Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/cLHxWK7Pt6IZM4G8Jw8b05FrbuM.roa
File:                     cLHxWK7Pt6IZM4G8Jw8b05FrbuM.roa (raw, json)
Hash identifier:          lFYk+5iW48BeJLxO1AsYyzQRw2vFfCSebx0vsH2HHIk=
Subject key identifier:   70:B1:F1:58:AE:CF:B7:A2:19:33:81:BC:27:0F:1B:D3:91:6B:6E:E3
Certificate issuer:       /CN=3ee6cecffd9b8bba18d474e7b3993e0a1d14dbb3
Certificate serial:       018CC5DC3CE98BF318819ACA9F6B2E895B4A
Authority key identifier: 3E:E6:CE:CF:FD:9B:8B:BA:18:D4:74:E7:B3:99:3E:0A:1D:14:DB:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PubOz_2bi7oY1HTns5k-Ch0U27M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/cLHxWK7Pt6IZM4G8Jw8b05FrbuM.roa
Signing time:             Mon 01 Jan 2024 16:29:54 +0000
ROA not before:           Mon 01 Jan 2024 16:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12301
IP address blocks:        194.246.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/PubOz_2bi7oY1HTns5k-Ch0U27M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/PubOz_2bi7oY1HTns5k-Ch0U27M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PubOz_2bi7oY1HTns5k-Ch0U27M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:3c:e9:8b:f3:18:81:9a:ca:9f:6b:2e:89:5b:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ee6cecffd9b8bba18d474e7b3993e0a1d14dbb3
        Validity
            Not Before: Jan  1 16:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70b1f158aecfb7a2193381bc270f1bd3916b6ee3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:fb:45:a9:41:e4:b4:1c:e1:ef:93:27:ed:fa:
                    cf:d8:ce:54:14:c6:9c:a1:f4:c0:1f:64:f4:9d:05:
                    53:5a:94:a6:a9:55:46:c9:08:d7:bf:ca:36:9e:9e:
                    79:a4:e7:c6:a9:d6:6e:f2:65:be:57:a4:b7:51:77:
                    79:c0:ef:a7:64:de:18:49:48:1f:4d:85:6e:76:b9:
                    b7:0d:69:69:81:8f:63:d9:2f:ba:24:fb:1a:67:14:
                    7a:f9:80:31:eb:92:1f:fc:db:9b:20:89:f4:7e:39:
                    7b:55:5b:b0:ce:45:bd:24:11:60:0e:c7:fd:96:70:
                    da:3f:0d:70:e8:55:4c:1a:01:43:e8:fc:b5:0b:94:
                    b4:94:8f:2e:4a:08:11:c7:ec:ed:81:43:0b:5a:b7:
                    3c:fc:8a:74:54:0e:24:91:26:ce:88:01:ad:18:07:
                    fa:16:50:fb:de:59:36:d8:09:09:2f:d2:2f:b8:0a:
                    e5:41:b6:ea:87:2f:f3:60:3d:34:bd:c7:06:49:3e:
                    4b:45:f6:ba:b3:5a:cc:23:f6:61:1d:76:6a:e5:6c:
                    4d:be:d7:58:05:1b:f7:d1:5f:e2:f7:f3:2a:a7:93:
                    49:ef:89:e6:2c:a6:53:3b:8d:2a:ae:8f:67:14:8d:
                    50:ef:34:c8:4c:a9:40:dd:8f:0a:36:e7:bb:32:62:
                    e8:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:B1:F1:58:AE:CF:B7:A2:19:33:81:BC:27:0F:1B:D3:91:6B:6E:E3
            X509v3 Authority Key Identifier:
                keyid:3E:E6:CE:CF:FD:9B:8B:BA:18:D4:74:E7:B3:99:3E:0A:1D:14:DB:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PubOz_2bi7oY1HTns5k-Ch0U27M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/cLHxWK7Pt6IZM4G8Jw8b05FrbuM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/PubOz_2bi7oY1HTns5k-Ch0U27M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.246.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:99:19:82:69:1f:1a:8c:54:df:61:31:b7:7c:cf:e7:ad:5e:
         3e:b5:d5:54:26:1c:9c:25:fe:f0:99:c6:2d:aa:da:1f:59:e0:
         bc:d6:6a:e8:90:16:37:f1:db:d1:01:1e:f3:b3:c7:c2:13:87:
         ee:9b:00:83:d7:ca:e9:cb:5f:a2:7b:1a:f2:4c:ac:00:a6:8a:
         02:9b:43:50:5b:d3:7a:89:5e:69:d3:a6:93:4f:0c:2e:86:9b:
         52:b3:99:9b:b9:db:f4:fd:31:1e:b3:0d:ec:4a:09:5b:26:da:
         e0:76:db:d4:6d:52:52:76:f3:0b:8f:ed:ec:af:e8:db:9c:ee:
         db:a3:25:78:c1:6e:53:52:69:45:a3:2b:8a:6b:3b:bf:0d:f5:
         2a:5e:f9:ae:52:ef:c0:e9:f6:55:6e:82:b8:59:57:4b:6b:41:
         4a:c1:2b:64:52:cd:37:56:0e:0c:39:58:5e:08:e9:c5:cf:c4:
         5e:d4:d5:60:01:98:1d:b5:e9:52:94:40:68:39:d3:9d:50:53:
         df:2d:e9:2f:e9:a3:72:6e:90:ed:c7:a4:b3:34:c4:64:2a:bb:
         fb:cf:95:cb:b3:3f:0d:ff:43:7b:9c:a6:29:ed:a3:87:14:4c:
         41:45:d5:1a:9d:da:6b:5a:ed:89:af:90:31:f2:07:b4:40:b1:
         cc:b1:f2:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3Dzpi/MYgZrKn2suiVtKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlZTZjZWNmZmQ5YjhiYmExOGQ0NzRlN2IzOTkzZTBhMWQx
NGRiYjMwHhcNMjQwMTAxMTYyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGIxZjE1OGFlY2ZiN2EyMTkzMzgxYmMyNzBmMWJkMzkxNmI2ZWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxftFqUHktBzh75Mn7frP2M5UFMac
ofTAH2T0nQVTWpSmqVVGyQjXv8o2np55pOfGqdZu8mW+V6S3UXd5wO+nZN4YSUgf
TYVudrm3DWlpgY9j2S+6JPsaZxR6+YAx65If/NubIIn0fjl7VVuwzkW9JBFgDsf9
lnDaPw1w6FVMGgFD6Py1C5S0lI8uSggRx+ztgUMLWrc8/Ip0VA4kkSbOiAGtGAf6
FlD73lk22AkJL9IvuArlQbbqhy/zYD00vccGST5LRfa6s1rMI/ZhHXZq5WxNvtdY
BRv30V/i9/Mqp5NJ74nmLKZTO40qro9nFI1Q7zTITKlA3Y8KNue7MmLoUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHCx8Viuz7eiGTOBvCcPG9ORa27jMB8GA1UdIwQY
MBaAFD7mzs/9m4u6GNR057OZPgodFNuzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHViT3pfMmJpN29ZMUhUbnM1ay1DaDBVMjdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS9lNjFjYWEtMjUwMC00Mzg4LWE5ZmEt
NzMyNDkxMzk3NWQ1LzEvY0xIeFdLN1B0NklaTTRHOEp3OGIwNUZyYnVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS9lNjFjYWEtMjUwMC00Mzg4LWE5ZmEtNzMyNDkxMzk3NWQ1
LzEvUHViT3pfMmJpN29ZMUhUbnM1ay1DaDBVMjdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwvYEMA0G
CSqGSIb3DQEBCwUAA4IBAQCnmRmCaR8ajFTfYTG3fM/nrV4+tdVUJhycJf7wmcYt
qtofWeC81mrokBY38dvRAR7zs8fCE4fumwCD18rpy1+iexryTKwApooCm0NQW9N6
iV5p06aTTwwuhptSs5mbudv0/TEesw3sSglbJtrgdtvUbVJSdvMLj+3sr+jbnO7b
oyV4wW5TUmlFoyuKazu/DfUqXvmuUu/A6fZVboK4WVdLa0FKwStkUs03Vg4MOVhe
COnFz8Re1NVgAZgdtelSlEBoOdOdUFPfLekv6aNybpDtx6SzNMRkKrv7z5XLsz8N
/0N7nKYp7aOHFExBRdUandprWu2Jr5Ax8ge0QLHMsfKK
-----END CERTIFICATE-----