Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/CpnGDJl-YYP97Pv2j1zTeSfujYc.roa
File:                     CpnGDJl-YYP97Pv2j1zTeSfujYc.roa (raw, json)
Hash identifier:          V+0zAQ+BHuSP2gK2Rf1j3skwsIh91/Z9AcvBPE2bHc8=
Subject key identifier:   0A:99:C6:0C:99:7E:61:83:FD:EC:FB:F6:8F:5C:D3:79:27:EE:8D:87
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       018CC5DC5125D7AD535B8AF07C07EAE78784
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/CpnGDJl-YYP97Pv2j1zTeSfujYc.roa
Signing time:             Mon 01 Jan 2024 16:29:59 +0000
ROA not before:           Mon 01 Jan 2024 16:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208677
IP address blocks:        194.190.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:51:25:d7:ad:53:5b:8a:f0:7c:07:ea:e7:87:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  1 16:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a99c60c997e6183fdecfbf68f5cd37927ee8d87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:32:e2:7b:88:3d:60:55:7e:6e:61:52:37:6b:
                    39:ac:d3:1c:96:fa:ba:b8:ab:b9:ae:20:aa:c8:ba:
                    a3:ae:b8:9f:e8:15:db:ea:7c:b1:34:bd:a0:13:ed:
                    9f:1c:c9:85:35:3f:a6:31:00:b0:5e:07:46:19:f3:
                    c7:dd:5b:3d:31:85:dc:00:1f:d9:5b:77:41:76:2f:
                    8a:97:9f:ef:2f:32:81:64:ca:cf:bb:f7:63:17:5e:
                    36:dd:b8:84:02:0b:10:58:29:82:3d:9e:27:ca:a9:
                    4c:6c:0c:37:d7:2a:c4:cc:85:8b:61:41:10:b4:58:
                    c2:5b:b0:86:16:f4:54:47:97:26:4e:6e:d4:92:4e:
                    f2:a0:5a:bb:82:6f:45:ff:e8:77:d7:5b:01:7d:49:
                    a7:52:93:e1:70:02:79:51:9d:4a:49:39:2e:d9:83:
                    01:df:f9:36:79:78:02:f8:61:b9:de:46:14:e6:fa:
                    e5:9f:c6:44:18:7e:5f:fd:da:0d:11:32:67:a1:5f:
                    3f:97:9c:03:94:13:f4:73:d7:ce:1e:b3:6c:37:7f:
                    a1:9a:41:71:80:68:68:00:56:b4:58:73:02:c5:ae:
                    8d:2d:6e:11:c8:78:35:21:0f:25:b5:7b:7f:5c:46:
                    56:2d:78:8b:86:6a:9f:97:c0:21:ee:32:cb:c3:d6:
                    00:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:99:C6:0C:99:7E:61:83:FD:EC:FB:F6:8F:5C:D3:79:27:EE:8D:87
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/CpnGDJl-YYP97Pv2j1zTeSfujYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.190.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:bf:7a:d7:ce:f9:39:34:5a:14:7b:be:91:a3:b1:96:2f:f3:
         0d:23:f2:20:30:fa:98:76:42:d5:7f:0c:f0:be:9e:66:81:26:
         f4:19:f9:6d:64:49:47:23:0b:1f:64:93:34:93:a0:32:65:30:
         e7:4e:18:8c:40:ae:9a:09:79:4d:45:42:20:d6:ce:b7:04:49:
         0c:c1:dc:31:c2:53:2b:fa:a0:d4:9f:7d:03:8b:82:bd:71:f5:
         f5:f4:77:c3:75:1e:0f:21:c7:58:14:f2:cd:88:62:65:3e:5e:
         8a:e1:fe:e5:ef:12:f3:bd:86:e4:3e:59:fd:9d:b3:ab:68:52:
         4c:d7:f7:b1:90:6d:76:d2:7b:83:8a:b1:be:75:69:0e:ae:38:
         b3:f9:f9:86:17:d0:cd:35:37:16:d4:06:a9:54:45:a3:74:eb:
         c4:68:15:be:e0:72:ef:55:f5:c5:5f:30:9e:48:82:15:be:3f:
         ed:48:bf:09:43:8c:d2:e0:b6:0f:95:55:80:c6:0a:35:fc:bc:
         e8:43:b8:4e:25:d2:d1:53:99:42:52:5f:71:c9:23:ef:78:f2:
         f2:49:f7:52:8a:77:25:4b:36:9d:f6:28:6e:75:a3:2b:f8:ed:
         90:5f:00:f5:ea:37:85:74:17:4e:4a:97:df:97:64:e5:25:a6:
         77:a2:95:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3FEl161TW4rwfAfq54eEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjQwMTAxMTYyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTk5YzYwYzk5N2U2MTgzZmRlY2ZiZjY4ZjVjZDM3OTI3ZWU4ZDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgTLie4g9YFV+bmFSN2s5rNMclvq6
uKu5riCqyLqjrrif6BXb6nyxNL2gE+2fHMmFNT+mMQCwXgdGGfPH3Vs9MYXcAB/Z
W3dBdi+Kl5/vLzKBZMrPu/djF1423biEAgsQWCmCPZ4nyqlMbAw31yrEzIWLYUEQ
tFjCW7CGFvRUR5cmTm7Ukk7yoFq7gm9F/+h311sBfUmnUpPhcAJ5UZ1KSTku2YMB
3/k2eXgC+GG53kYU5vrln8ZEGH5f/doNETJnoV8/l5wDlBP0c9fOHrNsN3+hmkFx
gGhoAFa0WHMCxa6NLW4RyHg1IQ8ltXt/XEZWLXiLhmqfl8Ah7jLLw9YA/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAqZxgyZfmGD/ez79o9c03kn7o2HMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvQ3BuR0RKbC1ZWVA5N1B2MmoxelRlU2Z1alljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwr5sMA0G
CSqGSIb3DQEBCwUAA4IBAQC6v3rXzvk5NFoUe76Ro7GWL/MNI/IgMPqYdkLVfwzw
vp5mgSb0GfltZElHIwsfZJM0k6AyZTDnThiMQK6aCXlNRUIg1s63BEkMwdwxwlMr
+qDUn30Di4K9cfX19HfDdR4PIcdYFPLNiGJlPl6K4f7l7xLzvYbkPln9nbOraFJM
1/exkG120nuDirG+dWkOrjiz+fmGF9DNNTcW1AapVEWjdOvEaBW+4HLvVfXFXzCe
SIIVvj/tSL8JQ4zS4LYPlVWAxgo1/LzoQ7hOJdLRU5lCUl9xySPvePLySfdSincl
Szad9ihudaMr+O2QXwD16jeFdBdOSpffl2TlJaZ3opUf
-----END CERTIFICATE-----