Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/DPV_NvzNsuw_d8ZhC8FxUdXc7UI.roa
File:                     DPV_NvzNsuw_d8ZhC8FxUdXc7UI.roa (raw, json)
Hash identifier:          y7/eHrKeQyY5K8iRakOyBR8O+26dzBkdmphNMIV3Pu4=
Subject key identifier:   0C:F5:7F:36:FC:CD:B2:EC:3F:77:C6:61:0B:C1:71:51:D5:DC:ED:42
Certificate issuer:       /CN=3ee6cecffd9b8bba18d474e7b3993e0a1d14dbb3
Certificate serial:       018CC5DC3C56542F2F54E4AACD72A578D268
Authority key identifier: 3E:E6:CE:CF:FD:9B:8B:BA:18:D4:74:E7:B3:99:3E:0A:1D:14:DB:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PubOz_2bi7oY1HTns5k-Ch0U27M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/DPV_NvzNsuw_d8ZhC8FxUdXc7UI.roa
Signing time:             Mon 01 Jan 2024 16:29:54 +0000
ROA not before:           Mon 01 Jan 2024 16:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3301
IP address blocks:        194.246.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/PubOz_2bi7oY1HTns5k-Ch0U27M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/PubOz_2bi7oY1HTns5k-Ch0U27M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PubOz_2bi7oY1HTns5k-Ch0U27M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 20:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:3c:56:54:2f:2f:54:e4:aa:cd:72:a5:78:d2:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ee6cecffd9b8bba18d474e7b3993e0a1d14dbb3
        Validity
            Not Before: Jan  1 16:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0cf57f36fccdb2ec3f77c6610bc17151d5dced42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:9e:b4:26:59:83:47:06:ae:97:9a:d3:ae:c2:
                    bb:62:ef:7b:5c:93:eb:74:ca:d2:39:c3:6d:76:6d:
                    65:7c:81:a1:66:84:7a:2e:99:9c:32:d4:05:16:b5:
                    4f:25:a9:07:f7:83:dc:e4:13:24:6f:54:7a:16:36:
                    bf:66:6f:5f:6c:5d:e3:c7:cb:c0:51:6f:fd:4f:68:
                    ea:aa:df:7c:5b:b2:6b:cf:45:89:73:45:ce:30:f3:
                    1a:e6:fe:e1:40:27:fd:0a:8f:13:b3:e0:ed:b6:55:
                    ee:5b:83:f1:26:bf:68:45:e7:7e:f4:dd:96:23:f2:
                    47:1e:30:66:20:c6:da:3f:0e:9d:aa:97:70:9f:f3:
                    66:e2:15:88:55:dd:81:67:49:fe:b7:f6:87:1b:4b:
                    52:15:c0:2d:bb:f5:f5:06:75:d3:80:62:10:94:f4:
                    f7:6e:23:5b:83:ad:b1:dd:c0:cd:04:8e:59:15:dc:
                    c5:e0:dc:bf:86:ed:20:e9:cf:c3:d6:79:b0:95:07:
                    67:2f:91:f5:db:ba:a9:a3:a1:03:ac:92:b9:52:71:
                    76:63:5b:c9:2b:fc:07:f7:c4:c6:bd:65:98:24:44:
                    04:e6:db:96:f8:c9:1b:d4:54:53:c2:40:7b:56:44:
                    9d:67:be:a4:8c:95:f7:48:75:d8:23:f5:be:0e:33:
                    3d:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:F5:7F:36:FC:CD:B2:EC:3F:77:C6:61:0B:C1:71:51:D5:DC:ED:42
            X509v3 Authority Key Identifier:
                keyid:3E:E6:CE:CF:FD:9B:8B:BA:18:D4:74:E7:B3:99:3E:0A:1D:14:DB:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PubOz_2bi7oY1HTns5k-Ch0U27M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/DPV_NvzNsuw_d8ZhC8FxUdXc7UI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/PubOz_2bi7oY1HTns5k-Ch0U27M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.246.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:64:b8:dc:a9:f0:de:06:e6:4a:c2:7a:55:b1:61:26:91:b6:
         7b:ea:96:0b:37:ae:c6:09:91:eb:fb:7a:27:d9:68:9d:a8:ac:
         b5:a2:93:f5:f2:f6:4b:c2:52:33:72:ca:af:de:81:a6:41:a7:
         fa:2e:9f:09:3a:d5:68:91:f9:dc:ec:ba:bb:77:70:bb:ea:a2:
         c4:f2:33:35:eb:c1:e1:24:a4:9f:a2:79:c8:28:a9:29:ed:5f:
         90:9b:4d:17:93:bb:97:b6:c5:fd:af:f3:01:e7:65:37:a4:a7:
         cd:34:78:95:d6:93:dd:26:59:ce:27:41:f0:ee:c5:92:04:04:
         79:7f:16:9a:0e:c1:58:b9:e0:db:d5:1f:d4:c6:93:5a:d3:f9:
         df:7a:49:39:a9:ff:ad:0f:62:bb:19:d7:3b:a2:8d:9d:ed:40:
         b2:31:5d:78:ec:2b:29:16:53:df:86:12:ee:8e:be:30:9c:b9:
         4b:5b:0e:81:fb:c4:6c:da:58:64:16:dd:21:ff:67:b6:fa:67:
         49:09:68:98:9c:b8:31:f7:31:64:83:83:05:cf:29:69:40:16:
         4c:ec:11:36:eb:13:fe:6b:89:4a:e3:46:af:07:9b:f1:8e:f4:
         69:a0:5b:ec:32:73:33:b1:fd:1e:14:19:e9:e9:0a:77:33:4f:
         c2:75:03:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3DxWVC8vVOSqzXKleNJoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlZTZjZWNmZmQ5YjhiYmExOGQ0NzRlN2IzOTkzZTBhMWQx
NGRiYjMwHhcNMjQwMTAxMTYyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2Y1N2YzNmZjY2RiMmVjM2Y3N2M2NjEwYmMxNzE1MWQ1ZGNlZDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZ60JlmDRwaul5rTrsK7Yu97XJPr
dMrSOcNtdm1lfIGhZoR6LpmcMtQFFrVPJakH94Pc5BMkb1R6Fja/Zm9fbF3jx8vA
UW/9T2jqqt98W7Jrz0WJc0XOMPMa5v7hQCf9Co8Ts+DttlXuW4PxJr9oRed+9N2W
I/JHHjBmIMbaPw6dqpdwn/Nm4hWIVd2BZ0n+t/aHG0tSFcAtu/X1BnXTgGIQlPT3
biNbg62x3cDNBI5ZFdzF4Ny/hu0g6c/D1nmwlQdnL5H127qpo6EDrJK5UnF2Y1vJ
K/wH98TGvWWYJEQE5tuW+Mkb1FRTwkB7VkSdZ76kjJX3SHXYI/W+DjM9zQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAz1fzb8zbLsP3fGYQvBcVHV3O1CMB8GA1UdIwQY
MBaAFD7mzs/9m4u6GNR057OZPgodFNuzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHViT3pfMmJpN29ZMUhUbnM1ay1DaDBVMjdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS9lNjFjYWEtMjUwMC00Mzg4LWE5ZmEt
NzMyNDkxMzk3NWQ1LzEvRFBWX052ek5zdXdfZDhaaEM4RnhVZFhjN1VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS9lNjFjYWEtMjUwMC00Mzg4LWE5ZmEtNzMyNDkxMzk3NWQ1
LzEvUHViT3pfMmJpN29ZMUhUbnM1ay1DaDBVMjdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwvYGMA0G
CSqGSIb3DQEBCwUAA4IBAQATZLjcqfDeBuZKwnpVsWEmkbZ76pYLN67GCZHr+3on
2WidqKy1opP18vZLwlIzcsqv3oGmQaf6Lp8JOtVokfnc7Lq7d3C76qLE8jM168Hh
JKSfonnIKKkp7V+Qm00Xk7uXtsX9r/MB52U3pKfNNHiV1pPdJlnOJ0Hw7sWSBAR5
fxaaDsFYueDb1R/UxpNa0/nfekk5qf+tD2K7Gdc7oo2d7UCyMV147CspFlPfhhLu
jr4wnLlLWw6B+8Rs2lhkFt0h/2e2+mdJCWiYnLgx9zFkg4MFzylpQBZM7BE26xP+
a4lK40avB5vxjvRpoFvsMnMzsf0eFBnp6Qp3M0/CdQMD
-----END CERTIFICATE-----