Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/82f0f1-2147-49fd-a4d6-b7b574eedc33/1/AWk6O-1OZkJzxs71hOc-XqYC3cU.roa
File:                     AWk6O-1OZkJzxs71hOc-XqYC3cU.roa (raw, json)
Hash identifier:          SVVl1Qxw8H+Kmzlo+MU/9/1hSTBZCX1A7B3lTPVf8eg=
Subject key identifier:   01:69:3A:3B:ED:4E:66:42:73:C6:CE:F5:84:E7:3E:5E:A6:02:DD:C5
Certificate issuer:       /CN=3ae145fe3b79b2bf68aadbe007def6d72aef2ac3
Certificate serial:       018CC94E44CC0AE2F4F7312C3A8CDD26FAB9
Authority key identifier: 3A:E1:45:FE:3B:79:B2:BF:68:AA:DB:E0:07:DE:F6:D7:2A:EF:2A:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OuFF_jt5sr9oqtvgB9721yrvKsM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/82f0f1-2147-49fd-a4d6-b7b574eedc33/1/AWk6O-1OZkJzxs71hOc-XqYC3cU.roa
Signing time:             Tue 02 Jan 2024 08:33:18 +0000
ROA not before:           Tue 02 Jan 2024 08:33:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50869
IP address blocks:        194.126.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/82f0f1-2147-49fd-a4d6-b7b574eedc33/1/OuFF_jt5sr9oqtvgB9721yrvKsM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/82f0f1-2147-49fd-a4d6-b7b574eedc33/1/OuFF_jt5sr9oqtvgB9721yrvKsM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OuFF_jt5sr9oqtvgB9721yrvKsM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:44:cc:0a:e2:f4:f7:31:2c:3a:8c:dd:26:fa:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ae145fe3b79b2bf68aadbe007def6d72aef2ac3
        Validity
            Not Before: Jan  2 08:33:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01693a3bed4e664273c6cef584e73e5ea602ddc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:d0:55:99:94:b2:79:09:69:94:97:15:62:81:
                    62:3a:46:f1:ac:50:21:05:99:1b:33:72:00:45:c3:
                    39:39:a3:df:b9:9d:dd:f3:33:fe:ab:34:b9:a4:02:
                    07:93:2b:c7:df:99:7d:7b:18:51:5d:63:be:38:64:
                    66:a2:4b:2f:1e:62:9a:9f:85:bb:cb:53:e6:3d:56:
                    61:89:d6:b6:60:83:a6:e4:53:86:4f:86:dd:c4:30:
                    a9:36:b9:6e:7e:18:db:e0:ce:a9:c7:48:1e:c3:ba:
                    79:0d:39:a0:64:bf:c0:42:a3:1c:52:d3:b7:2b:43:
                    07:74:49:72:1e:81:57:18:4d:29:e2:2f:30:39:84:
                    7c:8e:bf:4a:44:dd:ff:05:68:a8:3e:b1:7a:20:5e:
                    a6:ce:ee:9b:ee:73:d5:25:c6:ce:5b:61:98:b3:cd:
                    25:ad:4f:47:8f:9e:69:7c:c3:8b:54:5e:e3:05:b5:
                    ce:ff:b8:88:68:45:58:6e:e5:f2:a0:9e:39:9a:bf:
                    f4:ef:3c:45:bf:8b:ba:1a:19:7f:39:58:4a:73:65:
                    f7:41:e0:6a:dc:c1:f8:34:b2:44:72:5e:8c:e6:ad:
                    5e:61:77:65:55:7b:1b:32:6a:e8:f4:b1:7d:c2:ba:
                    98:2a:95:39:73:5d:24:2f:70:4f:f7:3e:bd:02:c9:
                    75:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:69:3A:3B:ED:4E:66:42:73:C6:CE:F5:84:E7:3E:5E:A6:02:DD:C5
            X509v3 Authority Key Identifier:
                keyid:3A:E1:45:FE:3B:79:B2:BF:68:AA:DB:E0:07:DE:F6:D7:2A:EF:2A:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OuFF_jt5sr9oqtvgB9721yrvKsM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/82f0f1-2147-49fd-a4d6-b7b574eedc33/1/AWk6O-1OZkJzxs71hOc-XqYC3cU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/82f0f1-2147-49fd-a4d6-b7b574eedc33/1/OuFF_jt5sr9oqtvgB9721yrvKsM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.126.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:dc:54:35:76:92:08:14:9c:aa:bc:eb:08:cd:ef:d7:7e:da:
         c2:e4:c2:77:72:37:36:f9:fd:52:10:3b:49:d9:f4:91:a4:6c:
         b6:2d:12:ea:4c:a1:38:c8:c4:11:15:2c:08:f5:38:42:f4:4f:
         cb:a1:d1:88:bc:26:91:0e:00:e7:9c:a7:9a:d5:69:cf:ee:a0:
         96:0c:bd:09:2d:ba:df:3e:c2:97:31:04:23:66:ef:fe:66:a0:
         18:1f:34:5d:be:af:4c:c0:4e:70:48:92:89:85:16:63:51:6b:
         f2:84:07:d8:b1:b1:06:01:e3:96:2f:1d:c2:24:ed:8e:95:2b:
         c7:0d:5c:af:dc:20:d5:94:80:da:7e:4a:21:0f:8d:83:52:5b:
         7f:5a:39:e9:e4:23:3f:95:d2:80:98:d8:7d:28:bd:a3:48:b7:
         3d:7b:a9:dc:73:dc:34:75:3f:e3:6a:42:a0:20:c3:23:79:b1:
         89:d5:ec:ef:99:ed:01:cb:f9:2d:b8:04:33:4c:30:41:d1:46:
         af:5e:1a:5b:5c:71:9c:a7:3e:da:fe:b3:4b:6b:bc:b0:43:a3:
         46:fa:05:e1:9f:da:cc:65:53:43:fd:ba:64:c0:48:56:93:4c:
         ab:69:ca:24:5f:2a:f0:30:06:eb:86:14:42:6b:f9:06:89:53:
         dd:3e:b4:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTkTMCuL09zEsOozdJvq5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZTE0NWZlM2I3OWIyYmY2OGFhZGJlMDA3ZGVmNmQ3MmFl
ZjJhYzMwHhcNMjQwMTAyMDgzMzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTY5M2EzYmVkNGU2NjQyNzNjNmNlZjU4NGU3M2U1ZWE2MDJkZGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtBVmZSyeQlplJcVYoFiOkbxrFAh
BZkbM3IARcM5OaPfuZ3d8zP+qzS5pAIHkyvH35l9exhRXWO+OGRmoksvHmKan4W7
y1PmPVZhida2YIOm5FOGT4bdxDCpNrlufhjb4M6px0gew7p5DTmgZL/AQqMcUtO3
K0MHdElyHoFXGE0p4i8wOYR8jr9KRN3/BWioPrF6IF6mzu6b7nPVJcbOW2GYs80l
rU9Hj55pfMOLVF7jBbXO/7iIaEVYbuXyoJ45mr/07zxFv4u6Ghl/OVhKc2X3QeBq
3MH4NLJEcl6M5q1eYXdlVXsbMmro9LF9wrqYKpU5c10kL3BP9z69Asl1FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAFpOjvtTmZCc8bO9YTnPl6mAt3FMB8GA1UdIwQY
MBaAFDrhRf47ebK/aKrb4Afe9tcq7yrDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3VGRl9qdDVzcjlvcXR2Z0I5NzIxeXJ2S3NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC84MmYwZjEtMjE0Ny00OWZkLWE0ZDYt
YjdiNTc0ZWVkYzMzLzEvQVdrNk8tMU9aa0p6eHM3MWhPYy1YcVlDM2NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC84MmYwZjEtMjE0Ny00OWZkLWE0ZDYtYjdiNTc0ZWVkYzMz
LzEvT3VGRl9qdDVzcjlvcXR2Z0I5NzIxeXJ2S3NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn7rMA0G
CSqGSIb3DQEBCwUAA4IBAQA13FQ1dpIIFJyqvOsIze/XftrC5MJ3cjc2+f1SEDtJ
2fSRpGy2LRLqTKE4yMQRFSwI9ThC9E/LodGIvCaRDgDnnKea1WnP7qCWDL0JLbrf
PsKXMQQjZu/+ZqAYHzRdvq9MwE5wSJKJhRZjUWvyhAfYsbEGAeOWLx3CJO2OlSvH
DVyv3CDVlIDafkohD42DUlt/Wjnp5CM/ldKAmNh9KL2jSLc9e6ncc9w0dT/jakKg
IMMjebGJ1ezvme0By/ktuAQzTDBB0UavXhpbXHGcpz7a/rNLa7ywQ6NG+gXhn9rM
ZVND/bpkwEhWk0yracokXyrwMAbrhhRCa/kGiVPdPrQc
-----END CERTIFICATE-----