Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/c61e40-ac09-4756-94ef-93c6457caf33/1/CvntyOVXUKEBl1Zu80dW2Uftzh8.roa
File:                     CvntyOVXUKEBl1Zu80dW2Uftzh8.roa (raw, json)
Hash identifier:          +NRqjnF17ajEiN9nb35QjfECkmSKcqC+ualzDKHWW+I=
Subject key identifier:   0A:F9:ED:C8:E5:57:50:A1:01:97:56:6E:F3:47:56:D9:47:ED:CE:1F
Certificate issuer:       /CN=dc76d2f43ec17dfc805cdb05f000a157989ed448
Certificate serial:       018CC94BE8FD6E53DC3160CEEC32CDCAAEB8
Authority key identifier: DC:76:D2:F4:3E:C1:7D:FC:80:5C:DB:05:F0:00:A1:57:98:9E:D4:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3HbS9D7BffyAXNsF8AChV5ie1Eg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/c61e40-ac09-4756-94ef-93c6457caf33/1/CvntyOVXUKEBl1Zu80dW2Uftzh8.roa
Signing time:             Tue 02 Jan 2024 08:30:44 +0000
ROA not before:           Tue 02 Jan 2024 08:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41038
IP address blocks:        194.30.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/c61e40-ac09-4756-94ef-93c6457caf33/1/3HbS9D7BffyAXNsF8AChV5ie1Eg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/c61e40-ac09-4756-94ef-93c6457caf33/1/3HbS9D7BffyAXNsF8AChV5ie1Eg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3HbS9D7BffyAXNsF8AChV5ie1Eg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4b:e8:fd:6e:53:dc:31:60:ce:ec:32:cd:ca:ae:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc76d2f43ec17dfc805cdb05f000a157989ed448
        Validity
            Not Before: Jan  2 08:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0af9edc8e55750a10197566ef34756d947edce1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:41:4b:0e:c0:2b:cd:f3:41:14:de:c9:54:5d:
                    a3:66:8d:fa:81:48:12:36:d4:7b:5e:a1:eb:4e:9c:
                    1b:9a:fd:e6:8c:5d:7b:5a:0b:4d:63:4b:dd:f3:5b:
                    b7:c6:64:a7:59:68:8b:5e:67:8b:26:32:64:0b:4c:
                    6d:fc:15:cc:1e:e6:f5:8c:05:ac:5a:58:9f:84:41:
                    14:10:a8:3c:44:08:00:e0:c3:78:8b:bf:25:62:ec:
                    89:66:6c:b9:fa:69:9f:30:44:09:3e:d6:77:42:d7:
                    ab:81:45:95:83:1b:9c:5d:53:b8:a6:78:90:12:2a:
                    71:f9:b7:68:98:43:b7:49:db:df:77:d1:99:51:f3:
                    35:1d:3e:e2:80:27:34:e6:9c:05:48:ac:be:ab:ca:
                    48:0a:ac:1b:a5:e4:8b:d3:a3:91:ae:68:b3:8c:c4:
                    87:bf:42:27:91:58:89:87:a9:48:6e:fb:37:bf:55:
                    5d:38:3e:f3:ef:81:1e:9c:66:58:d2:dc:a6:f0:a2:
                    77:cd:f3:33:fb:de:f2:31:44:5f:11:3d:4f:ce:ad:
                    8d:5c:ba:aa:d4:f7:e1:30:dd:e0:b9:83:6a:17:a6:
                    ff:77:9d:f1:01:f9:af:e5:4d:71:3f:e0:ef:81:42:
                    8c:91:53:50:16:e3:72:6d:df:63:6f:ef:c1:60:d9:
                    75:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:F9:ED:C8:E5:57:50:A1:01:97:56:6E:F3:47:56:D9:47:ED:CE:1F
            X509v3 Authority Key Identifier:
                keyid:DC:76:D2:F4:3E:C1:7D:FC:80:5C:DB:05:F0:00:A1:57:98:9E:D4:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3HbS9D7BffyAXNsF8AChV5ie1Eg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/c61e40-ac09-4756-94ef-93c6457caf33/1/CvntyOVXUKEBl1Zu80dW2Uftzh8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/c61e40-ac09-4756-94ef-93c6457caf33/1/3HbS9D7BffyAXNsF8AChV5ie1Eg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.30.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:15:7d:52:f4:f8:c3:ce:75:c0:8b:58:93:cb:34:6d:19:13:
         0f:9e:36:ec:fc:85:f8:ba:72:0f:01:bd:3e:dd:ae:ed:24:1b:
         e0:46:7c:6d:f7:60:fe:f0:a4:d2:bc:ba:f1:de:cb:d4:e8:8e:
         10:91:b5:2b:32:73:0f:31:e9:ac:8a:2b:89:c2:22:f8:e5:2c:
         02:2d:07:f5:df:27:62:45:40:12:24:e6:94:fd:d7:d9:92:c7:
         4b:50:fc:b6:23:f7:33:ec:2b:2c:b9:26:ee:c0:21:2c:c2:99:
         a6:bf:09:57:73:ea:77:ad:9d:69:db:8d:34:9e:47:5e:57:9d:
         10:37:21:1e:69:55:c3:7d:a1:27:de:2c:45:ac:2a:9e:bf:cd:
         23:52:7f:aa:5c:7a:ed:d3:6d:bc:f3:9e:40:82:56:9e:1a:9b:
         8c:05:0a:44:b2:2c:ce:f1:25:0d:8c:c5:5b:53:d4:95:a9:8c:
         1a:dd:28:b9:d2:f4:2d:9e:e7:cf:5e:e8:73:22:ba:03:a6:c5:
         c0:b4:45:6f:94:05:17:8c:d0:ff:60:5f:dc:af:44:b9:13:84:
         75:44:20:55:84:95:fa:09:d7:f0:f9:e0:af:42:4b:d4:40:91:
         9d:39:8b:1a:40:3c:4e:fa:7e:53:5b:ab:ca:73:40:ae:a2:5c:
         44:4c:50:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJS+j9blPcMWDO7DLNyq64MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNzZkMmY0M2VjMTdkZmM4MDVjZGIwNWYwMDBhMTU3OTg5
ZWQ0NDgwHhcNMjQwMTAyMDgzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWY5ZWRjOGU1NTc1MGExMDE5NzU2NmVmMzQ3NTZkOTQ3ZWRjZTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoEFLDsArzfNBFN7JVF2jZo36gUgS
NtR7XqHrTpwbmv3mjF17WgtNY0vd81u3xmSnWWiLXmeLJjJkC0xt/BXMHub1jAWs
WlifhEEUEKg8RAgA4MN4i78lYuyJZmy5+mmfMEQJPtZ3QtergUWVgxucXVO4pniQ
Eipx+bdomEO3Sdvfd9GZUfM1HT7igCc05pwFSKy+q8pICqwbpeSL06ORrmizjMSH
v0InkViJh6lIbvs3v1VdOD7z74EenGZY0tym8KJ3zfMz+97yMURfET1Pzq2NXLqq
1PfhMN3guYNqF6b/d53xAfmv5U1xP+DvgUKMkVNQFuNybd9jb+/BYNl1uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAr57cjlV1ChAZdWbvNHVtlH7c4fMB8GA1UdIwQY
MBaAFNx20vQ+wX38gFzbBfAAoVeYntRIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0hiUzlEN0JmZnlBWE5zRjhBQ2hWNWllMUVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9jNjFlNDAtYWMwOS00NzU2LTk0ZWYt
OTNjNjQ1N2NhZjMzLzEvQ3ZudHlPVlhVS0VCbDFadTgwZFcyVWZ0emg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9jNjFlNDAtYWMwOS00NzU2LTk0ZWYtOTNjNjQ1N2NhZjMz
LzEvM0hiUzlEN0JmZnlBWE5zRjhBQ2hWNWllMUVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwh62MA0G
CSqGSIb3DQEBCwUAA4IBAQBkFX1S9PjDznXAi1iTyzRtGRMPnjbs/IX4unIPAb0+
3a7tJBvgRnxt92D+8KTSvLrx3svU6I4QkbUrMnMPMemsiiuJwiL45SwCLQf13ydi
RUASJOaU/dfZksdLUPy2I/cz7CssuSbuwCEswpmmvwlXc+p3rZ1p2400nkdeV50Q
NyEeaVXDfaEn3ixFrCqev80jUn+qXHrt0228855AglaeGpuMBQpEsizO8SUNjMVb
U9SVqYwa3Si50vQtnufPXuhzIroDpsXAtEVvlAUXjND/YF/cr0S5E4R1RCBVhJX6
Cdfw+eCvQkvUQJGdOYsaQDxO+n5TW6vKc0CuolxETFAd
-----END CERTIFICATE-----