Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/jKw9wlCZX_ZgExEAKB2Z2YwQCbM.roa
File:                     jKw9wlCZX_ZgExEAKB2Z2YwQCbM.roa (raw, json)
Hash identifier:          Q4XoqGAPJEbIHxQlXl+ypusCab1NG/zKhk1rAfUOhf8=
Subject key identifier:   8C:AC:3D:C2:50:99:5F:F6:60:13:11:00:28:1D:99:D9:8C:10:09:B3
Certificate issuer:       /CN=1983b02e10ca821bfe1be6e751d92cf73d6d4c0b
Certificate serial:       018CC7937BB7B5DD0526794EA11491653B15
Authority key identifier: 19:83:B0:2E:10:CA:82:1B:FE:1B:E6:E7:51:D9:2C:F7:3D:6D:4C:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GYOwLhDKghv-G-bnUdks9z1tTAs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/jKw9wlCZX_ZgExEAKB2Z2YwQCbM.roa
Signing time:             Tue 02 Jan 2024 00:29:40 +0000
ROA not before:           Tue 02 Jan 2024 00:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208472
IP address blocks:        194.11.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/GYOwLhDKghv-G-bnUdks9z1tTAs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/GYOwLhDKghv-G-bnUdks9z1tTAs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GYOwLhDKghv-G-bnUdks9z1tTAs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:7b:b7:b5:dd:05:26:79:4e:a1:14:91:65:3b:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1983b02e10ca821bfe1be6e751d92cf73d6d4c0b
        Validity
            Not Before: Jan  2 00:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8cac3dc250995ff660131100281d99d98c1009b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:31:ed:9e:d8:b7:86:d2:fa:78:75:72:57:fe:
                    d1:6a:14:94:00:71:f3:38:1e:1d:e1:d6:32:45:2a:
                    61:c3:04:7c:5c:42:ad:5d:02:c4:bd:af:37:bc:18:
                    c4:b8:88:b6:e8:a0:46:ed:75:fe:7d:d4:1e:7a:1b:
                    a3:96:e1:53:31:01:5b:14:ee:da:c0:0e:75:56:61:
                    ab:74:67:46:3b:b1:ea:cd:83:12:58:b8:d8:f2:a4:
                    e4:84:bf:78:a8:a8:25:ad:17:86:a0:6c:60:d5:d6:
                    61:fd:95:88:4f:44:2e:a4:3f:88:eb:84:6c:29:a0:
                    37:12:a2:6f:92:78:5b:05:3b:c5:e8:2c:5a:e9:90:
                    ae:77:27:e8:00:d7:1b:22:c2:76:bb:42:d3:83:d2:
                    23:a1:f1:55:64:67:d4:aa:5b:e9:a6:c5:47:bf:c5:
                    bb:aa:52:c0:38:8c:22:9d:d6:99:77:03:42:b5:bf:
                    41:05:b6:10:ce:8b:80:f2:a9:13:80:8c:b2:68:fb:
                    b9:c5:58:b7:ce:9e:a7:e2:a2:1f:9b:9e:c9:dc:3a:
                    26:d8:71:b0:a6:fc:9c:46:c1:a2:bd:87:89:12:23:
                    b5:54:46:fe:b6:a5:56:c8:c5:f5:81:23:ba:43:8c:
                    3d:14:24:bc:c5:da:cd:fe:f4:00:3a:4c:bc:1d:4a:
                    9e:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:AC:3D:C2:50:99:5F:F6:60:13:11:00:28:1D:99:D9:8C:10:09:B3
            X509v3 Authority Key Identifier:
                keyid:19:83:B0:2E:10:CA:82:1B:FE:1B:E6:E7:51:D9:2C:F7:3D:6D:4C:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GYOwLhDKghv-G-bnUdks9z1tTAs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/jKw9wlCZX_ZgExEAKB2Z2YwQCbM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/GYOwLhDKghv-G-bnUdks9z1tTAs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.11.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:b5:bc:39:5c:95:cc:26:49:35:4b:b7:58:86:61:83:19:d1:
         96:22:5c:71:ac:f0:09:d4:12:9e:cc:d8:a0:14:64:55:74:10:
         b7:5a:5a:fa:ba:42:ca:3c:d2:a0:80:6e:94:82:0e:0c:61:fd:
         bd:da:3a:32:a9:64:13:e1:7e:3d:62:11:ce:74:4b:00:03:dc:
         09:fa:17:ee:80:5b:0f:34:87:8f:78:ce:e6:fa:10:b2:30:df:
         53:88:1c:88:b0:a0:96:f4:10:b0:c3:da:60:12:e1:c0:19:fd:
         84:d1:1a:21:4f:bc:86:69:d7:ca:bc:97:82:c2:ef:d8:ff:0a:
         45:2e:44:00:76:62:1d:65:e1:a7:10:06:a0:12:de:09:94:ea:
         4a:f4:3a:7c:af:9a:d2:e1:2a:0b:8e:7f:c5:9d:5d:42:a6:87:
         c7:94:7b:b4:97:26:b7:4b:56:9f:18:23:83:ed:3c:7d:86:7d:
         e2:6f:44:10:48:f1:d4:83:3c:92:32:8f:16:6f:fa:4d:a2:3f:
         a5:dc:ee:f6:81:d4:83:c7:77:a0:aa:f8:39:a2:6d:12:f3:11:
         ed:10:6c:ca:a4:20:30:9a:ae:90:de:1f:00:a5:b5:62:89:e6:
         ad:ac:7d:91:dd:7b:76:c5:81:1a:da:bd:ef:5e:6b:ba:29:68:
         ca:76:65:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk3u3td0FJnlOoRSRZTsVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5ODNiMDJlMTBjYTgyMWJmZTFiZTZlNzUxZDkyY2Y3M2Q2
ZDRjMGIwHhcNMjQwMTAyMDAyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2FjM2RjMjUwOTk1ZmY2NjAxMzExMDAyODFkOTlkOThjMTAwOWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTHtnti3htL6eHVyV/7RahSUAHHz
OB4d4dYyRSphwwR8XEKtXQLEva83vBjEuIi26KBG7XX+fdQeehujluFTMQFbFO7a
wA51VmGrdGdGO7HqzYMSWLjY8qTkhL94qKglrReGoGxg1dZh/ZWIT0QupD+I64Rs
KaA3EqJvknhbBTvF6Cxa6ZCudyfoANcbIsJ2u0LTg9IjofFVZGfUqlvppsVHv8W7
qlLAOIwindaZdwNCtb9BBbYQzouA8qkTgIyyaPu5xVi3zp6n4qIfm57J3Dom2HGw
pvycRsGivYeJEiO1VEb+tqVWyMX1gSO6Q4w9FCS8xdrN/vQAOky8HUqepwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIysPcJQmV/2YBMRACgdmdmMEAmzMB8GA1UdIwQY
MBaAFBmDsC4QyoIb/hvm51HZLPc9bUwLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1lPd0xoREtnaHYtRy1iblVka3M5ejF0VEFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8wOTZjMTctZGQ4My00MDU4LTgyZTEt
Y2RhMzYyNTYyOTZjLzEvakt3OXdsQ1pYX1pnRXhFQUtCMloyWXdRQ2JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8wOTZjMTctZGQ4My00MDU4LTgyZTEtY2RhMzYyNTYyOTZj
LzEvR1lPd0xoREtnaHYtRy1iblVka3M5ejF0VEFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgv3MA0G
CSqGSIb3DQEBCwUAA4IBAQBttbw5XJXMJkk1S7dYhmGDGdGWIlxxrPAJ1BKezNig
FGRVdBC3Wlr6ukLKPNKggG6Ugg4MYf292joyqWQT4X49YhHOdEsAA9wJ+hfugFsP
NIePeM7m+hCyMN9TiByIsKCW9BCww9pgEuHAGf2E0RohT7yGadfKvJeCwu/Y/wpF
LkQAdmIdZeGnEAagEt4JlOpK9Dp8r5rS4SoLjn/FnV1CpofHlHu0lya3S1afGCOD
7Tx9hn3ib0QQSPHUgzySMo8Wb/pNoj+l3O72gdSDx3egqvg5om0S8xHtEGzKpCAw
mq6Q3h8ApbViieatrH2R3Xt2xYEa2r3vXmu6KWjKdmV0
-----END CERTIFICATE-----