Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/030074-ac39-4491-9db9-803db6d2ad70/1/GETD3JAqmeOnJj5MlkNVmpxHtaE.roa
File:                     GETD3JAqmeOnJj5MlkNVmpxHtaE.roa (raw, json)
Hash identifier:          fdvRv3EW6AuHL2/Hbw7tc+zY5yIh/mYFt5xd038zNd0=
Subject key identifier:   18:44:C3:DC:90:2A:99:E3:A7:26:3E:4C:96:43:55:9A:9C:47:B5:A1
Certificate issuer:       /CN=0bac8a3206e367b80b8ca689220f098d188491ba
Certificate serial:       018CC9BC12577CB93C573B48DD7E909117B5
Authority key identifier: 0B:AC:8A:32:06:E3:67:B8:0B:8C:A6:89:22:0F:09:8D:18:84:91:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C6yKMgbjZ7gLjKaJIg8JjRiEkbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/030074-ac39-4491-9db9-803db6d2ad70/1/GETD3JAqmeOnJj5MlkNVmpxHtaE.roa
Signing time:             Tue 02 Jan 2024 10:33:14 +0000
ROA not before:           Tue 02 Jan 2024 10:33:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1136
IP address blocks:        193.177.242.0/24 maxlen: 24
                          193.177.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/030074-ac39-4491-9db9-803db6d2ad70/1/C6yKMgbjZ7gLjKaJIg8JjRiEkbo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/030074-ac39-4491-9db9-803db6d2ad70/1/C6yKMgbjZ7gLjKaJIg8JjRiEkbo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C6yKMgbjZ7gLjKaJIg8JjRiEkbo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:12:57:7c:b9:3c:57:3b:48:dd:7e:90:91:17:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bac8a3206e367b80b8ca689220f098d188491ba
        Validity
            Not Before: Jan  2 10:33:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1844c3dc902a99e3a7263e4c9643559a9c47b5a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:6b:6e:c1:50:d6:34:89:6a:3b:9d:ea:f5:ea:
                    91:0d:87:ba:cb:a9:63:84:64:63:58:84:f0:e2:15:
                    58:34:2e:05:f7:d3:4f:fd:26:81:88:8d:8e:87:6f:
                    35:df:f7:f1:1c:33:28:fd:80:eb:3e:29:98:aa:6f:
                    f1:c3:26:95:75:c4:e9:00:03:b9:f6:4e:44:c0:62:
                    2c:90:1a:3a:72:5d:3e:26:cd:e4:e4:97:00:53:b0:
                    85:70:59:87:35:dc:af:58:96:06:75:be:3d:29:9b:
                    ae:01:ca:0f:eb:7a:a7:4f:3c:4f:93:6f:40:64:a3:
                    10:54:e6:75:3e:cf:91:41:21:2d:25:a3:2a:53:47:
                    fb:af:ba:b7:f0:95:6d:63:67:f5:3c:f1:21:98:5f:
                    d1:2d:7f:71:f1:e6:a1:a4:05:cf:46:97:f9:c7:5c:
                    8c:32:be:7d:b9:68:61:c4:6e:40:00:17:5a:25:74:
                    70:de:17:65:d1:7c:d0:c4:7f:6f:12:6a:0d:68:d9:
                    07:46:b4:8f:21:f2:74:b8:ed:0e:6a:7e:68:95:f9:
                    9d:78:95:be:e8:53:c4:eb:6b:2d:6d:59:61:fe:54:
                    44:f9:89:bc:53:15:51:7f:a6:40:ce:46:7a:ae:dc:
                    fc:89:d4:e8:c9:9f:b1:0f:b4:00:ce:8e:34:4c:45:
                    14:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:44:C3:DC:90:2A:99:E3:A7:26:3E:4C:96:43:55:9A:9C:47:B5:A1
            X509v3 Authority Key Identifier:
                keyid:0B:AC:8A:32:06:E3:67:B8:0B:8C:A6:89:22:0F:09:8D:18:84:91:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C6yKMgbjZ7gLjKaJIg8JjRiEkbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/030074-ac39-4491-9db9-803db6d2ad70/1/GETD3JAqmeOnJj5MlkNVmpxHtaE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/030074-ac39-4491-9db9-803db6d2ad70/1/C6yKMgbjZ7gLjKaJIg8JjRiEkbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.177.241.0-193.177.242.255

    Signature Algorithm: sha256WithRSAEncryption
         0e:6c:cb:bf:a6:60:29:9e:d2:e8:ed:e7:16:71:09:bb:a6:a5:
         e7:41:e8:03:4f:af:83:e2:f6:54:18:db:c9:be:51:a2:d4:39:
         ec:ee:d5:c5:00:ce:e2:0b:a1:a0:a4:bd:3a:b4:a4:99:a0:bb:
         42:21:26:33:67:ae:54:50:06:c0:4c:8b:23:2e:d4:06:04:f2:
         96:fc:55:81:6c:99:52:05:a1:71:32:e1:f7:fd:6c:e0:5c:04:
         59:fb:ea:79:fa:cf:24:1d:4b:e8:75:cf:96:5b:66:b6:ec:d2:
         83:e4:78:ec:bf:fb:a2:62:75:9c:5f:61:34:21:ce:4f:78:d0:
         ce:4e:5c:7e:7f:69:ea:ce:92:24:c1:6d:bc:91:ca:7f:dd:6f:
         c8:b3:e4:a3:8f:b1:46:08:93:fc:46:25:82:a3:a8:04:c1:94:
         e1:11:a5:aa:66:79:a8:48:20:46:5a:f8:e0:72:60:2b:e8:aa:
         8a:30:e1:9b:86:4c:5e:57:c7:21:c3:c5:42:de:31:1d:87:d6:
         4a:50:6d:8e:33:c1:66:49:66:8a:8b:66:68:19:25:5c:4a:c3:
         73:00:f1:08:4d:59:81:1f:91:c6:f2:09:2f:3a:13:ea:89:12:
         03:8e:6c:a3:72:0e:d2:77:45:b0:0a:9d:a5:45:40:04:72:ae:
         40:b4:25:94
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzJvBJXfLk8VztI3X6QkRe1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiYWM4YTMyMDZlMzY3YjgwYjhjYTY4OTIyMGYwOThkMTg4
NDkxYmEwHhcNMjQwMTAyMTAzMzE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODQ0YzNkYzkwMmE5OWUzYTcyNjNlNGM5NjQzNTU5YTljNDdiNWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWtuwVDWNIlqO53q9eqRDYe6y6lj
hGRjWITw4hVYNC4F99NP/SaBiI2Oh2813/fxHDMo/YDrPimYqm/xwyaVdcTpAAO5
9k5EwGIskBo6cl0+Js3k5JcAU7CFcFmHNdyvWJYGdb49KZuuAcoP63qnTzxPk29A
ZKMQVOZ1Ps+RQSEtJaMqU0f7r7q38JVtY2f1PPEhmF/RLX9x8eahpAXPRpf5x1yM
Mr59uWhhxG5AABdaJXRw3hdl0XzQxH9vEmoNaNkHRrSPIfJ0uO0Oan5olfmdeJW+
6FPE62stbVlh/lRE+Ym8UxVRf6ZAzkZ6rtz8idToyZ+xD7QAzo40TEUU8QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFBhEw9yQKpnjpyY+TJZDVZqcR7WhMB8GA1UdIwQY
MBaAFAusijIG42e4C4ymiSIPCY0YhJG6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzZ5S01nYmpaN2dMakthSklnOEpqUmlFa2JvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8wMzAwNzQtYWMzOS00NDkxLTlkYjkt
ODAzZGI2ZDJhZDcwLzEvR0VURDNKQXFtZU9uSmo1TWxrTlZtcHhIdGFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8wMzAwNzQtYWMzOS00NDkxLTlkYjktODAzZGI2ZDJhZDcw
LzEvQzZ5S01nYmpaN2dMakthSklnOEpqUmlFa2JvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADBsfED
BADBsfIwDQYJKoZIhvcNAQELBQADggEBAA5sy7+mYCme0ujt5xZxCbumpedB6ANP
r4Pi9lQY28m+UaLUOezu1cUAzuILoaCkvTq0pJmgu0IhJjNnrlRQBsBMiyMu1AYE
8pb8VYFsmVIFoXEy4ff9bOBcBFn76nn6zyQdS+h1z5ZbZrbs0oPkeOy/+6JidZxf
YTQhzk940M5OXH5/aerOkiTBbbyRyn/db8iz5KOPsUYIk/xGJYKjqATBlOERpapm
eahIIEZa+OByYCvoqoow4ZuGTF5XxyHDxULeMR2H1kpQbY4zwWZJZoqLZmgZJVxK
w3MA8QhNWYEfkcbyCS86E+qJEgOObKNyDtJ3RbAKnaVFQARyrkC0JZQ=
-----END CERTIFICATE-----