Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/ca2a80-1d90-4823-b3f1-4e284cff0799/1/DFX1gCZPVSAEn2RJ9Mnxxf6duWk.roa
File:                     DFX1gCZPVSAEn2RJ9Mnxxf6duWk.roa (raw, json)
Hash identifier:          /ayc7rC7DZ77GR1wC/ehXy8h8SgjYnKf+mVfBOGjtF0=
Subject key identifier:   0C:55:F5:80:26:4F:55:20:04:9F:64:49:F4:C9:F1:C5:FE:9D:B9:69
Certificate issuer:       /CN=e675da09cd3aeb4c937c63f535f33fd57d0c2191
Certificate serial:       018CC7275F0F6206BFC609AAF59CCDC77FE4
Authority key identifier: E6:75:DA:09:CD:3A:EB:4C:93:7C:63:F5:35:F3:3F:D5:7D:0C:21:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5nXaCc0660yTfGP1NfM_1X0MIZE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/ca2a80-1d90-4823-b3f1-4e284cff0799/1/DFX1gCZPVSAEn2RJ9Mnxxf6duWk.roa
Signing time:             Mon 01 Jan 2024 22:31:35 +0000
ROA not before:           Mon 01 Jan 2024 22:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42876
IP address blocks:        193.47.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/ca2a80-1d90-4823-b3f1-4e284cff0799/1/5nXaCc0660yTfGP1NfM_1X0MIZE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/ca2a80-1d90-4823-b3f1-4e284cff0799/1/5nXaCc0660yTfGP1NfM_1X0MIZE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5nXaCc0660yTfGP1NfM_1X0MIZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:5f:0f:62:06:bf:c6:09:aa:f5:9c:cd:c7:7f:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e675da09cd3aeb4c937c63f535f33fd57d0c2191
        Validity
            Not Before: Jan  1 22:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c55f580264f5520049f6449f4c9f1c5fe9db969
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:1c:6f:f2:c2:e9:99:cb:7b:41:ab:ec:ad:aa:
                    b8:aa:4b:d9:fb:ed:2d:50:05:9b:76:af:45:73:63:
                    e6:3e:b8:85:04:91:f2:ea:ba:a7:b5:95:4a:2d:ea:
                    05:ef:c1:11:dc:c6:ee:1d:c4:47:2a:7e:52:a0:60:
                    1f:ee:3b:34:de:ec:f7:1e:8d:11:a2:f8:3f:74:da:
                    b8:54:3e:d5:02:c3:d2:72:f5:c7:84:86:79:eb:00:
                    0e:f3:19:b3:4f:42:c1:92:fb:82:db:3c:e3:70:fe:
                    64:fe:f4:fa:2a:fb:0f:3b:69:57:f7:2e:b3:17:61:
                    8f:85:da:85:ea:a0:89:2e:9a:d0:84:fc:04:68:45:
                    b1:e6:52:23:c8:13:78:90:4d:81:2f:70:12:37:da:
                    e0:cc:27:52:e9:d0:6a:c5:28:16:25:6b:6e:09:cb:
                    b9:16:10:57:66:59:77:6e:f8:9d:68:93:5b:11:c9:
                    5f:79:b1:cd:02:17:9f:f5:7e:4a:63:6b:57:c9:48:
                    6e:da:71:c9:ef:04:a1:1d:dd:89:58:05:e1:e0:e9:
                    28:03:89:ac:b2:28:21:ea:99:9e:0b:3d:42:4f:28:
                    44:4e:51:2b:b7:5f:1b:60:83:2c:2e:e4:d9:2d:ee:
                    d7:46:c2:4d:34:4c:0e:42:4b:62:05:b0:25:55:cf:
                    1a:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:55:F5:80:26:4F:55:20:04:9F:64:49:F4:C9:F1:C5:FE:9D:B9:69
            X509v3 Authority Key Identifier:
                keyid:E6:75:DA:09:CD:3A:EB:4C:93:7C:63:F5:35:F3:3F:D5:7D:0C:21:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5nXaCc0660yTfGP1NfM_1X0MIZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/ca2a80-1d90-4823-b3f1-4e284cff0799/1/DFX1gCZPVSAEn2RJ9Mnxxf6duWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/ca2a80-1d90-4823-b3f1-4e284cff0799/1/5nXaCc0660yTfGP1NfM_1X0MIZE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.47.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:41:e5:1c:f7:db:57:61:cd:2e:a0:c0:44:f4:c1:61:5d:2c:
         2c:34:83:8a:19:5d:74:72:b6:43:cf:30:fc:ab:3c:29:d2:ec:
         5b:47:12:a8:d9:64:76:03:22:da:09:66:af:6e:b6:18:53:68:
         7b:ad:0f:58:2e:be:92:54:2e:72:6c:ea:9f:7a:43:82:8e:9b:
         1a:43:51:38:fc:21:7b:eb:5c:53:56:3d:a6:82:32:57:ee:b7:
         0c:03:4f:d7:e6:76:c4:64:d2:63:83:85:6a:fd:14:06:98:36:
         74:18:6f:a7:b5:19:cf:a1:ad:04:7b:f6:b2:0e:f3:a9:82:6c:
         f2:7c:d6:07:62:d2:dd:82:3c:a7:fd:f2:b4:a6:2c:30:9e:f9:
         a1:56:77:1b:4f:ad:0d:48:10:80:f3:28:21:1b:a4:81:c1:10:
         5b:00:f5:58:de:2b:26:11:07:c6:f8:05:93:e7:7f:01:a2:8b:
         b2:a4:c8:e1:7c:86:88:af:05:78:37:0d:b5:ae:c1:4e:21:62:
         fa:62:ff:81:c2:4b:04:b0:ca:7b:7b:61:1a:df:aa:41:72:85:
         1e:62:b3:bd:db:46:3e:02:9a:7e:8c:cf:6a:53:2c:1f:14:36:
         4c:65:15:22:e9:4c:42:f5:23:34:ab:c4:a4:c4:9f:c6:73:c2:
         c1:3d:2b:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ18PYga/xgmq9ZzNx3/kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2NzVkYTA5Y2QzYWViNGM5MzdjNjNmNTM1ZjMzZmQ1N2Qw
YzIxOTEwHhcNMjQwMTAxMjIzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzU1ZjU4MDI2NGY1NTIwMDQ5ZjY0NDlmNGM5ZjFjNWZlOWRiOTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhRxv8sLpmct7Qavsraq4qkvZ++0t
UAWbdq9Fc2PmPriFBJHy6rqntZVKLeoF78ER3MbuHcRHKn5SoGAf7js03uz3Ho0R
ovg/dNq4VD7VAsPScvXHhIZ56wAO8xmzT0LBkvuC2zzjcP5k/vT6KvsPO2lX9y6z
F2GPhdqF6qCJLprQhPwEaEWx5lIjyBN4kE2BL3ASN9rgzCdS6dBqxSgWJWtuCcu5
FhBXZll3bvidaJNbEclfebHNAhef9X5KY2tXyUhu2nHJ7wShHd2JWAXh4OkoA4ms
sigh6pmeCz1CTyhETlErt18bYIMsLuTZLe7XRsJNNEwOQktiBbAlVc8aXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAxV9YAmT1UgBJ9kSfTJ8cX+nblpMB8GA1UdIwQY
MBaAFOZ12gnNOutMk3xj9TXzP9V9DCGRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNW5YYUNjMDY2MHlUZkdQMU5mTV8xWDBNSVpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9jYTJhODAtMWQ5MC00ODIzLWIzZjEt
NGUyODRjZmYwNzk5LzEvREZYMWdDWlBWU0FFbjJSSjlNbnh4ZjZkdVdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9jYTJhODAtMWQ5MC00ODIzLWIzZjEtNGUyODRjZmYwNzk5
LzEvNW5YYUNjMDY2MHlUZkdQMU5mTV8xWDBNSVpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwS+6MA0G
CSqGSIb3DQEBCwUAA4IBAQCGQeUc99tXYc0uoMBE9MFhXSwsNIOKGV10crZDzzD8
qzwp0uxbRxKo2WR2AyLaCWavbrYYU2h7rQ9YLr6SVC5ybOqfekOCjpsaQ1E4/CF7
61xTVj2mgjJX7rcMA0/X5nbEZNJjg4Vq/RQGmDZ0GG+ntRnPoa0Ee/ayDvOpgmzy
fNYHYtLdgjyn/fK0piwwnvmhVncbT60NSBCA8yghG6SBwRBbAPVY3ismEQfG+AWT
538BoouypMjhfIaIrwV4Nw21rsFOIWL6Yv+BwksEsMp7e2Ea36pBcoUeYrO920Y+
App+jM9qUywfFDZMZRUi6UxC9SM0q8SkxJ/Gc8LBPSuZ
-----END CERTIFICATE-----