Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/dvkaw-vNrn_feOOix-w6ShcClWE.roa
File:                     dvkaw-vNrn_feOOix-w6ShcClWE.roa (raw, json)
Hash identifier:          C4oe/Ry0U+MP65qqJcEsyFiuGgNtNDoYGflwRM8WD7o=
Subject key identifier:   76:F9:1A:C3:EB:CD:AE:7F:DF:78:E3:A2:C7:EC:3A:4A:17:02:95:61
Certificate issuer:       /CN=d0b849b9bc9042a1557331937e4ad71518af61cf
Certificate serial:       018CC493334E5A41E0F520A81FE42E8FA54F
Authority key identifier: D0:B8:49:B9:BC:90:42:A1:55:73:31:93:7E:4A:D7:15:18:AF:61:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0LhJubyQQqFVczGTfkrXFRivYc8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/dvkaw-vNrn_feOOix-w6ShcClWE.roa
Signing time:             Mon 01 Jan 2024 10:30:30 +0000
ROA not before:           Mon 01 Jan 2024 10:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211611
IP address blocks:        194.36.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/0LhJubyQQqFVczGTfkrXFRivYc8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/0LhJubyQQqFVczGTfkrXFRivYc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0LhJubyQQqFVczGTfkrXFRivYc8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:33:4e:5a:41:e0:f5:20:a8:1f:e4:2e:8f:a5:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0b849b9bc9042a1557331937e4ad71518af61cf
        Validity
            Not Before: Jan  1 10:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76f91ac3ebcdae7fdf78e3a2c7ec3a4a17029561
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:d1:e6:f5:ff:46:6d:e5:b2:d0:c7:0d:b1:37:
                    aa:c6:46:b7:ae:42:21:9c:b7:f9:d3:c6:af:df:02:
                    a7:d9:f6:69:2b:5c:47:ee:82:f3:ea:b7:fb:07:91:
                    0c:ef:f3:70:bf:51:35:8b:22:ab:ac:97:a3:ba:be:
                    70:a4:c6:7b:b3:a0:01:51:ca:71:2c:54:e8:f9:54:
                    98:dc:02:94:90:c9:8b:61:3d:ea:a0:6c:b2:5a:ae:
                    31:45:ff:66:e0:36:0f:d0:71:9c:12:5c:7e:c9:2b:
                    81:31:c3:06:84:75:3e:2b:30:60:25:c5:b5:50:bf:
                    2a:0c:70:dc:18:94:87:e4:5c:36:50:a8:86:24:f3:
                    2a:1c:62:10:29:26:23:b2:fb:57:a5:76:a0:c9:01:
                    4d:24:6c:b0:a0:63:31:86:f9:7d:61:a6:0d:85:59:
                    b9:74:8c:ed:39:56:19:a4:3d:56:eb:76:4f:74:2e:
                    e0:0d:c1:c5:e8:82:11:57:72:d9:84:4c:2e:b6:67:
                    6e:9c:c8:3a:fe:ad:3e:8f:dd:07:e1:b6:a7:fd:98:
                    3d:df:b3:3d:c2:e7:70:f9:9c:0e:94:a5:95:5e:13:
                    a6:6f:79:ca:2c:f0:42:27:c7:fd:93:05:12:7e:f9:
                    2b:ef:d3:54:7c:6f:f5:3f:96:2e:d7:47:96:d9:bf:
                    31:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:F9:1A:C3:EB:CD:AE:7F:DF:78:E3:A2:C7:EC:3A:4A:17:02:95:61
            X509v3 Authority Key Identifier:
                keyid:D0:B8:49:B9:BC:90:42:A1:55:73:31:93:7E:4A:D7:15:18:AF:61:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0LhJubyQQqFVczGTfkrXFRivYc8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/dvkaw-vNrn_feOOix-w6ShcClWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/0LhJubyQQqFVczGTfkrXFRivYc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.36.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:e1:3f:a8:dd:c2:54:a5:58:28:08:f8:ae:06:98:24:02:71:
         17:47:e4:7b:d2:6d:40:5e:f6:25:81:9c:88:2f:40:b3:da:b1:
         dc:51:79:66:da:7d:42:c2:06:76:f5:fe:27:c5:70:d4:07:da:
         13:9d:99:35:4a:90:90:36:d6:73:57:e8:65:75:65:48:8a:e6:
         b9:81:a2:ff:8c:f7:25:cd:d1:05:43:44:f7:b6:2d:03:c1:c0:
         9f:0e:55:9f:e0:62:80:97:bb:14:1a:d5:f2:76:be:8e:2e:d4:
         33:3b:b1:24:ab:03:c3:db:a6:c0:6a:fa:6c:69:29:94:84:81:
         f2:f5:08:ea:f8:fd:ab:d1:cb:22:db:f7:7b:37:ce:0e:ca:82:
         d4:d8:61:57:bf:d9:57:db:e0:a8:45:6d:15:4c:03:10:20:99:
         e1:67:8e:d9:67:8b:cb:b1:ef:7e:0f:2e:75:8e:4e:be:ae:c7:
         f8:af:ef:31:32:f3:b5:9e:f3:98:e4:bb:dc:de:0c:7e:6b:a6:
         4d:24:b7:a8:0e:01:e6:26:e2:53:c6:34:48:5e:3e:87:25:96:
         6b:03:29:6f:09:41:08:a4:a1:66:03:14:db:55:5f:26:81:4b:
         8c:24:fd:b3:4c:6e:87:06:2c:c9:7b:f2:1f:c3:7b:50:60:d7:
         01:23:30:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkzNOWkHg9SCoH+Quj6VPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwYjg0OWI5YmM5MDQyYTE1NTczMzE5MzdlNGFkNzE1MThh
ZjYxY2YwHhcNMjQwMTAxMTAzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmY5MWFjM2ViY2RhZTdmZGY3OGUzYTJjN2VjM2E0YTE3MDI5NTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAodHm9f9GbeWy0McNsTeqxka3rkIh
nLf508av3wKn2fZpK1xH7oLz6rf7B5EM7/Nwv1E1iyKrrJejur5wpMZ7s6ABUcpx
LFTo+VSY3AKUkMmLYT3qoGyyWq4xRf9m4DYP0HGcElx+ySuBMcMGhHU+KzBgJcW1
UL8qDHDcGJSH5Fw2UKiGJPMqHGIQKSYjsvtXpXagyQFNJGywoGMxhvl9YaYNhVm5
dIztOVYZpD1W63ZPdC7gDcHF6IIRV3LZhEwutmdunMg6/q0+j90H4ban/Zg937M9
wudw+ZwOlKWVXhOmb3nKLPBCJ8f9kwUSfvkr79NUfG/1P5Yu10eW2b8xTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHb5GsPrza5/33jjosfsOkoXApVhMB8GA1UdIwQY
MBaAFNC4Sbm8kEKhVXMxk35K1xUYr2HPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMExoSnVieVFRcUZWY3pHVGZrclhGUml2WWM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9hM2ZiNjctZDUxNC00YWVlLWFkYjkt
NzJiYWQ5ZDczYzgwLzEvZHZrYXctdk5ybl9mZU9PaXgtdzZTaGNDbFdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9hM2ZiNjctZDUxNC00YWVlLWFkYjktNzJiYWQ5ZDczYzgw
LzEvMExoSnVieVFRcUZWY3pHVGZrclhGUml2WWM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiSPMA0G
CSqGSIb3DQEBCwUAA4IBAQBg4T+o3cJUpVgoCPiuBpgkAnEXR+R70m1AXvYlgZyI
L0Cz2rHcUXlm2n1CwgZ29f4nxXDUB9oTnZk1SpCQNtZzV+hldWVIiua5gaL/jPcl
zdEFQ0T3ti0DwcCfDlWf4GKAl7sUGtXydr6OLtQzO7EkqwPD26bAavpsaSmUhIHy
9Qjq+P2r0csi2/d7N84OyoLU2GFXv9lX2+CoRW0VTAMQIJnhZ47ZZ4vLse9+Dy51
jk6+rsf4r+8xMvO1nvOY5Lvc3gx+a6ZNJLeoDgHmJuJTxjRIXj6HJZZrAylvCUEI
pKFmAxTbVV8mgUuMJP2zTG6HBizJe/Ifw3tQYNcBIzDE
-----END CERTIFICATE-----