Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/aa4c3d-f272-47f6-a9cf-84a233369386/1/OD0GsphEcFPPwK-cz6Brmw42tsI.roa
File:                     OD0GsphEcFPPwK-cz6Brmw42tsI.roa (raw, json)
Hash identifier:          l2CcKHnJss1og3INj27mi6ZVbsVwjaeATxoNViOL+R8=
Subject key identifier:   38:3D:06:B2:98:44:70:53:CF:C0:AF:9C:CF:A0:6B:9B:0E:36:B6:C2
Certificate issuer:       /CN=2fa8e657eeae0783da14a3da2ca74ddec15dd308
Certificate serial:       018CC26D3FE76AE7433B2C4A2E3921AC17F9
Authority key identifier: 2F:A8:E6:57:EE:AE:07:83:DA:14:A3:DA:2C:A7:4D:DE:C1:5D:D3:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L6jmV-6uB4PaFKPaLKdN3sFd0wg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/aa4c3d-f272-47f6-a9cf-84a233369386/1/OD0GsphEcFPPwK-cz6Brmw42tsI.roa
Signing time:             Mon 01 Jan 2024 00:29:48 +0000
ROA not before:           Mon 01 Jan 2024 00:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43425
IP address blocks:        194.50.179.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/aa4c3d-f272-47f6-a9cf-84a233369386/1/L6jmV-6uB4PaFKPaLKdN3sFd0wg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/aa4c3d-f272-47f6-a9cf-84a233369386/1/L6jmV-6uB4PaFKPaLKdN3sFd0wg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L6jmV-6uB4PaFKPaLKdN3sFd0wg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:3f:e7:6a:e7:43:3b:2c:4a:2e:39:21:ac:17:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fa8e657eeae0783da14a3da2ca74ddec15dd308
        Validity
            Not Before: Jan  1 00:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=383d06b298447053cfc0af9ccfa06b9b0e36b6c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ad:58:e0:56:88:f6:51:e8:71:ce:cd:32:fd:
                    47:73:c6:c6:9e:8e:ff:2d:f3:1c:4b:84:d1:ac:64:
                    af:cb:a4:62:d2:cb:50:d3:cf:ef:9b:f7:dd:54:99:
                    82:00:9c:f5:72:91:90:2e:9f:9d:ef:a2:53:6b:9a:
                    77:02:5d:56:a2:68:5d:7e:ce:c8:c3:d9:8e:4a:45:
                    0e:26:e5:b7:79:34:3c:7d:df:4d:cd:ca:1e:ea:a7:
                    60:49:d6:74:d3:95:55:12:25:49:45:fe:40:cf:0b:
                    e5:16:ab:97:94:10:a6:0f:98:b1:6e:91:93:99:f2:
                    ae:2e:46:5f:b9:dd:06:58:52:6c:58:14:61:44:33:
                    ae:d8:d2:68:35:56:71:dd:48:29:32:e8:f0:de:ba:
                    7e:87:aa:ed:e3:5d:c3:f9:3e:93:54:0a:f8:a9:15:
                    63:d1:e2:42:e5:6a:d1:31:cb:f2:1b:03:6f:84:d5:
                    03:e4:88:f4:89:18:0b:53:82:d8:af:4c:a4:18:e0:
                    a7:c5:99:92:80:7b:02:3b:e2:32:c7:62:95:69:3f:
                    e1:39:fc:df:fc:ae:98:77:d5:1a:f4:cb:5a:e0:c8:
                    f8:0a:9c:c2:11:50:5f:f0:e4:75:d8:63:dc:1a:4b:
                    b0:23:5f:cd:0c:96:46:42:43:c2:71:0f:b8:13:fd:
                    ce:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:3D:06:B2:98:44:70:53:CF:C0:AF:9C:CF:A0:6B:9B:0E:36:B6:C2
            X509v3 Authority Key Identifier:
                keyid:2F:A8:E6:57:EE:AE:07:83:DA:14:A3:DA:2C:A7:4D:DE:C1:5D:D3:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6jmV-6uB4PaFKPaLKdN3sFd0wg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/aa4c3d-f272-47f6-a9cf-84a233369386/1/OD0GsphEcFPPwK-cz6Brmw42tsI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/aa4c3d-f272-47f6-a9cf-84a233369386/1/L6jmV-6uB4PaFKPaLKdN3sFd0wg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:56:77:73:6f:cb:d0:32:a3:41:51:97:b2:55:f9:1b:70:03:
         e3:71:37:28:92:aa:35:73:1b:43:2f:73:c5:da:06:fb:36:04:
         54:60:96:08:50:56:ae:5e:47:d2:21:1e:58:dd:2f:13:d1:75:
         85:67:34:19:b8:61:10:22:86:8a:f5:00:70:64:28:f3:f4:2e:
         39:b0:8c:df:a0:d7:85:2e:8f:42:24:28:77:02:6e:d6:ac:1f:
         ff:63:28:8a:6b:4c:cd:20:fa:b9:90:94:e6:41:c1:62:38:e5:
         cb:6f:3c:3b:a9:4c:72:bf:a2:8d:13:18:23:13:0c:d2:d1:35:
         cb:7a:2e:2a:66:4b:e8:18:cd:fc:2a:4a:38:48:b1:32:40:16:
         ca:b7:eb:f8:19:d5:6c:a3:50:53:92:1f:e6:72:53:3b:de:ae:
         23:0d:0e:1e:12:3b:f9:ba:60:12:4a:17:d7:d3:a9:bf:72:c2:
         9f:e6:3a:63:b3:79:f0:e2:66:bd:ea:12:0c:bf:6b:ac:61:c7:
         db:78:d1:fa:20:10:fa:24:58:ba:72:57:b5:55:80:53:e7:4b:
         51:41:16:42:bf:e7:2f:67:d7:d2:6f:b8:b5:34:0a:5d:bf:24:
         1d:e6:d9:e7:48:6b:45:e2:3b:22:85:cc:ef:a5:91:22:7c:5e:
         04:54:b8:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbT/naudDOyxKLjkhrBf5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYThlNjU3ZWVhZTA3ODNkYTE0YTNkYTJjYTc0ZGRlYzE1
ZGQzMDgwHhcNMjQwMTAxMDAyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODNkMDZiMjk4NDQ3MDUzY2ZjMGFmOWNjZmEwNmI5YjBlMzZiNmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq61Y4FaI9lHocc7NMv1Hc8bGno7/
LfMcS4TRrGSvy6Ri0stQ08/vm/fdVJmCAJz1cpGQLp+d76JTa5p3Al1Womhdfs7I
w9mOSkUOJuW3eTQ8fd9Nzcoe6qdgSdZ005VVEiVJRf5AzwvlFquXlBCmD5ixbpGT
mfKuLkZfud0GWFJsWBRhRDOu2NJoNVZx3UgpMujw3rp+h6rt413D+T6TVAr4qRVj
0eJC5WrRMcvyGwNvhNUD5Ij0iRgLU4LYr0ykGOCnxZmSgHsCO+Iyx2KVaT/hOfzf
/K6Yd9Ua9Mta4Mj4CpzCEVBf8OR12GPcGkuwI1/NDJZGQkPCcQ+4E/3OAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDg9BrKYRHBTz8CvnM+ga5sONrbCMB8GA1UdIwQY
MBaAFC+o5lfurgeD2hSj2iynTd7BXdMIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZqbVYtNnVCNFBhRktQYUxLZE4zc0ZkMHdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9hYTRjM2QtZjI3Mi00N2Y2LWE5Y2Yt
ODRhMjMzMzY5Mzg2LzEvT0QwR3NwaEVjRlBQd0stY3o2QnJtdzQydHNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9hYTRjM2QtZjI3Mi00N2Y2LWE5Y2YtODRhMjMzMzY5Mzg2
LzEvTDZqbVYtNnVCNFBhRktQYUxLZE4zc0ZkMHdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjKzMA0G
CSqGSIb3DQEBCwUAA4IBAQCRVndzb8vQMqNBUZeyVfkbcAPjcTcokqo1cxtDL3PF
2gb7NgRUYJYIUFauXkfSIR5Y3S8T0XWFZzQZuGEQIoaK9QBwZCjz9C45sIzfoNeF
Lo9CJCh3Am7WrB//YyiKa0zNIPq5kJTmQcFiOOXLbzw7qUxyv6KNExgjEwzS0TXL
ei4qZkvoGM38Kko4SLEyQBbKt+v4GdVso1BTkh/mclM73q4jDQ4eEjv5umASShfX
06m/csKf5jpjs3nw4ma96hIMv2usYcfbeNH6IBD6JFi6cle1VYBT50tRQRZCv+cv
Z9fSb7i1NApdvyQd5tnnSGtF4jsihczvpZEifF4EVLhB
-----END CERTIFICATE-----