Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/087353-76a0-4068-96df-119c3e7479d9/1/DNDsnNE8m3OsLsqWfNUmsEXVq88.roa
File:                     DNDsnNE8m3OsLsqWfNUmsEXVq88.roa (raw, json)
Hash identifier:          bEFwc3jDfMDh3PDR0NA2GbhBc3TUZqHC65+4qu9Zkk0=
Subject key identifier:   0C:D0:EC:9C:D1:3C:9B:73:AC:2E:CA:96:7C:D5:26:B0:45:D5:AB:CF
Certificate issuer:       /CN=94848162892831add5a07d4302e7fcfff52f02fd
Certificate serial:       018CC26D4F93CF94DE1E7A482E5E2CF0B9FA
Authority key identifier: 94:84:81:62:89:28:31:AD:D5:A0:7D:43:02:E7:FC:FF:F5:2F:02:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lISBYokoMa3VoH1DAuf8__UvAv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/087353-76a0-4068-96df-119c3e7479d9/1/DNDsnNE8m3OsLsqWfNUmsEXVq88.roa
Signing time:             Mon 01 Jan 2024 00:29:52 +0000
ROA not before:           Mon 01 Jan 2024 00:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210463
IP address blocks:        146.19.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/087353-76a0-4068-96df-119c3e7479d9/1/lISBYokoMa3VoH1DAuf8__UvAv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/087353-76a0-4068-96df-119c3e7479d9/1/lISBYokoMa3VoH1DAuf8__UvAv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lISBYokoMa3VoH1DAuf8__UvAv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:4f:93:cf:94:de:1e:7a:48:2e:5e:2c:f0:b9:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94848162892831add5a07d4302e7fcfff52f02fd
        Validity
            Not Before: Jan  1 00:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0cd0ec9cd13c9b73ac2eca967cd526b045d5abcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:13:bc:26:3c:f4:af:65:a7:d4:26:81:aa:fa:
                    d3:ba:c4:95:e4:f0:fc:d3:ed:32:5b:64:c3:7a:28:
                    ab:2a:7a:4d:c3:10:b1:e5:b2:85:e3:0c:d5:64:50:
                    95:9e:94:4a:93:9d:57:39:d5:d0:bc:73:14:f1:84:
                    fc:3e:d7:05:bd:65:5c:b7:b7:42:fe:f2:8c:79:07:
                    31:52:0f:90:a3:bd:85:e6:a9:ad:eb:82:77:fb:41:
                    24:48:96:5e:a5:e8:a8:ed:bb:17:8e:5a:64:5d:7d:
                    61:d8:50:24:c6:37:55:aa:38:5d:57:36:65:8d:aa:
                    b4:8a:5e:b8:6a:dd:8a:00:bd:c0:3c:d5:90:ad:28:
                    2a:e4:ec:e9:86:8b:ff:2f:8e:7d:bc:a0:cf:47:95:
                    a3:df:37:52:c5:6f:2d:45:95:3a:e8:89:05:45:87:
                    67:0d:ae:4f:49:58:15:10:26:9b:d3:0c:29:1f:2b:
                    cb:52:70:60:99:16:f4:4f:ef:63:3b:5b:d3:cb:8f:
                    19:eb:6a:da:f7:b8:96:9f:5c:92:2e:69:c0:d7:8b:
                    b5:c1:dc:50:af:1b:b3:27:56:ba:e8:74:ed:94:a3:
                    58:99:61:89:4b:80:21:cd:3f:2d:51:d8:51:4b:61:
                    98:1f:d3:2c:c5:ee:ba:34:fc:af:46:08:e3:c0:43:
                    bb:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:D0:EC:9C:D1:3C:9B:73:AC:2E:CA:96:7C:D5:26:B0:45:D5:AB:CF
            X509v3 Authority Key Identifier:
                keyid:94:84:81:62:89:28:31:AD:D5:A0:7D:43:02:E7:FC:FF:F5:2F:02:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lISBYokoMa3VoH1DAuf8__UvAv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/087353-76a0-4068-96df-119c3e7479d9/1/DNDsnNE8m3OsLsqWfNUmsEXVq88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/087353-76a0-4068-96df-119c3e7479d9/1/lISBYokoMa3VoH1DAuf8__UvAv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:d1:fe:87:cb:10:8e:a3:af:48:eb:83:c3:5e:1e:de:53:46:
         95:6d:4d:e5:e6:32:db:db:5d:60:88:b7:5d:5d:53:17:e7:bc:
         65:27:20:a0:49:a5:68:f9:07:15:86:aa:84:fd:9f:0b:83:f1:
         57:a0:76:5c:f1:11:53:12:b3:04:ea:1f:43:a8:7f:0b:e6:af:
         e3:60:9a:59:8e:d9:9b:ae:82:5d:c2:2d:c7:c2:8b:b7:98:40:
         a7:59:43:bf:be:f7:97:64:94:aa:1d:e1:ab:42:69:89:85:f9:
         8c:8a:5a:0f:3b:5e:67:9a:88:9e:32:cf:b8:e2:57:f8:0d:a6:
         0b:a7:98:f6:f6:4c:d5:e2:3b:d1:45:df:59:2f:84:de:64:f2:
         fa:bb:32:04:b2:ad:bd:19:65:8f:cb:f3:3e:70:35:2d:c0:59:
         93:93:0e:27:cc:9c:e4:29:6c:39:4c:39:6c:cc:36:c6:3d:b0:
         01:83:d5:5c:da:f0:99:04:4b:a4:48:a6:92:9a:ac:af:e7:73:
         7a:b9:10:98:6d:ca:f2:1a:40:98:96:7a:0e:b0:5a:d5:36:06:
         00:27:20:6c:c6:ca:2c:c7:04:74:d6:0f:42:3c:60:3d:1a:ff:
         69:3d:8e:20:4b:83:56:13:77:52:67:2d:4f:a3:4e:fa:0b:e4:
         cf:81:ca:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbU+Tz5TeHnpILl4s8Ln6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0ODQ4MTYyODkyODMxYWRkNWEwN2Q0MzAyZTdmY2ZmZjUy
ZjAyZmQwHhcNMjQwMTAxMDAyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2QwZWM5Y2QxM2M5YjczYWMyZWNhOTY3Y2Q1MjZiMDQ1ZDVhYmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBO8Jjz0r2Wn1CaBqvrTusSV5PD8
0+0yW2TDeiirKnpNwxCx5bKF4wzVZFCVnpRKk51XOdXQvHMU8YT8PtcFvWVct7dC
/vKMeQcxUg+Qo72F5qmt64J3+0EkSJZepeio7bsXjlpkXX1h2FAkxjdVqjhdVzZl
jaq0il64at2KAL3APNWQrSgq5Ozphov/L459vKDPR5Wj3zdSxW8tRZU66IkFRYdn
Da5PSVgVECab0wwpHyvLUnBgmRb0T+9jO1vTy48Z62ra97iWn1ySLmnA14u1wdxQ
rxuzJ1a66HTtlKNYmWGJS4AhzT8tUdhRS2GYH9Msxe66NPyvRgjjwEO7nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAzQ7JzRPJtzrC7KlnzVJrBF1avPMB8GA1UdIwQY
MBaAFJSEgWKJKDGt1aB9QwLn/P/1LwL9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbElTQllva29NYTNWb0gxREF1ZjhfX1V2QXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC8wODczNTMtNzZhMC00MDY4LTk2ZGYt
MTE5YzNlNzQ3OWQ5LzEvRE5Ec25ORThtM09zTHNxV2ZOVW1zRVhWcTg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC8wODczNTMtNzZhMC00MDY4LTk2ZGYtMTE5YzNlNzQ3OWQ5
LzEvbElTQllva29NYTNWb0gxREF1ZjhfX1V2QXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhNNMA0G
CSqGSIb3DQEBCwUAA4IBAQAJ0f6HyxCOo69I64PDXh7eU0aVbU3l5jLb211giLdd
XVMX57xlJyCgSaVo+QcVhqqE/Z8Lg/FXoHZc8RFTErME6h9DqH8L5q/jYJpZjtmb
roJdwi3Hwou3mECnWUO/vveXZJSqHeGrQmmJhfmMiloPO15nmoieMs+44lf4DaYL
p5j29kzV4jvRRd9ZL4TeZPL6uzIEsq29GWWPy/M+cDUtwFmTkw4nzJzkKWw5TDls
zDbGPbABg9Vc2vCZBEukSKaSmqyv53N6uRCYbcryGkCYlnoOsFrVNgYAJyBsxsos
xwR01g9CPGA9Gv9pPY4gS4NWE3dSZy1Po076C+TPgcqc
-----END CERTIFICATE-----