Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/RwTI1gJ-LoNCw46UsSPR3zElEuo.roa
File:                     RwTI1gJ-LoNCw46UsSPR3zElEuo.roa (raw, json)
Hash identifier:          o5ptEAUwuxJ6PlP95oVyjRm4kuja4PvI9yRm8bS/4xQ=
Subject key identifier:   47:04:C8:D6:02:7E:2E:83:42:C3:8E:94:B1:23:D1:DF:31:25:12:EA
Certificate issuer:       /CN=1983b02e10ca821bfe1be6e751d92cf73d6d4c0b
Certificate serial:       0190076A228244606787776FA2F8971FAEAC
Authority key identifier: 19:83:B0:2E:10:CA:82:1B:FE:1B:E6:E7:51:D9:2C:F7:3D:6D:4C:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GYOwLhDKghv-G-bnUdks9z1tTAs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/RwTI1gJ-LoNCw46UsSPR3zElEuo.roa
Signing time:             Tue 11 Jun 2024 13:08:34 +0000
ROA not before:           Tue 11 Jun 2024 13:08:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35753
IP address blocks:        194.11.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/GYOwLhDKghv-G-bnUdks9z1tTAs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/GYOwLhDKghv-G-bnUdks9z1tTAs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GYOwLhDKghv-G-bnUdks9z1tTAs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:07:6a:22:82:44:60:67:87:77:6f:a2:f8:97:1f:ae:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1983b02e10ca821bfe1be6e751d92cf73d6d4c0b
        Validity
            Not Before: Jun 11 13:08:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4704c8d6027e2e8342c38e94b123d1df312512ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ac:57:0a:6e:06:9a:49:cd:0c:2c:1e:a8:dc:
                    eb:92:bf:ed:1b:a3:d9:ca:01:42:0c:38:66:96:dd:
                    a9:bf:55:db:18:92:79:31:9a:97:d3:33:2a:c1:c7:
                    f2:e3:61:da:55:a6:14:b0:eb:a5:3a:3e:52:de:cc:
                    b0:eb:8e:ac:a7:35:81:57:14:85:7c:d2:00:52:aa:
                    9e:75:5e:b3:9f:e9:99:7c:71:48:43:06:8e:5f:6b:
                    e1:7c:ed:33:5d:31:70:d4:d3:29:94:71:27:d8:45:
                    ca:c8:ce:8a:2d:5b:30:76:57:76:6f:70:bc:96:3d:
                    91:6c:4c:fa:52:4c:cb:2b:d4:2b:72:d5:e8:57:21:
                    09:c1:08:c2:01:7f:b5:b4:e1:cd:74:0c:f3:c6:df:
                    cc:8a:f0:a9:40:b8:a3:e9:d7:db:22:79:df:38:6b:
                    64:74:ba:95:0d:37:ff:6f:f1:3e:93:57:b1:ca:13:
                    bc:18:92:19:dd:18:65:f8:9e:b0:1c:8f:e2:59:f9:
                    a3:d5:a1:5f:03:3b:0c:91:3e:30:4f:22:5f:e6:7a:
                    69:7e:76:6f:36:fc:32:e5:85:de:ee:01:06:49:71:
                    f8:7d:69:e4:ae:01:5a:2c:ec:d4:33:81:66:ac:95:
                    0a:3b:61:de:d6:48:ce:80:63:62:f8:27:a5:49:05:
                    bb:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:04:C8:D6:02:7E:2E:83:42:C3:8E:94:B1:23:D1:DF:31:25:12:EA
            X509v3 Authority Key Identifier:
                keyid:19:83:B0:2E:10:CA:82:1B:FE:1B:E6:E7:51:D9:2C:F7:3D:6D:4C:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GYOwLhDKghv-G-bnUdks9z1tTAs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/RwTI1gJ-LoNCw46UsSPR3zElEuo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/GYOwLhDKghv-G-bnUdks9z1tTAs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.11.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:62:28:01:eb:a4:02:26:72:a6:77:32:39:24:76:8c:97:12:
         38:eb:e9:90:5c:1f:cc:9f:2f:87:ec:fc:51:bb:d0:cb:1b:47:
         b9:f8:e4:ed:d8:d9:21:d5:b7:08:b9:ea:c1:17:12:3d:ae:2c:
         84:37:63:9d:9f:c1:54:5a:cc:d8:4c:05:57:39:33:cd:92:d7:
         58:2c:81:af:43:98:e8:2a:3d:07:8a:e6:90:f2:3d:04:4b:20:
         39:ff:d8:7d:3c:00:ee:57:e9:92:32:b3:08:f4:02:7d:a3:1e:
         7e:08:61:88:dd:b1:74:86:75:9d:21:8d:06:ab:61:f0:e8:03:
         22:ae:1e:a7:4b:ff:40:21:8d:43:47:6c:6c:19:af:ac:85:8e:
         ea:f3:c3:19:2a:0e:04:4d:e2:ec:62:78:b1:57:db:85:bc:0b:
         02:6b:42:10:20:d5:59:48:da:7b:b5:2c:8c:ec:9a:e4:4e:19:
         89:c3:12:cb:5a:e7:bf:87:b8:70:7b:b0:cb:3a:b3:d5:45:4e:
         6d:22:04:a1:d0:b3:fe:5b:1e:0e:56:61:cd:12:70:29:f9:fd:
         fe:15:2d:23:25:70:95:c9:57:3a:b2:bb:a7:c8:f3:77:6b:8e:
         86:c7:65:d6:8e:ad:59:0e:14:0f:55:2b:09:eb:d1:32:cf:7a:
         af:12:4a:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAHaiKCRGBnh3dvoviXH66sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5ODNiMDJlMTBjYTgyMWJmZTFiZTZlNzUxZDkyY2Y3M2Q2
ZDRjMGIwHhcNMjQwNjExMTMwODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzA0YzhkNjAyN2UyZTgzNDJjMzhlOTRiMTIzZDFkZjMxMjUxMmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKxXCm4GmknNDCweqNzrkr/tG6PZ
ygFCDDhmlt2pv1XbGJJ5MZqX0zMqwcfy42HaVaYUsOulOj5S3syw646spzWBVxSF
fNIAUqqedV6zn+mZfHFIQwaOX2vhfO0zXTFw1NMplHEn2EXKyM6KLVswdld2b3C8
lj2RbEz6UkzLK9QrctXoVyEJwQjCAX+1tOHNdAzzxt/MivCpQLij6dfbInnfOGtk
dLqVDTf/b/E+k1exyhO8GJIZ3Rhl+J6wHI/iWfmj1aFfAzsMkT4wTyJf5nppfnZv
Nvwy5YXe7gEGSXH4fWnkrgFaLOzUM4FmrJUKO2He1kjOgGNi+CelSQW7fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEcEyNYCfi6DQsOOlLEj0d8xJRLqMB8GA1UdIwQY
MBaAFBmDsC4QyoIb/hvm51HZLPc9bUwLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1lPd0xoREtnaHYtRy1iblVka3M5ejF0VEFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8wOTZjMTctZGQ4My00MDU4LTgyZTEt
Y2RhMzYyNTYyOTZjLzEvUndUSTFnSi1Mb05DdzQ2VXNTUFIzekVsRXVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8wOTZjMTctZGQ4My00MDU4LTgyZTEtY2RhMzYyNTYyOTZj
LzEvR1lPd0xoREtnaHYtRy1iblVka3M5ejF0VEFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgv3MA0G
CSqGSIb3DQEBCwUAA4IBAQAmYigB66QCJnKmdzI5JHaMlxI46+mQXB/Mny+H7PxR
u9DLG0e5+OTt2Nkh1bcIuerBFxI9riyEN2Odn8FUWszYTAVXOTPNktdYLIGvQ5jo
Kj0HiuaQ8j0ESyA5/9h9PADuV+mSMrMI9AJ9ox5+CGGI3bF0hnWdIY0Gq2Hw6AMi
rh6nS/9AIY1DR2xsGa+shY7q88MZKg4ETeLsYnixV9uFvAsCa0IQINVZSNp7tSyM
7JrkThmJwxLLWue/h7hwe7DLOrPVRU5tIgSh0LP+Wx4OVmHNEnAp+f3+FS0jJXCV
yVc6srunyPN3a46Gx2XWjq1ZDhQPVSsJ69Eyz3qvEkrf
-----END CERTIFICATE-----