Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/0afa88-b526-4763-9528-8b60e4b94bcf/1/w_OJ4D50bNMLuT3DtXMHAxqn3Ds.roa
File:                     w_OJ4D50bNMLuT3DtXMHAxqn3Ds.roa (raw, json)
Hash identifier:          ZkyR1KiyaGhvcun3cFsB+JpQbun9ndRl2yIa9VJdaHE=
Subject key identifier:   C3:F3:89:E0:3E:74:6C:D3:0B:B9:3D:C3:B5:73:07:03:1A:A7:DC:3B
Certificate issuer:       /CN=1ddd15ef2f59abb95f2d9be5cee3303888623b97
Certificate serial:       018CC801CA92E3EEA14BCD5E5BF443A75C74
Authority key identifier: 1D:DD:15:EF:2F:59:AB:B9:5F:2D:9B:E5:CE:E3:30:38:88:62:3B:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hd0V7y9Zq7lfLZvlzuMwOIhiO5c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/0afa88-b526-4763-9528-8b60e4b94bcf/1/w_OJ4D50bNMLuT3DtXMHAxqn3Ds.roa
Signing time:             Tue 02 Jan 2024 02:30:09 +0000
ROA not before:           Tue 02 Jan 2024 02:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50876
IP address blocks:        193.202.123.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/0afa88-b526-4763-9528-8b60e4b94bcf/1/Hd0V7y9Zq7lfLZvlzuMwOIhiO5c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/0afa88-b526-4763-9528-8b60e4b94bcf/1/Hd0V7y9Zq7lfLZvlzuMwOIhiO5c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hd0V7y9Zq7lfLZvlzuMwOIhiO5c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:ca:92:e3:ee:a1:4b:cd:5e:5b:f4:43:a7:5c:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ddd15ef2f59abb95f2d9be5cee3303888623b97
        Validity
            Not Before: Jan  2 02:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3f389e03e746cd30bb93dc3b57307031aa7dc3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:77:cf:1c:39:19:86:60:b7:ad:9f:fe:22:1b:
                    0f:fc:f4:f9:a0:24:94:b1:6d:1e:ed:e5:dd:21:a6:
                    5d:12:48:8e:e2:84:e4:33:b8:45:37:14:87:77:24:
                    dd:62:78:3f:06:1a:ca:7b:b8:56:08:48:99:5e:14:
                    e9:46:f2:0e:7f:02:71:96:d5:2b:6d:13:0f:18:5e:
                    60:41:a7:12:27:fa:3c:3f:ce:c4:e5:04:cd:22:e9:
                    08:b7:1f:5d:c4:0b:d8:39:ac:05:1a:07:b4:37:3a:
                    8b:4f:5a:11:0f:cb:27:77:8b:0b:62:de:05:8d:e9:
                    19:30:81:71:b7:7c:e4:69:ea:fb:b2:63:0c:f2:e8:
                    78:da:35:4e:5d:12:75:2c:ee:c9:03:79:b5:87:6c:
                    1c:1e:02:8d:de:be:3e:b0:39:97:e5:c3:72:54:3a:
                    45:f5:dc:5c:ee:19:59:2c:04:33:f5:98:5f:9c:d1:
                    9f:ca:ab:86:45:a3:73:69:ef:1b:99:4e:e6:db:14:
                    2e:73:47:09:2b:92:50:04:27:ca:f7:d5:8e:2c:a3:
                    34:32:4f:20:f1:72:a7:fd:ff:b5:26:2a:c8:5c:3a:
                    cd:b0:a4:23:0f:c9:3e:4b:74:71:39:8c:27:7f:b3:
                    8a:58:a8:84:59:81:00:39:e0:69:96:15:58:53:59:
                    cf:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:F3:89:E0:3E:74:6C:D3:0B:B9:3D:C3:B5:73:07:03:1A:A7:DC:3B
            X509v3 Authority Key Identifier:
                keyid:1D:DD:15:EF:2F:59:AB:B9:5F:2D:9B:E5:CE:E3:30:38:88:62:3B:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hd0V7y9Zq7lfLZvlzuMwOIhiO5c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/0afa88-b526-4763-9528-8b60e4b94bcf/1/w_OJ4D50bNMLuT3DtXMHAxqn3Ds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/0afa88-b526-4763-9528-8b60e4b94bcf/1/Hd0V7y9Zq7lfLZvlzuMwOIhiO5c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.202.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:22:75:12:42:99:e1:83:89:c6:26:02:c4:57:0b:92:87:87:
         9a:2d:36:6e:78:4d:c2:09:50:31:24:08:bd:d6:1a:4a:46:4f:
         5e:cd:a4:1b:d4:68:63:74:11:07:36:bc:96:62:62:5d:c7:3d:
         94:b5:8f:1d:12:5b:74:bf:82:c7:bf:cd:9d:8f:45:ba:55:3a:
         af:93:15:f0:14:34:b5:98:7f:8b:8b:7a:3d:43:8a:2e:df:4b:
         d1:5b:18:7a:d8:4a:bb:cc:58:8e:75:2c:0a:43:52:dc:3e:61:
         e2:57:53:20:c1:c6:41:4a:06:ed:7c:24:b8:60:a6:f2:b1:86:
         2e:8c:81:26:eb:b9:6b:b3:44:ca:66:3e:91:ba:ad:c8:e4:44:
         d8:ed:1b:b8:ce:2b:a3:b2:6e:e1:bd:db:a9:9e:54:cf:ca:7e:
         35:96:85:24:d5:7b:98:23:5d:94:c2:3b:2e:78:a1:0b:ab:f1:
         8e:89:a7:00:f0:ce:d4:77:df:92:c0:a4:50:3a:a4:01:b0:c5:
         36:b1:52:e3:86:fe:91:d3:dd:9a:a6:d0:77:36:e5:65:8a:40:
         75:3f:6a:c9:70:1b:c3:6b:29:61:a9:cf:84:ec:5a:54:7b:2d:
         7e:55:22:0b:0a:5c:02:8a:d3:9b:63:b5:a6:e3:5b:d9:90:1e:
         b5:39:72:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAcqS4+6hS81eW/RDp1x0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkZGQxNWVmMmY1OWFiYjk1ZjJkOWJlNWNlZTMzMDM4ODg2
MjNiOTcwHhcNMjQwMTAyMDIzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2YzODllMDNlNzQ2Y2QzMGJiOTNkYzNiNTczMDcwMzFhYTdkYzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnfPHDkZhmC3rZ/+IhsP/PT5oCSU
sW0e7eXdIaZdEkiO4oTkM7hFNxSHdyTdYng/BhrKe7hWCEiZXhTpRvIOfwJxltUr
bRMPGF5gQacSJ/o8P87E5QTNIukItx9dxAvYOawFGge0NzqLT1oRD8snd4sLYt4F
jekZMIFxt3zkaer7smMM8uh42jVOXRJ1LO7JA3m1h2wcHgKN3r4+sDmX5cNyVDpF
9dxc7hlZLAQz9ZhfnNGfyquGRaNzae8bmU7m2xQuc0cJK5JQBCfK99WOLKM0Mk8g
8XKn/f+1JirIXDrNsKQjD8k+S3RxOYwnf7OKWKiEWYEAOeBplhVYU1nPuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMPzieA+dGzTC7k9w7VzBwMap9w7MB8GA1UdIwQY
MBaAFB3dFe8vWau5Xy2b5c7jMDiIYjuXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGQwVjd5OVpxN2xmTFp2bHp1TXdPSWhpTzVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC8wYWZhODgtYjUyNi00NzYzLTk1Mjgt
OGI2MGU0Yjk0YmNmLzEvd19PSjRENTBiTk1MdVQzRHRYTUhBeHFuM0RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC8wYWZhODgtYjUyNi00NzYzLTk1MjgtOGI2MGU0Yjk0YmNm
LzEvSGQwVjd5OVpxN2xmTFp2bHp1TXdPSWhpTzVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcp7MA0G
CSqGSIb3DQEBCwUAA4IBAQBrInUSQpnhg4nGJgLEVwuSh4eaLTZueE3CCVAxJAi9
1hpKRk9ezaQb1GhjdBEHNryWYmJdxz2UtY8dElt0v4LHv82dj0W6VTqvkxXwFDS1
mH+Li3o9Q4ou30vRWxh62Eq7zFiOdSwKQ1LcPmHiV1MgwcZBSgbtfCS4YKbysYYu
jIEm67lrs0TKZj6Ruq3I5ETY7Ru4ziujsm7hvdupnlTPyn41loUk1XuYI12Uwjsu
eKELq/GOiacA8M7Ud9+SwKRQOqQBsMU2sVLjhv6R092aptB3NuVlikB1P2rJcBvD
aylhqc+E7FpUey1+VSILClwCitObY7Wm41vZkB61OXI3
-----END CERTIFICATE-----