Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/a41c6d-f142-4c25-8997-63fae389a4db/1/1-JdTPkn31C9whIB_F2Gg7blK6dE.roa
File:                     1-JdTPkn31C9whIB_F2Gg7blK6dE.roa (raw, json)
Hash identifier:          eFr+hwCRwNacOnfgognhWu/gnye8/oQpo0wIyqVNgBk=
Subject key identifier:   F8:97:53:3E:49:F7:D4:2F:70:84:80:7F:17:61:A0:ED:B9:4A:E9:D1
Certificate issuer:       /CN=5701528c2a2e2c46913c0b28ca3570f3880f1a56
Certificate serial:       018CC2DB55AF086884030CEAA3A38449A60A
Authority key identifier: 57:01:52:8C:2A:2E:2C:46:91:3C:0B:28:CA:35:70:F3:88:0F:1A:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VwFSjCouLEaRPAsoyjVw84gPGlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/a41c6d-f142-4c25-8997-63fae389a4db/1/1-JdTPkn31C9whIB_F2Gg7blK6dE.roa
Signing time:             Mon 01 Jan 2024 02:30:03 +0000
ROA not before:           Mon 01 Jan 2024 02:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33813
IP address blocks:        193.242.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/a41c6d-f142-4c25-8997-63fae389a4db/1/VwFSjCouLEaRPAsoyjVw84gPGlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/a41c6d-f142-4c25-8997-63fae389a4db/1/VwFSjCouLEaRPAsoyjVw84gPGlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VwFSjCouLEaRPAsoyjVw84gPGlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:55:af:08:68:84:03:0c:ea:a3:a3:84:49:a6:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5701528c2a2e2c46913c0b28ca3570f3880f1a56
        Validity
            Not Before: Jan  1 02:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f897533e49f7d42f7084807f1761a0edb94ae9d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:5b:2c:7d:51:8d:5e:5e:24:56:40:47:1f:c5:
                    19:7f:c3:63:94:fe:e8:9a:1d:3b:aa:c1:54:63:a0:
                    9a:bf:00:a1:01:70:20:4d:84:3c:80:7e:ff:19:62:
                    e2:23:cf:61:66:85:b3:c3:a7:52:09:94:22:e9:36:
                    25:d8:6f:cc:66:66:d8:cc:9f:7c:ac:89:2a:80:b4:
                    29:01:33:19:8f:dd:58:eb:db:cb:35:63:7d:cd:09:
                    23:a8:b6:9d:4b:f9:51:4c:d2:ff:70:6e:dd:69:63:
                    44:2d:48:7d:7d:6d:68:c8:90:de:3a:c3:ad:8b:fe:
                    78:88:c7:04:9a:cf:75:85:fc:f6:f8:b3:56:77:df:
                    02:b5:d2:f9:00:a4:74:38:d7:3c:4e:68:d8:5b:5c:
                    62:25:7d:8f:81:a2:f8:04:17:31:6f:96:94:8b:c5:
                    99:55:f1:2a:88:64:02:a8:3a:1b:42:52:a5:4e:9c:
                    91:4a:e6:55:e1:01:ee:4a:a4:55:bc:ae:d2:e9:f9:
                    0b:c8:f2:49:8a:39:35:fb:01:20:3f:07:d8:db:af:
                    a1:1e:65:dd:be:0f:4d:0d:65:64:7d:46:23:48:e5:
                    3a:48:e8:75:1a:f6:09:99:93:e1:fe:0f:f7:a4:28:
                    dd:d6:74:0c:d9:5d:31:9d:96:21:1d:ff:cc:23:53:
                    10:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:97:53:3E:49:F7:D4:2F:70:84:80:7F:17:61:A0:ED:B9:4A:E9:D1
            X509v3 Authority Key Identifier:
                keyid:57:01:52:8C:2A:2E:2C:46:91:3C:0B:28:CA:35:70:F3:88:0F:1A:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VwFSjCouLEaRPAsoyjVw84gPGlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/a41c6d-f142-4c25-8997-63fae389a4db/1/1-JdTPkn31C9whIB_F2Gg7blK6dE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/a41c6d-f142-4c25-8997-63fae389a4db/1/VwFSjCouLEaRPAsoyjVw84gPGlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.242.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:b1:35:ab:40:b3:2d:79:f7:e2:e8:61:96:50:77:b5:fb:ff:
         a8:d1:82:45:2a:9d:29:a2:ed:fe:76:08:5e:fc:19:8a:a7:d8:
         27:9e:f7:be:37:d8:cd:6f:a0:cf:6e:00:db:89:af:82:59:3b:
         9b:7f:f3:86:d3:3c:74:42:b6:db:b9:ae:e8:22:cf:4b:0f:2a:
         0d:a0:48:0e:63:16:f7:3d:fd:2a:3a:63:0f:f6:41:c6:09:5b:
         c6:f6:c9:13:55:f0:d0:96:e3:2f:aa:12:fa:28:29:b5:e9:2d:
         25:fe:61:6c:15:f3:6f:33:ee:84:d0:4d:8f:c9:ee:d9:91:2a:
         5f:59:d8:7e:ba:02:c2:a4:7b:0d:11:95:b6:35:c6:72:ed:23:
         78:80:6d:c7:6f:b5:dd:8a:d3:8d:56:6b:2e:a6:d7:f0:e2:a4:
         d5:82:03:d3:90:f0:8a:1f:49:2e:0d:67:ab:a7:18:e0:ac:7f:
         6d:cf:ac:e9:d6:33:80:8e:bd:fc:8d:05:de:27:96:3a:2c:33:
         4a:2c:1b:68:2e:11:f8:d8:11:59:8b:fb:91:fd:46:64:21:6e:
         59:7d:b7:3b:2e:63:26:84:9c:fe:58:37:a9:81:5d:44:cd:a0:
         ab:58:6f:9b:df:de:03:ff:93:cf:a9:7a:b4:79:ec:cd:ac:89:
         a6:55:d7:c7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzC21WvCGiEAwzqo6OESaYKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MDE1MjhjMmEyZTJjNDY5MTNjMGIyOGNhMzU3MGYzODgw
ZjFhNTYwHhcNMjQwMTAxMDIzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODk3NTMzZTQ5ZjdkNDJmNzA4NDgwN2YxNzYxYTBlZGI5NGFlOWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAklssfVGNXl4kVkBHH8UZf8NjlP7o
mh07qsFUY6CavwChAXAgTYQ8gH7/GWLiI89hZoWzw6dSCZQi6TYl2G/MZmbYzJ98
rIkqgLQpATMZj91Y69vLNWN9zQkjqLadS/lRTNL/cG7daWNELUh9fW1oyJDeOsOt
i/54iMcEms91hfz2+LNWd98CtdL5AKR0ONc8TmjYW1xiJX2PgaL4BBcxb5aUi8WZ
VfEqiGQCqDobQlKlTpyRSuZV4QHuSqRVvK7S6fkLyPJJijk1+wEgPwfY26+hHmXd
vg9NDWVkfUYjSOU6SOh1GvYJmZPh/g/3pCjd1nQM2V0xnZYhHf/MI1MQgwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPiXUz5J99QvcISAfxdhoO25SunRMB8GA1UdIwQY
MBaAFFcBUowqLixGkTwLKMo1cPOIDxpWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVndGU2pDb3VMRWFSUEFzb3lqVnc4NGdQR2xZLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9hNDFjNmQtZjE0Mi00YzI1LTg5OTct
NjNmYWUzODlhNGRiLzEvMS1KZFRQa24zMUM5d2hJQl9GMkdnN2JsSzZkRS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOGEvYTQxYzZkLWYxNDItNGMyNS04OTk3LTYzZmFlMzg5YTRk
Yi8xL1Z3RlNqQ291TEVhUlBBc295alZ3ODRnUEdsWS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMHyfDAN
BgkqhkiG9w0BAQsFAAOCAQEARLE1q0CzLXn34uhhllB3tfv/qNGCRSqdKaLt/nYI
XvwZiqfYJ573vjfYzW+gz24A24mvglk7m3/zhtM8dEK227mu6CLPSw8qDaBIDmMW
9z39KjpjD/ZBxglbxvbJE1Xw0JbjL6oS+igptektJf5hbBXzbzPuhNBNj8nu2ZEq
X1nYfroCwqR7DRGVtjXGcu0jeIBtx2+13YrTjVZrLqbX8OKk1YID05Dwih9JLg1n
q6cY4Kx/bc+s6dYzgI69/I0F3ieWOiwzSiwbaC4R+NgRWYv7kf1GZCFuWX23Oy5j
JoSc/lg3qYFdRM2gq1hvm9/eA/+Tz6l6tHnszayJplXXxw==
-----END CERTIFICATE-----