Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/9bcada-d955-4f2a-9254-f9ec566686b9/1/DiARO30ZOBRDNC2Wh9os8Ix4ero.roa
File:                     DiARO30ZOBRDNC2Wh9os8Ix4ero.roa (raw, json)
Hash identifier:          OUMjyLgIiCMp8T3Bq6UAQb87aRiFw3GTm4aTuO/DtFc=
Subject key identifier:   0E:20:11:3B:7D:19:38:14:43:34:2D:96:87:DA:2C:F0:8C:78:7A:BA
Certificate issuer:       /CN=c3181a923e9ac3c005eb4c73edc7a1e8325a5b1e
Certificate serial:       0191DC1C9EAD7AF96BBE6C566380267A06A6
Authority key identifier: C3:18:1A:92:3E:9A:C3:C0:05:EB:4C:73:ED:C7:A1:E8:32:5A:5B:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wxgakj6aw8AF60xz7ceh6DJaWx4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/9bcada-d955-4f2a-9254-f9ec566686b9/1/DiARO30ZOBRDNC2Wh9os8Ix4ero.roa
Signing time:             Tue 10 Sep 2024 13:25:48 +0000
ROA not before:           Tue 10 Sep 2024 13:25:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12338
IP address blocks:        94.101.106.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/9bcada-d955-4f2a-9254-f9ec566686b9/1/wxgakj6aw8AF60xz7ceh6DJaWx4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/9bcada-d955-4f2a-9254-f9ec566686b9/1/wxgakj6aw8AF60xz7ceh6DJaWx4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wxgakj6aw8AF60xz7ceh6DJaWx4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:dc:1c:9e:ad:7a:f9:6b:be:6c:56:63:80:26:7a:06:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3181a923e9ac3c005eb4c73edc7a1e8325a5b1e
        Validity
            Not Before: Sep 10 13:25:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e20113b7d19381443342d9687da2cf08c787aba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:74:5e:22:b9:54:17:63:46:50:d0:bd:8c:8c:
                    4b:08:71:7e:5d:d6:90:95:fe:3f:92:6d:81:30:52:
                    b9:24:a2:f5:7a:db:57:a0:54:ff:01:f1:b9:ac:c1:
                    37:a3:69:83:60:fe:13:0d:7b:6a:4f:57:af:cb:5f:
                    90:58:79:ac:6c:09:f7:39:09:7b:d1:fb:eb:34:dc:
                    8e:c9:7f:4c:4f:46:80:8d:64:b6:7b:3b:95:2a:73:
                    69:b2:15:b4:26:49:fe:74:e6:7d:a6:fa:38:14:37:
                    f0:21:fa:5d:14:84:11:99:a2:23:33:e1:af:df:b6:
                    f3:5a:9c:83:fe:77:ee:06:ae:b9:fe:8b:9f:5e:4f:
                    9c:2a:1e:5a:b8:46:89:d1:4c:7d:47:70:17:66:37:
                    49:f4:67:32:98:2e:46:1d:78:e1:a2:74:65:bd:38:
                    f0:e3:1a:d0:e3:d5:e2:6c:71:be:81:ee:5c:5f:75:
                    05:12:e0:09:80:9e:42:d1:d4:87:d7:0c:32:b3:31:
                    91:fa:79:de:25:e1:c0:ec:ea:2b:36:c6:19:88:21:
                    ab:98:d8:80:20:9f:da:06:03:74:54:d7:0e:93:78:
                    b8:8e:28:c3:13:39:a3:06:a0:bc:fa:d7:51:59:2b:
                    08:05:3a:dd:f9:cd:5b:aa:0e:ef:94:38:b9:f1:d0:
                    bf:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:20:11:3B:7D:19:38:14:43:34:2D:96:87:DA:2C:F0:8C:78:7A:BA
            X509v3 Authority Key Identifier:
                keyid:C3:18:1A:92:3E:9A:C3:C0:05:EB:4C:73:ED:C7:A1:E8:32:5A:5B:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wxgakj6aw8AF60xz7ceh6DJaWx4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/9bcada-d955-4f2a-9254-f9ec566686b9/1/DiARO30ZOBRDNC2Wh9os8Ix4ero.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/9bcada-d955-4f2a-9254-f9ec566686b9/1/wxgakj6aw8AF60xz7ceh6DJaWx4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.101.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:78:ca:85:cf:a8:82:5a:dc:a2:83:c1:b7:62:35:2e:06:01:
         52:24:27:4e:a8:5a:59:e2:7f:94:bf:ca:21:b1:4c:e7:50:72:
         30:40:29:54:78:75:cb:5f:b7:e0:e9:03:48:8c:e7:80:ea:28:
         03:fa:94:4d:d1:b5:8f:a6:b2:e5:cd:e7:ad:51:1d:7a:9a:be:
         72:c5:d9:58:41:99:4e:46:17:46:23:55:c3:b4:a2:9e:92:1c:
         35:99:78:c6:f6:3a:ed:08:25:6e:f0:4e:e3:ef:f1:01:78:22:
         f7:03:c1:6f:cf:96:de:96:ac:ca:ee:d8:77:c5:c6:a8:b6:13:
         0d:fc:8e:a1:03:11:14:f6:9a:34:d7:a8:c6:b8:8d:b2:26:a5:
         56:8f:99:49:12:a6:25:aa:50:73:0e:e2:9b:cd:2d:b9:f1:0a:
         fa:25:3c:1d:c1:24:44:a3:e4:8e:33:0c:25:52:46:7f:92:93:
         60:71:9b:40:0b:61:51:87:a8:e5:c8:ee:ea:29:03:81:28:18:
         ab:06:36:60:67:d0:91:60:6b:d1:e5:ae:0f:48:21:10:a1:e8:
         34:5a:4e:40:99:14:f1:21:41:4c:50:ed:5a:8e:d3:23:81:1f:
         c4:c6:f5:88:ea:d9:90:a0:e3:3e:9a:07:06:22:f4:22:2b:7c:
         3c:88:3d:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHcHJ6tevlrvmxWY4AmegamMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzMTgxYTkyM2U5YWMzYzAwNWViNGM3M2VkYzdhMWU4MzI1
YTViMWUwHhcNMjQwOTEwMTMyNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTIwMTEzYjdkMTkzODE0NDMzNDJkOTY4N2RhMmNmMDhjNzg3YWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXReIrlUF2NGUNC9jIxLCHF+XdaQ
lf4/km2BMFK5JKL1ettXoFT/AfG5rME3o2mDYP4TDXtqT1evy1+QWHmsbAn3OQl7
0fvrNNyOyX9MT0aAjWS2ezuVKnNpshW0Jkn+dOZ9pvo4FDfwIfpdFIQRmaIjM+Gv
37bzWpyD/nfuBq65/oufXk+cKh5auEaJ0Ux9R3AXZjdJ9GcymC5GHXjhonRlvTjw
4xrQ49XibHG+ge5cX3UFEuAJgJ5C0dSH1wwyszGR+nneJeHA7OorNsYZiCGrmNiA
IJ/aBgN0VNcOk3i4jijDEzmjBqC8+tdRWSsIBTrd+c1bqg7vlDi58dC/hQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA4gETt9GTgUQzQtlofaLPCMeHq6MB8GA1UdIwQY
MBaAFMMYGpI+msPABetMc+3HoegyWlseMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3hnYWtqNmF3OEFGNjB4ejdjZWg2REphV3g0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS85YmNhZGEtZDk1NS00ZjJhLTkyNTQt
ZjllYzU2NjY4NmI5LzEvRGlBUk8zMFpPQlJETkMyV2g5b3M4SXg0ZXJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS85YmNhZGEtZDk1NS00ZjJhLTkyNTQtZjllYzU2NjY4NmI5
LzEvd3hnYWtqNmF3OEFGNjB4ejdjZWg2REphV3g0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXmVqMA0G
CSqGSIb3DQEBCwUAA4IBAQByeMqFz6iCWtyig8G3YjUuBgFSJCdOqFpZ4n+Uv8oh
sUznUHIwQClUeHXLX7fg6QNIjOeA6igD+pRN0bWPprLlzeetUR16mr5yxdlYQZlO
RhdGI1XDtKKekhw1mXjG9jrtCCVu8E7j7/EBeCL3A8Fvz5belqzK7th3xcaothMN
/I6hAxEU9po016jGuI2yJqVWj5lJEqYlqlBzDuKbzS258Qr6JTwdwSREo+SOMwwl
UkZ/kpNgcZtAC2FRh6jlyO7qKQOBKBirBjZgZ9CRYGvR5a4PSCEQoeg0Wk5AmRTx
IUFMUO1ajtMjgR/ExvWI6tmQoOM+mgcGIvQiK3w8iD3a
-----END CERTIFICATE-----