Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/CfPD2Ywe52SwwYIKigoFO4bkGqI.roa
File:                     CfPD2Ywe52SwwYIKigoFO4bkGqI.roa (raw, json)
Hash identifier:          Lgv9brbbWb+EXuaGn/gL5ezQANJVuMnXmFWwfvw/Egs=
Subject key identifier:   09:F3:C3:D9:8C:1E:E7:64:B0:C1:82:0A:8A:0A:05:3B:86:E4:1A:A2
Certificate issuer:       /CN=0a37d807d4f7cdd3e0afe4abc8ee5a880c6090f1
Certificate serial:       018CC7275FE7FC7B0172733BDC19FBF683CC
Authority key identifier: 0A:37:D8:07:D4:F7:CD:D3:E0:AF:E4:AB:C8:EE:5A:88:0C:60:90:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CjfYB9T3zdPgr-SryO5aiAxgkPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/CfPD2Ywe52SwwYIKigoFO4bkGqI.roa
Signing time:             Mon 01 Jan 2024 22:31:35 +0000
ROA not before:           Mon 01 Jan 2024 22:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     10429
IP address blocks:        192.109.147.0/24 maxlen: 24
                          2a07:8143::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/CjfYB9T3zdPgr-SryO5aiAxgkPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/CjfYB9T3zdPgr-SryO5aiAxgkPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CjfYB9T3zdPgr-SryO5aiAxgkPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 19:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:5f:e7:fc:7b:01:72:73:3b:dc:19:fb:f6:83:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a37d807d4f7cdd3e0afe4abc8ee5a880c6090f1
        Validity
            Not Before: Jan  1 22:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=09f3c3d98c1ee764b0c1820a8a0a053b86e41aa2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:c9:c6:d0:c6:da:c9:bd:9c:83:dc:53:8b:94:
                    4f:eb:24:bf:67:7c:8b:06:28:46:b6:22:c5:04:e3:
                    fd:f5:58:b3:33:bc:82:2e:68:11:2b:2a:50:86:ef:
                    1d:d4:87:31:bb:c2:90:5a:0b:1e:ba:c8:0e:b4:89:
                    2d:78:20:87:d2:bc:5e:71:bb:23:53:a9:6c:42:ee:
                    08:4a:5c:e9:b7:cd:5b:f9:15:f4:1f:76:54:c5:dc:
                    c2:d2:13:21:5a:15:4d:98:7a:1c:7f:7a:95:28:04:
                    56:55:5b:67:38:77:28:67:99:37:bd:24:cb:d7:41:
                    8d:8d:bc:16:30:c3:bd:ae:ef:6c:c1:b4:1a:a1:fa:
                    77:56:a2:32:b9:05:cc:4c:81:4e:0a:2f:fe:2f:86:
                    4c:b4:66:2e:48:70:4a:e4:f2:4b:fe:d2:ff:89:69:
                    52:b7:25:cc:28:99:82:69:57:26:6c:7f:d8:e4:ac:
                    51:22:f0:d2:69:a6:dc:a2:05:06:47:8f:2f:c1:a2:
                    9b:a3:d7:1a:35:ee:5a:23:46:f3:6c:03:71:ad:c2:
                    64:af:c5:bf:ca:19:8a:88:f3:7c:a9:cd:90:20:9b:
                    19:e0:e0:0e:bd:68:ea:b6:db:2d:2a:2d:a4:e9:e5:
                    76:fe:29:25:e2:66:57:b7:30:84:7b:34:6f:f5:42:
                    85:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:F3:C3:D9:8C:1E:E7:64:B0:C1:82:0A:8A:0A:05:3B:86:E4:1A:A2
            X509v3 Authority Key Identifier:
                keyid:0A:37:D8:07:D4:F7:CD:D3:E0:AF:E4:AB:C8:EE:5A:88:0C:60:90:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CjfYB9T3zdPgr-SryO5aiAxgkPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/CfPD2Ywe52SwwYIKigoFO4bkGqI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/CjfYB9T3zdPgr-SryO5aiAxgkPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.147.0/24
                IPv6:
                  2a07:8143::/36

    Signature Algorithm: sha256WithRSAEncryption
         77:76:ac:e7:71:be:45:6e:b8:eb:ec:aa:ca:8b:13:78:db:82:
         ec:ae:b0:75:a9:b1:ac:e6:a2:d8:d8:7f:7c:e6:92:92:b0:fc:
         c6:8f:b0:40:e0:89:2d:22:7f:d8:0f:b1:56:b7:1f:1f:1e:02:
         de:f0:0e:fb:73:1d:d2:ec:e6:20:2a:ea:94:24:7b:c3:99:29:
         6f:64:2f:41:6e:3c:78:c1:32:c9:32:9e:14:b5:51:a3:7c:ec:
         80:e7:a7:f7:33:86:0c:0c:b4:5a:b2:4b:fb:de:10:0d:c5:39:
         e9:c1:a2:82:f7:ea:8e:59:2b:16:e6:39:10:ea:4d:c5:ff:5e:
         69:f5:4d:f6:64:5a:33:97:5a:83:a5:06:09:17:00:69:a9:37:
         2a:d5:6f:c2:68:e0:5e:50:5d:ea:63:dc:e2:12:4b:d2:74:cc:
         90:7b:91:47:e5:13:0a:fa:5c:99:30:fa:89:1a:7c:cf:43:d2:
         92:8d:08:7f:3f:bb:06:80:7e:aa:cf:97:78:de:14:4c:d3:b0:
         b1:e9:23:69:c2:93:ff:0e:31:df:1c:89:38:5f:9f:6d:c1:1b:
         86:61:1e:4f:24:4b:b3:a7:7c:ea:e0:9f:79:99:14:f8:f4:2b:
         e4:6b:23:e3:ba:d1:11:e0:6d:29:d7:f9:87:dc:27:80:cd:a7:
         3f:78:3e:33
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzHJ1/n/HsBcnM73Bn79oPMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMzdkODA3ZDRmN2NkZDNlMGFmZTRhYmM4ZWU1YTg4MGM2
MDkwZjEwHhcNMjQwMTAxMjIzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWYzYzNkOThjMWVlNzY0YjBjMTgyMGE4YTBhMDUzYjg2ZTQxYWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA88nG0Mbayb2cg9xTi5RP6yS/Z3yL
BihGtiLFBOP99VizM7yCLmgRKypQhu8d1Icxu8KQWgseusgOtIkteCCH0rxecbsj
U6lsQu4ISlzpt81b+RX0H3ZUxdzC0hMhWhVNmHocf3qVKARWVVtnOHcoZ5k3vSTL
10GNjbwWMMO9ru9swbQaofp3VqIyuQXMTIFOCi/+L4ZMtGYuSHBK5PJL/tL/iWlS
tyXMKJmCaVcmbH/Y5KxRIvDSaabcogUGR48vwaKbo9caNe5aI0bzbANxrcJkr8W/
yhmKiPN8qc2QIJsZ4OAOvWjqttstKi2k6eV2/ikl4mZXtzCEezRv9UKFEwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFAnzw9mMHudksMGCCooKBTuG5BqiMB8GA1UdIwQY
MBaAFAo32AfU983T4K/kq8juWogMYJDxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2pmWUI5VDN6ZFBnci1TcnlPNWFpQXhna1BFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9iYzI2OGQtNjFmMC00NzFmLWFhYjkt
ODAwZWRhMmNmYjM2LzEvQ2ZQRDJZd2U1MlN3d1lJS2lnb0ZPNGJrR3FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9iYzI2OGQtNjFmMC00NzFmLWFhYjktODAwZWRhMmNmYjM2
LzEvQ2pmWUI5VDN6ZFBnci1TcnlPNWFpQXhna1BFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAwG2TMA4E
AgACMAgDBgQqB4FDADANBgkqhkiG9w0BAQsFAAOCAQEAd3as53G+RW646+yqyosT
eNuC7K6wdamxrOai2Nh/fOaSkrD8xo+wQOCJLSJ/2A+xVrcfHx4C3vAO+3Md0uzm
ICrqlCR7w5kpb2QvQW48eMEyyTKeFLVRo3zsgOen9zOGDAy0WrJL+94QDcU56cGi
gvfqjlkrFuY5EOpNxf9eafVN9mRaM5dag6UGCRcAaak3KtVvwmjgXlBd6mPc4hJL
0nTMkHuRR+UTCvpcmTD6iRp8z0PSko0Ifz+7BoB+qs+XeN4UTNOwsekjacKT/w4x
3xyJOF+fbcEbhmEeTyRLs6d86uCfeZkU+PQr5Gsj47rREeBtKdf5h9wngM2nP3g+
Mw==
-----END CERTIFICATE-----