Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/def647-9186-4729-bb99-142ebe869316/1/dhyS6yY6A4ozaxIm0eagc5slLUk.roa
File:                     dhyS6yY6A4ozaxIm0eagc5slLUk.roa (raw, json)
Hash identifier:          uD5o9KoBK+E3VXHINb5gtiFdebndNFET+LVLakVACEY=
Subject key identifier:   76:1C:92:EB:26:3A:03:8A:33:6B:12:26:D1:E6:A0:73:9B:25:2D:49
Certificate issuer:       /CN=f1a06c6c108e9419b2cdb21d48b49a6bbd6c16df
Certificate serial:       018CC50132365F71FE972E31CE6AB5F44AA3
Authority key identifier: F1:A0:6C:6C:10:8E:94:19:B2:CD:B2:1D:48:B4:9A:6B:BD:6C:16:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8aBsbBCOlBmyzbIdSLSaa71sFt8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/def647-9186-4729-bb99-142ebe869316/1/dhyS6yY6A4ozaxIm0eagc5slLUk.roa
Signing time:             Mon 01 Jan 2024 12:30:39 +0000
ROA not before:           Mon 01 Jan 2024 12:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39702
IP address blocks:        194.127.208.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/def647-9186-4729-bb99-142ebe869316/1/8aBsbBCOlBmyzbIdSLSaa71sFt8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/def647-9186-4729-bb99-142ebe869316/1/8aBsbBCOlBmyzbIdSLSaa71sFt8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8aBsbBCOlBmyzbIdSLSaa71sFt8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:32:36:5f:71:fe:97:2e:31:ce:6a:b5:f4:4a:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1a06c6c108e9419b2cdb21d48b49a6bbd6c16df
        Validity
            Not Before: Jan  1 12:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=761c92eb263a038a336b1226d1e6a0739b252d49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:dd:48:2e:8e:62:7f:69:fb:63:6a:e6:df:85:
                    e0:58:19:32:e7:4f:7b:ba:6d:d0:c5:63:49:02:41:
                    72:e6:9f:2d:d0:64:82:7a:1d:ce:ed:fc:dc:27:dd:
                    8a:c1:86:90:77:68:d4:fe:e8:33:d5:ce:51:d3:19:
                    a3:84:77:60:b2:13:42:36:d9:1b:a0:a7:78:f2:8d:
                    51:ed:b2:ec:b9:84:75:c1:21:2b:c2:db:b1:3c:e7:
                    bc:0b:4d:b5:90:67:e5:14:2e:42:8f:db:26:8f:84:
                    f6:ca:1c:50:fb:ed:39:ed:f1:f6:92:34:89:f6:f0:
                    f9:79:25:35:2a:e9:75:56:a1:80:76:5a:83:25:d7:
                    a8:c9:08:4a:a3:9e:8a:92:2d:51:b0:e9:15:e0:cd:
                    d7:df:22:d6:69:ff:80:6e:af:ea:66:f5:d9:16:13:
                    27:8b:d3:50:aa:70:b8:99:7b:d0:49:58:06:77:1c:
                    5b:ec:18:d8:42:c0:fd:4e:c3:cf:91:2d:66:2c:7c:
                    54:6b:41:d2:70:2f:21:50:3b:e6:a1:38:49:fb:9b:
                    0c:d7:40:59:33:0f:5b:5a:c9:3e:34:e3:3c:13:a7:
                    69:1f:b4:5b:84:01:d4:5e:38:c1:e1:46:fe:c2:21:
                    f8:0b:ba:93:fd:de:06:b1:30:f8:12:b6:86:bc:a0:
                    54:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:1C:92:EB:26:3A:03:8A:33:6B:12:26:D1:E6:A0:73:9B:25:2D:49
            X509v3 Authority Key Identifier:
                keyid:F1:A0:6C:6C:10:8E:94:19:B2:CD:B2:1D:48:B4:9A:6B:BD:6C:16:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8aBsbBCOlBmyzbIdSLSaa71sFt8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/def647-9186-4729-bb99-142ebe869316/1/dhyS6yY6A4ozaxIm0eagc5slLUk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/def647-9186-4729-bb99-142ebe869316/1/8aBsbBCOlBmyzbIdSLSaa71sFt8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5c:10:3f:c9:4a:25:e5:dd:20:f1:60:07:ab:8d:4d:b7:5b:1d:
         c2:52:56:27:f1:bd:40:7d:30:53:04:03:4b:f2:e7:70:2b:5d:
         d1:93:66:9a:fc:cd:73:6c:44:3c:da:18:a2:f2:c5:93:2e:2e:
         e7:67:4e:09:8c:e8:7a:07:29:cd:bc:7b:4e:6c:b0:79:80:f2:
         de:8c:f1:e3:89:b5:6c:ed:dc:67:57:d1:b3:de:dc:6f:c0:1f:
         75:59:24:3f:5c:92:4b:f2:f9:fe:57:8e:4c:40:cb:0b:55:66:
         5b:a2:77:42:a6:d2:63:9c:46:3f:20:69:49:23:fe:ff:e0:fe:
         e5:e8:30:24:09:6f:e9:ce:bf:e0:c6:74:f9:03:77:2c:cc:9a:
         24:a0:29:08:23:ad:ac:60:09:90:c3:50:2a:0b:4f:b0:9a:be:
         8a:be:a6:47:d2:6c:61:fb:35:e7:19:a0:18:13:09:5d:81:0a:
         09:6d:30:b5:6d:98:ed:c4:d9:f1:34:85:c1:08:2c:0f:af:63:
         8f:99:b2:5e:49:01:12:93:64:59:05:e7:b4:38:0c:cb:d6:9a:
         37:93:9e:af:5e:21:fd:92:1d:55:93:15:4b:26:52:c0:9c:8b:
         01:95:af:ba:2c:e5:13:f0:32:23:b7:1c:a2:a4:a9:9c:bb:f5:
         5a:cd:56:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFATI2X3H+ly4xzmq19EqjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxYTA2YzZjMTA4ZTk0MTliMmNkYjIxZDQ4YjQ5YTZiYmQ2
YzE2ZGYwHhcNMjQwMTAxMTIzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjFjOTJlYjI2M2EwMzhhMzM2YjEyMjZkMWU2YTA3MzliMjUyZDQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtN1ILo5if2n7Y2rm34XgWBky5097
um3QxWNJAkFy5p8t0GSCeh3O7fzcJ92KwYaQd2jU/ugz1c5R0xmjhHdgshNCNtkb
oKd48o1R7bLsuYR1wSErwtuxPOe8C021kGflFC5Cj9smj4T2yhxQ++057fH2kjSJ
9vD5eSU1Kul1VqGAdlqDJdeoyQhKo56Kki1RsOkV4M3X3yLWaf+Abq/qZvXZFhMn
i9NQqnC4mXvQSVgGdxxb7BjYQsD9TsPPkS1mLHxUa0HScC8hUDvmoThJ+5sM10BZ
Mw9bWsk+NOM8E6dpH7RbhAHUXjjB4Ub+wiH4C7qT/d4GsTD4EraGvKBUcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHYckusmOgOKM2sSJtHmoHObJS1JMB8GA1UdIwQY
MBaAFPGgbGwQjpQZss2yHUi0mmu9bBbfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGFCc2JCQ09sQm15emJJZFNMU2FhNzFzRnQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy9kZWY2NDctOTE4Ni00NzI5LWJiOTkt
MTQyZWJlODY5MzE2LzEvZGh5UzZ5WTZBNG96YXhJbTBlYWdjNXNsTFVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy9kZWY2NDctOTE4Ni00NzI5LWJiOTktMTQyZWJlODY5MzE2
LzEvOGFCc2JCQ09sQm15emJJZFNMU2FhNzFzRnQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwn/QMA0G
CSqGSIb3DQEBCwUAA4IBAQBcED/JSiXl3SDxYAerjU23Wx3CUlYn8b1AfTBTBANL
8udwK13Rk2aa/M1zbEQ82hii8sWTLi7nZ04JjOh6BynNvHtObLB5gPLejPHjibVs
7dxnV9Gz3txvwB91WSQ/XJJL8vn+V45MQMsLVWZbondCptJjnEY/IGlJI/7/4P7l
6DAkCW/pzr/gxnT5A3cszJokoCkII62sYAmQw1AqC0+wmr6KvqZH0mxh+zXnGaAY
EwldgQoJbTC1bZjtxNnxNIXBCCwPr2OPmbJeSQESk2RZBee0OAzL1po3k56vXiH9
kh1VkxVLJlLAnIsBla+6LOUT8DIjtxyipKmcu/VazVYV
-----END CERTIFICATE-----