Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/54c691-9fbb-438a-a55f-38237fe4e414/1/h99NXphOtb3Z6-pga4Mlgr6JMR4.roa
File:                     h99NXphOtb3Z6-pga4Mlgr6JMR4.roa (raw, json)
Hash identifier:          1Q0QVgCKU/dxoXcyWP7vDK2P5dB8gYkIo1cOxEQkTQQ=
Subject key identifier:   87:DF:4D:5E:98:4E:B5:BD:D9:EB:EA:60:6B:83:25:82:BE:89:31:1E
Certificate issuer:       /CN=3fda630213cd423880f9fef16d78fb436e08f247
Certificate serial:       018CC2DB1A21189873372B3E1AF6FC0B277E
Authority key identifier: 3F:DA:63:02:13:CD:42:38:80:F9:FE:F1:6D:78:FB:43:6E:08:F2:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9pjAhPNQjiA-f7xbXj7Q24I8kc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/54c691-9fbb-438a-a55f-38237fe4e414/1/h99NXphOtb3Z6-pga4Mlgr6JMR4.roa
Signing time:             Mon 01 Jan 2024 02:29:48 +0000
ROA not before:           Mon 01 Jan 2024 02:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34794
IP address blocks:        193.194.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/54c691-9fbb-438a-a55f-38237fe4e414/1/P9pjAhPNQjiA-f7xbXj7Q24I8kc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/54c691-9fbb-438a-a55f-38237fe4e414/1/P9pjAhPNQjiA-f7xbXj7Q24I8kc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9pjAhPNQjiA-f7xbXj7Q24I8kc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:1a:21:18:98:73:37:2b:3e:1a:f6:fc:0b:27:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fda630213cd423880f9fef16d78fb436e08f247
        Validity
            Not Before: Jan  1 02:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87df4d5e984eb5bdd9ebea606b832582be89311e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:a6:03:14:bf:23:27:1d:85:88:b2:af:93:89:
                    47:1c:4a:ba:fb:ab:be:fa:97:61:31:34:40:4b:5f:
                    ef:a0:18:28:5b:cc:3c:62:59:be:05:39:f6:c1:9f:
                    5e:40:ca:34:3a:41:b1:b2:31:b7:0b:75:b0:b1:17:
                    13:40:2f:dc:26:f9:cd:20:94:da:0e:9b:f6:93:86:
                    00:31:ea:60:5b:46:a0:d5:3d:2d:64:a6:1b:23:43:
                    7d:57:05:d0:1b:f6:e7:ba:68:37:41:54:c9:b1:ff:
                    0d:60:38:d8:84:7f:cc:1a:77:1d:49:e2:cd:fb:84:
                    9d:ef:5a:c3:03:14:f0:3c:54:60:e6:28:45:47:8d:
                    f3:e3:de:48:28:2a:da:73:be:e8:e8:53:cb:33:cc:
                    2e:0c:9d:79:99:cd:17:3a:a8:cd:9f:e5:72:dd:c7:
                    49:a5:ca:76:2f:67:fe:55:37:b7:9d:e8:dd:c3:aa:
                    22:22:a8:ba:8a:b4:58:0b:b2:cb:16:e0:25:2c:99:
                    76:6e:78:9d:13:a0:ca:59:8c:fa:d3:38:bf:03:50:
                    09:fc:22:46:c5:bd:46:39:b6:22:10:ca:b0:c2:4a:
                    f1:91:14:28:20:7d:0f:42:ab:a0:ab:06:1f:23:e4:
                    a7:92:76:51:f9:7b:68:5b:19:bc:fa:44:e8:bc:5a:
                    a4:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:DF:4D:5E:98:4E:B5:BD:D9:EB:EA:60:6B:83:25:82:BE:89:31:1E
            X509v3 Authority Key Identifier:
                keyid:3F:DA:63:02:13:CD:42:38:80:F9:FE:F1:6D:78:FB:43:6E:08:F2:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9pjAhPNQjiA-f7xbXj7Q24I8kc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/54c691-9fbb-438a-a55f-38237fe4e414/1/h99NXphOtb3Z6-pga4Mlgr6JMR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/54c691-9fbb-438a-a55f-38237fe4e414/1/P9pjAhPNQjiA-f7xbXj7Q24I8kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.194.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:c8:9a:4e:66:31:b7:53:1c:bc:05:9f:09:5c:d1:06:3c:c6:
         ef:df:3d:3e:03:79:d9:e0:b9:2f:f9:56:27:40:e1:fa:ca:41:
         b9:87:3b:89:26:40:43:91:59:b8:d9:66:31:1a:f0:73:a2:2c:
         b3:34:67:49:58:ec:e8:6e:f5:06:5a:e1:96:96:79:b9:b3:d9:
         d3:86:06:3c:05:d2:76:56:8a:dc:d3:cd:40:05:3a:65:b7:2e:
         08:9d:9f:5a:c1:0a:20:5f:97:ac:0f:2c:36:30:9a:46:18:d4:
         dd:4a:ea:7e:78:0a:25:47:b6:cc:95:c5:ad:40:0b:36:30:b5:
         ad:61:14:62:f3:89:90:3a:59:41:9d:70:73:de:9b:c4:b1:0e:
         20:04:1a:69:f4:66:7a:88:97:8c:bf:02:09:d9:63:30:97:76:
         3e:55:7e:eb:fb:a8:0b:6c:c6:90:42:84:74:9b:69:8b:59:13:
         9f:e5:e7:15:6f:82:15:dc:d5:c8:21:e9:4b:f1:a8:f6:ab:fb:
         72:bd:76:5e:e2:2b:ac:c9:7f:2c:31:64:1f:1a:3e:77:e7:77:
         59:36:c1:2b:8c:96:09:60:3a:bd:d9:38:2d:fb:5c:a7:a6:fc:
         d1:03:52:b6:27:77:8a:d5:ed:fb:27:31:6e:8f:2c:14:b4:36:
         1a:6e:65:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2xohGJhzNys+Gvb8Cyd+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZGE2MzAyMTNjZDQyMzg4MGY5ZmVmMTZkNzhmYjQzNmUw
OGYyNDcwHhcNMjQwMTAxMDIyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2RmNGQ1ZTk4NGViNWJkZDllYmVhNjA2YjgzMjU4MmJlODkzMTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqYDFL8jJx2FiLKvk4lHHEq6+6u+
+pdhMTRAS1/voBgoW8w8Ylm+BTn2wZ9eQMo0OkGxsjG3C3WwsRcTQC/cJvnNIJTa
Dpv2k4YAMepgW0ag1T0tZKYbI0N9VwXQG/bnumg3QVTJsf8NYDjYhH/MGncdSeLN
+4Sd71rDAxTwPFRg5ihFR43z495IKCrac77o6FPLM8wuDJ15mc0XOqjNn+Vy3cdJ
pcp2L2f+VTe3nejdw6oiIqi6irRYC7LLFuAlLJl2bnidE6DKWYz60zi/A1AJ/CJG
xb1GObYiEMqwwkrxkRQoIH0PQqugqwYfI+SnknZR+XtoWxm8+kTovFqk0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIffTV6YTrW92evqYGuDJYK+iTEeMB8GA1UdIwQY
MBaAFD/aYwITzUI4gPn+8W14+0NuCPJHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlwakFoUE5RamlBLWY3eGJYajdRMjRJOGtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My81NGM2OTEtOWZiYi00MzhhLWE1NWYt
MzgyMzdmZTRlNDE0LzEvaDk5TlhwaE90YjNaNi1wZ2E0TWxncjZKTVI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My81NGM2OTEtOWZiYi00MzhhLWE1NWYtMzgyMzdmZTRlNDE0
LzEvUDlwakFoUE5RamlBLWY3eGJYajdRMjRJOGtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcIAMA0G
CSqGSIb3DQEBCwUAA4IBAQC6yJpOZjG3Uxy8BZ8JXNEGPMbv3z0+A3nZ4Lkv+VYn
QOH6ykG5hzuJJkBDkVm42WYxGvBzoiyzNGdJWOzobvUGWuGWlnm5s9nThgY8BdJ2
Vorc081ABTplty4InZ9awQogX5esDyw2MJpGGNTdSup+eAolR7bMlcWtQAs2MLWt
YRRi84mQOllBnXBz3pvEsQ4gBBpp9GZ6iJeMvwIJ2WMwl3Y+VX7r+6gLbMaQQoR0
m2mLWROf5ecVb4IV3NXIIelL8aj2q/tyvXZe4iusyX8sMWQfGj5353dZNsErjJYJ
YDq92Tgt+1ynpvzRA1K2J3eK1e37JzFujywUtDYabmUE
-----END CERTIFICATE-----