Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/d84e1e-cc53-4cc2-aab9-1ca766fbeeba/1/4kFmoxNQppa9OLwzyebeonTMiC8.roa
File:                     4kFmoxNQppa9OLwzyebeonTMiC8.roa (raw, json)
Hash identifier:          Va7gsbw0tb4LnDX/xJTnpmoQ1hgaZ1+HiQ7cNn7uJPg=
Subject key identifier:   E2:41:66:A3:13:50:A6:96:BD:38:BC:33:C9:E6:DE:A2:74:CC:88:2F
Certificate issuer:       /CN=dc03aa9a4fe9d60c5cf853a924822269f1cc7452
Certificate serial:       018CCA2A62090EE26827429552AF1095A8CD
Authority key identifier: DC:03:AA:9A:4F:E9:D6:0C:5C:F8:53:A9:24:82:22:69:F1:CC:74:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3AOqmk_p1gxc-FOpJIIiafHMdFI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/d84e1e-cc53-4cc2-aab9-1ca766fbeeba/1/4kFmoxNQppa9OLwzyebeonTMiC8.roa
Signing time:             Tue 02 Jan 2024 12:33:44 +0000
ROA not before:           Tue 02 Jan 2024 12:33:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33843
IP address blocks:        194.11.170.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/d84e1e-cc53-4cc2-aab9-1ca766fbeeba/1/3AOqmk_p1gxc-FOpJIIiafHMdFI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/d84e1e-cc53-4cc2-aab9-1ca766fbeeba/1/3AOqmk_p1gxc-FOpJIIiafHMdFI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3AOqmk_p1gxc-FOpJIIiafHMdFI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 15:21:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:62:09:0e:e2:68:27:42:95:52:af:10:95:a8:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc03aa9a4fe9d60c5cf853a924822269f1cc7452
        Validity
            Not Before: Jan  2 12:33:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e24166a31350a696bd38bc33c9e6dea274cc882f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:88:7d:0f:c0:97:38:c0:cc:88:3c:09:b5:d2:
                    d9:b4:cb:b3:3a:cc:55:49:bb:97:92:cb:6c:a4:a7:
                    31:30:99:2f:b1:eb:1f:91:e5:0e:1b:1f:ef:31:fc:
                    18:96:89:fb:24:6e:f1:7d:a0:f5:59:34:19:8c:b2:
                    1f:d1:f0:9d:b4:f8:35:d2:9d:ea:ea:97:ea:83:35:
                    58:c5:f9:35:2e:67:48:f3:c2:b5:df:4b:43:c4:50:
                    69:06:34:8e:21:88:ed:66:cf:f2:2b:98:85:01:e6:
                    5d:4e:26:b9:89:32:b7:15:7e:33:bd:d5:9c:48:e7:
                    06:f9:f9:26:38:7f:67:e0:ea:e0:eb:3d:85:be:ae:
                    f1:d6:21:97:68:9e:4f:c0:11:0d:76:b0:5f:b6:a0:
                    87:98:2e:3e:ee:1e:af:57:10:3b:56:eb:c8:34:14:
                    aa:06:e7:7c:0e:77:0a:ea:1f:2e:ea:07:b2:c2:9d:
                    1a:03:cc:31:c5:8a:01:ac:b9:d8:9d:bc:10:12:38:
                    0e:89:62:75:af:f2:8d:a6:0d:86:ce:bc:2b:bc:b3:
                    a5:85:dc:9b:76:77:94:28:45:45:00:4a:62:b6:7d:
                    ad:b3:23:8e:b3:72:e4:41:90:71:16:d6:ce:f9:b7:
                    eb:ed:17:e6:f2:eb:63:3d:03:8f:52:eb:4a:a6:19:
                    97:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:41:66:A3:13:50:A6:96:BD:38:BC:33:C9:E6:DE:A2:74:CC:88:2F
            X509v3 Authority Key Identifier:
                keyid:DC:03:AA:9A:4F:E9:D6:0C:5C:F8:53:A9:24:82:22:69:F1:CC:74:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3AOqmk_p1gxc-FOpJIIiafHMdFI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/d84e1e-cc53-4cc2-aab9-1ca766fbeeba/1/4kFmoxNQppa9OLwzyebeonTMiC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/d84e1e-cc53-4cc2-aab9-1ca766fbeeba/1/3AOqmk_p1gxc-FOpJIIiafHMdFI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.11.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:7c:20:e3:bf:5f:f6:06:dc:91:e7:92:23:3a:4e:2f:c9:1a:
         aa:9b:d8:1a:d3:d3:97:e7:ce:48:86:e9:7a:ab:e6:bb:d4:c0:
         c9:dc:66:77:eb:06:99:55:2b:b8:5b:1f:a8:bd:29:7f:2a:50:
         bf:15:78:5d:c3:6a:d3:54:cb:41:0d:f3:2c:c6:f9:43:29:b2:
         50:c4:06:44:6b:06:33:ed:d6:4e:4a:55:ef:db:ac:02:ff:c9:
         c3:4b:d0:34:a7:75:9a:6b:c9:d2:24:8c:52:40:90:9a:b2:6d:
         dd:a9:94:7f:64:2f:25:9c:b8:82:78:51:dd:76:88:64:8f:62:
         c1:a6:47:cf:60:18:51:c8:b0:60:bf:95:6b:7b:c5:1d:01:5b:
         55:1b:b0:85:1f:7a:ed:5d:2e:5d:25:72:a3:be:98:a1:7d:72:
         39:ab:c1:d8:84:cc:ae:49:85:04:34:de:0d:e9:0a:e5:47:fc:
         84:72:6d:6c:dd:51:3a:db:84:8c:94:4c:46:7d:06:4e:ca:41:
         b3:eb:27:e8:34:12:de:0c:50:e4:da:f6:0a:7f:fe:89:65:5e:
         fc:c8:db:04:0b:9d:9d:a9:f2:ef:6d:df:66:bd:d6:a7:6c:0d:
         16:52:1a:18:c9:34:53:80:f3:03:e4:31:ae:6c:1e:b2:11:19:
         67:d3:6b:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKmIJDuJoJ0KVUq8QlajNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMDNhYTlhNGZlOWQ2MGM1Y2Y4NTNhOTI0ODIyMjY5ZjFj
Yzc0NTIwHhcNMjQwMTAyMTIzMzQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjQxNjZhMzEzNTBhNjk2YmQzOGJjMzNjOWU2ZGVhMjc0Y2M4ODJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4h9D8CXOMDMiDwJtdLZtMuzOsxV
SbuXkstspKcxMJkvsesfkeUOGx/vMfwYlon7JG7xfaD1WTQZjLIf0fCdtPg10p3q
6pfqgzVYxfk1LmdI88K130tDxFBpBjSOIYjtZs/yK5iFAeZdTia5iTK3FX4zvdWc
SOcG+fkmOH9n4Org6z2Fvq7x1iGXaJ5PwBENdrBftqCHmC4+7h6vVxA7VuvINBSq
Bud8DncK6h8u6geywp0aA8wxxYoBrLnYnbwQEjgOiWJ1r/KNpg2GzrwrvLOlhdyb
dneUKEVFAEpitn2tsyOOs3LkQZBxFtbO+bfr7Rfm8utjPQOPUutKphmXmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOJBZqMTUKaWvTi8M8nm3qJ0zIgvMB8GA1UdIwQY
MBaAFNwDqppP6dYMXPhTqSSCImnxzHRSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0FPcW1rX3AxZ3hjLUZPcEpJSWlhZkhNZEZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi9kODRlMWUtY2M1My00Y2MyLWFhYjkt
MWNhNzY2ZmJlZWJhLzEvNGtGbW94TlFwcGE5T0x3enllYmVvblRNaUM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi9kODRlMWUtY2M1My00Y2MyLWFhYjktMWNhNzY2ZmJlZWJh
LzEvM0FPcW1rX3AxZ3hjLUZPcEpJSWlhZkhNZEZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwguqMA0G
CSqGSIb3DQEBCwUAA4IBAQBrfCDjv1/2BtyR55IjOk4vyRqqm9ga09OX585Ihul6
q+a71MDJ3GZ36waZVSu4Wx+ovSl/KlC/FXhdw2rTVMtBDfMsxvlDKbJQxAZEawYz
7dZOSlXv26wC/8nDS9A0p3Waa8nSJIxSQJCasm3dqZR/ZC8lnLiCeFHddohkj2LB
pkfPYBhRyLBgv5Vre8UdAVtVG7CFH3rtXS5dJXKjvpihfXI5q8HYhMyuSYUENN4N
6QrlR/yEcm1s3VE624SMlExGfQZOykGz6yfoNBLeDFDk2vYKf/6JZV78yNsEC52d
qfLvbd9mvdanbA0WUhoYyTRTgPMD5DGubB6yERln02sG
-----END CERTIFICATE-----