Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/k-wgxsxD_MU8GQG6MYXQ0bsS60U.roa
File:                     k-wgxsxD_MU8GQG6MYXQ0bsS60U.roa (raw, json)
Hash identifier:          n/GRxTDoANJvGctuCUWLISEGXokn2GPwZ/iipZ42Nng=
Subject key identifier:   93:EC:20:C6:CC:43:FC:C5:3C:19:01:BA:31:85:D0:D1:BB:12:EB:45
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       018CC3B73B1764A5FFD5D1769ECBBCD91386
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/k-wgxsxD_MU8GQG6MYXQ0bsS60U.roa
Signing time:             Mon 01 Jan 2024 06:30:14 +0000
ROA not before:           Mon 01 Jan 2024 06:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47818
IP address blocks:        217.109.108.0/24 maxlen: 24
                          194.2.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:3b:17:64:a5:ff:d5:d1:76:9e:cb:bc:d9:13:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 06:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93ec20c6cc43fcc53c1901ba3185d0d1bb12eb45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:e8:5b:97:a5:6b:ce:89:1a:08:1f:8e:70:12:
                    46:4b:1d:0c:c9:04:21:26:cf:99:0c:ea:06:3f:42:
                    b0:10:ca:95:dd:0b:41:2f:47:79:8a:91:c1:62:1e:
                    b8:04:0a:61:9f:03:49:11:ea:b3:c3:38:ae:b8:1e:
                    5d:5a:db:db:92:ac:b6:c9:72:6f:fb:a6:28:5c:61:
                    84:86:0d:5b:4d:ff:98:ea:35:72:e0:39:a3:67:6a:
                    c0:a1:1d:4b:ef:57:d7:61:8a:86:a0:76:ef:73:da:
                    29:f9:4c:cd:46:33:d5:19:82:a0:40:7c:ff:a7:08:
                    04:36:c7:fc:d7:4b:b3:ab:8b:c9:e6:51:77:d2:72:
                    d1:b3:12:7c:8f:ce:1c:09:82:7d:5d:fb:fd:33:ba:
                    9c:0a:93:7a:1e:36:82:87:e5:38:66:a7:f5:3a:f0:
                    26:1e:40:22:6c:a0:fa:31:13:dc:34:8a:39:89:dd:
                    35:7f:4d:48:42:90:e6:25:a9:c5:88:a0:b7:74:8a:
                    b7:10:21:71:d3:64:dc:f9:66:0b:a7:b6:0e:67:0f:
                    70:74:7e:a5:52:cf:cb:2d:68:f8:c4:bd:f5:0f:ff:
                    50:b8:b8:b7:09:8f:1a:50:2e:ed:f1:6b:c7:15:d5:
                    66:93:ac:2e:56:91:2e:45:8b:d7:a9:ad:1b:70:e7:
                    0c:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:EC:20:C6:CC:43:FC:C5:3C:19:01:BA:31:85:D0:D1:BB:12:EB:45
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/k-wgxsxD_MU8GQG6MYXQ0bsS60U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.2.42.0/24
                  217.109.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:4d:fa:15:f8:5b:2c:16:b9:32:38:5a:e1:a6:39:8a:98:10:
         65:6e:d9:51:d8:35:f4:28:ce:6c:21:58:65:0e:b8:79:e0:34:
         09:23:a2:e1:43:b3:cf:1f:80:74:06:73:4c:c1:3a:74:0f:c4:
         69:e8:8e:e5:05:57:30:f9:05:55:73:8d:8e:f3:b2:5f:67:db:
         52:72:89:eb:da:5a:1d:41:e3:b3:c0:30:38:fd:4c:b2:2d:56:
         35:03:a7:ed:65:44:15:38:24:93:20:b1:89:4f:3d:7d:d6:4f:
         de:36:83:96:1f:8f:63:4d:29:f7:38:d3:6f:70:8e:47:46:d5:
         86:54:12:2c:5b:e4:d5:b4:56:ec:e1:bc:34:98:7e:ae:3e:85:
         63:ba:72:2c:fd:d7:ee:ad:a5:9f:02:aa:c2:ea:56:9c:5b:0a:
         99:41:23:ae:f2:2b:a9:6a:cc:f8:60:d6:7c:20:04:b4:b4:17:
         70:3e:fd:2c:80:23:a6:d5:27:92:26:1d:cf:71:52:a0:bf:46:
         b9:a9:70:52:b5:92:f5:7c:c3:91:64:96:ea:a6:ca:c6:fd:5a:
         ee:7d:88:2c:8c:f9:96:5b:6f:2c:37:1b:cd:aa:04:07:61:75:
         7f:d2:6a:38:64:c2:8e:62:36:7c:5e:a7:9a:32:0f:14:fc:99:
         0f:fb:ba:7d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtzsXZKX/1dF2nsu82ROGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjQwMTAxMDYzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2VjMjBjNmNjNDNmY2M1M2MxOTAxYmEzMTg1ZDBkMWJiMTJlYjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnehbl6VrzokaCB+OcBJGSx0MyQQh
Js+ZDOoGP0KwEMqV3QtBL0d5ipHBYh64BAphnwNJEeqzwziuuB5dWtvbkqy2yXJv
+6YoXGGEhg1bTf+Y6jVy4DmjZ2rAoR1L71fXYYqGoHbvc9op+UzNRjPVGYKgQHz/
pwgENsf810uzq4vJ5lF30nLRsxJ8j84cCYJ9Xfv9M7qcCpN6HjaCh+U4Zqf1OvAm
HkAibKD6MRPcNIo5id01f01IQpDmJanFiKC3dIq3ECFx02Tc+WYLp7YOZw9wdH6l
Us/LLWj4xL31D/9QuLi3CY8aUC7t8WvHFdVmk6wuVpEuRYvXqa0bcOcMAwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJPsIMbMQ/zFPBkBujGF0NG7EutFMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvay13Z3hzeERfTVU4R1FHNk1ZWFEwYnNTNjBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwgIqAwQA
2W1sMA0GCSqGSIb3DQEBCwUAA4IBAQCGTfoV+FssFrkyOFrhpjmKmBBlbtlR2DX0
KM5sIVhlDrh54DQJI6LhQ7PPH4B0BnNMwTp0D8Rp6I7lBVcw+QVVc42O87JfZ9tS
conr2lodQeOzwDA4/UyyLVY1A6ftZUQVOCSTILGJTz191k/eNoOWH49jTSn3ONNv
cI5HRtWGVBIsW+TVtFbs4bw0mH6uPoVjunIs/dfuraWfAqrC6lacWwqZQSOu8iup
asz4YNZ8IAS0tBdwPv0sgCOm1SeSJh3PcVKgv0a5qXBStZL1fMORZJbqpsrG/Vru
fYgsjPmWW28sNxvNqgQHYXV/0mo4ZMKOYjZ8XqeaMg8U/JkP+7p9
-----END CERTIFICATE-----