Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/39d6dc-0664-4305-8ce0-20bfa78c9a1b/1/DNtgZodMjrvyOPIZIw8eyc8trYs.roa
File:                     DNtgZodMjrvyOPIZIw8eyc8trYs.roa (raw, json)
Hash identifier:          hP9R3Xo8GE/Ns8/Fyj6YST/LhbU8TyZGNkw0AaRaOns=
Subject key identifier:   0C:DB:60:66:87:4C:8E:BB:F2:38:F2:19:23:0F:1E:C9:CF:2D:AD:8B
Certificate issuer:       /CN=41e09dfb9dcef8a532fb211d2e8a6546cef9f580
Certificate serial:       018CC725AF05735A5B991DC5E3D8297AACD6
Authority key identifier: 41:E0:9D:FB:9D:CE:F8:A5:32:FB:21:1D:2E:8A:65:46:CE:F9:F5:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QeCd-53O-KUy-yEdLoplRs759YA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/39d6dc-0664-4305-8ce0-20bfa78c9a1b/1/DNtgZodMjrvyOPIZIw8eyc8trYs.roa
Signing time:             Mon 01 Jan 2024 22:29:44 +0000
ROA not before:           Mon 01 Jan 2024 22:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15608
IP address blocks:        193.41.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/39d6dc-0664-4305-8ce0-20bfa78c9a1b/1/QeCd-53O-KUy-yEdLoplRs759YA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/39d6dc-0664-4305-8ce0-20bfa78c9a1b/1/QeCd-53O-KUy-yEdLoplRs759YA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QeCd-53O-KUy-yEdLoplRs759YA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:af:05:73:5a:5b:99:1d:c5:e3:d8:29:7a:ac:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41e09dfb9dcef8a532fb211d2e8a6546cef9f580
        Validity
            Not Before: Jan  1 22:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0cdb6066874c8ebbf238f219230f1ec9cf2dad8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:a6:64:19:87:95:9c:ed:b2:e2:3d:65:8a:70:
                    48:09:33:c2:2e:52:ca:b0:d5:23:db:71:91:de:71:
                    fb:2c:84:58:9d:7d:e7:88:e3:4b:1b:50:74:65:8c:
                    65:f8:ac:db:38:36:03:f7:25:17:c4:06:03:06:62:
                    1f:2c:b3:9e:12:0a:10:a1:be:d2:a3:2f:0c:98:ba:
                    89:3d:90:88:b1:6f:46:f6:45:ea:2b:74:ec:c2:7d:
                    53:7d:f4:ea:9d:24:c1:a0:a6:ad:59:4a:9e:e5:7e:
                    1e:4b:02:cb:c6:e0:b4:aa:0c:3c:fb:aa:c0:cd:cf:
                    c7:25:c4:3d:82:da:0d:81:01:4a:2e:bf:cc:43:05:
                    ab:2c:48:50:22:25:46:ae:20:d0:e0:06:00:24:36:
                    0a:46:bd:46:26:70:38:78:1b:53:71:92:5a:cc:e2:
                    08:c4:16:96:ab:8e:a4:a2:72:36:e9:8a:f1:14:aa:
                    51:ea:2c:9e:3f:4b:b2:d5:40:7d:ce:5f:28:20:e0:
                    85:70:7d:6a:6b:f9:74:b4:c6:da:da:bd:ca:38:be:
                    59:f2:c6:15:c3:20:c0:82:79:82:1e:e4:c9:c5:82:
                    d0:6b:cd:44:d7:49:c3:1b:65:e0:33:aa:62:b8:c7:
                    b8:fc:30:d2:0c:96:0b:4c:8a:4c:08:99:37:6d:61:
                    bb:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:DB:60:66:87:4C:8E:BB:F2:38:F2:19:23:0F:1E:C9:CF:2D:AD:8B
            X509v3 Authority Key Identifier:
                keyid:41:E0:9D:FB:9D:CE:F8:A5:32:FB:21:1D:2E:8A:65:46:CE:F9:F5:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QeCd-53O-KUy-yEdLoplRs759YA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/39d6dc-0664-4305-8ce0-20bfa78c9a1b/1/DNtgZodMjrvyOPIZIw8eyc8trYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/39d6dc-0664-4305-8ce0-20bfa78c9a1b/1/QeCd-53O-KUy-yEdLoplRs759YA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.41.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:c0:78:f5:88:57:03:0a:96:40:a6:e2:3d:e4:cf:32:16:f8:
         84:b0:88:42:f0:d7:e3:37:2a:51:99:b9:50:b2:ff:90:d3:56:
         94:13:cc:be:c8:76:b7:fc:e1:3d:78:46:49:3b:7f:d8:35:c7:
         9a:42:8a:aa:31:53:5b:fe:e7:8c:6c:a2:2b:ef:f3:64:75:35:
         bb:6b:52:96:91:16:de:d0:3b:7b:90:7b:72:48:ae:3d:58:ca:
         65:32:f8:1f:f4:66:b6:2b:3e:d7:b2:db:d9:8f:68:3e:ef:9b:
         bf:87:cd:94:46:7e:c0:d8:01:63:e6:ea:55:bc:52:07:ff:56:
         f0:ba:3b:e7:8b:a5:11:2a:78:df:71:5a:af:8b:b4:76:90:c6:
         8c:33:5c:94:29:ca:51:55:f7:ef:fc:c2:a6:b4:26:4e:65:1b:
         63:d0:f4:07:d5:20:7b:62:44:98:ce:f4:c0:40:b6:16:8d:7e:
         52:7d:a3:9c:f0:63:a6:aa:d7:05:0e:7b:28:49:0e:f3:f2:3a:
         b6:73:af:b9:90:f2:6c:d4:4a:f3:b6:63:58:6c:cf:81:17:1f:
         a2:40:ff:03:0a:a9:c5:91:34:37:f0:3f:36:77:88:27:ff:cb:
         38:5c:78:2c:f5:4c:e1:34:92:27:f7:fd:f7:aa:b7:4e:9a:fd:
         d0:0b:c0:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJa8Fc1pbmR3F49gpeqzWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxZTA5ZGZiOWRjZWY4YTUzMmZiMjExZDJlOGE2NTQ2Y2Vm
OWY1ODAwHhcNMjQwMTAxMjIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2RiNjA2Njg3NGM4ZWJiZjIzOGYyMTkyMzBmMWVjOWNmMmRhZDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqZkGYeVnO2y4j1linBICTPCLlLK
sNUj23GR3nH7LIRYnX3niONLG1B0ZYxl+KzbODYD9yUXxAYDBmIfLLOeEgoQob7S
oy8MmLqJPZCIsW9G9kXqK3Tswn1TffTqnSTBoKatWUqe5X4eSwLLxuC0qgw8+6rA
zc/HJcQ9gtoNgQFKLr/MQwWrLEhQIiVGriDQ4AYAJDYKRr1GJnA4eBtTcZJazOII
xBaWq46konI26YrxFKpR6iyeP0uy1UB9zl8oIOCFcH1qa/l0tMba2r3KOL5Z8sYV
wyDAgnmCHuTJxYLQa81E10nDG2XgM6piuMe4/DDSDJYLTIpMCJk3bWG75wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAzbYGaHTI678jjyGSMPHsnPLa2LMB8GA1UdIwQY
MBaAFEHgnfudzvilMvshHS6KZUbO+fWAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWVDZC01M08tS1V5LXlFZExvcGxSczc1OVlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8zOWQ2ZGMtMDY2NC00MzA1LThjZTAt
MjBiZmE3OGM5YTFiLzEvRE50Z1pvZE1qcnZ5T1BJWkl3OGV5Yzh0cllzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8zOWQ2ZGMtMDY2NC00MzA1LThjZTAtMjBiZmE3OGM5YTFi
LzEvUWVDZC01M08tS1V5LXlFZExvcGxSczc1OVlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSkrMA0G
CSqGSIb3DQEBCwUAA4IBAQBhwHj1iFcDCpZApuI95M8yFviEsIhC8NfjNypRmblQ
sv+Q01aUE8y+yHa3/OE9eEZJO3/YNceaQoqqMVNb/ueMbKIr7/NkdTW7a1KWkRbe
0Dt7kHtySK49WMplMvgf9Ga2Kz7XstvZj2g+75u/h82URn7A2AFj5upVvFIH/1bw
ujvni6URKnjfcVqvi7R2kMaMM1yUKcpRVffv/MKmtCZOZRtj0PQH1SB7YkSYzvTA
QLYWjX5SfaOc8GOmqtcFDnsoSQ7z8jq2c6+5kPJs1ErztmNYbM+BFx+iQP8DCqnF
kTQ38D82d4gn/8s4XHgs9UzhNJIn9/33qrdOmv3QC8CT
-----END CERTIFICATE-----