Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/23fb1a-a791-400c-a41a-48ceed5e438e/1/DNyUkcPOZ0a0214kgT_Kb4FTqTQ.roa
File:                     DNyUkcPOZ0a0214kgT_Kb4FTqTQ.roa (raw, json)
Hash identifier:          Y+Auk/2t9Mymo8LAA91i1rmbY2m9ANr6033Bc+TGpA8=
Subject key identifier:   0C:DC:94:91:C3:CE:67:46:B4:DB:5E:24:81:3F:CA:6F:81:53:A9:34
Certificate issuer:       /CN=bf98e8170959b5e6018f602b3a7487b2d8028106
Certificate serial:       018CCA9A17F83B132D87D7DCB9C5C505C1C3
Authority key identifier: BF:98:E8:17:09:59:B5:E6:01:8F:60:2B:3A:74:87:B2:D8:02:81:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v5joFwlZteYBj2ArOnSHstgCgQY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/23fb1a-a791-400c-a41a-48ceed5e438e/1/DNyUkcPOZ0a0214kgT_Kb4FTqTQ.roa
Signing time:             Tue 02 Jan 2024 14:35:45 +0000
ROA not before:           Tue 02 Jan 2024 14:35:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203897
IP address blocks:        185.34.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/23fb1a-a791-400c-a41a-48ceed5e438e/1/v5joFwlZteYBj2ArOnSHstgCgQY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/23fb1a-a791-400c-a41a-48ceed5e438e/1/v5joFwlZteYBj2ArOnSHstgCgQY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v5joFwlZteYBj2ArOnSHstgCgQY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:9a:17:f8:3b:13:2d:87:d7:dc:b9:c5:c5:05:c1:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf98e8170959b5e6018f602b3a7487b2d8028106
        Validity
            Not Before: Jan  2 14:35:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0cdc9491c3ce6746b4db5e24813fca6f8153a934
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:38:e3:ac:d4:15:5b:61:07:dc:5c:90:d3:77:
                    f3:88:34:83:72:19:85:43:1b:e8:c3:60:97:3a:d8:
                    67:37:80:54:00:e4:f9:ed:5c:18:80:ed:8c:3c:6f:
                    53:21:42:93:69:df:97:1f:6b:8a:77:55:a5:f5:80:
                    34:fb:e2:61:e9:4c:d6:5d:4e:f2:66:93:62:ef:c4:
                    40:be:94:ae:4d:a2:fc:42:1e:17:f6:e8:50:fe:bf:
                    87:bf:64:e1:b1:0a:43:d1:a5:1c:28:7d:6f:19:2f:
                    06:3e:9b:83:17:28:3d:33:3b:c2:74:eb:f6:95:e8:
                    f4:6a:cf:0f:46:49:fe:84:2f:91:f1:98:95:29:08:
                    58:4e:c4:39:9e:58:e6:2c:cc:1c:88:0b:7c:e0:cb:
                    a8:42:b9:49:c8:dc:8e:d6:8d:99:19:e4:d7:cb:ce:
                    aa:f3:78:cb:af:1b:c3:de:c8:d7:04:26:de:51:c6:
                    db:01:65:82:cd:1f:bc:68:21:2c:20:84:41:2a:4b:
                    6b:bc:a9:58:51:32:87:6a:9f:77:7c:e3:f6:23:51:
                    f1:aa:39:3d:18:83:27:8b:8f:87:06:f9:ea:65:e2:
                    b4:64:34:10:5d:09:8b:98:80:be:00:e5:d1:4a:5b:
                    49:b8:f2:2e:d9:77:66:4d:89:1f:2a:69:33:0a:0d:
                    72:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:DC:94:91:C3:CE:67:46:B4:DB:5E:24:81:3F:CA:6F:81:53:A9:34
            X509v3 Authority Key Identifier:
                keyid:BF:98:E8:17:09:59:B5:E6:01:8F:60:2B:3A:74:87:B2:D8:02:81:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v5joFwlZteYBj2ArOnSHstgCgQY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/23fb1a-a791-400c-a41a-48ceed5e438e/1/DNyUkcPOZ0a0214kgT_Kb4FTqTQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/23fb1a-a791-400c-a41a-48ceed5e438e/1/v5joFwlZteYBj2ArOnSHstgCgQY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:ef:96:04:0d:95:03:f7:b9:f5:ca:61:30:11:57:1c:8c:89:
         51:00:7b:6e:1e:04:80:31:36:3f:16:81:8b:26:d7:7a:42:6e:
         09:20:b5:23:6f:5b:a3:3e:57:86:36:55:f5:87:d5:79:e5:86:
         f3:20:bc:c3:9a:ea:6c:f0:80:e8:e1:c7:a1:89:fa:36:17:44:
         ee:20:42:70:5d:c4:4a:99:8b:ae:62:de:b3:64:be:be:a0:ec:
         f7:c1:51:63:a4:6b:f7:c8:5d:d5:21:89:76:b4:96:d7:50:d7:
         2a:b6:1c:dd:97:40:72:2b:46:92:11:da:fa:e5:9f:35:31:ba:
         b8:4d:d7:75:1e:9a:9d:b6:32:a7:3b:9c:ae:53:a2:16:7b:e9:
         5a:40:94:b3:a4:77:de:79:38:de:49:92:3b:0a:2b:57:45:70:
         7d:b1:39:c0:ec:e3:00:45:49:69:85:1f:83:94:ec:bc:a0:53:
         c4:7e:3c:32:3d:12:06:e9:76:84:9b:24:d2:5d:a6:83:6f:06:
         b0:0f:91:eb:ff:61:76:29:e8:3c:5c:85:6b:38:07:e0:12:8a:
         3a:9d:5b:f9:44:dd:9a:f8:4b:82:9c:43:b0:cd:1c:b1:65:66:
         6e:d4:c6:9f:49:60:4c:2c:f1:29:26:25:ce:a9:e5:7a:8b:0a:
         12:8f:e7:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmhf4OxMth9fcucXFBcHDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmOThlODE3MDk1OWI1ZTYwMThmNjAyYjNhNzQ4N2IyZDgw
MjgxMDYwHhcNMjQwMTAyMTQzNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2RjOTQ5MWMzY2U2NzQ2YjRkYjVlMjQ4MTNmY2E2ZjgxNTNhOTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDjjrNQVW2EH3FyQ03fziDSDchmF
Qxvow2CXOthnN4BUAOT57VwYgO2MPG9TIUKTad+XH2uKd1Wl9YA0++Jh6UzWXU7y
ZpNi78RAvpSuTaL8Qh4X9uhQ/r+Hv2ThsQpD0aUcKH1vGS8GPpuDFyg9MzvCdOv2
lej0as8PRkn+hC+R8ZiVKQhYTsQ5nljmLMwciAt84MuoQrlJyNyO1o2ZGeTXy86q
83jLrxvD3sjXBCbeUcbbAWWCzR+8aCEsIIRBKktrvKlYUTKHap93fOP2I1Hxqjk9
GIMni4+HBvnqZeK0ZDQQXQmLmIC+AOXRSltJuPIu2XdmTYkfKmkzCg1yTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAzclJHDzmdGtNteJIE/ym+BU6k0MB8GA1UdIwQY
MBaAFL+Y6BcJWbXmAY9gKzp0h7LYAoEGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjVqb0Z3bFp0ZVlCajJBck9uU0hzdGdDZ1FZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8yM2ZiMWEtYTc5MS00MDBjLWE0MWEt
NDhjZWVkNWU0MzhlLzEvRE55VWtjUE9aMGEwMjE0a2dUX0tiNEZUcVRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8yM2ZiMWEtYTc5MS00MDBjLWE0MWEtNDhjZWVkNWU0Mzhl
LzEvdjVqb0Z3bFp0ZVlCajJBck9uU0hzdGdDZ1FZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSJ+MA0G
CSqGSIb3DQEBCwUAA4IBAQAO75YEDZUD97n1ymEwEVccjIlRAHtuHgSAMTY/FoGL
Jtd6Qm4JILUjb1ujPleGNlX1h9V55YbzILzDmups8IDo4cehifo2F0TuIEJwXcRK
mYuuYt6zZL6+oOz3wVFjpGv3yF3VIYl2tJbXUNcqthzdl0ByK0aSEdr65Z81Mbq4
Tdd1HpqdtjKnO5yuU6IWe+laQJSzpHfeeTjeSZI7CitXRXB9sTnA7OMARUlphR+D
lOy8oFPEfjwyPRIG6XaEmyTSXaaDbwawD5Hr/2F2Keg8XIVrOAfgEoo6nVv5RN2a
+EuCnEOwzRyxZWZu1MafSWBMLPEpJiXOqeV6iwoSj+eK
-----END CERTIFICATE-----