Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/b1701f-d755-4d02-93e6-0acfff6189bd/1/CGDRIjVItsR7KraNF0yje901VKc.roa
File:                     CGDRIjVItsR7KraNF0yje901VKc.roa (raw, json)
Hash identifier:          a/vdfVI8A1udUhJDwMOX/i6MyuW4sQ/QNXzz1bBalhw=
Subject key identifier:   08:60:D1:22:35:48:B6:C4:7B:2A:B6:8D:17:4C:A3:7B:DD:35:54:A7
Certificate issuer:       /CN=dd4bdcd28c8735098199aec093ca897c077d7c90
Certificate serial:       018CC8702EF354863E6B3D5D0EEF7DBFAEF3
Authority key identifier: DD:4B:DC:D2:8C:87:35:09:81:99:AE:C0:93:CA:89:7C:07:7D:7C:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3Uvc0oyHNQmBma7Ak8qJfAd9fJA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/b1701f-d755-4d02-93e6-0acfff6189bd/1/CGDRIjVItsR7KraNF0yje901VKc.roa
Signing time:             Tue 02 Jan 2024 04:30:44 +0000
ROA not before:           Tue 02 Jan 2024 04:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206858
IP address blocks:        193.228.143.0/24 maxlen: 24
                          2a10:11c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/b1701f-d755-4d02-93e6-0acfff6189bd/1/3Uvc0oyHNQmBma7Ak8qJfAd9fJA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/b1701f-d755-4d02-93e6-0acfff6189bd/1/3Uvc0oyHNQmBma7Ak8qJfAd9fJA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3Uvc0oyHNQmBma7Ak8qJfAd9fJA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:2e:f3:54:86:3e:6b:3d:5d:0e:ef:7d:bf:ae:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd4bdcd28c8735098199aec093ca897c077d7c90
        Validity
            Not Before: Jan  2 04:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0860d1223548b6c47b2ab68d174ca37bdd3554a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:0d:ba:c8:ee:c7:14:71:ec:81:ec:12:f2:9b:
                    de:6c:d8:8e:03:2e:bc:23:75:36:73:40:92:a5:64:
                    0c:8e:79:21:d9:06:1a:12:db:73:76:e7:e5:4a:c3:
                    f0:c0:84:ff:19:20:a7:cd:72:1b:0c:aa:d6:e4:7a:
                    f8:66:90:f0:d6:63:36:7d:1a:4c:27:d7:4f:21:30:
                    ec:e0:57:98:63:91:07:dd:ea:5b:99:a0:97:09:68:
                    f7:01:0e:75:7e:26:cf:32:2e:bd:c6:50:06:97:10:
                    0e:9b:42:50:20:69:1b:a1:6e:5c:44:18:b8:3b:4e:
                    11:23:e9:c6:1f:b2:f1:9a:c3:94:a0:1c:29:73:d0:
                    70:9b:5d:89:36:bc:ea:69:2b:ba:32:b7:10:ba:4f:
                    14:13:2d:83:ba:4e:84:f3:e6:ad:dd:ca:5b:7f:57:
                    b9:af:e9:12:80:50:1e:fa:ae:dc:df:d8:bd:95:37:
                    a4:ff:e8:51:cb:f5:92:fb:41:8e:b4:1b:ad:fa:cb:
                    53:61:83:2d:2c:ac:5d:3a:fb:cc:4e:f7:de:6e:fc:
                    48:b0:76:f7:9d:4a:4d:ba:f3:18:ac:71:c0:1e:30:
                    34:14:7d:ce:2d:ba:d1:d0:0a:f0:a2:9d:ca:73:6c:
                    23:f7:cd:fb:2b:8a:81:fa:39:e7:76:ad:41:ff:e5:
                    03:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:60:D1:22:35:48:B6:C4:7B:2A:B6:8D:17:4C:A3:7B:DD:35:54:A7
            X509v3 Authority Key Identifier:
                keyid:DD:4B:DC:D2:8C:87:35:09:81:99:AE:C0:93:CA:89:7C:07:7D:7C:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3Uvc0oyHNQmBma7Ak8qJfAd9fJA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/b1701f-d755-4d02-93e6-0acfff6189bd/1/CGDRIjVItsR7KraNF0yje901VKc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/b1701f-d755-4d02-93e6-0acfff6189bd/1/3Uvc0oyHNQmBma7Ak8qJfAd9fJA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.228.143.0/24
                IPv6:
                  2a10:11c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         1c:8e:b5:3b:3a:35:d0:37:3c:00:3e:fa:53:48:60:6d:16:95:
         7d:1b:49:38:13:ea:36:f1:82:c0:00:3b:90:27:0b:09:bd:2b:
         f9:2e:db:a8:24:d1:79:6f:d6:f1:60:9e:37:f3:6d:0a:c3:d8:
         39:10:86:7a:47:8e:e8:ad:b7:c3:bc:00:74:52:bc:70:cc:73:
         3e:ad:1c:f9:26:40:cc:da:05:fc:e2:30:e6:6e:8f:95:fa:f0:
         f8:71:07:ef:65:46:fd:23:1a:c7:58:75:25:ec:0d:b1:7b:54:
         c0:de:47:3e:e1:0e:3a:17:81:fb:45:90:dc:af:11:75:c2:aa:
         7a:24:ad:7b:06:04:9f:41:dd:1c:ef:27:9e:7a:04:66:d4:93:
         db:36:3a:8c:d8:4b:40:21:45:8a:10:e6:a7:2a:e4:15:6c:41:
         42:7c:3d:2b:b4:33:fb:3c:6a:35:9a:81:19:85:0e:a5:37:76:
         51:8c:1b:ca:d2:d6:34:37:27:18:fa:81:9b:03:c1:1f:b1:8c:
         57:a1:b7:a9:c9:96:ea:41:57:4c:c2:81:a1:29:4c:9b:17:cd:
         59:fb:30:01:1b:67:76:8d:cb:40:bc:3d:57:b9:8e:d5:b7:b0:
         77:0e:37:55:bd:40:b4:cf:98:9f:69:9e:c2:6a:35:d7:9b:71:
         ae:b7:d1:7d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIcC7zVIY+az1dDu99v67zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNGJkY2QyOGM4NzM1MDk4MTk5YWVjMDkzY2E4OTdjMDc3
ZDdjOTAwHhcNMjQwMTAyMDQzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODYwZDEyMjM1NDhiNmM0N2IyYWI2OGQxNzRjYTM3YmRkMzU1NGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiw26yO7HFHHsgewS8pvebNiOAy68
I3U2c0CSpWQMjnkh2QYaEttzduflSsPwwIT/GSCnzXIbDKrW5Hr4ZpDw1mM2fRpM
J9dPITDs4FeYY5EH3epbmaCXCWj3AQ51fibPMi69xlAGlxAOm0JQIGkboW5cRBi4
O04RI+nGH7LxmsOUoBwpc9Bwm12JNrzqaSu6MrcQuk8UEy2Duk6E8+at3cpbf1e5
r+kSgFAe+q7c39i9lTek/+hRy/WS+0GOtBut+stTYYMtLKxdOvvMTvfebvxIsHb3
nUpNuvMYrHHAHjA0FH3OLbrR0Arwop3Kc2wj9837K4qB+jnndq1B/+UDiQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAhg0SI1SLbEeyq2jRdMo3vdNVSnMB8GA1UdIwQY
MBaAFN1L3NKMhzUJgZmuwJPKiXwHfXyQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1V2YzBveUhOUW1CbWE3QWs4cUpmQWQ5ZkpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My9iMTcwMWYtZDc1NS00ZDAyLTkzZTYt
MGFjZmZmNjE4OWJkLzEvQ0dEUklqVkl0c1I3S3JhTkYweWplOTAxVktjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My9iMTcwMWYtZDc1NS00ZDAyLTkzZTYtMGFjZmZmNjE4OWJk
LzEvM1V2YzBveUhOUW1CbWE3QWs4cUpmQWQ5ZkpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAweSPMA0E
AgACMAcDBQAqEBHAMA0GCSqGSIb3DQEBCwUAA4IBAQAcjrU7OjXQNzwAPvpTSGBt
FpV9G0k4E+o28YLAADuQJwsJvSv5LtuoJNF5b9bxYJ43820Kw9g5EIZ6R47orbfD
vAB0UrxwzHM+rRz5JkDM2gX84jDmbo+V+vD4cQfvZUb9IxrHWHUl7A2xe1TA3kc+
4Q46F4H7RZDcrxF1wqp6JK17BgSfQd0c7yeeegRm1JPbNjqM2EtAIUWKEOanKuQV
bEFCfD0rtDP7PGo1moEZhQ6lN3ZRjBvK0tY0NycY+oGbA8EfsYxXobepyZbqQVdM
woGhKUybF81Z+zABG2d2jctAvD1XuY7Vt7B3DjdVvUC0z5ifaZ7CajXXm3Gut9F9
-----END CERTIFICATE-----