Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/414b46-db5e-4440-a1e4-3c54d11f872c/1/_D7COb1qkWTNeSawqsAMc_v4Bcs.roa
File:                     _D7COb1qkWTNeSawqsAMc_v4Bcs.roa (raw, json)
Hash identifier:          zbDAdoDEKuGaW7Zl7m4NHr/nOjXR+j9izcnF9Vm/bmI=
Subject key identifier:   FC:3E:C2:39:BD:6A:91:64:CD:79:26:B0:AA:C0:0C:73:FB:F8:05:CB
Certificate issuer:       /CN=c2807081d6fc22bdff80d2bd7eca8fec0fc5fef6
Certificate serial:       018CC8DEE63744B5741BFEAD69E11A307A6B
Authority key identifier: C2:80:70:81:D6:FC:22:BD:FF:80:D2:BD:7E:CA:8F:EC:0F:C5:FE:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/woBwgdb8Ir3_gNK9fsqP7A_F_vY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/414b46-db5e-4440-a1e4-3c54d11f872c/1/_D7COb1qkWTNeSawqsAMc_v4Bcs.roa
Signing time:             Tue 02 Jan 2024 06:31:40 +0000
ROA not before:           Tue 02 Jan 2024 06:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29014
IP address blocks:        194.59.10.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/414b46-db5e-4440-a1e4-3c54d11f872c/1/woBwgdb8Ir3_gNK9fsqP7A_F_vY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/414b46-db5e-4440-a1e4-3c54d11f872c/1/woBwgdb8Ir3_gNK9fsqP7A_F_vY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/woBwgdb8Ir3_gNK9fsqP7A_F_vY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 18:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:e6:37:44:b5:74:1b:fe:ad:69:e1:1a:30:7a:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2807081d6fc22bdff80d2bd7eca8fec0fc5fef6
        Validity
            Not Before: Jan  2 06:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc3ec239bd6a9164cd7926b0aac00c73fbf805cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:84:ec:cf:d9:5c:54:44:a8:5f:a7:81:f5:42:
                    2d:88:dc:3c:fa:8c:7d:d3:6e:28:af:6a:45:bc:35:
                    08:72:f9:7f:99:01:d9:5d:d2:81:b5:6e:48:37:4f:
                    d2:0c:b3:7e:ff:e2:36:db:db:ae:2e:93:69:56:1b:
                    9c:0a:19:6e:37:e7:df:0e:b4:25:45:4c:f7:07:2f:
                    ff:68:e6:0c:12:5c:9f:a9:4b:26:20:09:03:c2:54:
                    99:65:5c:d1:4f:12:9f:8c:1a:19:06:6f:d4:8e:9b:
                    6c:1b:9a:ad:0e:a1:39:13:0e:f4:96:21:05:ed:d7:
                    44:59:fd:58:15:b0:d5:7d:6d:d1:51:e5:2d:87:46:
                    2d:70:32:2f:f5:48:b2:60:ae:30:b5:67:52:31:4f:
                    4c:e7:04:0b:7b:57:18:67:41:52:b7:1c:a9:0f:1f:
                    44:2c:5c:d5:d0:28:7c:a8:cf:07:d7:5b:6b:3b:72:
                    8e:31:99:6d:21:3b:82:78:4b:2d:3c:5f:fc:9f:e4:
                    a4:74:38:6b:45:e9:e3:88:e2:e8:d2:1d:b5:bb:bb:
                    d2:0b:35:e2:aa:73:b8:47:eb:67:ce:76:02:ba:3e:
                    13:d0:b6:2f:67:74:3c:2c:63:ca:8b:67:74:56:df:
                    bd:72:48:0a:98:35:15:f4:7d:bb:6a:71:2b:99:e9:
                    1a:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:3E:C2:39:BD:6A:91:64:CD:79:26:B0:AA:C0:0C:73:FB:F8:05:CB
            X509v3 Authority Key Identifier:
                keyid:C2:80:70:81:D6:FC:22:BD:FF:80:D2:BD:7E:CA:8F:EC:0F:C5:FE:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/woBwgdb8Ir3_gNK9fsqP7A_F_vY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/414b46-db5e-4440-a1e4-3c54d11f872c/1/_D7COb1qkWTNeSawqsAMc_v4Bcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/414b46-db5e-4440-a1e4-3c54d11f872c/1/woBwgdb8Ir3_gNK9fsqP7A_F_vY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.59.10.0/23

    Signature Algorithm: sha256WithRSAEncryption
         40:21:0e:4f:a0:76:9a:a3:ad:1a:02:1a:6e:1c:f5:07:fc:be:
         7b:d0:5a:9c:fc:5a:3d:95:a1:96:61:f7:6c:55:84:1d:1b:08:
         a4:bd:fa:d6:1b:1a:44:db:ac:a5:c6:ac:8b:dc:a5:8a:ee:f7:
         3e:21:d6:25:f1:d2:2f:0b:2d:52:ef:bb:35:0b:a9:63:27:5f:
         79:06:12:41:53:42:d0:d0:04:7a:0b:f1:99:3b:06:12:ec:cb:
         43:64:ef:ef:fc:5d:1d:43:ee:73:bc:6a:e8:3f:9e:cb:b4:d2:
         a7:90:a8:fd:50:70:69:2a:62:e6:83:67:c6:f8:6b:8d:70:fb:
         17:d3:08:4e:54:19:ab:59:57:a2:ee:8c:26:4c:08:37:6a:28:
         aa:c7:cb:a8:8e:22:09:84:c8:e1:e6:68:f3:2c:84:e2:6f:f3:
         a7:4a:27:19:26:83:0b:17:b5:76:e4:da:96:23:5b:cc:ca:0e:
         51:75:bb:49:94:cf:d8:62:27:45:fd:73:db:c1:0d:7c:aa:e0:
         40:f0:c3:0d:4a:ec:7d:f3:34:cc:c8:5c:0d:8c:f9:9c:57:09:
         1c:a2:c1:84:fd:21:de:ee:9b:33:12:e6:da:0c:62:91:b9:a5:
         a6:87:ee:c8:d7:0c:71:84:a4:4b:48:12:db:1a:e3:cc:61:40:
         29:8c:2f:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3uY3RLV0G/6taeEaMHprMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyODA3MDgxZDZmYzIyYmRmZjgwZDJiZDdlY2E4ZmVjMGZj
NWZlZjYwHhcNMjQwMTAyMDYzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzNlYzIzOWJkNmE5MTY0Y2Q3OTI2YjBhYWMwMGM3M2ZiZjgwNWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4YTsz9lcVESoX6eB9UItiNw8+ox9
024or2pFvDUIcvl/mQHZXdKBtW5IN0/SDLN+/+I229uuLpNpVhucChluN+ffDrQl
RUz3By//aOYMElyfqUsmIAkDwlSZZVzRTxKfjBoZBm/UjptsG5qtDqE5Ew70liEF
7ddEWf1YFbDVfW3RUeUth0YtcDIv9UiyYK4wtWdSMU9M5wQLe1cYZ0FStxypDx9E
LFzV0Ch8qM8H11trO3KOMZltITuCeEstPF/8n+SkdDhrRenjiOLo0h21u7vSCzXi
qnO4R+tnznYCuj4T0LYvZ3Q8LGPKi2d0Vt+9ckgKmDUV9H27anErmekahwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPw+wjm9apFkzXkmsKrADHP7+AXLMB8GA1UdIwQY
MBaAFMKAcIHW/CK9/4DSvX7Kj+wPxf72MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd29Cd2dkYjhJcjNfZ05LOWZzcVA3QV9GX3ZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS80MTRiNDYtZGI1ZS00NDQwLWExZTQt
M2M1NGQxMWY4NzJjLzEvX0Q3Q09iMXFrV1ROZVNhd3FzQU1jX3Y0QmNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS80MTRiNDYtZGI1ZS00NDQwLWExZTQtM2M1NGQxMWY4NzJj
LzEvd29Cd2dkYjhJcjNfZ05LOWZzcVA3QV9GX3ZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwjsKMA0G
CSqGSIb3DQEBCwUAA4IBAQBAIQ5PoHaao60aAhpuHPUH/L570Fqc/Fo9laGWYfds
VYQdGwikvfrWGxpE26ylxqyL3KWK7vc+IdYl8dIvCy1S77s1C6ljJ195BhJBU0LQ
0AR6C/GZOwYS7MtDZO/v/F0dQ+5zvGroP57LtNKnkKj9UHBpKmLmg2fG+GuNcPsX
0whOVBmrWVei7owmTAg3aiiqx8uojiIJhMjh5mjzLITib/OnSicZJoMLF7V25NqW
I1vMyg5RdbtJlM/YYidF/XPbwQ18quBA8MMNSux98zTMyFwNjPmcVwkcosGE/SHe
7pszEubaDGKRuaWmh+7I1wxxhKRLSBLbGuPMYUApjC99
-----END CERTIFICATE-----