Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/eddabc-5135-4e4b-b411-1eba6ff77eac/1/tDZsyW3iTPAuDOXO7VMGk6VLL14.roa
File:                     tDZsyW3iTPAuDOXO7VMGk6VLL14.roa (raw, json)
Hash identifier:          3h+ZJt5W4MNfkrd5M4UIhgyRDobWLwbNau5FNRwwp7A=
Subject key identifier:   B4:36:6C:C9:6D:E2:4C:F0:2E:0C:E5:CE:ED:53:06:93:A5:4B:2F:5E
Certificate issuer:       /CN=3d4c7870193ddfcdb890b6647cc8b56c1196ff08
Certificate serial:       018CC64B507FE854A689C797A6F7D96453FF
Authority key identifier: 3D:4C:78:70:19:3D:DF:CD:B8:90:B6:64:7C:C8:B5:6C:11:96:FF:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PUx4cBk93824kLZkfMi1bBGW_wg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/eddabc-5135-4e4b-b411-1eba6ff77eac/1/tDZsyW3iTPAuDOXO7VMGk6VLL14.roa
Signing time:             Mon 01 Jan 2024 18:31:13 +0000
ROA not before:           Mon 01 Jan 2024 18:31:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34950
IP address blocks:        193.242.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/eddabc-5135-4e4b-b411-1eba6ff77eac/1/PUx4cBk93824kLZkfMi1bBGW_wg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/eddabc-5135-4e4b-b411-1eba6ff77eac/1/PUx4cBk93824kLZkfMi1bBGW_wg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PUx4cBk93824kLZkfMi1bBGW_wg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:50:7f:e8:54:a6:89:c7:97:a6:f7:d9:64:53:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d4c7870193ddfcdb890b6647cc8b56c1196ff08
        Validity
            Not Before: Jan  1 18:31:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4366cc96de24cf02e0ce5ceed530693a54b2f5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:9b:a1:51:d9:41:05:52:72:cf:23:ab:f1:f7:
                    43:e5:f8:ff:75:0d:1b:e4:c7:db:c3:65:1b:1e:53:
                    59:7f:8f:a2:ed:41:91:b9:5a:21:99:65:58:fb:74:
                    5c:c2:86:d7:89:5b:33:01:8d:b9:f8:46:e0:b8:7c:
                    38:83:16:99:39:50:6d:87:7c:0e:89:b1:42:b0:5a:
                    fd:e4:35:ac:0a:1e:70:a2:6b:29:7b:53:44:b3:3b:
                    e2:57:e7:57:af:dc:86:f6:b3:e1:cc:f7:0f:e5:fe:
                    16:bb:8b:7a:13:f4:27:05:d9:3c:77:3f:98:7f:f3:
                    f5:5a:51:ad:b8:6f:e0:c3:25:82:e8:f7:59:d9:e6:
                    7c:20:a6:30:09:03:52:36:f2:62:f3:88:31:30:33:
                    5d:61:fb:f1:c2:1e:30:15:af:cc:4a:c1:c8:41:bd:
                    b3:32:57:5e:04:49:ea:f7:ab:a8:ba:f3:3c:62:de:
                    25:d6:17:0c:76:a7:0d:ba:3d:d3:c6:b8:57:1e:e1:
                    1a:f0:7a:01:14:94:81:31:01:89:d7:e5:56:bd:19:
                    76:28:d3:43:70:91:3e:ad:72:80:5a:1f:68:0f:69:
                    92:59:fb:78:8f:7d:f6:b7:41:12:5f:58:a8:a0:cf:
                    e7:49:e1:d5:d7:fa:c0:70:71:ae:94:49:3a:88:a9:
                    3d:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:36:6C:C9:6D:E2:4C:F0:2E:0C:E5:CE:ED:53:06:93:A5:4B:2F:5E
            X509v3 Authority Key Identifier:
                keyid:3D:4C:78:70:19:3D:DF:CD:B8:90:B6:64:7C:C8:B5:6C:11:96:FF:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PUx4cBk93824kLZkfMi1bBGW_wg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/eddabc-5135-4e4b-b411-1eba6ff77eac/1/tDZsyW3iTPAuDOXO7VMGk6VLL14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/eddabc-5135-4e4b-b411-1eba6ff77eac/1/PUx4cBk93824kLZkfMi1bBGW_wg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.242.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:be:31:4f:8b:09:e8:6e:4a:91:09:ae:47:33:06:55:1d:82:
         84:17:4d:87:fa:5c:91:00:fc:b2:06:34:1b:06:08:bb:94:11:
         75:b5:6d:a6:cd:bf:03:66:a8:02:5a:20:e3:b4:2d:da:d4:d5:
         5a:11:65:05:77:40:73:40:52:69:ac:40:47:8c:2d:86:96:51:
         9d:e9:8b:3c:e4:75:68:29:6c:98:07:b7:2c:5a:b5:32:bd:2d:
         d5:07:b2:ae:34:7e:97:86:dc:c0:e6:95:b8:1a:87:50:e5:2a:
         af:b3:43:d1:ee:0e:78:11:06:dc:36:dc:40:cf:d4:21:70:47:
         2f:2f:ba:3e:f2:59:2d:6d:67:4c:37:73:dd:b1:d4:a1:89:d0:
         b7:22:26:56:70:d5:13:70:51:ad:20:c0:f1:53:ef:46:4b:29:
         85:84:8d:40:d8:e2:06:b6:2e:45:19:c9:0f:3d:50:2f:98:08:
         13:9d:a2:44:0a:a8:ef:89:26:56:4c:4f:b2:0f:ad:3f:be:b4:
         77:15:93:40:62:c2:0e:77:f2:32:ab:86:b5:7f:28:4f:8e:9e:
         ff:2d:d8:2b:9b:cb:10:c1:59:69:68:90:86:7c:fc:8c:8c:06:
         0f:65:4a:4f:e4:95:30:c4:eb:4f:47:81:b0:e5:a5:4d:65:09:
         0e:78:a4:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS1B/6FSmiceXpvfZZFP/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkNGM3ODcwMTkzZGRmY2RiODkwYjY2NDdjYzhiNTZjMTE5
NmZmMDgwHhcNMjQwMTAxMTgzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDM2NmNjOTZkZTI0Y2YwMmUwY2U1Y2VlZDUzMDY5M2E1NGIyZjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAypuhUdlBBVJyzyOr8fdD5fj/dQ0b
5Mfbw2UbHlNZf4+i7UGRuVohmWVY+3RcwobXiVszAY25+EbguHw4gxaZOVBth3wO
ibFCsFr95DWsCh5womspe1NEszviV+dXr9yG9rPhzPcP5f4Wu4t6E/QnBdk8dz+Y
f/P1WlGtuG/gwyWC6PdZ2eZ8IKYwCQNSNvJi84gxMDNdYfvxwh4wFa/MSsHIQb2z
MldeBEnq96uouvM8Yt4l1hcMdqcNuj3TxrhXHuEa8HoBFJSBMQGJ1+VWvRl2KNND
cJE+rXKAWh9oD2mSWft4j332t0ESX1iooM/nSeHV1/rAcHGulEk6iKk9QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLQ2bMlt4kzwLgzlzu1TBpOlSy9eMB8GA1UdIwQY
MBaAFD1MeHAZPd/NuJC2ZHzItWwRlv8IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFV4NGNCazkzODI0a0xaa2ZNaTFiQkdXX3dnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9lZGRhYmMtNTEzNS00ZTRiLWI0MTEt
MWViYTZmZjc3ZWFjLzEvdERac3lXM2lUUEF1RE9YTzdWTUdrNlZMTDE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9lZGRhYmMtNTEzNS00ZTRiLWI0MTEtMWViYTZmZjc3ZWFj
LzEvUFV4NGNCazkzODI0a0xaa2ZNaTFiQkdXX3dnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwfJnMA0G
CSqGSIb3DQEBCwUAA4IBAQAOvjFPiwnobkqRCa5HMwZVHYKEF02H+lyRAPyyBjQb
Bgi7lBF1tW2mzb8DZqgCWiDjtC3a1NVaEWUFd0BzQFJprEBHjC2GllGd6Ys85HVo
KWyYB7csWrUyvS3VB7KuNH6XhtzA5pW4GodQ5Sqvs0PR7g54EQbcNtxAz9QhcEcv
L7o+8lktbWdMN3PdsdShidC3IiZWcNUTcFGtIMDxU+9GSymFhI1A2OIGti5FGckP
PVAvmAgTnaJECqjviSZWTE+yD60/vrR3FZNAYsIOd/Iyq4a1fyhPjp7/Ldgrm8sQ
wVlpaJCGfPyMjAYPZUpP5JUwxOtPR4Gw5aVNZQkOeKRQ
-----END CERTIFICATE-----