Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/474016-6bf2-40b2-9ba7-27ce85ef7477/1/oedHwDE35v0OT84p2Bce3tv1weo.roa
File:                     oedHwDE35v0OT84p2Bce3tv1weo.roa (raw, json)
Hash identifier:          Fji58eF1Fzp6y43g5g5t6JxWFKhIpkVF5aUYDbQKBtM=
Subject key identifier:   A1:E7:47:C0:31:37:E6:FD:0E:4F:CE:29:D8:17:1E:DE:DB:F5:C1:EA
Certificate issuer:       /CN=2186c46e3b1826b782d23e6304e50f1301494fc7
Certificate serial:       018CC794C766EC4023904A50618EB6EA8210
Authority key identifier: 21:86:C4:6E:3B:18:26:B7:82:D2:3E:63:04:E5:0F:13:01:49:4F:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYbEbjsYJreC0j5jBOUPEwFJT8c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/474016-6bf2-40b2-9ba7-27ce85ef7477/1/oedHwDE35v0OT84p2Bce3tv1weo.roa
Signing time:             Tue 02 Jan 2024 00:31:05 +0000
ROA not before:           Tue 02 Jan 2024 00:31:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211448
IP address blocks:        193.30.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/474016-6bf2-40b2-9ba7-27ce85ef7477/1/IYbEbjsYJreC0j5jBOUPEwFJT8c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/474016-6bf2-40b2-9ba7-27ce85ef7477/1/IYbEbjsYJreC0j5jBOUPEwFJT8c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYbEbjsYJreC0j5jBOUPEwFJT8c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:c7:66:ec:40:23:90:4a:50:61:8e:b6:ea:82:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2186c46e3b1826b782d23e6304e50f1301494fc7
        Validity
            Not Before: Jan  2 00:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1e747c03137e6fd0e4fce29d8171ededbf5c1ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:88:39:18:66:8b:0e:06:9e:65:17:44:13:65:
                    2a:ed:8d:83:b8:b1:39:c9:e9:1c:ed:97:30:e1:82:
                    fa:54:2e:af:d1:37:e9:e1:e2:b7:1a:5f:c9:36:53:
                    24:d5:00:ea:96:19:d5:a8:b6:47:47:97:8d:e6:56:
                    47:43:f5:c7:c2:d2:32:79:69:2f:d0:55:4c:26:68:
                    28:0d:0a:e6:5b:1c:81:fe:92:e0:a4:1a:6f:55:51:
                    09:79:f2:25:e3:50:bc:90:f0:b9:fa:e9:7a:6c:1f:
                    ba:89:c9:b9:cc:96:6b:c7:20:31:59:c6:d0:c0:c2:
                    16:ba:48:7a:47:3c:d9:b0:c5:a1:4a:d5:20:fd:a1:
                    20:09:11:51:fc:35:e6:71:9f:85:ff:b2:d6:a4:84:
                    93:a0:2b:1c:09:a4:f0:c9:57:45:f5:10:fa:9f:d1:
                    6d:f1:56:fc:07:4f:73:25:f2:93:f0:6c:59:0f:44:
                    b5:86:7b:31:11:80:14:dc:4a:16:85:a1:25:9f:ee:
                    30:f4:09:9a:49:23:22:0f:7d:4c:ae:fe:a4:cf:18:
                    b4:cf:9b:98:6b:e8:d8:91:0c:f6:63:25:19:1c:97:
                    26:66:c4:f7:ee:91:65:e5:11:ef:c5:94:61:90:46:
                    8b:07:2c:d8:57:0b:7d:fb:82:6e:df:1b:44:3a:d0:
                    dc:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:E7:47:C0:31:37:E6:FD:0E:4F:CE:29:D8:17:1E:DE:DB:F5:C1:EA
            X509v3 Authority Key Identifier:
                keyid:21:86:C4:6E:3B:18:26:B7:82:D2:3E:63:04:E5:0F:13:01:49:4F:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYbEbjsYJreC0j5jBOUPEwFJT8c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/474016-6bf2-40b2-9ba7-27ce85ef7477/1/oedHwDE35v0OT84p2Bce3tv1weo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/474016-6bf2-40b2-9ba7-27ce85ef7477/1/IYbEbjsYJreC0j5jBOUPEwFJT8c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:d1:87:e4:db:31:cc:19:6d:47:60:ab:b1:1c:b3:b6:f1:60:
         2d:b5:3b:5b:5f:d2:1f:90:76:8a:35:94:cf:86:ea:a3:7e:a6:
         b1:17:5e:d9:76:da:65:61:4b:e0:8a:9f:43:ef:c5:0c:77:fc:
         cc:02:af:ed:4e:48:df:4e:5e:a7:c2:b6:09:e0:9b:31:22:25:
         89:39:1b:a0:5d:0c:6d:9f:b0:c1:fc:f7:f8:85:9a:87:20:c7:
         e2:22:8f:6d:40:82:0e:cc:93:31:c6:fc:a7:5d:66:20:ac:1c:
         04:31:e7:e6:23:10:71:49:42:10:eb:b8:b9:1f:f5:52:3b:94:
         63:4f:f1:7b:38:84:a0:15:5a:21:d6:a1:1f:67:0f:cf:f9:35:
         41:88:52:e6:d6:9b:3d:f1:4c:fe:b7:fc:8b:e2:80:e7:b1:6a:
         84:e0:da:86:be:9f:61:85:10:d4:4f:e0:7e:69:05:56:e6:64:
         4a:19:42:a5:35:94:89:d4:26:ce:1b:c0:9a:39:c6:97:d4:d8:
         7a:8c:99:34:08:96:a4:49:2b:ff:38:4c:f7:3d:fb:99:da:07:
         ad:dd:71:de:db:1a:60:c5:98:a4:38:00:9e:90:8e:ab:21:e9:
         db:ed:5a:af:a1:6d:cd:a8:ab:be:d8:9f:0d:db:6f:10:93:1e:
         d4:60:a2:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlMdm7EAjkEpQYY626oIQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxODZjNDZlM2IxODI2Yjc4MmQyM2U2MzA0ZTUwZjEzMDE0
OTRmYzcwHhcNMjQwMTAyMDAzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWU3NDdjMDMxMzdlNmZkMGU0ZmNlMjlkODE3MWVkZWRiZjVjMWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn4g5GGaLDgaeZRdEE2Uq7Y2DuLE5
yekc7Zcw4YL6VC6v0Tfp4eK3Gl/JNlMk1QDqlhnVqLZHR5eN5lZHQ/XHwtIyeWkv
0FVMJmgoDQrmWxyB/pLgpBpvVVEJefIl41C8kPC5+ul6bB+6icm5zJZrxyAxWcbQ
wMIWukh6RzzZsMWhStUg/aEgCRFR/DXmcZ+F/7LWpISToCscCaTwyVdF9RD6n9Ft
8Vb8B09zJfKT8GxZD0S1hnsxEYAU3EoWhaEln+4w9AmaSSMiD31Mrv6kzxi0z5uY
a+jYkQz2YyUZHJcmZsT37pFl5RHvxZRhkEaLByzYVwt9+4Ju3xtEOtDc9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKHnR8AxN+b9Dk/OKdgXHt7b9cHqMB8GA1UdIwQY
MBaAFCGGxG47GCa3gtI+YwTlDxMBSU/HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVliRWJqc1lKcmVDMGo1akJPVVBFd0ZKVDhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS80NzQwMTYtNmJmMi00MGIyLTliYTct
MjdjZTg1ZWY3NDc3LzEvb2VkSHdERTM1djBPVDg0cDJCY2UzdHYxd2VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS80NzQwMTYtNmJmMi00MGIyLTliYTctMjdjZTg1ZWY3NDc3
LzEvSVliRWJqc1lKcmVDMGo1akJPVVBFd0ZKVDhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR5/MA0G
CSqGSIb3DQEBCwUAA4IBAQCP0Yfk2zHMGW1HYKuxHLO28WAttTtbX9IfkHaKNZTP
huqjfqaxF17ZdtplYUvgip9D78UMd/zMAq/tTkjfTl6nwrYJ4JsxIiWJORugXQxt
n7DB/Pf4hZqHIMfiIo9tQIIOzJMxxvynXWYgrBwEMefmIxBxSUIQ67i5H/VSO5Rj
T/F7OISgFVoh1qEfZw/P+TVBiFLm1ps98Uz+t/yL4oDnsWqE4NqGvp9hhRDUT+B+
aQVW5mRKGUKlNZSJ1CbOG8CaOcaX1Nh6jJk0CJakSSv/OEz3PfuZ2get3XHe2xpg
xZikOACekI6rIenb7VqvoW3NqKu+2J8N228Qkx7UYKLB
-----END CERTIFICATE-----