Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/dRI_SNPswq5-wEUmggY5iKg-vTQ.roa
File:                     dRI_SNPswq5-wEUmggY5iKg-vTQ.roa (raw, json)
Hash identifier:          I7DNWbz1wwBqvn1Sr6PkiduVnym8x/jmN3h6yTtjaoA=
Subject key identifier:   75:12:3F:48:D3:EC:C2:AE:7E:C0:45:26:82:06:39:88:A8:3E:BD:34
Certificate issuer:       /CN=3ee6cecffd9b8bba18d474e7b3993e0a1d14dbb3
Certificate serial:       018CC5DC3BFD137457E133656DD30756964E
Authority key identifier: 3E:E6:CE:CF:FD:9B:8B:BA:18:D4:74:E7:B3:99:3E:0A:1D:14:DB:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PubOz_2bi7oY1HTns5k-Ch0U27M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/dRI_SNPswq5-wEUmggY5iKg-vTQ.roa
Signing time:             Mon 01 Jan 2024 16:29:53 +0000
ROA not before:           Mon 01 Jan 2024 16:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2119
IP address blocks:        194.246.8.0/23 maxlen: 23
                          194.246.14.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/PubOz_2bi7oY1HTns5k-Ch0U27M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/PubOz_2bi7oY1HTns5k-Ch0U27M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PubOz_2bi7oY1HTns5k-Ch0U27M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:3b:fd:13:74:57:e1:33:65:6d:d3:07:56:96:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ee6cecffd9b8bba18d474e7b3993e0a1d14dbb3
        Validity
            Not Before: Jan  1 16:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75123f48d3ecc2ae7ec0452682063988a83ebd34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:91:ab:22:db:fd:4f:95:d9:8c:47:bc:f1:8f:
                    75:0c:9a:8a:97:34:63:87:60:d5:56:22:19:13:46:
                    e4:45:e7:ed:87:ee:7c:0b:a7:e9:e5:82:f0:85:42:
                    c2:e5:c7:93:ac:f4:ab:53:a7:b8:1b:01:d5:1d:a7:
                    c8:d6:3f:37:62:bf:6e:22:19:41:47:46:d8:05:10:
                    6b:35:38:be:4b:33:6c:d2:64:56:f6:76:7d:8a:38:
                    9f:78:4b:cc:03:bc:74:fe:f4:03:ff:ac:21:a5:6c:
                    d7:73:85:40:c4:68:54:87:d8:e4:2f:d3:9a:22:53:
                    2d:67:5d:28:1e:ee:9a:ff:30:29:96:36:4b:b2:8e:
                    3f:9e:fc:06:b0:69:50:b6:a4:f0:6e:f5:4f:91:5f:
                    9d:bc:13:0c:28:52:a8:b4:eb:8d:e8:74:84:42:fc:
                    ab:84:61:c7:4e:3a:ea:e6:32:f1:9e:30:ad:6b:1e:
                    4b:fa:32:06:4f:06:96:90:e3:f1:a9:e9:a7:0d:c5:
                    f6:94:c6:b0:cd:1b:4e:d9:4d:e4:06:dc:a7:76:49:
                    75:bc:71:3a:74:61:c8:9d:d0:18:43:a4:02:7d:f3:
                    3f:0c:1d:da:c2:cc:ae:3c:bd:ea:a0:68:73:43:9b:
                    35:e7:fe:a6:75:cc:75:a7:b7:7a:77:9d:a0:3c:be:
                    00:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:12:3F:48:D3:EC:C2:AE:7E:C0:45:26:82:06:39:88:A8:3E:BD:34
            X509v3 Authority Key Identifier:
                keyid:3E:E6:CE:CF:FD:9B:8B:BA:18:D4:74:E7:B3:99:3E:0A:1D:14:DB:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PubOz_2bi7oY1HTns5k-Ch0U27M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/dRI_SNPswq5-wEUmggY5iKg-vTQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/PubOz_2bi7oY1HTns5k-Ch0U27M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.246.8.0/23
                  194.246.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8a:e6:12:ce:b2:1d:15:ed:f7:38:27:a4:5c:87:ca:12:a7:8b:
         46:49:f6:42:97:c8:49:96:a1:dd:9e:02:ae:6b:1e:b7:14:48:
         db:ae:8c:5d:72:b2:1c:9c:af:fe:6b:91:0b:93:3d:80:60:e9:
         ee:9d:d5:54:fd:5b:4d:22:d8:82:2e:3b:a7:43:e2:6e:be:92:
         9c:a6:01:55:81:a0:ce:5d:0f:86:a6:ca:93:0b:0f:0e:97:95:
         1d:5a:de:74:6b:62:b2:6e:68:f9:a4:c5:f9:a9:82:42:8a:a1:
         e7:1b:03:ff:d9:80:85:a3:a6:e6:37:3c:3a:1a:4e:48:e2:92:
         3a:28:e6:f7:27:11:b7:73:3e:ed:84:82:78:d9:4d:3c:2c:4a:
         24:08:ed:18:90:3a:5b:00:4c:87:36:d0:36:90:18:52:a7:55:
         c4:6e:e3:90:ab:51:db:a3:a7:74:80:21:ef:74:20:52:72:c4:
         5d:57:ca:3d:7f:8a:ce:74:9e:72:e9:d3:52:ce:cc:31:b0:4d:
         6d:4d:c2:28:5e:b1:08:fc:b1:1f:2a:f7:27:08:54:7d:87:98:
         5b:55:fa:cc:8d:36:e6:7c:e1:fb:cb:14:ad:81:3c:a3:43:19:
         f0:2e:94:37:8f:b9:ef:de:ba:0b:09:5f:06:d3:03:15:19:46:
         9e:db:7a:44
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF3Dv9E3RX4TNlbdMHVpZOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlZTZjZWNmZmQ5YjhiYmExOGQ0NzRlN2IzOTkzZTBhMWQx
NGRiYjMwHhcNMjQwMTAxMTYyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTEyM2Y0OGQzZWNjMmFlN2VjMDQ1MjY4MjA2Mzk4OGE4M2ViZDM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5GrItv9T5XZjEe88Y91DJqKlzRj
h2DVViIZE0bkRefth+58C6fp5YLwhULC5ceTrPSrU6e4GwHVHafI1j83Yr9uIhlB
R0bYBRBrNTi+SzNs0mRW9nZ9ijifeEvMA7x0/vQD/6whpWzXc4VAxGhUh9jkL9Oa
IlMtZ10oHu6a/zApljZLso4/nvwGsGlQtqTwbvVPkV+dvBMMKFKotOuN6HSEQvyr
hGHHTjrq5jLxnjCtax5L+jIGTwaWkOPxqemnDcX2lMawzRtO2U3kBtyndkl1vHE6
dGHIndAYQ6QCffM/DB3awsyuPL3qoGhzQ5s15/6mdcx1p7d6d52gPL4ALQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHUSP0jT7MKufsBFJoIGOYioPr00MB8GA1UdIwQY
MBaAFD7mzs/9m4u6GNR057OZPgodFNuzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHViT3pfMmJpN29ZMUhUbnM1ay1DaDBVMjdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS9lNjFjYWEtMjUwMC00Mzg4LWE5ZmEt
NzMyNDkxMzk3NWQ1LzEvZFJJX1NOUHN3cTUtd0VVbWdnWTVpS2ctdlRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS9lNjFjYWEtMjUwMC00Mzg4LWE5ZmEtNzMyNDkxMzk3NWQ1
LzEvUHViT3pfMmJpN29ZMUhUbnM1ay1DaDBVMjdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwvYIAwQB
wvYOMA0GCSqGSIb3DQEBCwUAA4IBAQCK5hLOsh0V7fc4J6Rch8oSp4tGSfZCl8hJ
lqHdngKuax63FEjbroxdcrIcnK/+a5ELkz2AYOnundVU/VtNItiCLjunQ+JuvpKc
pgFVgaDOXQ+GpsqTCw8Ol5UdWt50a2Kybmj5pMX5qYJCiqHnGwP/2YCFo6bmNzw6
Gk5I4pI6KOb3JxG3cz7thIJ42U08LEokCO0YkDpbAEyHNtA2kBhSp1XEbuOQq1Hb
o6d0gCHvdCBScsRdV8o9f4rOdJ5y6dNSzswxsE1tTcIoXrEI/LEfKvcnCFR9h5hb
VfrMjTbmfOH7yxStgTyjQxnwLpQ3j7nv3roLCV8G0wMVGUae23pE
-----END CERTIFICATE-----