Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/3e0935-6a95-47a4-ad4c-3542f99be63b/1/DTq0SundLMcslF2PS6MWfq0s-jk.roa
File:                     DTq0SundLMcslF2PS6MWfq0s-jk.roa (raw, json)
Hash identifier:          jykLdwOwE2HDL7JleeCSO13uEcZahaYmTmDjqPH4Weo=
Subject key identifier:   0D:3A:B4:4A:E9:DD:2C:C7:2C:94:5D:8F:4B:A3:16:7E:AD:2C:FA:39
Certificate issuer:       /CN=ee6f421c253096280347dc2e92ca10cc398c134f
Certificate serial:       018CCA29CA8451ED4AEBF972B30A551A6142
Authority key identifier: EE:6F:42:1C:25:30:96:28:03:47:DC:2E:92:CA:10:CC:39:8C:13:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7m9CHCUwligDR9wuksoQzDmME08.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/3e0935-6a95-47a4-ad4c-3542f99be63b/1/DTq0SundLMcslF2PS6MWfq0s-jk.roa
Signing time:             Tue 02 Jan 2024 12:33:05 +0000
ROA not before:           Tue 02 Jan 2024 12:33:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21334
IP address blocks:        195.230.106.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/3e0935-6a95-47a4-ad4c-3542f99be63b/1/7m9CHCUwligDR9wuksoQzDmME08.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/3e0935-6a95-47a4-ad4c-3542f99be63b/1/7m9CHCUwligDR9wuksoQzDmME08.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7m9CHCUwligDR9wuksoQzDmME08.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:ca:84:51:ed:4a:eb:f9:72:b3:0a:55:1a:61:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee6f421c253096280347dc2e92ca10cc398c134f
        Validity
            Not Before: Jan  2 12:33:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d3ab44ae9dd2cc72c945d8f4ba3167ead2cfa39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:83:0c:14:1b:50:5c:11:06:29:e9:9f:30:99:
                    41:e5:65:80:34:3d:1e:0e:d6:dd:ba:d2:44:f0:c5:
                    30:7c:a1:0e:dd:84:6e:3d:af:93:6c:df:2f:4d:aa:
                    09:aa:7f:11:69:37:fe:fd:44:17:81:94:9b:b3:6f:
                    13:db:70:5c:d5:81:2a:db:57:8e:f6:78:70:65:cb:
                    52:c3:a8:9f:0c:53:9f:ae:52:f9:cb:12:ff:7d:77:
                    f8:d8:1b:f1:fd:bb:c0:c1:b9:6a:13:38:b0:1f:f8:
                    0e:41:29:2d:f5:0d:56:55:8b:98:5b:09:6b:59:78:
                    f7:91:f7:a7:85:56:94:bb:d7:2c:23:d6:35:e1:a0:
                    12:40:de:7c:3d:64:84:d3:b7:25:01:a8:99:ae:9b:
                    59:3f:8f:9b:91:ac:c0:98:cf:c8:bd:78:13:d3:e8:
                    c2:a6:cc:5d:66:fb:81:29:f3:de:b2:90:c0:d3:6b:
                    40:5f:0f:54:03:b2:d5:62:7d:47:2e:8f:51:06:06:
                    b4:92:81:5e:24:81:25:6d:c4:d7:1e:f9:29:7a:d0:
                    48:77:e6:af:14:25:7f:35:ca:b3:86:dc:49:c0:52:
                    c5:86:50:8b:29:02:12:73:3a:24:a9:0c:a8:68:50:
                    fc:d2:3a:0a:11:01:d8:31:5d:52:1d:3b:9a:db:51:
                    dc:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:3A:B4:4A:E9:DD:2C:C7:2C:94:5D:8F:4B:A3:16:7E:AD:2C:FA:39
            X509v3 Authority Key Identifier:
                keyid:EE:6F:42:1C:25:30:96:28:03:47:DC:2E:92:CA:10:CC:39:8C:13:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7m9CHCUwligDR9wuksoQzDmME08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/3e0935-6a95-47a4-ad4c-3542f99be63b/1/DTq0SundLMcslF2PS6MWfq0s-jk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/3e0935-6a95-47a4-ad4c-3542f99be63b/1/7m9CHCUwligDR9wuksoQzDmME08.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.230.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:d0:d4:ee:c7:fd:16:02:bf:9f:05:70:a1:3d:a3:53:d6:bd:
         34:e8:50:a8:1d:88:35:7d:c2:43:ac:13:76:70:1f:93:7b:0b:
         5d:34:f6:61:71:84:72:96:85:18:c1:cb:12:37:43:cb:a3:ed:
         5a:07:9f:9b:30:e2:ad:d5:a5:ba:17:a7:2c:0a:62:94:f2:58:
         d7:d0:c4:25:ae:7b:db:c4:76:4a:39:20:12:a7:f9:42:c7:48:
         2a:76:a9:27:d6:c5:c4:9a:de:b0:2e:2c:52:c3:14:9b:68:2c:
         40:73:20:cf:a3:29:6f:82:b7:b8:e7:27:86:43:c3:90:8c:04:
         a2:75:15:3b:de:3b:09:c6:ae:80:48:f3:e6:31:a7:21:dc:70:
         a8:ad:18:8f:15:45:43:bc:7a:c7:d9:a7:8d:88:17:c2:52:21:
         4f:e5:f8:ff:55:60:fa:61:96:d5:02:1c:d4:d4:35:d7:ed:82:
         7b:23:49:93:37:7a:41:c5:5e:9b:d2:4c:b1:53:47:6b:ba:85:
         90:84:82:7c:c1:83:26:47:d6:ea:ac:df:a0:0d:e6:e2:14:10:
         5b:71:2f:0b:93:f6:c0:ef:85:38:a9:74:3d:f8:55:d8:91:1c:
         5b:65:91:ab:cf:0a:45:b0:70:76:f1:41:1d:61:74:05:06:98:
         c2:e5:fc:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKcqEUe1K6/lyswpVGmFCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlNmY0MjFjMjUzMDk2MjgwMzQ3ZGMyZTkyY2ExMGNjMzk4
YzEzNGYwHhcNMjQwMTAyMTIzMzA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDNhYjQ0YWU5ZGQyY2M3MmM5NDVkOGY0YmEzMTY3ZWFkMmNmYTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+4MMFBtQXBEGKemfMJlB5WWAND0e
DtbdutJE8MUwfKEO3YRuPa+TbN8vTaoJqn8RaTf+/UQXgZSbs28T23Bc1YEq21eO
9nhwZctSw6ifDFOfrlL5yxL/fXf42Bvx/bvAwblqEziwH/gOQSkt9Q1WVYuYWwlr
WXj3kfenhVaUu9csI9Y14aASQN58PWSE07clAaiZrptZP4+bkazAmM/IvXgT0+jC
psxdZvuBKfPespDA02tAXw9UA7LVYn1HLo9RBga0koFeJIElbcTXHvkpetBId+av
FCV/NcqzhtxJwFLFhlCLKQISczokqQyoaFD80joKEQHYMV1SHTua21HcpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA06tErp3SzHLJRdj0ujFn6tLPo5MB8GA1UdIwQY
MBaAFO5vQhwlMJYoA0fcLpLKEMw5jBNPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN205Q0hDVXdsaWdEUjl3dWtzb1F6RG1NRTA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zZTA5MzUtNmE5NS00N2E0LWFkNGMt
MzU0MmY5OWJlNjNiLzEvRFRxMFN1bmRMTWNzbEYyUFM2TVdmcTBzLWprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zZTA5MzUtNmE5NS00N2E0LWFkNGMtMzU0MmY5OWJlNjNi
LzEvN205Q0hDVXdsaWdEUjl3dWtzb1F6RG1NRTA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+ZqMA0G
CSqGSIb3DQEBCwUAA4IBAQAQ0NTux/0WAr+fBXChPaNT1r006FCoHYg1fcJDrBN2
cB+TewtdNPZhcYRyloUYwcsSN0PLo+1aB5+bMOKt1aW6F6csCmKU8ljX0MQlrnvb
xHZKOSASp/lCx0gqdqkn1sXEmt6wLixSwxSbaCxAcyDPoylvgre45yeGQ8OQjASi
dRU73jsJxq6ASPPmMach3HCorRiPFUVDvHrH2aeNiBfCUiFP5fj/VWD6YZbVAhzU
1DXX7YJ7I0mTN3pBxV6b0kyxU0druoWQhIJ8wYMmR9bqrN+gDebiFBBbcS8Lk/bA
74U4qXQ9+FXYkRxbZZGrzwpFsHB28UEdYXQFBpjC5fxT
-----END CERTIFICATE-----