Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/0dbe12-e5d2-41b1-ab18-31245bbacd2f/1/Ddk9d8BRfyrj2bP4J2KIUfFRPVo.roa
File:                     Ddk9d8BRfyrj2bP4J2KIUfFRPVo.roa (raw, json)
Hash identifier:          hRNrkD++O/8JooH5OD3F4DUBx1vItOxh/OclIwHIexw=
Subject key identifier:   0D:D9:3D:77:C0:51:7F:2A:E3:D9:B3:F8:27:62:88:51:F1:51:3D:5A
Certificate issuer:       /CN=32697cbd221ccf61ec34fd0627b2bfebe3b41acb
Certificate serial:       018CC86F48D38A80605FDB2BAF76A35418D5
Authority key identifier: 32:69:7C:BD:22:1C:CF:61:EC:34:FD:06:27:B2:BF:EB:E3:B4:1A:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mml8vSIcz2HsNP0GJ7K_6-O0Gss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/0dbe12-e5d2-41b1-ab18-31245bbacd2f/1/Ddk9d8BRfyrj2bP4J2KIUfFRPVo.roa
Signing time:             Tue 02 Jan 2024 04:29:45 +0000
ROA not before:           Tue 02 Jan 2024 04:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42369
IP address blocks:        193.30.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/0dbe12-e5d2-41b1-ab18-31245bbacd2f/1/Mml8vSIcz2HsNP0GJ7K_6-O0Gss.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/0dbe12-e5d2-41b1-ab18-31245bbacd2f/1/Mml8vSIcz2HsNP0GJ7K_6-O0Gss.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mml8vSIcz2HsNP0GJ7K_6-O0Gss.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:48:d3:8a:80:60:5f:db:2b:af:76:a3:54:18:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32697cbd221ccf61ec34fd0627b2bfebe3b41acb
        Validity
            Not Before: Jan  2 04:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0dd93d77c0517f2ae3d9b3f827628851f1513d5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:c0:a5:a1:82:5c:1b:0c:1b:63:53:a3:a8:b8:
                    62:db:3e:83:0b:20:dc:54:2e:f1:2b:ab:16:9d:74:
                    16:e7:1a:f0:1d:2b:8a:fb:6a:4b:23:2c:a9:3d:ee:
                    7c:12:91:62:ab:44:14:59:fd:c0:51:f7:19:cf:54:
                    f6:d3:a3:50:06:d6:0b:33:3d:41:ba:d0:b3:c8:14:
                    9e:98:94:8d:d5:c2:6c:aa:89:70:d7:ad:23:10:26:
                    03:8d:fc:09:98:6d:59:94:0e:89:67:bc:77:26:c4:
                    02:0e:82:b6:e3:29:07:2c:05:4c:7d:a4:a3:e4:5e:
                    e9:33:b0:cc:eb:29:0c:fa:2a:fc:9a:15:21:68:c4:
                    70:39:e9:4c:70:14:60:47:2d:50:df:07:e8:6b:1d:
                    c5:1a:1e:5c:ab:bb:b2:f7:48:7d:0b:a5:3c:db:a4:
                    6b:6a:ae:8f:33:7e:cc:93:07:f9:c4:4c:35:18:9b:
                    55:b5:10:e6:6f:2a:ba:92:d4:90:4f:86:c9:77:f5:
                    e5:3d:95:42:7c:d6:55:8f:10:59:db:58:40:8c:f8:
                    f6:c5:8b:26:6e:41:64:62:81:97:65:fd:e9:40:e4:
                    fe:cc:cd:cf:5a:60:69:04:9a:f4:72:a6:a8:b6:33:
                    00:8d:54:d3:41:89:56:ee:26:b1:f3:5b:fe:e1:f6:
                    f1:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:D9:3D:77:C0:51:7F:2A:E3:D9:B3:F8:27:62:88:51:F1:51:3D:5A
            X509v3 Authority Key Identifier:
                keyid:32:69:7C:BD:22:1C:CF:61:EC:34:FD:06:27:B2:BF:EB:E3:B4:1A:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mml8vSIcz2HsNP0GJ7K_6-O0Gss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/0dbe12-e5d2-41b1-ab18-31245bbacd2f/1/Ddk9d8BRfyrj2bP4J2KIUfFRPVo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/0dbe12-e5d2-41b1-ab18-31245bbacd2f/1/Mml8vSIcz2HsNP0GJ7K_6-O0Gss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d2:c8:d2:b0:19:0c:e3:33:22:58:56:e1:1b:4a:3a:48:4b:e8:
         55:36:28:90:e5:b9:d5:16:b7:15:fb:43:ec:d2:e0:ed:72:6c:
         4b:a3:19:f1:7a:e4:c7:de:0c:b5:b8:42:f2:2f:12:da:64:b3:
         f0:ee:35:36:2e:6b:0a:f4:e1:a3:a3:9f:ac:e2:63:e9:e8:6b:
         07:47:5a:55:e7:e7:28:ae:9c:08:fd:68:70:e3:f3:1f:bb:f1:
         17:61:a4:03:2a:59:34:40:f2:62:03:bf:60:3e:67:57:2a:57:
         43:b8:17:43:c6:bb:ec:bc:dc:8c:b6:f0:66:0e:79:eb:bd:70:
         2d:36:28:37:ff:2d:5c:ac:e9:94:1e:91:8a:2a:ed:48:8d:9b:
         b1:54:ea:9e:8c:39:1d:08:6c:a2:41:d1:0c:cd:df:4c:04:66:
         e7:c5:16:4d:9f:eb:f4:56:eb:3d:1b:1c:cb:16:95:79:da:f4:
         55:09:a3:23:e7:fc:f9:2d:f3:49:c4:d5:0e:bd:58:da:2f:7c:
         3d:19:67:3f:97:ac:79:5b:7c:de:34:fe:7b:c0:0f:88:c7:31:
         8b:f8:82:9a:69:0d:ee:a2:f4:3b:7e:82:21:20:e5:30:9a:58:
         93:7b:d6:e2:21:24:a5:00:1a:fe:a8:09:23:fc:31:10:d5:db:
         ca:2a:f3:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb0jTioBgX9srr3ajVBjVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNjk3Y2JkMjIxY2NmNjFlYzM0ZmQwNjI3YjJiZmViZTNi
NDFhY2IwHhcNMjQwMTAyMDQyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGQ5M2Q3N2MwNTE3ZjJhZTNkOWIzZjgyNzYyODg1MWYxNTEzZDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArMCloYJcGwwbY1OjqLhi2z6DCyDc
VC7xK6sWnXQW5xrwHSuK+2pLIyypPe58EpFiq0QUWf3AUfcZz1T206NQBtYLMz1B
utCzyBSemJSN1cJsqolw160jECYDjfwJmG1ZlA6JZ7x3JsQCDoK24ykHLAVMfaSj
5F7pM7DM6ykM+ir8mhUhaMRwOelMcBRgRy1Q3wfoax3FGh5cq7uy90h9C6U826Rr
aq6PM37Mkwf5xEw1GJtVtRDmbyq6ktSQT4bJd/XlPZVCfNZVjxBZ21hAjPj2xYsm
bkFkYoGXZf3pQOT+zM3PWmBpBJr0cqaotjMAjVTTQYlW7iax81v+4fbxgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA3ZPXfAUX8q49mz+CdiiFHxUT1aMB8GA1UdIwQY
MBaAFDJpfL0iHM9h7DT9Bieyv+vjtBrLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTW1sOHZTSWN6MkhzTlAwR0o3S182LU8wR3NzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wZGJlMTItZTVkMi00MWIxLWFiMTgt
MzEyNDViYmFjZDJmLzEvRGRrOWQ4QlJmeXJqMmJQNEoyS0lVZkZSUFZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wZGJlMTItZTVkMi00MWIxLWFiMTgtMzEyNDViYmFjZDJm
LzEvTW1sOHZTSWN6MkhzTlAwR0o3S182LU8wR3NzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR5+MA0G
CSqGSIb3DQEBCwUAA4IBAQDSyNKwGQzjMyJYVuEbSjpIS+hVNiiQ5bnVFrcV+0Ps
0uDtcmxLoxnxeuTH3gy1uELyLxLaZLPw7jU2LmsK9OGjo5+s4mPp6GsHR1pV5+co
rpwI/Whw4/Mfu/EXYaQDKlk0QPJiA79gPmdXKldDuBdDxrvsvNyMtvBmDnnrvXAt
Nig3/y1crOmUHpGKKu1IjZuxVOqejDkdCGyiQdEMzd9MBGbnxRZNn+v0Vus9GxzL
FpV52vRVCaMj5/z5LfNJxNUOvVjaL3w9GWc/l6x5W3zeNP57wA+IxzGL+IKaaQ3u
ovQ7foIhIOUwmliTe9biISSlABr+qAkj/DEQ1dvKKvMs
-----END CERTIFICATE-----