Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/bdd2ba-a484-4b0d-ae9a-5d33e18a69a0/1/pD2P_Jg8xGB_sP5GjJptn81e2vc.roa
File:                     pD2P_Jg8xGB_sP5GjJptn81e2vc.roa (raw, json)
Hash identifier:          yCzJTVjVJItuCDmhMBM93qi+UZ4dYixLQ/5pyl+R1UI=
Subject key identifier:   A4:3D:8F:FC:98:3C:C4:60:7F:B0:FE:46:8C:9A:6D:9F:CD:5E:DA:F7
Certificate issuer:       /CN=344718d135a09bb524706b4259cabcc626e514ef
Certificate serial:       018CC2DAFE86EAABDC9F5D75EA3C6FF2A5A1
Authority key identifier: 34:47:18:D1:35:A0:9B:B5:24:70:6B:42:59:CA:BC:C6:26:E5:14:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NEcY0TWgm7UkcGtCWcq8xiblFO8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/bdd2ba-a484-4b0d-ae9a-5d33e18a69a0/1/pD2P_Jg8xGB_sP5GjJptn81e2vc.roa
Signing time:             Mon 01 Jan 2024 02:29:40 +0000
ROA not before:           Mon 01 Jan 2024 02:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     38915
IP address blocks:        194.104.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/bdd2ba-a484-4b0d-ae9a-5d33e18a69a0/1/NEcY0TWgm7UkcGtCWcq8xiblFO8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/bdd2ba-a484-4b0d-ae9a-5d33e18a69a0/1/NEcY0TWgm7UkcGtCWcq8xiblFO8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NEcY0TWgm7UkcGtCWcq8xiblFO8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:fe:86:ea:ab:dc:9f:5d:75:ea:3c:6f:f2:a5:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=344718d135a09bb524706b4259cabcc626e514ef
        Validity
            Not Before: Jan  1 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a43d8ffc983cc4607fb0fe468c9a6d9fcd5edaf7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:c9:cc:9e:86:ae:16:a7:a1:4a:e9:c0:49:03:
                    6d:e7:4a:85:61:03:0a:6b:44:0c:89:c8:df:b2:29:
                    72:e1:19:c1:52:c1:e2:da:11:41:cb:5d:9f:ae:de:
                    ec:9e:75:da:9d:3c:f1:20:85:d8:38:00:a8:c7:91:
                    73:d7:4e:f4:07:f4:05:3a:70:33:68:b8:4d:5a:dd:
                    66:68:74:1a:7d:01:47:89:a1:c5:b5:c3:11:9b:c0:
                    09:36:ea:a5:93:cf:f1:4c:98:b4:36:17:a7:28:e5:
                    59:cf:cb:a6:a6:75:2f:9e:e2:33:4d:67:24:84:89:
                    63:29:43:fa:67:bb:a3:ef:fd:3f:3b:74:21:52:9f:
                    11:1d:46:ef:aa:96:bf:7a:fc:83:7c:11:2d:b9:e3:
                    52:4a:28:da:53:e6:0a:97:29:0b:1b:c5:01:c6:b5:
                    20:81:ab:64:db:70:20:8c:61:37:f2:dd:e7:f3:54:
                    d9:0f:da:88:5e:12:52:0d:ac:9e:32:f4:58:e7:14:
                    a1:9a:4d:b9:e0:ba:1b:61:ec:65:1e:c9:d1:f2:bb:
                    0f:58:45:c4:b0:86:ff:bc:a6:d7:68:5d:7e:f7:76:
                    fe:ce:ac:2f:4d:b9:ca:73:fc:53:8a:14:d7:a2:8c:
                    ec:cd:37:69:9e:ed:dc:a3:7f:54:bc:d1:7c:55:21:
                    33:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:3D:8F:FC:98:3C:C4:60:7F:B0:FE:46:8C:9A:6D:9F:CD:5E:DA:F7
            X509v3 Authority Key Identifier:
                keyid:34:47:18:D1:35:A0:9B:B5:24:70:6B:42:59:CA:BC:C6:26:E5:14:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NEcY0TWgm7UkcGtCWcq8xiblFO8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/bdd2ba-a484-4b0d-ae9a-5d33e18a69a0/1/pD2P_Jg8xGB_sP5GjJptn81e2vc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/bdd2ba-a484-4b0d-ae9a-5d33e18a69a0/1/NEcY0TWgm7UkcGtCWcq8xiblFO8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:df:19:fe:2e:60:33:bc:65:fe:86:ad:b5:16:7d:2c:92:12:
         1e:93:29:8c:dd:12:fe:c1:e4:7f:63:24:d5:eb:e5:f9:b7:46:
         01:4e:41:7f:af:36:1c:bf:a4:eb:17:67:9a:41:e7:15:03:4c:
         2c:c4:c4:c6:5c:f3:9d:09:3d:55:3e:95:94:37:f4:93:01:41:
         db:90:a0:2d:bc:c4:7b:54:8e:51:14:c8:d8:2a:b2:7b:dc:ad:
         5c:58:71:53:59:35:9a:21:c3:12:a5:23:5f:b7:c1:2d:0d:36:
         52:d0:44:ce:39:7d:fb:9a:fd:d8:b6:ef:2f:1e:36:ba:47:5d:
         e5:36:cf:16:d4:55:6e:4a:b1:74:11:17:68:f8:fe:67:0e:79:
         52:47:80:f3:13:94:d0:22:8c:08:26:45:20:f8:f0:0c:97:f7:
         97:89:82:7f:41:1c:24:5b:53:cf:e1:f4:c3:f9:88:48:b2:ab:
         b5:b0:b9:70:44:dc:be:65:30:20:69:65:45:2a:1c:4c:47:a9:
         19:62:01:72:4f:dd:18:d5:cb:87:28:45:be:8b:e0:59:71:87:
         58:ef:da:d3:d2:b0:6a:de:ba:15:06:c4:a4:ad:63:d0:e4:1a:
         90:ce:d7:60:5e:9b:f6:00:65:ee:92:5b:2f:ab:48:5b:81:43:
         45:7e:b9:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2v6G6qvcn1116jxv8qWhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0NDcxOGQxMzVhMDliYjUyNDcwNmI0MjU5Y2FiY2M2MjZl
NTE0ZWYwHhcNMjQwMTAxMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDNkOGZmYzk4M2NjNDYwN2ZiMGZlNDY4YzlhNmQ5ZmNkNWVkYWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhMnMnoauFqehSunASQNt50qFYQMK
a0QMicjfsily4RnBUsHi2hFBy12frt7snnXanTzxIIXYOACox5Fz1070B/QFOnAz
aLhNWt1maHQafQFHiaHFtcMRm8AJNuqlk8/xTJi0NhenKOVZz8umpnUvnuIzTWck
hIljKUP6Z7uj7/0/O3QhUp8RHUbvqpa/evyDfBEtueNSSijaU+YKlykLG8UBxrUg
gatk23AgjGE38t3n81TZD9qIXhJSDayeMvRY5xShmk254LobYexlHsnR8rsPWEXE
sIb/vKbXaF1+93b+zqwvTbnKc/xTihTXoozszTdpnu3co39UvNF8VSEzswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKQ9j/yYPMRgf7D+RoyabZ/NXtr3MB8GA1UdIwQY
MBaAFDRHGNE1oJu1JHBrQlnKvMYm5RTvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkVjWTBUV2dtN1VrY0d0Q1djcTh4aWJsRk84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9iZGQyYmEtYTQ4NC00YjBkLWFlOWEt
NWQzM2UxOGE2OWEwLzEvcEQyUF9KZzh4R0Jfc1A1R2pKcHRuODFlMnZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9iZGQyYmEtYTQ4NC00YjBkLWFlOWEtNWQzM2UxOGE2OWEw
LzEvTkVjWTBUV2dtN1VrY0d0Q1djcTh4aWJsRk84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmidMA0G
CSqGSIb3DQEBCwUAA4IBAQAm3xn+LmAzvGX+hq21Fn0skhIekymM3RL+weR/YyTV
6+X5t0YBTkF/rzYcv6TrF2eaQecVA0wsxMTGXPOdCT1VPpWUN/STAUHbkKAtvMR7
VI5RFMjYKrJ73K1cWHFTWTWaIcMSpSNft8EtDTZS0ETOOX37mv3Ytu8vHja6R13l
Ns8W1FVuSrF0ERdo+P5nDnlSR4DzE5TQIowIJkUg+PAMl/eXiYJ/QRwkW1PP4fTD
+YhIsqu1sLlwRNy+ZTAgaWVFKhxMR6kZYgFyT90Y1cuHKEW+i+BZcYdY79rT0rBq
3roVBsSkrWPQ5BqQztdgXpv2AGXuklsvq0hbgUNFfrl4
-----END CERTIFICATE-----