Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/0910e6-c074-40d0-b789-a17804439895/1/dlEv_JJOOFzoQ_ZGTFdKpDiB11k.roa
File:                     dlEv_JJOOFzoQ_ZGTFdKpDiB11k.roa (raw, json)
Hash identifier:          SskXqhBRSr6AQQQ3jG6PojutbcybjkMJwzS1LgcIjCo=
Subject key identifier:   76:51:2F:FC:92:4E:38:5C:E8:43:F6:46:4C:57:4A:A4:38:81:D7:59
Certificate issuer:       /CN=0c202663de852c7060fdea0298b490d5edcc0f24
Certificate serial:       018CC2DAEDD7E3FF9455B0305346ACF8648F
Authority key identifier: 0C:20:26:63:DE:85:2C:70:60:FD:EA:02:98:B4:90:D5:ED:CC:0F:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DCAmY96FLHBg_eoCmLSQ1e3MDyQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/0910e6-c074-40d0-b789-a17804439895/1/dlEv_JJOOFzoQ_ZGTFdKpDiB11k.roa
Signing time:             Mon 01 Jan 2024 02:29:36 +0000
ROA not before:           Mon 01 Jan 2024 02:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8368
IP address blocks:        194.32.168.0/22 maxlen: 24
                          176.125.224.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/0910e6-c074-40d0-b789-a17804439895/1/DCAmY96FLHBg_eoCmLSQ1e3MDyQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/0910e6-c074-40d0-b789-a17804439895/1/DCAmY96FLHBg_eoCmLSQ1e3MDyQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DCAmY96FLHBg_eoCmLSQ1e3MDyQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:ed:d7:e3:ff:94:55:b0:30:53:46:ac:f8:64:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c202663de852c7060fdea0298b490d5edcc0f24
        Validity
            Not Before: Jan  1 02:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76512ffc924e385ce843f6464c574aa43881d759
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:fe:c4:c1:a2:48:0f:4c:6c:50:1b:91:06:d7:
                    68:d3:26:12:1c:f1:3f:f5:94:87:ae:39:f2:cc:56:
                    3c:76:4d:ba:00:af:26:14:67:24:e7:fd:20:3f:fc:
                    54:7b:be:f5:e9:0b:23:f1:3e:15:ea:6c:d9:d4:54:
                    5a:94:bc:d6:93:3c:a4:8c:e0:b3:0b:4d:30:cf:c9:
                    ce:84:55:3a:3c:f6:65:0f:0d:8e:d6:4b:35:74:a5:
                    4a:94:df:37:e4:b1:fa:0f:9c:72:fe:f0:02:56:ef:
                    1a:53:30:3c:b7:f9:10:b7:d0:c4:d6:91:2c:b4:5c:
                    eb:3b:14:9f:3e:2d:35:89:dd:21:83:1c:2e:b7:f7:
                    62:96:36:9a:2d:e9:a7:97:36:c5:e4:98:77:ab:59:
                    89:28:a3:96:6b:31:26:86:90:81:c5:c1:a5:ed:83:
                    00:04:df:a1:d3:f1:b9:1d:55:a3:36:46:0d:ed:0f:
                    0b:06:f7:ce:d1:04:f9:15:e7:ca:c0:0f:f4:9d:68:
                    81:d3:28:2e:f3:d9:91:ab:0d:e5:61:2f:60:14:ab:
                    be:05:33:1e:9c:87:ff:f9:d1:4a:3b:79:6f:8f:37:
                    f6:2b:19:da:2b:2e:78:47:fc:3e:09:2e:54:72:4c:
                    34:5c:d0:47:d2:0c:3b:77:12:62:f1:88:ca:09:7d:
                    33:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:51:2F:FC:92:4E:38:5C:E8:43:F6:46:4C:57:4A:A4:38:81:D7:59
            X509v3 Authority Key Identifier:
                keyid:0C:20:26:63:DE:85:2C:70:60:FD:EA:02:98:B4:90:D5:ED:CC:0F:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DCAmY96FLHBg_eoCmLSQ1e3MDyQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/0910e6-c074-40d0-b789-a17804439895/1/dlEv_JJOOFzoQ_ZGTFdKpDiB11k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/0910e6-c074-40d0-b789-a17804439895/1/DCAmY96FLHBg_eoCmLSQ1e3MDyQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.125.224.0/22
                  194.32.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3a:28:6e:eb:dd:68:6f:6d:76:91:9d:93:c8:cc:90:ee:96:ff:
         7a:69:fd:36:1d:79:3f:1a:c0:49:ea:14:6a:6f:a8:a3:a0:97:
         d8:46:d9:36:95:dd:26:23:26:ac:8c:8d:a6:b3:94:c5:43:a4:
         69:df:39:f8:69:b3:db:fc:fb:53:78:16:10:d9:3d:98:bc:a5:
         70:5e:ae:83:66:05:4d:cf:1b:96:08:a6:bb:83:1f:2f:c6:fe:
         ea:be:55:1a:56:ee:68:a9:01:cc:6e:5a:3e:75:42:e1:b7:9f:
         14:5b:19:07:99:ce:6c:8a:b4:a0:62:f5:df:50:8c:f8:ac:2a:
         33:67:f4:d2:7b:8b:16:c0:c8:a7:c2:4c:d5:7e:b7:7f:f4:79:
         98:88:f4:2d:90:58:2f:dd:e9:31:e4:75:1a:55:3a:19:1d:be:
         c4:29:c5:dd:38:f4:d7:93:7a:cd:1d:e5:a6:a7:25:c8:87:64:
         af:7e:9f:b2:af:8b:24:44:e8:40:b6:15:1f:bb:07:8c:bc:84:
         f2:e5:9b:e4:65:10:b3:25:1f:8c:4d:85:ef:1c:e2:c5:2a:e4:
         ec:57:99:89:1d:2c:eb:6e:87:07:7c:b0:07:79:8b:2f:14:f1:
         a0:c6:b2:07:ae:43:de:90:ae:35:04:3f:70:47:f3:42:ce:1b:
         d7:23:43:05
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2u3X4/+UVbAwU0as+GSPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMjAyNjYzZGU4NTJjNzA2MGZkZWEwMjk4YjQ5MGQ1ZWRj
YzBmMjQwHhcNMjQwMTAxMDIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjUxMmZmYzkyNGUzODVjZTg0M2Y2NDY0YzU3NGFhNDM4ODFkNzU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmP7EwaJID0xsUBuRBtdo0yYSHPE/
9ZSHrjnyzFY8dk26AK8mFGck5/0gP/xUe7716Qsj8T4V6mzZ1FRalLzWkzykjOCz
C00wz8nOhFU6PPZlDw2O1ks1dKVKlN835LH6D5xy/vACVu8aUzA8t/kQt9DE1pEs
tFzrOxSfPi01id0hgxwut/diljaaLemnlzbF5Jh3q1mJKKOWazEmhpCBxcGl7YMA
BN+h0/G5HVWjNkYN7Q8LBvfO0QT5FefKwA/0nWiB0ygu89mRqw3lYS9gFKu+BTMe
nIf/+dFKO3lvjzf2KxnaKy54R/w+CS5Uckw0XNBH0gw7dxJi8YjKCX0z8QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHZRL/ySTjhc6EP2RkxXSqQ4gddZMB8GA1UdIwQY
MBaAFAwgJmPehSxwYP3qApi0kNXtzA8kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRENBbVk5NkZMSEJnX2VvQ21MU1ExZTNNRHlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8wOTEwZTYtYzA3NC00MGQwLWI3ODkt
YTE3ODA0NDM5ODk1LzEvZGxFdl9KSk9PRnpvUV9aR1RGZEtwRGlCMTFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8wOTEwZTYtYzA3NC00MGQwLWI3ODktYTE3ODA0NDM5ODk1
LzEvRENBbVk5NkZMSEJnX2VvQ21MU1ExZTNNRHlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCsH3gAwQC
wiCoMA0GCSqGSIb3DQEBCwUAA4IBAQA6KG7r3WhvbXaRnZPIzJDulv96af02HXk/
GsBJ6hRqb6ijoJfYRtk2ld0mIyasjI2ms5TFQ6Rp3zn4abPb/PtTeBYQ2T2YvKVw
Xq6DZgVNzxuWCKa7gx8vxv7qvlUaVu5oqQHMblo+dULht58UWxkHmc5sirSgYvXf
UIz4rCozZ/TSe4sWwMinwkzVfrd/9HmYiPQtkFgv3ekx5HUaVToZHb7EKcXdOPTX
k3rNHeWmpyXIh2Svfp+yr4skROhAthUfuweMvITy5ZvkZRCzJR+MTYXvHOLFKuTs
V5mJHSzrbocHfLAHeYsvFPGgxrIHrkPekK41BD9wR/NCzhvXI0MF
-----END CERTIFICATE-----