Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/d787d7-425f-4eb4-b182-03e5cd35e2b0/1/o5JNPv4fyrvoLufC5JromiP4cJg.roa
File:                     o5JNPv4fyrvoLufC5JromiP4cJg.roa (raw, json)
Hash identifier:          02u0pKEC0xBlDCPE6h6fs/U6XsDX1yy0bSDhnteEpe0=
Subject key identifier:   A3:92:4D:3E:FE:1F:CA:BB:E8:2E:E7:C2:E4:9A:E8:9A:23:F8:70:98
Certificate issuer:       /CN=9dde45e9367801d18ef0fb0a9fe513beb0e4a54a
Certificate serial:       018CC56EE617C56C007DAC06D9E23C711DD7
Authority key identifier: 9D:DE:45:E9:36:78:01:D1:8E:F0:FB:0A:9F:E5:13:BE:B0:E4:A5:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nd5F6TZ4AdGO8PsKn-UTvrDkpUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/d787d7-425f-4eb4-b182-03e5cd35e2b0/1/o5JNPv4fyrvoLufC5JromiP4cJg.roa
Signing time:             Mon 01 Jan 2024 14:30:28 +0000
ROA not before:           Mon 01 Jan 2024 14:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50848
IP address blocks:        194.247.18.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/d787d7-425f-4eb4-b182-03e5cd35e2b0/1/nd5F6TZ4AdGO8PsKn-UTvrDkpUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/d787d7-425f-4eb4-b182-03e5cd35e2b0/1/nd5F6TZ4AdGO8PsKn-UTvrDkpUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nd5F6TZ4AdGO8PsKn-UTvrDkpUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:e6:17:c5:6c:00:7d:ac:06:d9:e2:3c:71:1d:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dde45e9367801d18ef0fb0a9fe513beb0e4a54a
        Validity
            Not Before: Jan  1 14:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3924d3efe1fcabbe82ee7c2e49ae89a23f87098
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:20:e5:98:84:75:18:1c:bc:c7:61:44:17:09:
                    e1:b4:ca:8c:cf:7e:df:f0:5b:05:a9:c5:ad:87:8e:
                    c8:b8:6c:e3:a3:58:fa:a8:8e:a8:59:9f:f8:37:58:
                    ef:ec:ca:a8:df:a8:10:da:68:ea:8c:97:0c:d7:87:
                    23:e5:c1:da:39:a8:ad:9c:94:fc:76:44:b1:64:2b:
                    1b:df:3c:46:c6:d5:4b:f2:28:69:6c:1a:6e:09:1e:
                    b2:b4:95:ce:df:ec:05:e1:d9:ba:71:52:69:70:d4:
                    59:e3:8f:25:4b:dc:18:f8:b0:c7:d3:dd:33:12:c9:
                    07:b7:f5:d2:dd:76:77:7f:37:b5:dd:29:37:62:2c:
                    35:ec:a1:2a:4c:ee:29:83:17:6b:4c:62:91:0c:08:
                    e1:d3:af:94:8c:e2:7b:24:35:fc:a0:96:a0:d7:a7:
                    96:3c:e1:4f:80:6e:83:72:76:39:08:6c:3a:89:66:
                    d2:6e:f7:0a:b2:14:4b:48:ee:43:32:3d:26:7c:78:
                    7c:a2:87:2a:e4:0b:12:60:d8:30:ce:7c:00:28:4b:
                    d7:cd:fc:f9:a0:a0:94:95:58:13:75:9c:99:af:16:
                    4d:33:07:78:b9:8c:f6:32:2b:93:92:ed:f7:f5:91:
                    5b:fd:0f:d2:63:df:ee:55:dc:5d:be:dd:d0:b4:03:
                    be:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:92:4D:3E:FE:1F:CA:BB:E8:2E:E7:C2:E4:9A:E8:9A:23:F8:70:98
            X509v3 Authority Key Identifier:
                keyid:9D:DE:45:E9:36:78:01:D1:8E:F0:FB:0A:9F:E5:13:BE:B0:E4:A5:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nd5F6TZ4AdGO8PsKn-UTvrDkpUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/d787d7-425f-4eb4-b182-03e5cd35e2b0/1/o5JNPv4fyrvoLufC5JromiP4cJg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/d787d7-425f-4eb4-b182-03e5cd35e2b0/1/nd5F6TZ4AdGO8PsKn-UTvrDkpUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.247.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         44:88:d1:2a:1b:36:5f:f6:0e:7d:f7:9d:03:5b:27:e6:2c:f8:
         95:d7:6f:e6:38:f1:af:2c:63:03:88:bf:5e:d1:73:45:7e:1d:
         9a:a0:c3:9e:00:1a:96:e6:5b:71:cb:cd:a4:fa:9f:c1:d8:e4:
         1f:8f:0c:b8:b4:0a:48:9e:6a:8c:91:55:a3:94:10:fd:7b:4c:
         04:3f:20:62:94:f5:66:6d:88:0f:ea:fd:08:bc:58:08:62:6b:
         e0:53:d9:04:63:53:d8:d1:ea:97:27:29:d9:55:09:12:cd:46:
         7a:80:87:57:57:4b:66:ec:d2:8e:84:ea:10:a7:b8:8e:f8:b8:
         20:13:5f:ca:56:8c:ab:0b:c6:9d:32:b8:2a:bd:44:bd:ff:42:
         c1:fe:de:d1:62:45:b9:46:3d:00:a2:3b:e9:9e:a9:8b:e4:79:
         eb:ef:6e:72:a3:c9:1c:34:9b:71:29:62:32:ea:00:a9:ae:0d:
         ca:b4:86:37:15:cb:d7:58:a8:78:c5:b4:56:74:8d:d6:7a:cc:
         25:3b:2b:f5:36:38:17:26:59:a3:ec:92:05:5d:8b:bf:96:f3:
         e1:ef:ca:43:c8:4f:0d:d0:25:00:c8:c9:d0:c7:6a:ac:93:1b:
         09:de:b0:93:1c:7e:7a:59:28:f9:b9:cc:d2:35:e0:99:29:e6:
         7d:9c:ba:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbuYXxWwAfawG2eI8cR3XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkZGU0NWU5MzY3ODAxZDE4ZWYwZmIwYTlmZTUxM2JlYjBl
NGE1NGEwHhcNMjQwMTAxMTQzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzkyNGQzZWZlMWZjYWJiZTgyZWU3YzJlNDlhZTg5YTIzZjg3MDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0yDlmIR1GBy8x2FEFwnhtMqMz37f
8FsFqcWth47IuGzjo1j6qI6oWZ/4N1jv7Mqo36gQ2mjqjJcM14cj5cHaOaitnJT8
dkSxZCsb3zxGxtVL8ihpbBpuCR6ytJXO3+wF4dm6cVJpcNRZ448lS9wY+LDH090z
EskHt/XS3XZ3fze13Sk3Yiw17KEqTO4pgxdrTGKRDAjh06+UjOJ7JDX8oJag16eW
POFPgG6DcnY5CGw6iWbSbvcKshRLSO5DMj0mfHh8oocq5AsSYNgwznwAKEvXzfz5
oKCUlVgTdZyZrxZNMwd4uYz2MiuTku339ZFb/Q/SY9/uVdxdvt3QtAO+5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKOSTT7+H8q76C7nwuSa6Joj+HCYMB8GA1UdIwQY
MBaAFJ3eRek2eAHRjvD7Cp/lE76w5KVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmQ1RjZUWjRBZEdPOFBzS24tVVR2ckRrcFVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC9kNzg3ZDctNDI1Zi00ZWI0LWIxODIt
MDNlNWNkMzVlMmIwLzEvbzVKTlB2NGZ5cnZvTHVmQzVKcm9taVA0Y0pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC9kNzg3ZDctNDI1Zi00ZWI0LWIxODItMDNlNWNkMzVlMmIw
LzEvbmQ1RjZUWjRBZEdPOFBzS24tVVR2ckRrcFVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwvcSMA0G
CSqGSIb3DQEBCwUAA4IBAQBEiNEqGzZf9g59950DWyfmLPiV12/mOPGvLGMDiL9e
0XNFfh2aoMOeABqW5ltxy82k+p/B2OQfjwy4tApInmqMkVWjlBD9e0wEPyBilPVm
bYgP6v0IvFgIYmvgU9kEY1PY0eqXJynZVQkSzUZ6gIdXV0tm7NKOhOoQp7iO+Lgg
E1/KVoyrC8adMrgqvUS9/0LB/t7RYkW5Rj0AojvpnqmL5Hnr725yo8kcNJtxKWIy
6gCprg3KtIY3FcvXWKh4xbRWdI3WeswlOyv1NjgXJlmj7JIFXYu/lvPh78pDyE8N
0CUAyMnQx2qskxsJ3rCTHH56WSj5uczSNeCZKeZ9nLqC
-----END CERTIFICATE-----