Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/37514f-14e9-4dbe-b398-c87fab985af8/1/D31lRcVXyeksHDAC5KKV4q5_fgo.roa
File:                     D31lRcVXyeksHDAC5KKV4q5_fgo.roa (raw, json)
Hash identifier:          Y2F0jSf6EQ7yrPis6f+mcx+VJt4uxrIzKAiAKqKdHHY=
Subject key identifier:   0F:7D:65:45:C5:57:C9:E9:2C:1C:30:02:E4:A2:95:E2:AE:7F:7E:0A
Certificate issuer:       /CN=3d14528eefc2df93ffb4e74fa1b6503b76ed96ce
Certificate serial:       018CC87092EC4C4B11419F8AC5687EC155C0
Authority key identifier: 3D:14:52:8E:EF:C2:DF:93:FF:B4:E7:4F:A1:B6:50:3B:76:ED:96:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PRRSju_C35P_tOdPobZQO3btls4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/37514f-14e9-4dbe-b398-c87fab985af8/1/D31lRcVXyeksHDAC5KKV4q5_fgo.roa
Signing time:             Tue 02 Jan 2024 04:31:10 +0000
ROA not before:           Tue 02 Jan 2024 04:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49756
IP address blocks:        194.242.20.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/37514f-14e9-4dbe-b398-c87fab985af8/1/PRRSju_C35P_tOdPobZQO3btls4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/37514f-14e9-4dbe-b398-c87fab985af8/1/PRRSju_C35P_tOdPobZQO3btls4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PRRSju_C35P_tOdPobZQO3btls4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:92:ec:4c:4b:11:41:9f:8a:c5:68:7e:c1:55:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d14528eefc2df93ffb4e74fa1b6503b76ed96ce
        Validity
            Not Before: Jan  2 04:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f7d6545c557c9e92c1c3002e4a295e2ae7f7e0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:cd:00:d8:d3:e3:9e:42:7f:86:d5:e4:53:b6:
                    1b:05:4e:bd:fa:f5:c3:69:55:f7:d9:c0:0b:76:fd:
                    6e:54:b7:e9:fa:93:c1:d4:ff:79:f0:98:88:86:4e:
                    6e:f5:05:bc:d2:51:ed:34:51:19:01:21:9b:fb:9c:
                    57:61:51:d0:36:05:e7:a7:6a:7c:c8:07:7a:78:e6:
                    22:4f:57:90:d6:9b:1e:59:38:88:34:6c:30:80:e3:
                    6f:cf:96:87:9f:d5:77:1a:00:00:c9:17:36:3e:28:
                    a0:83:bd:9f:44:c8:eb:04:88:83:ff:df:77:1f:1b:
                    72:a4:0b:ca:f7:4f:67:c3:bf:15:09:03:4f:f9:da:
                    f7:b9:72:02:43:b1:0d:6d:0c:95:74:1e:d4:f7:e8:
                    a8:32:fe:dd:67:2c:c2:dc:1d:ab:48:d0:4e:eb:60:
                    b4:f2:d2:bb:43:29:63:a7:97:a5:ac:3c:ca:b2:7f:
                    7c:7d:2f:7f:80:f1:1d:12:01:c0:68:7b:dc:84:48:
                    60:0c:c4:25:23:61:a6:9d:a6:32:c8:b9:c5:27:05:
                    34:b8:93:dd:30:46:3c:85:85:e5:68:71:73:3a:a9:
                    cc:c1:a9:1c:e1:b8:2a:06:28:89:e3:4e:4c:32:d3:
                    a1:d5:9b:49:45:e3:ee:54:e4:c2:fb:3e:92:47:8a:
                    e0:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:7D:65:45:C5:57:C9:E9:2C:1C:30:02:E4:A2:95:E2:AE:7F:7E:0A
            X509v3 Authority Key Identifier:
                keyid:3D:14:52:8E:EF:C2:DF:93:FF:B4:E7:4F:A1:B6:50:3B:76:ED:96:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PRRSju_C35P_tOdPobZQO3btls4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/37514f-14e9-4dbe-b398-c87fab985af8/1/D31lRcVXyeksHDAC5KKV4q5_fgo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/37514f-14e9-4dbe-b398-c87fab985af8/1/PRRSju_C35P_tOdPobZQO3btls4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.242.20.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1f:40:27:9c:94:9e:7c:94:1f:34:b4:cd:8e:ef:71:de:ba:1b:
         6f:5f:1f:9b:cf:32:ff:79:52:9f:25:8b:80:75:7f:e5:a8:70:
         8e:6c:83:67:f1:32:70:db:f3:ca:09:8e:e1:90:e2:9f:e2:5b:
         70:43:26:42:7e:34:c6:67:76:5c:2d:b1:b7:f1:49:b7:6b:29:
         63:17:cb:58:1f:0b:ca:9b:80:fe:89:74:ae:a9:c5:4a:b4:3b:
         a1:64:dd:c0:dc:2a:28:f2:ea:57:46:0e:a2:69:30:20:19:6d:
         e4:73:12:ef:c6:38:87:d9:23:08:f6:80:02:08:70:02:ce:ca:
         7b:f4:3a:b5:fe:7d:a8:72:d3:7c:7d:bc:28:17:a4:8f:ee:47:
         0e:25:7a:dd:5d:76:08:6e:46:91:f4:90:46:0e:49:ad:3e:1d:
         d0:e7:ab:cc:62:f0:af:16:98:c6:85:68:8d:9a:0f:58:de:8e:
         8a:4f:30:80:4e:12:3a:8d:1d:73:0f:0f:7b:a7:fb:ed:70:1d:
         e3:5f:4a:13:e8:de:48:37:25:da:2f:b9:3d:b0:ca:d2:5f:91:
         3f:e4:12:4a:ca:af:07:7d:c8:21:51:72:5f:58:35:51:c4:0f:
         9b:54:cc:d9:6c:c7:03:1d:9e:09:02:b0:36:f1:ea:fb:31:d2:
         0c:7b:ab:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcJLsTEsRQZ+KxWh+wVXAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkMTQ1MjhlZWZjMmRmOTNmZmI0ZTc0ZmExYjY1MDNiNzZl
ZDk2Y2UwHhcNMjQwMTAyMDQzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjdkNjU0NWM1NTdjOWU5MmMxYzMwMDJlNGEyOTVlMmFlN2Y3ZTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh80A2NPjnkJ/htXkU7YbBU69+vXD
aVX32cALdv1uVLfp+pPB1P958JiIhk5u9QW80lHtNFEZASGb+5xXYVHQNgXnp2p8
yAd6eOYiT1eQ1pseWTiINGwwgONvz5aHn9V3GgAAyRc2Piigg72fRMjrBIiD/993
HxtypAvK909nw78VCQNP+dr3uXICQ7ENbQyVdB7U9+ioMv7dZyzC3B2rSNBO62C0
8tK7Qyljp5elrDzKsn98fS9/gPEdEgHAaHvchEhgDMQlI2GmnaYyyLnFJwU0uJPd
MEY8hYXlaHFzOqnMwakc4bgqBiiJ405MMtOh1ZtJRePuVOTC+z6SR4rg1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA99ZUXFV8npLBwwAuSileKuf34KMB8GA1UdIwQY
MBaAFD0UUo7vwt+T/7TnT6G2UDt27ZbOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFJSU2p1X0MzNVBfdE9kUG9iWlFPM2J0bHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8zNzUxNGYtMTRlOS00ZGJlLWIzOTgt
Yzg3ZmFiOTg1YWY4LzEvRDMxbFJjVlh5ZWtzSERBQzVLS1Y0cTVfZmdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8zNzUxNGYtMTRlOS00ZGJlLWIzOTgtYzg3ZmFiOTg1YWY4
LzEvUFJSU2p1X0MzNVBfdE9kUG9iWlFPM2J0bHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwvIUMA0G
CSqGSIb3DQEBCwUAA4IBAQAfQCeclJ58lB80tM2O73HeuhtvXx+bzzL/eVKfJYuA
dX/lqHCObINn8TJw2/PKCY7hkOKf4ltwQyZCfjTGZ3ZcLbG38Um3ayljF8tYHwvK
m4D+iXSuqcVKtDuhZN3A3Coo8upXRg6iaTAgGW3kcxLvxjiH2SMI9oACCHACzsp7
9Dq1/n2octN8fbwoF6SP7kcOJXrdXXYIbkaR9JBGDkmtPh3Q56vMYvCvFpjGhWiN
mg9Y3o6KTzCAThI6jR1zDw97p/vtcB3jX0oT6N5INyXaL7k9sMrSX5E/5BJKyq8H
fcghUXJfWDVRxA+bVMzZbMcDHZ4JArA28er7MdIMe6vl
-----END CERTIFICATE-----