Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/d505a5-243d-4619-a6fa-fbd703ee6c93/1/2t3eop8IjCBAODZA1cJ1F0-A2c4.roa
File:                     2t3eop8IjCBAODZA1cJ1F0-A2c4.roa (raw, json)
Hash identifier:          fgoNewr4vsV6Cv26fYH7Z4/XYoKZ50yQ4gNG3yCP8qo=
Subject key identifier:   DA:DD:DE:A2:9F:08:8C:20:40:38:36:40:D5:C2:75:17:4F:80:D9:CE
Certificate issuer:       /CN=8ff1c98d3a77824e236b2c4cdd9378c0509a3de8
Certificate serial:       018CC802FEDB8C36EE074A20EF8F2D5C5134
Authority key identifier: 8F:F1:C9:8D:3A:77:82:4E:23:6B:2C:4C:DD:93:78:C0:50:9A:3D:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j_HJjTp3gk4jayxM3ZN4wFCaPeg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/d505a5-243d-4619-a6fa-fbd703ee6c93/1/2t3eop8IjCBAODZA1cJ1F0-A2c4.roa
Signing time:             Tue 02 Jan 2024 02:31:28 +0000
ROA not before:           Tue 02 Jan 2024 02:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198854
IP address blocks:        194.33.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/d505a5-243d-4619-a6fa-fbd703ee6c93/1/j_HJjTp3gk4jayxM3ZN4wFCaPeg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/d505a5-243d-4619-a6fa-fbd703ee6c93/1/j_HJjTp3gk4jayxM3ZN4wFCaPeg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j_HJjTp3gk4jayxM3ZN4wFCaPeg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:03:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:fe:db:8c:36:ee:07:4a:20:ef:8f:2d:5c:51:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ff1c98d3a77824e236b2c4cdd9378c0509a3de8
        Validity
            Not Before: Jan  2 02:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dadddea29f088c2040383640d5c275174f80d9ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ff:88:cd:a0:52:7f:46:3a:93:07:c1:97:67:
                    95:a6:bd:43:7b:2b:ad:d5:82:2d:da:da:0b:23:7d:
                    ce:12:4e:3d:1b:c3:9c:af:5a:d6:c8:e7:bc:8e:74:
                    14:51:34:9e:2f:2c:9a:c8:27:be:41:24:f6:77:65:
                    19:79:58:90:6e:ca:ba:ad:16:28:ff:05:4e:57:c7:
                    8b:b8:ec:33:3e:0c:80:d1:e0:66:99:ae:b1:89:93:
                    1e:d3:57:e1:03:0f:56:c4:d6:ee:10:22:70:ca:de:
                    09:28:ae:8a:43:88:93:3e:32:b9:40:90:1d:45:0a:
                    25:e4:7b:3b:31:cf:3e:b7:63:93:b9:c4:fb:90:6c:
                    57:f0:3b:20:64:e3:f8:7e:bc:54:f9:6d:19:7c:55:
                    d7:aa:fa:d3:d2:a2:ab:6b:81:b7:07:2f:ec:17:26:
                    74:3e:5d:6e:37:5f:c7:dd:ff:a1:ff:d4:5e:24:5f:
                    0e:0f:44:1e:8b:60:34:b3:76:f3:b0:92:11:ac:76:
                    65:8e:bf:5d:88:0c:3e:8b:14:c0:13:f0:bf:d8:bd:
                    4f:49:27:d4:ee:76:e1:57:a5:27:3a:8e:4f:99:c7:
                    fc:52:9d:f5:a8:dc:d4:46:af:1f:ab:a9:c3:90:36:
                    14:63:47:88:25:4c:be:d1:65:c1:3e:23:a2:d1:1b:
                    86:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:DD:DE:A2:9F:08:8C:20:40:38:36:40:D5:C2:75:17:4F:80:D9:CE
            X509v3 Authority Key Identifier:
                keyid:8F:F1:C9:8D:3A:77:82:4E:23:6B:2C:4C:DD:93:78:C0:50:9A:3D:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j_HJjTp3gk4jayxM3ZN4wFCaPeg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/d505a5-243d-4619-a6fa-fbd703ee6c93/1/2t3eop8IjCBAODZA1cJ1F0-A2c4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/d505a5-243d-4619-a6fa-fbd703ee6c93/1/j_HJjTp3gk4jayxM3ZN4wFCaPeg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.33.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:f7:46:f0:ba:b9:45:b0:64:1c:49:35:7b:1a:54:e7:d3:01:
         6e:3b:86:73:35:0b:66:31:ce:93:8a:d9:60:1b:97:4f:38:df:
         b4:f8:4e:db:40:a5:d6:1e:21:3c:9c:9e:3a:56:65:7b:f6:30:
         78:8c:54:ce:1d:54:27:04:ca:33:10:f5:c4:0d:90:4c:04:20:
         3a:68:b1:1a:3f:05:34:cf:65:69:72:4f:fc:b6:26:04:b8:7d:
         17:89:18:6f:8a:27:ed:a3:9d:47:a8:fd:53:86:c4:02:26:3e:
         70:79:aa:d4:ab:10:36:1f:69:91:7c:d5:b8:0e:85:90:f7:a8:
         dd:92:3b:d2:a1:56:45:12:00:ca:9f:a7:e6:91:d4:63:cd:60:
         ce:95:e7:fd:4f:c2:9c:d7:f0:59:44:d2:1c:c6:f0:e7:7d:d4:
         92:c6:83:0d:1a:db:75:3a:a6:b7:c8:db:0e:1a:34:f9:ca:b5:
         be:e8:4f:5f:21:e9:06:c3:0e:97:9b:9c:03:0e:d3:64:06:c9:
         62:75:bd:bd:4a:71:11:64:58:cb:cb:e4:68:31:f9:d1:46:a3:
         61:e5:2a:47:d7:39:72:6f:07:82:22:8e:da:36:fa:c8:a1:3f:
         73:39:c2:19:bd:2c:11:70:c9:5f:4b:ee:47:04:fe:d6:90:70:
         15:c5:03:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAv7bjDbuB0og748tXFE0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmZjFjOThkM2E3NzgyNGUyMzZiMmM0Y2RkOTM3OGMwNTA5
YTNkZTgwHhcNMjQwMTAyMDIzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWRkZGVhMjlmMDg4YzIwNDAzODM2NDBkNWMyNzUxNzRmODBkOWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/+IzaBSf0Y6kwfBl2eVpr1Deyut
1YIt2toLI33OEk49G8Ocr1rWyOe8jnQUUTSeLyyayCe+QST2d2UZeViQbsq6rRYo
/wVOV8eLuOwzPgyA0eBmma6xiZMe01fhAw9WxNbuECJwyt4JKK6KQ4iTPjK5QJAd
RQol5Hs7Mc8+t2OTucT7kGxX8DsgZOP4frxU+W0ZfFXXqvrT0qKra4G3By/sFyZ0
Pl1uN1/H3f+h/9ReJF8OD0Qei2A0s3bzsJIRrHZljr9diAw+ixTAE/C/2L1PSSfU
7nbhV6UnOo5Pmcf8Up31qNzURq8fq6nDkDYUY0eIJUy+0WXBPiOi0RuGqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNrd3qKfCIwgQDg2QNXCdRdPgNnOMB8GA1UdIwQY
MBaAFI/xyY06d4JOI2ssTN2TeMBQmj3oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQval9ISmpUcDNnazRqYXl4TTNaTjR3RkNhUGVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9kNTA1YTUtMjQzZC00NjE5LWE2ZmEt
ZmJkNzAzZWU2YzkzLzEvMnQzZW9wOElqQ0JBT0RaQTFjSjFGMC1BMmM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9kNTA1YTUtMjQzZC00NjE5LWE2ZmEtZmJkNzAzZWU2Yzkz
LzEval9ISmpUcDNnazRqYXl4TTNaTjR3RkNhUGVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiFTMA0G
CSqGSIb3DQEBCwUAA4IBAQBA90bwurlFsGQcSTV7GlTn0wFuO4ZzNQtmMc6Titlg
G5dPON+0+E7bQKXWHiE8nJ46VmV79jB4jFTOHVQnBMozEPXEDZBMBCA6aLEaPwU0
z2Vpck/8tiYEuH0XiRhviifto51HqP1ThsQCJj5wearUqxA2H2mRfNW4DoWQ96jd
kjvSoVZFEgDKn6fmkdRjzWDOlef9T8Kc1/BZRNIcxvDnfdSSxoMNGtt1Oqa3yNsO
GjT5yrW+6E9fIekGww6Xm5wDDtNkBslidb29SnERZFjLy+RoMfnRRqNh5SpH1zly
bweCIo7aNvrIoT9zOcIZvSwRcMlfS+5HBP7WkHAVxQNV
-----END CERTIFICATE-----