Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/d9dd82-9bb9-484c-81cb-83bdcad02047/1/DLoqpl1ulYbsCg0ociaJla1i-xw.roa
File:                     DLoqpl1ulYbsCg0ociaJla1i-xw.roa (raw, json)
Hash identifier:          MY3FenYZsD3vUrcTabLs/W0GAnt/tHtCYF+f7RgULl0=
Subject key identifier:   0C:BA:2A:A6:5D:6E:95:86:EC:0A:0D:28:72:26:89:95:AD:62:FB:1C
Certificate issuer:       /CN=2306cb6cccd09e75ed19fc06fb5924cf27a398c3
Certificate serial:       01919361477B4DE1DE49D13B8CB152EDD5CB
Authority key identifier: 23:06:CB:6C:CC:D0:9E:75:ED:19:FC:06:FB:59:24:CF:27:A3:98:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IwbLbMzQnnXtGfwG-1kkzyejmMM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/d9dd82-9bb9-484c-81cb-83bdcad02047/1/DLoqpl1ulYbsCg0ociaJla1i-xw.roa
Signing time:             Tue 27 Aug 2024 10:28:31 +0000
ROA not before:           Tue 27 Aug 2024 10:28:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49556
IP address blocks:        176.120.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/d9dd82-9bb9-484c-81cb-83bdcad02047/1/IwbLbMzQnnXtGfwG-1kkzyejmMM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/d9dd82-9bb9-484c-81cb-83bdcad02047/1/IwbLbMzQnnXtGfwG-1kkzyejmMM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IwbLbMzQnnXtGfwG-1kkzyejmMM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:93:61:47:7b:4d:e1:de:49:d1:3b:8c:b1:52:ed:d5:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2306cb6cccd09e75ed19fc06fb5924cf27a398c3
        Validity
            Not Before: Aug 27 10:28:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0cba2aa65d6e9586ec0a0d2872268995ad62fb1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:46:e2:7e:3a:3e:23:68:50:6d:ca:96:e8:2b:
                    f0:b4:ef:7a:39:da:6a:d2:85:c4:b3:0b:d9:d8:c2:
                    12:8e:bb:6c:86:c1:b4:67:5f:03:3f:01:59:b6:b5:
                    91:dc:72:e0:a1:8f:4b:38:50:53:97:41:d6:40:fe:
                    83:58:07:e6:da:0f:78:77:b7:d4:d9:e8:a1:92:02:
                    fb:18:02:be:31:17:bc:8a:b9:3d:a7:c9:70:69:22:
                    90:10:32:af:4c:46:d4:06:05:b3:a5:fd:d2:8e:8a:
                    5f:f2:88:d4:83:58:03:3e:e0:30:6e:2c:52:58:0f:
                    de:9a:52:45:e2:ce:c8:5e:3a:2a:9b:83:19:c5:6d:
                    37:8c:6b:87:ea:c0:1b:ce:3c:32:7c:4b:40:80:04:
                    cd:71:06:e3:7f:49:16:21:02:a0:44:b2:68:b7:2c:
                    a6:e5:3f:2c:2e:04:99:e4:ce:b3:66:5f:32:e1:c7:
                    94:2b:4f:7c:c9:6d:eb:82:86:e2:8b:1b:79:bb:c8:
                    8b:ff:c4:51:22:44:ab:82:0e:ac:42:e4:d6:fb:09:
                    8c:23:75:05:c1:6c:32:29:b0:a4:20:83:3b:4a:5d:
                    5c:00:65:1a:cc:74:83:2a:30:1c:ef:15:03:c2:36:
                    a1:20:65:56:83:a1:8c:6d:5b:8a:46:33:be:c6:9d:
                    d9:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:BA:2A:A6:5D:6E:95:86:EC:0A:0D:28:72:26:89:95:AD:62:FB:1C
            X509v3 Authority Key Identifier:
                keyid:23:06:CB:6C:CC:D0:9E:75:ED:19:FC:06:FB:59:24:CF:27:A3:98:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IwbLbMzQnnXtGfwG-1kkzyejmMM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/d9dd82-9bb9-484c-81cb-83bdcad02047/1/DLoqpl1ulYbsCg0ociaJla1i-xw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/d9dd82-9bb9-484c-81cb-83bdcad02047/1/IwbLbMzQnnXtGfwG-1kkzyejmMM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.120.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:b1:47:31:fe:4e:6b:96:d3:ec:01:a5:32:df:09:17:cd:67:
         87:e7:85:91:e4:3e:2d:bb:f7:5d:91:1a:a7:bd:fd:d3:ad:a0:
         ac:87:81:92:57:45:d1:59:4b:a9:01:18:c6:58:12:1e:80:96:
         f7:23:5e:f6:13:dd:a5:87:a3:6e:15:8d:0e:10:87:1d:8a:c4:
         e8:d7:84:6c:55:f7:cf:4a:a0:c0:37:26:60:af:9a:99:00:58:
         35:81:53:0b:fb:77:dd:4a:07:9f:73:80:70:d9:81:a8:ef:30:
         35:f9:2c:2d:2a:4a:3a:f1:51:da:22:61:a0:fb:85:99:53:9a:
         30:6d:24:c7:dc:70:60:70:9f:22:0b:36:f2:9c:00:54:82:27:
         ed:38:e6:3d:a7:be:6c:7a:93:73:32:f0:7a:75:88:a1:91:be:
         88:0d:47:27:31:77:9e:93:45:38:b9:8f:4c:23:cd:1e:7a:4b:
         56:f1:fe:d0:fe:17:a2:53:d2:c5:68:85:7e:54:58:56:2b:2e:
         e6:c1:43:29:d7:17:11:59:1e:a0:82:1a:59:4c:1f:f6:a0:56:
         f7:f1:1d:4f:40:16:5f:99:7d:f7:f0:b3:e4:c2:6e:d9:79:1b:
         86:34:60:d1:43:cc:da:24:5a:81:99:11:20:3c:1f:10:f7:ca:
         b1:f1:f2:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGTYUd7TeHeSdE7jLFS7dXLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMDZjYjZjY2NkMDllNzVlZDE5ZmMwNmZiNTkyNGNmMjdh
Mzk4YzMwHhcNMjQwODI3MTAyODMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2JhMmFhNjVkNmU5NTg2ZWMwYTBkMjg3MjI2ODk5NWFkNjJmYjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEbifjo+I2hQbcqW6CvwtO96Odpq
0oXEswvZ2MISjrtshsG0Z18DPwFZtrWR3HLgoY9LOFBTl0HWQP6DWAfm2g94d7fU
2eihkgL7GAK+MRe8irk9p8lwaSKQEDKvTEbUBgWzpf3Sjopf8ojUg1gDPuAwbixS
WA/emlJF4s7IXjoqm4MZxW03jGuH6sAbzjwyfEtAgATNcQbjf0kWIQKgRLJotyym
5T8sLgSZ5M6zZl8y4ceUK098yW3rgobiixt5u8iL/8RRIkSrgg6sQuTW+wmMI3UF
wWwyKbCkIIM7Sl1cAGUazHSDKjAc7xUDwjahIGVWg6GMbVuKRjO+xp3Z3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAy6KqZdbpWG7AoNKHImiZWtYvscMB8GA1UdIwQY
MBaAFCMGy2zM0J517Rn8BvtZJM8no5jDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXdiTGJNelFublh0R2Z3Ry0xa2t6eWVqbU1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC9kOWRkODItOWJiOS00ODRjLTgxY2It
ODNiZGNhZDAyMDQ3LzEvRExvcXBsMXVsWWJzQ2cwb2NpYUpsYTFpLXh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC9kOWRkODItOWJiOS00ODRjLTgxY2ItODNiZGNhZDAyMDQ3
LzEvSXdiTGJNelFublh0R2Z3Ry0xa2t6eWVqbU1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHgTMA0G
CSqGSIb3DQEBCwUAA4IBAQABsUcx/k5rltPsAaUy3wkXzWeH54WR5D4tu/ddkRqn
vf3TraCsh4GSV0XRWUupARjGWBIegJb3I172E92lh6NuFY0OEIcdisTo14RsVffP
SqDANyZgr5qZAFg1gVML+3fdSgefc4Bw2YGo7zA1+SwtKko68VHaImGg+4WZU5ow
bSTH3HBgcJ8iCzbynABUgiftOOY9p75sepNzMvB6dYihkb6IDUcnMXeek0U4uY9M
I80eektW8f7Q/heiU9LFaIV+VFhWKy7mwUMp1xcRWR6gghpZTB/2oFb38R1PQBZf
mX338LPkwm7ZeRuGNGDRQ8zaJFqBmREgPB8Q98qx8fKV
-----END CERTIFICATE-----