXLk
doXGuoI+He8lnVbTLYrSjmJPer0WVmghOMZrMPauqzGa
-----END CERTIFICATE-----