Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/460f8a-6c39-4622-b40a-bf9c79149462/1/0iDXxWnsNaJBEZoiCG4qGr4i7rY.roa
File:                     0iDXxWnsNaJBEZoiCG4qGr4i7rY.roa (raw, json)
Hash identifier:          O2+1xrcM/2dFRkFSL69YRdUc2GngAv3kQ70u82UOAZ8=
Subject key identifier:   D2:20:D7:C5:69:EC:35:A2:41:11:9A:22:08:6E:2A:1A:BE:22:EE:B6
Certificate issuer:       /CN=0c053554c818674cd546b799dd44785a564c56cb
Certificate serial:       018CC9BC7A60D6A15426CD9E1B03F2705D55
Authority key identifier: 0C:05:35:54:C8:18:67:4C:D5:46:B7:99:DD:44:78:5A:56:4C:56:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DAU1VMgYZ0zVRreZ3UR4WlZMVss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/460f8a-6c39-4622-b40a-bf9c79149462/1/0iDXxWnsNaJBEZoiCG4qGr4i7rY.roa
Signing time:             Tue 02 Jan 2024 10:33:41 +0000
ROA not before:           Tue 02 Jan 2024 10:33:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202496
IP address blocks:        185.19.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/460f8a-6c39-4622-b40a-bf9c79149462/1/DAU1VMgYZ0zVRreZ3UR4WlZMVss.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/460f8a-6c39-4622-b40a-bf9c79149462/1/DAU1VMgYZ0zVRreZ3UR4WlZMVss.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DAU1VMgYZ0zVRreZ3UR4WlZMVss.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 11:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:7a:60:d6:a1:54:26:cd:9e:1b:03:f2:70:5d:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c053554c818674cd546b799dd44785a564c56cb
        Validity
            Not Before: Jan  2 10:33:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d220d7c569ec35a241119a22086e2a1abe22eeb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:57:cb:0f:da:f5:0e:de:33:d4:72:df:38:1b:
                    ea:31:1a:9f:cf:3f:fb:2a:57:b2:5a:7b:01:66:2e:
                    f7:62:b3:84:a4:18:15:b4:39:c9:89:15:cf:70:44:
                    b1:91:7b:03:41:71:5d:43:21:b1:35:04:54:a4:1a:
                    96:10:f1:d4:fd:47:98:36:72:50:16:db:be:4a:5c:
                    53:74:a6:0b:3b:2f:1d:ee:8a:f4:e6:f5:0f:e4:fe:
                    8d:95:87:95:81:a0:ee:a4:8b:48:62:21:e7:11:18:
                    bf:be:ca:d6:3a:50:1a:ca:e9:c0:b7:85:9b:1a:e2:
                    ac:49:04:98:46:94:13:a2:99:b7:b1:f9:6e:47:2c:
                    f4:b5:34:7c:87:86:47:e7:6f:a2:56:76:a3:2c:14:
                    2b:62:98:82:81:3b:4d:2a:78:ce:16:d5:87:dd:64:
                    c7:da:93:8f:72:ba:ce:d0:76:7c:b1:e4:a1:76:93:
                    a2:89:b5:50:41:a6:63:3c:a0:62:06:af:06:87:4c:
                    1a:55:82:1a:b2:1f:08:69:d5:a8:15:f3:69:f7:36:
                    06:4c:11:ec:30:a6:f7:6f:4d:b8:df:c9:f2:ba:30:
                    2c:13:65:87:ae:b3:ca:f2:a7:62:60:88:28:0c:bd:
                    70:a4:fe:85:56:0d:2f:7b:61:51:01:96:1c:a5:39:
                    c5:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:20:D7:C5:69:EC:35:A2:41:11:9A:22:08:6E:2A:1A:BE:22:EE:B6
            X509v3 Authority Key Identifier:
                keyid:0C:05:35:54:C8:18:67:4C:D5:46:B7:99:DD:44:78:5A:56:4C:56:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DAU1VMgYZ0zVRreZ3UR4WlZMVss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/460f8a-6c39-4622-b40a-bf9c79149462/1/0iDXxWnsNaJBEZoiCG4qGr4i7rY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/460f8a-6c39-4622-b40a-bf9c79149462/1/DAU1VMgYZ0zVRreZ3UR4WlZMVss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.19.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:59:9b:44:a2:5a:64:12:96:2d:18:a9:1b:13:e0:a2:90:e8:
         ce:9d:55:c2:ae:8c:d3:12:45:76:67:4d:d3:04:fd:9d:8c:d9:
         a2:75:42:30:37:63:84:b9:48:74:77:18:5b:e9:c6:ed:65:44:
         ea:b9:c0:24:2b:bb:6e:f2:e8:53:6b:9a:c9:58:7b:f2:79:ed:
         1d:ec:7f:a2:1e:74:1a:9d:e5:51:e6:95:6e:9f:9d:82:e5:78:
         3d:3c:6e:06:44:2b:63:1a:c7:f0:8e:fb:31:c8:43:ee:d8:c3:
         2a:08:55:c4:2d:e0:ca:4b:11:ba:ff:7c:9b:1d:8f:13:3c:9f:
         5f:62:21:c5:2b:1e:c9:79:b2:d4:f6:60:6e:e8:d4:aa:0c:72:
         85:ff:d6:fb:37:63:35:04:d5:a9:90:af:b9:05:e8:2d:0a:dd:
         fd:6e:71:06:32:b3:e5:5f:37:a9:3e:2e:5f:6f:2b:ce:c8:6a:
         e2:fa:25:be:76:75:a5:37:9d:b0:00:10:04:11:c4:e6:df:90:
         26:a1:9d:50:51:0d:70:d9:95:52:5c:b5:a6:88:06:b6:1a:97:
         c1:e7:a5:87:69:b3:11:4b:fa:9d:48:c1:35:12:69:36:f3:11:
         b4:b8:58:b7:87:2c:7d:9e:95:ea:e9:5d:4a:ab:a0:f9:b1:ed:
         ac:33:d5:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvHpg1qFUJs2eGwPycF1VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMDUzNTU0YzgxODY3NGNkNTQ2Yjc5OWRkNDQ3ODVhNTY0
YzU2Y2IwHhcNMjQwMTAyMTAzMzQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjIwZDdjNTY5ZWMzNWEyNDExMTlhMjIwODZlMmExYWJlMjJlZWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnVfLD9r1Dt4z1HLfOBvqMRqfzz/7
KleyWnsBZi73YrOEpBgVtDnJiRXPcESxkXsDQXFdQyGxNQRUpBqWEPHU/UeYNnJQ
Ftu+SlxTdKYLOy8d7or05vUP5P6NlYeVgaDupItIYiHnERi/vsrWOlAayunAt4Wb
GuKsSQSYRpQTopm3sfluRyz0tTR8h4ZH52+iVnajLBQrYpiCgTtNKnjOFtWH3WTH
2pOPcrrO0HZ8seShdpOiibVQQaZjPKBiBq8Gh0waVYIash8IadWoFfNp9zYGTBHs
MKb3b02438nyujAsE2WHrrPK8qdiYIgoDL1wpP6FVg0ve2FRAZYcpTnFVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNIg18Vp7DWiQRGaIghuKhq+Iu62MB8GA1UdIwQY
MBaAFAwFNVTIGGdM1Ua3md1EeFpWTFbLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREFVMVZNZ1laMHpWUnJlWjNVUjRXbFpNVnNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy80NjBmOGEtNmMzOS00NjIyLWI0MGEt
YmY5Yzc5MTQ5NDYyLzEvMGlEWHhXbnNOYUpCRVpvaUNHNHFHcjRpN3JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy80NjBmOGEtNmMzOS00NjIyLWI0MGEtYmY5Yzc5MTQ5NDYy
LzEvREFVMVZNZ1laMHpWUnJlWjNVUjRXbFpNVnNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRPIMA0G
CSqGSIb3DQEBCwUAA4IBAQCvWZtEolpkEpYtGKkbE+CikOjOnVXCrozTEkV2Z03T
BP2djNmidUIwN2OEuUh0dxhb6cbtZUTqucAkK7tu8uhTa5rJWHvyee0d7H+iHnQa
neVR5pVun52C5Xg9PG4GRCtjGsfwjvsxyEPu2MMqCFXELeDKSxG6/3ybHY8TPJ9f
YiHFKx7JebLU9mBu6NSqDHKF/9b7N2M1BNWpkK+5BegtCt39bnEGMrPlXzepPi5f
byvOyGri+iW+dnWlN52wABAEEcTm35AmoZ1QUQ1w2ZVSXLWmiAa2GpfB56WHabMR
S/qdSME1Emk28xG0uFi3hyx9npXq6V1Kq6D5se2sM9U8
-----END CERTIFICATE-----