Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/edc238-4c0a-46ed-bc24-3b9e3c8a2fca/1/j5Y76TqDaT8ZVN7E9XoaxeOLbmQ.roa
File:                     j5Y76TqDaT8ZVN7E9XoaxeOLbmQ.roa (raw, json)
Hash identifier:          gWaCsS9OX4dn4Q94Hk67HESZ401v5/xusJ8AUsH7ymo=
Subject key identifier:   8F:96:3B:E9:3A:83:69:3F:19:54:DE:C4:F5:7A:1A:C5:E3:8B:6E:64
Certificate issuer:       /CN=dd0b663c45d7bc2724d168485087581e14448fb6
Certificate serial:       018CC801B1A38D9DF313673713068D817DE7
Authority key identifier: DD:0B:66:3C:45:D7:BC:27:24:D1:68:48:50:87:58:1E:14:44:8F:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3QtmPEXXvCck0WhIUIdYHhREj7Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/edc238-4c0a-46ed-bc24-3b9e3c8a2fca/1/j5Y76TqDaT8ZVN7E9XoaxeOLbmQ.roa
Signing time:             Tue 02 Jan 2024 02:30:03 +0000
ROA not before:           Tue 02 Jan 2024 02:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34370
IP address blocks:        193.227.181.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/edc238-4c0a-46ed-bc24-3b9e3c8a2fca/1/3QtmPEXXvCck0WhIUIdYHhREj7Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/edc238-4c0a-46ed-bc24-3b9e3c8a2fca/1/3QtmPEXXvCck0WhIUIdYHhREj7Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3QtmPEXXvCck0WhIUIdYHhREj7Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:b1:a3:8d:9d:f3:13:67:37:13:06:8d:81:7d:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd0b663c45d7bc2724d168485087581e14448fb6
        Validity
            Not Before: Jan  2 02:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f963be93a83693f1954dec4f57a1ac5e38b6e64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:94:c7:59:62:5b:3f:76:ae:18:26:2c:d7:a5:
                    35:55:2f:a1:b4:4b:2a:65:fc:f9:3e:13:d3:98:19:
                    a5:d5:40:bd:aa:24:bc:72:fb:50:01:93:ee:49:bf:
                    1d:1e:2e:c0:46:43:2a:ca:f0:0b:36:f7:c1:ca:85:
                    80:67:b3:ea:a5:37:f5:54:95:1d:7f:af:35:c4:e7:
                    18:8c:b3:42:e1:4d:a5:45:4d:bf:e0:d2:7e:6a:77:
                    c9:e1:17:12:33:3d:45:da:2f:b4:0f:1f:94:b2:ea:
                    51:eb:63:9d:d8:41:27:ab:65:1e:4f:31:ae:88:e0:
                    85:c0:e4:b3:ee:fd:77:7a:3e:6b:45:91:06:8c:2d:
                    b1:0d:72:c3:4c:78:26:39:e6:da:e5:01:75:15:8a:
                    1c:b2:5e:12:de:b9:e2:21:16:c5:e2:fa:f4:2f:4d:
                    61:bd:d9:03:47:8e:0a:65:f0:fc:77:37:66:fb:73:
                    92:f2:af:e8:8b:f3:2a:2a:bb:d0:d6:e5:94:ce:fd:
                    39:25:23:5a:de:b4:41:4a:20:55:ad:68:cd:58:73:
                    d1:4c:ef:24:9f:1b:3b:26:87:00:c0:d6:81:b8:40:
                    d3:24:36:b5:76:e6:00:96:8d:5e:39:87:6b:02:1a:
                    5e:8e:90:76:7e:20:31:a6:3f:8e:b2:20:67:ca:95:
                    fe:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:96:3B:E9:3A:83:69:3F:19:54:DE:C4:F5:7A:1A:C5:E3:8B:6E:64
            X509v3 Authority Key Identifier:
                keyid:DD:0B:66:3C:45:D7:BC:27:24:D1:68:48:50:87:58:1E:14:44:8F:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3QtmPEXXvCck0WhIUIdYHhREj7Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/edc238-4c0a-46ed-bc24-3b9e3c8a2fca/1/j5Y76TqDaT8ZVN7E9XoaxeOLbmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/edc238-4c0a-46ed-bc24-3b9e3c8a2fca/1/3QtmPEXXvCck0WhIUIdYHhREj7Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.227.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:4f:6a:b5:57:22:f3:af:38:29:be:1b:c4:97:b0:40:bf:4c:
         0d:f5:0b:e6:dc:68:d1:d8:05:3f:c4:68:a1:80:1c:fb:e2:36:
         e3:9c:65:e1:96:e9:d8:0b:22:8c:96:96:4b:6b:4e:15:8f:76:
         7e:98:60:9d:d5:bb:8e:f8:0b:82:f1:15:96:10:b2:bb:fa:4a:
         f8:6f:4d:61:f2:be:31:96:ce:a5:15:cd:9d:97:e2:dc:5c:57:
         c7:7e:16:55:74:3c:4e:33:50:24:18:35:d1:00:bc:5d:57:ea:
         ba:34:9e:fe:26:e3:42:95:3b:8f:ca:52:1c:3b:25:81:1f:f4:
         ae:fa:59:66:85:04:a5:2a:26:44:dd:ad:2c:c8:02:be:c3:6a:
         f2:65:d3:69:89:55:de:3d:b0:46:24:37:f5:c1:dc:52:13:0e:
         a4:f1:73:37:cf:6b:bf:aa:5c:26:80:c2:93:ef:49:af:19:0f:
         b3:48:fc:7e:b1:8f:1e:71:67:8a:43:d3:73:4b:32:62:a9:e3:
         f6:84:09:41:d2:46:e0:45:6e:82:b8:1e:a1:94:ea:74:21:23:
         29:20:8a:ed:74:25:65:b9:66:28:4a:ed:be:5d:fa:e5:bb:fd:
         c1:43:96:44:06:d7:17:9c:dd:7e:e5:9c:bb:85:bc:4c:7a:56:
         6a:cc:a3:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAbGjjZ3zE2c3EwaNgX3nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkMGI2NjNjNDVkN2JjMjcyNGQxNjg0ODUwODc1ODFlMTQ0
NDhmYjYwHhcNMjQwMTAyMDIzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Zjk2M2JlOTNhODM2OTNmMTk1NGRlYzRmNTdhMWFjNWUzOGI2ZTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh5THWWJbP3auGCYs16U1VS+htEsq
Zfz5PhPTmBml1UC9qiS8cvtQAZPuSb8dHi7ARkMqyvALNvfByoWAZ7PqpTf1VJUd
f681xOcYjLNC4U2lRU2/4NJ+anfJ4RcSMz1F2i+0Dx+UsupR62Od2EEnq2UeTzGu
iOCFwOSz7v13ej5rRZEGjC2xDXLDTHgmOeba5QF1FYocsl4S3rniIRbF4vr0L01h
vdkDR44KZfD8dzdm+3OS8q/oi/MqKrvQ1uWUzv05JSNa3rRBSiBVrWjNWHPRTO8k
nxs7JocAwNaBuEDTJDa1duYAlo1eOYdrAhpejpB2fiAxpj+OsiBnypX+DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI+WO+k6g2k/GVTexPV6GsXji25kMB8GA1UdIwQY
MBaAFN0LZjxF17wnJNFoSFCHWB4URI+2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1F0bVBFWFh2Q2NrMFdoSVVJZFlIaFJFajdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC9lZGMyMzgtNGMwYS00NmVkLWJjMjQt
M2I5ZTNjOGEyZmNhLzEvajVZNzZUcURhVDhaVk43RTlYb2F4ZU9MYm1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC9lZGMyMzgtNGMwYS00NmVkLWJjMjQtM2I5ZTNjOGEyZmNh
LzEvM1F0bVBFWFh2Q2NrMFdoSVVJZFlIaFJFajdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAweO1MA0G
CSqGSIb3DQEBCwUAA4IBAQCUT2q1VyLzrzgpvhvEl7BAv0wN9Qvm3GjR2AU/xGih
gBz74jbjnGXhlunYCyKMlpZLa04Vj3Z+mGCd1buO+AuC8RWWELK7+kr4b01h8r4x
ls6lFc2dl+LcXFfHfhZVdDxOM1AkGDXRALxdV+q6NJ7+JuNClTuPylIcOyWBH/Su
+llmhQSlKiZE3a0syAK+w2ryZdNpiVXePbBGJDf1wdxSEw6k8XM3z2u/qlwmgMKT
70mvGQ+zSPx+sY8ecWeKQ9NzSzJiqeP2hAlB0kbgRW6CuB6hlOp0ISMpIIrtdCVl
uWYoSu2+Xfrlu/3BQ5ZEBtcXnN1+5Zy7hbxMelZqzKMd
-----END CERTIFICATE-----