Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/e3037f-338b-46f2-8f97-6cef1abab3fc/1/Dvj2m8pJW0FdLm2QTA4nYmu3FeE.roa
File:                     Dvj2m8pJW0FdLm2QTA4nYmu3FeE.roa (raw, json)
Hash identifier:          TrrltUGypnjCsCQf0dR2BGvuHrHT0qIG9U2qMrgiSHo=
Subject key identifier:   0E:F8:F6:9B:CA:49:5B:41:5D:2E:6D:90:4C:0E:27:62:6B:B7:15:E1
Certificate issuer:       /CN=a1fd16c247cf466eed31a304bb8f17fa3215aaaa
Certificate serial:       018CC56DE144D1221ADD64324F56A099BCF0
Authority key identifier: A1:FD:16:C2:47:CF:46:6E:ED:31:A3:04:BB:8F:17:FA:32:15:AA:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/of0WwkfPRm7tMaMEu48X-jIVqqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/e3037f-338b-46f2-8f97-6cef1abab3fc/1/Dvj2m8pJW0FdLm2QTA4nYmu3FeE.roa
Signing time:             Mon 01 Jan 2024 14:29:21 +0000
ROA not before:           Mon 01 Jan 2024 14:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49642
IP address blocks:        194.33.152.0/22 maxlen: 24
                          193.109.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/e3037f-338b-46f2-8f97-6cef1abab3fc/1/of0WwkfPRm7tMaMEu48X-jIVqqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/e3037f-338b-46f2-8f97-6cef1abab3fc/1/of0WwkfPRm7tMaMEu48X-jIVqqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/of0WwkfPRm7tMaMEu48X-jIVqqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:e1:44:d1:22:1a:dd:64:32:4f:56:a0:99:bc:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1fd16c247cf466eed31a304bb8f17fa3215aaaa
        Validity
            Not Before: Jan  1 14:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ef8f69bca495b415d2e6d904c0e27626bb715e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:11:cf:ae:25:fe:6c:4f:82:87:aa:c2:43:11:
                    39:9c:da:e6:23:36:ff:08:81:b6:12:38:e2:96:57:
                    e1:5c:51:f8:3e:cd:7c:b9:de:ec:3c:20:2e:53:62:
                    8a:8c:0f:9b:bb:67:7b:71:be:18:26:86:d0:25:c2:
                    9f:1d:c7:b4:50:de:a1:3a:ec:de:e9:a1:4e:71:b5:
                    f4:f4:38:ac:27:29:8b:d7:b5:5c:22:33:32:09:b3:
                    1e:cf:51:70:59:7a:ad:29:5d:b0:ed:99:0f:e8:4e:
                    4f:6a:52:33:63:d3:9f:35:27:9a:97:9a:0f:f7:34:
                    28:96:f7:dc:b8:0e:fd:c1:ea:e3:88:85:d8:0f:b4:
                    2c:6b:21:53:6f:bd:f2:66:3c:63:c6:0c:16:de:fc:
                    f5:96:0f:0c:8f:41:d7:df:3a:37:a9:51:55:d3:3d:
                    77:fa:99:1c:e0:a6:00:69:ac:cd:7a:5d:a1:75:84:
                    e4:db:6c:06:df:3d:cb:21:8d:46:a2:05:2d:ff:ec:
                    de:82:94:98:63:e5:6d:ca:37:6e:a6:75:86:28:cf:
                    ae:f7:26:2f:30:c1:27:df:67:11:29:70:42:5a:e5:
                    a7:2d:99:f0:5f:c5:3a:8d:a4:83:99:92:09:11:6a:
                    02:b9:75:13:33:5f:28:6c:c0:fc:9f:ae:eb:18:5b:
                    fa:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:F8:F6:9B:CA:49:5B:41:5D:2E:6D:90:4C:0E:27:62:6B:B7:15:E1
            X509v3 Authority Key Identifier:
                keyid:A1:FD:16:C2:47:CF:46:6E:ED:31:A3:04:BB:8F:17:FA:32:15:AA:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/of0WwkfPRm7tMaMEu48X-jIVqqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/e3037f-338b-46f2-8f97-6cef1abab3fc/1/Dvj2m8pJW0FdLm2QTA4nYmu3FeE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/e3037f-338b-46f2-8f97-6cef1abab3fc/1/of0WwkfPRm7tMaMEu48X-jIVqqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.95.0/24
                  194.33.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9e:f1:b4:b0:c2:22:a8:77:e5:6e:02:bb:de:d2:cf:30:ef:98:
         4d:da:eb:28:fc:d8:92:bd:1d:9e:37:79:fe:8f:d1:72:01:4c:
         42:5c:1e:7f:61:31:46:2d:cb:ed:45:f3:df:4b:ea:d3:a1:2b:
         4b:e9:31:84:d6:d4:92:af:fd:ea:1a:33:32:6f:3d:ea:46:c5:
         89:39:25:f3:07:f7:d2:d1:2b:be:26:c5:5e:58:c8:6b:73:2a:
         f6:1b:13:e3:de:a0:b7:cd:25:fd:77:74:34:0c:e0:13:c7:97:
         63:65:61:29:35:66:0c:c7:3c:44:23:07:fb:d5:c6:45:68:75:
         67:21:1c:17:09:06:11:a7:74:c5:72:bd:b6:dd:36:a4:ef:56:
         e7:53:73:96:ce:84:03:43:ba:33:ce:b3:08:2c:1b:7b:82:d3:
         da:e7:6c:2b:c6:d3:e9:92:20:84:7a:0a:ac:20:a3:9e:b5:bc:
         16:0a:f5:30:38:73:4f:82:8e:8a:6a:f0:02:25:e8:6f:76:b6:
         40:2d:8f:46:db:68:88:33:7e:b5:7a:12:31:04:d0:be:6f:c7:
         5e:2c:f4:23:d7:28:e2:f3:98:63:95:75:bf:51:d7:eb:2f:3e:
         f4:18:b1:44:b2:0f:42:dd:80:c3:ef:1e:51:18:e2:b1:ad:25:
         36:d9:50:e3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbeFE0SIa3WQyT1agmbzwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExZmQxNmMyNDdjZjQ2NmVlZDMxYTMwNGJiOGYxN2ZhMzIx
NWFhYWEwHhcNMjQwMTAxMTQyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWY4ZjY5YmNhNDk1YjQxNWQyZTZkOTA0YzBlMjc2MjZiYjcxNWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkxHPriX+bE+Ch6rCQxE5nNrmIzb/
CIG2EjjillfhXFH4Ps18ud7sPCAuU2KKjA+bu2d7cb4YJobQJcKfHce0UN6hOuze
6aFOcbX09DisJymL17VcIjMyCbMez1FwWXqtKV2w7ZkP6E5PalIzY9OfNSeal5oP
9zQolvfcuA79werjiIXYD7QsayFTb73yZjxjxgwW3vz1lg8Mj0HX3zo3qVFV0z13
+pkc4KYAaazNel2hdYTk22wG3z3LIY1GogUt/+zegpSYY+VtyjdupnWGKM+u9yYv
MMEn32cRKXBCWuWnLZnwX8U6jaSDmZIJEWoCuXUTM18obMD8n67rGFv6awIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA749pvKSVtBXS5tkEwOJ2JrtxXhMB8GA1UdIwQY
MBaAFKH9FsJHz0Zu7TGjBLuPF/oyFaqqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2YwV3drZlBSbTd0TWFNRXU0OFgtaklWcXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9lMzAzN2YtMzM4Yi00NmYyLThmOTct
NmNlZjFhYmFiM2ZjLzEvRHZqMm04cEpXMEZkTG0yUVRBNG5ZbXUzRmVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9lMzAzN2YtMzM4Yi00NmYyLThmOTctNmNlZjFhYmFiM2Zj
LzEvb2YwV3drZlBSbTd0TWFNRXU0OFgtaklWcXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwW1fAwQC
wiGYMA0GCSqGSIb3DQEBCwUAA4IBAQCe8bSwwiKod+VuArve0s8w75hN2uso/NiS
vR2eN3n+j9FyAUxCXB5/YTFGLcvtRfPfS+rToStL6TGE1tSSr/3qGjMybz3qRsWJ
OSXzB/fS0Su+JsVeWMhrcyr2GxPj3qC3zSX9d3Q0DOATx5djZWEpNWYMxzxEIwf7
1cZFaHVnIRwXCQYRp3TFcr223Tak71bnU3OWzoQDQ7ozzrMILBt7gtPa52wrxtPp
kiCEegqsIKOetbwWCvUwOHNPgo6KavACJehvdrZALY9G22iIM361ehIxBNC+b8de
LPQj1yji85hjlXW/UdfrLz70GLFEsg9C3YDD7x5RGOKxrSU22VDj
-----END CERTIFICATE-----