Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/7aad9c-d657-45bd-b016-18b2fd4320f5/1/28St0on-J0hduJYqWHWbs0v0BwY.roa
File:                     28St0on-J0hduJYqWHWbs0v0BwY.roa (raw, json)
Hash identifier:          YiEmDySV9jbEaIPG3IZ7d1zI23PBN4yG+/4S9nDZE4o=
Subject key identifier:   DB:C4:AD:D2:89:FE:27:48:5D:B8:96:2A:58:75:9B:B3:4B:F4:07:06
Certificate issuer:       /CN=a8bbd4d9858ab5280700ef7e95c04160f3d2cb48
Certificate serial:       018ECD25115F41B79BD38276B29B2807569C
Authority key identifier: A8:BB:D4:D9:85:8A:B5:28:07:00:EF:7E:95:C0:41:60:F3:D2:CB:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qLvU2YWKtSgHAO9-lcBBYPPSy0g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/7aad9c-d657-45bd-b016-18b2fd4320f5/1/28St0on-J0hduJYqWHWbs0v0BwY.roa
Signing time:             Thu 11 Apr 2024 12:32:22 +0000
ROA not before:           Thu 11 Apr 2024 12:32:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42208
IP address blocks:        193.200.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/7aad9c-d657-45bd-b016-18b2fd4320f5/1/qLvU2YWKtSgHAO9-lcBBYPPSy0g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/7aad9c-d657-45bd-b016-18b2fd4320f5/1/qLvU2YWKtSgHAO9-lcBBYPPSy0g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qLvU2YWKtSgHAO9-lcBBYPPSy0g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:cd:25:11:5f:41:b7:9b:d3:82:76:b2:9b:28:07:56:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8bbd4d9858ab5280700ef7e95c04160f3d2cb48
        Validity
            Not Before: Apr 11 12:32:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbc4add289fe27485db8962a58759bb34bf40706
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:5d:82:e9:fd:64:5e:66:42:96:7c:02:e9:d0:
                    21:56:76:b5:c7:a3:16:d1:53:fa:75:7d:53:18:35:
                    f4:3d:ac:24:fe:25:4f:e5:ac:0f:f9:1d:4b:15:fd:
                    6c:2f:3f:56:58:de:ed:78:5e:f2:e5:1c:d6:07:f7:
                    35:57:2e:a9:67:a9:51:87:1d:0e:7f:26:ed:70:1a:
                    5d:fa:09:ab:fb:5f:ab:1b:da:21:b0:d3:73:0e:ea:
                    ad:db:2b:af:68:88:2e:c5:45:dc:19:7c:00:5d:74:
                    3a:71:b7:e3:c2:be:0f:d2:fe:46:fb:ec:08:17:03:
                    92:09:0f:c7:3f:f2:9a:a4:8e:20:06:19:3f:ac:bf:
                    15:cc:2b:52:d7:32:25:1a:fa:66:94:79:f1:45:df:
                    4d:09:78:a1:c6:21:ee:2f:67:8f:68:8e:11:27:34:
                    4d:18:e3:97:5b:2a:4b:05:a2:71:88:53:e6:86:51:
                    24:f7:4e:70:11:78:f2:2b:fa:71:d2:1b:51:31:7a:
                    06:d7:fc:6f:8f:03:75:31:07:8b:1c:16:fd:c6:2a:
                    3e:b9:c7:77:bf:88:64:e1:66:e5:dc:d6:13:19:3a:
                    4b:c6:3d:33:af:e4:8e:20:e6:e7:f9:cb:08:22:68:
                    91:1b:ac:c4:90:60:72:27:20:05:5c:02:03:0f:de:
                    e9:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:C4:AD:D2:89:FE:27:48:5D:B8:96:2A:58:75:9B:B3:4B:F4:07:06
            X509v3 Authority Key Identifier:
                keyid:A8:BB:D4:D9:85:8A:B5:28:07:00:EF:7E:95:C0:41:60:F3:D2:CB:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qLvU2YWKtSgHAO9-lcBBYPPSy0g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7aad9c-d657-45bd-b016-18b2fd4320f5/1/28St0on-J0hduJYqWHWbs0v0BwY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7aad9c-d657-45bd-b016-18b2fd4320f5/1/qLvU2YWKtSgHAO9-lcBBYPPSy0g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:ce:29:89:8c:54:38:c9:5a:7c:7d:3b:76:bf:0f:6b:82:47:
         17:43:74:16:3f:8b:61:bb:53:cd:f9:66:56:e2:d2:55:8d:8b:
         85:66:03:10:98:b4:e1:61:2e:f1:c8:8d:b7:99:85:99:55:17:
         03:4f:61:1b:6e:60:f6:62:c1:40:8d:3a:fe:5d:d9:3f:8f:6b:
         27:e7:24:cb:4d:47:ee:b6:6c:32:c2:ca:9f:7b:3f:0e:52:fa:
         81:5d:37:fd:b1:e7:da:11:48:08:cd:6b:21:00:2a:75:8f:de:
         2d:60:b7:67:eb:75:48:d9:ad:07:e2:e2:96:ea:82:97:95:97:
         cd:f8:ac:1c:1c:6a:ab:da:c3:4e:fb:3f:ab:99:4f:79:4d:41:
         2a:45:97:1d:64:e4:c9:74:3d:d3:37:2e:8c:06:c3:d5:53:5c:
         81:70:19:84:d4:66:be:38:d6:ba:d2:64:50:93:3f:28:d7:98:
         1e:b4:3a:6d:a3:97:c4:84:52:4e:29:66:36:a8:11:47:07:1a:
         27:dc:67:84:e7:4b:ff:e5:ef:65:1d:ba:5f:81:44:ba:4b:c0:
         e1:f3:68:12:1c:33:52:6a:49:c4:7a:68:98:9f:a1:0e:b4:63:
         74:6c:bd:1a:eb:b9:66:12:bf:4a:f9:d0:42:0c:50:30:91:90:
         96:22:39:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7NJRFfQbeb04J2spsoB1acMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4YmJkNGQ5ODU4YWI1MjgwNzAwZWY3ZTk1YzA0MTYwZjNk
MmNiNDgwHhcNMjQwNDExMTIzMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmM0YWRkMjg5ZmUyNzQ4NWRiODk2MmE1ODc1OWJiMzRiZjQwNzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi12C6f1kXmZClnwC6dAhVna1x6MW
0VP6dX1TGDX0Pawk/iVP5awP+R1LFf1sLz9WWN7teF7y5RzWB/c1Vy6pZ6lRhx0O
fybtcBpd+gmr+1+rG9ohsNNzDuqt2yuvaIguxUXcGXwAXXQ6cbfjwr4P0v5G++wI
FwOSCQ/HP/KapI4gBhk/rL8VzCtS1zIlGvpmlHnxRd9NCXihxiHuL2ePaI4RJzRN
GOOXWypLBaJxiFPmhlEk905wEXjyK/px0htRMXoG1/xvjwN1MQeLHBb9xio+ucd3
v4hk4Wbl3NYTGTpLxj0zr+SOIObn+csIImiRG6zEkGByJyAFXAIDD97p+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNvErdKJ/idIXbiWKlh1m7NL9AcGMB8GA1UdIwQY
MBaAFKi71NmFirUoBwDvfpXAQWDz0stIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUx2VTJZV0t0U2dIQU85LWxjQkJZUFBTeTBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83YWFkOWMtZDY1Ny00NWJkLWIwMTYt
MThiMmZkNDMyMGY1LzEvMjhTdDBvbi1KMGhkdUpZcVdIV2JzMHYwQndZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83YWFkOWMtZDY1Ny00NWJkLWIwMTYtMThiMmZkNDMyMGY1
LzEvcUx2VTJZV0t0U2dIQU85LWxjQkJZUFBTeTBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcgEMA0G
CSqGSIb3DQEBCwUAA4IBAQBGzimJjFQ4yVp8fTt2vw9rgkcXQ3QWP4thu1PN+WZW
4tJVjYuFZgMQmLThYS7xyI23mYWZVRcDT2EbbmD2YsFAjTr+Xdk/j2sn5yTLTUfu
tmwywsqfez8OUvqBXTf9sefaEUgIzWshACp1j94tYLdn63VI2a0H4uKW6oKXlZfN
+KwcHGqr2sNO+z+rmU95TUEqRZcdZOTJdD3TNy6MBsPVU1yBcBmE1Ga+ONa60mRQ
kz8o15getDpto5fEhFJOKWY2qBFHBxon3GeE50v/5e9lHbpfgUS6S8Dh82gSHDNS
aknEemiYn6EOtGN0bL0a67lmEr9K+dBCDFAwkZCWIjkz
-----END CERTIFICATE-----