Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/ODAigCFe6lJIdZVfonOAZ2kpkZk.roa
File:                     ODAigCFe6lJIdZVfonOAZ2kpkZk.roa (raw, json)
Hash identifier:          v+0UitI96vmc0tWZJrj8BXy0640U/aE6iSRwBHxCv/0=
Subject key identifier:   38:30:22:80:21:5E:EA:52:48:75:95:5F:A2:73:80:67:69:29:91:99
Certificate issuer:       /CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
Certificate serial:       018CC5004C1C35A1B560B05D3FAB815C1A6D
Authority key identifier: 93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/ODAigCFe6lJIdZVfonOAZ2kpkZk.roa
Signing time:             Mon 01 Jan 2024 12:29:40 +0000
ROA not before:           Mon 01 Jan 2024 12:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209778
IP address blocks:        217.113.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:4c:1c:35:a1:b5:60:b0:5d:3f:ab:81:5c:1a:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
        Validity
            Not Before: Jan  1 12:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38302280215eea524875955fa273806769299199
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:8d:a9:f8:67:cb:b7:a6:e7:30:dd:3c:37:94:
                    1e:1a:86:a9:22:ab:e5:5d:04:8b:74:be:ea:b6:58:
                    53:35:cc:8d:5e:64:c1:a4:72:3a:53:33:7e:7d:fd:
                    0f:c1:a9:f8:94:72:24:25:21:74:f5:54:59:a0:bf:
                    84:c4:0c:8c:df:9a:14:d2:d4:57:4a:da:3a:12:62:
                    f7:bb:92:ac:03:2a:45:1e:c4:8e:03:6e:79:6e:85:
                    ea:7b:f2:68:14:41:43:50:9d:c4:c4:63:65:63:a7:
                    72:ae:d7:e9:19:e4:4c:20:d8:d0:63:d4:fb:d4:49:
                    9f:88:8a:3e:ef:97:f1:99:95:78:37:02:cd:27:b0:
                    be:3d:9e:b5:ed:ee:81:36:06:13:32:bb:5b:00:d2:
                    bc:7b:2b:2f:6e:a8:77:2d:82:21:7f:8e:a5:da:ae:
                    21:ab:58:2d:91:33:25:26:fc:69:20:21:48:82:ef:
                    36:e7:e1:aa:ff:7a:aa:ff:73:ad:1c:25:b7:2c:2b:
                    32:a3:70:b7:9f:39:17:62:8c:fe:a6:d0:fb:f3:19:
                    10:3d:90:3e:75:8e:c1:61:ab:af:f7:4b:3e:57:c5:
                    9a:58:7e:8d:09:43:e6:d9:17:b6:94:59:8e:39:8d:
                    58:91:80:9d:ae:65:73:2e:f0:dd:73:82:cb:20:60:
                    34:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:30:22:80:21:5E:EA:52:48:75:95:5F:A2:73:80:67:69:29:91:99
            X509v3 Authority Key Identifier:
                keyid:93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/ODAigCFe6lJIdZVfonOAZ2kpkZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.113.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:18:84:26:61:4c:29:32:98:21:0e:bc:a3:78:fa:e0:18:2e:
         25:2e:0c:f0:78:72:cf:d6:8a:00:f7:0c:dc:71:c5:16:2a:0d:
         8b:f1:9d:17:11:68:23:8f:03:61:01:dc:3b:32:46:54:5d:0a:
         aa:78:84:30:5a:e1:1e:b3:30:96:3a:9e:ce:63:db:96:03:7a:
         96:3e:42:a3:e2:1c:4f:b3:2a:aa:ab:90:a5:17:ad:9f:35:53:
         da:91:0f:76:e1:4a:fa:28:d0:de:e3:d6:97:7c:ac:41:a7:94:
         83:2f:74:8a:a5:8d:f1:b7:c7:ea:21:d8:95:bf:64:8d:2e:16:
         91:e6:6a:21:aa:e8:ff:be:bd:31:07:4a:d6:e1:21:53:b5:3a:
         18:20:39:68:e5:c1:66:4b:ac:d3:f7:1d:93:5d:aa:b7:ab:8b:
         00:b9:0f:2e:a1:8b:f3:1d:68:28:ff:a6:f8:ac:38:c6:e0:06:
         4b:10:24:89:74:74:fa:a2:7f:c8:9d:b4:fc:32:5a:31:4d:de:
         2d:8f:91:b5:e4:d1:60:88:78:f6:e6:5e:55:6d:e6:89:e2:70:
         5e:47:66:b1:d9:b5:28:c4:7c:04:72:46:6a:2d:b3:94:65:bf:
         01:0c:e2:ce:20:3b:5d:b6:09:db:cb:a2:28:2b:b9:87:73:fa:
         a1:07:d6:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAEwcNaG1YLBdP6uBXBptMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZThmNGVkNWRkMDYzMDFjNDIzOTg4ZTc4NmRhYmY1MWM1
ZjU2NzQwHhcNMjQwMTAxMTIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODMwMjI4MDIxNWVlYTUyNDg3NTk1NWZhMjczODA2NzY5Mjk5MTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk42p+GfLt6bnMN08N5QeGoapIqvl
XQSLdL7qtlhTNcyNXmTBpHI6UzN+ff0Pwan4lHIkJSF09VRZoL+ExAyM35oU0tRX
Sto6EmL3u5KsAypFHsSOA255boXqe/JoFEFDUJ3ExGNlY6dyrtfpGeRMINjQY9T7
1EmfiIo+75fxmZV4NwLNJ7C+PZ617e6BNgYTMrtbANK8eysvbqh3LYIhf46l2q4h
q1gtkTMlJvxpICFIgu825+Gq/3qq/3OtHCW3LCsyo3C3nzkXYoz+ptD78xkQPZA+
dY7BYauv90s+V8WaWH6NCUPm2Re2lFmOOY1YkYCdrmVzLvDdc4LLIGA0qwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDgwIoAhXupSSHWVX6JzgGdpKZGZMB8GA1UdIwQY
MBaAFJPo9O1d0GMBxCOYjnhtq/UcX1Z0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQt
MWZjMTllYTczYTJhLzEvT0RBaWdDRmU2bEpJZFpWZm9uT0FaMmtwa1prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQtMWZjMTllYTczYTJh
LzEvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2XEYMA0G
CSqGSIb3DQEBCwUAA4IBAQA9GIQmYUwpMpghDryjePrgGC4lLgzweHLP1ooA9wzc
ccUWKg2L8Z0XEWgjjwNhAdw7MkZUXQqqeIQwWuEeszCWOp7OY9uWA3qWPkKj4hxP
syqqq5ClF62fNVPakQ924Ur6KNDe49aXfKxBp5SDL3SKpY3xt8fqIdiVv2SNLhaR
5mohquj/vr0xB0rW4SFTtToYIDlo5cFmS6zT9x2TXaq3q4sAuQ8uoYvzHWgo/6b4
rDjG4AZLECSJdHT6on/InbT8MloxTd4tj5G15NFgiHj25l5VbeaJ4nBeR2ax2bUo
xHwEckZqLbOUZb8BDOLOIDtdtgnby6IoK7mHc/qhB9YF
-----END CERTIFICATE-----