Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/dc5a62-064b-45b0-b89d-c01f80a1c805/1/brMKD2kQ_k3I889RG9UmNawYygw.roa
File:                     brMKD2kQ_k3I889RG9UmNawYygw.roa (raw, json)
Hash identifier:          A2ldBKtNe9zhvZh/YVVPD65ScvDYSQmBf6K53XBEbRU=
Subject key identifier:   6E:B3:0A:0F:69:10:FE:4D:C8:F3:CF:51:1B:D5:26:35:AC:18:CA:0C
Certificate issuer:       /CN=0e0f4872ad1c1f4fcb213b6b2edb388a2d9c9a23
Certificate serial:       018CC3B705FECF9356CD8279D24BF0E31506
Authority key identifier: 0E:0F:48:72:AD:1C:1F:4F:CB:21:3B:6B:2E:DB:38:8A:2D:9C:9A:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dg9Icq0cH0_LITtrLts4ii2cmiM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/dc5a62-064b-45b0-b89d-c01f80a1c805/1/brMKD2kQ_k3I889RG9UmNawYygw.roa
Signing time:             Mon 01 Jan 2024 06:30:00 +0000
ROA not before:           Mon 01 Jan 2024 06:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35128
IP address blocks:        194.152.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/dc5a62-064b-45b0-b89d-c01f80a1c805/1/Dg9Icq0cH0_LITtrLts4ii2cmiM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/dc5a62-064b-45b0-b89d-c01f80a1c805/1/Dg9Icq0cH0_LITtrLts4ii2cmiM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Dg9Icq0cH0_LITtrLts4ii2cmiM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 20:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:05:fe:cf:93:56:cd:82:79:d2:4b:f0:e3:15:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e0f4872ad1c1f4fcb213b6b2edb388a2d9c9a23
        Validity
            Not Before: Jan  1 06:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6eb30a0f6910fe4dc8f3cf511bd52635ac18ca0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:80:e7:5d:82:1c:cb:43:d7:77:25:63:89:f9:
                    53:c0:2b:3a:48:de:fa:3c:c6:a3:03:d3:67:2e:c9:
                    a5:89:13:4c:28:75:e7:73:d6:6e:af:a1:33:7f:ab:
                    6e:f7:64:43:a6:4a:aa:fd:4b:05:5a:da:fe:96:49:
                    5e:85:c7:91:75:a6:5a:66:f1:96:8b:7b:98:5c:75:
                    90:c7:4c:04:de:f0:b2:1d:95:18:38:f8:31:50:18:
                    18:5e:8f:87:e6:03:13:0c:e9:c3:f6:d4:f4:0b:3f:
                    46:db:c3:97:58:7e:a7:b8:e2:7f:34:a8:ab:68:e6:
                    f7:bd:a2:e6:b9:9d:ff:d7:4d:c2:62:83:22:c9:89:
                    13:97:b0:e4:28:47:ce:5a:02:29:41:39:2f:98:fe:
                    b4:68:bb:ec:a8:86:3a:f1:6a:88:d6:c5:07:2f:6c:
                    ee:36:14:19:f1:10:15:25:76:31:54:87:2f:b5:e1:
                    31:89:35:ea:99:dd:41:53:b8:ec:4e:c3:2c:eb:c4:
                    89:3f:d9:93:98:d0:28:c1:8e:9b:ae:6e:83:de:29:
                    d5:ab:34:10:c9:b0:c0:ea:dc:1b:8c:e5:16:1e:0e:
                    92:0d:34:60:0b:a8:2b:27:94:65:33:ec:f5:49:52:
                    17:2e:43:67:49:a8:20:f5:3a:0d:d8:bd:f5:6f:ab:
                    98:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:B3:0A:0F:69:10:FE:4D:C8:F3:CF:51:1B:D5:26:35:AC:18:CA:0C
            X509v3 Authority Key Identifier:
                keyid:0E:0F:48:72:AD:1C:1F:4F:CB:21:3B:6B:2E:DB:38:8A:2D:9C:9A:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dg9Icq0cH0_LITtrLts4ii2cmiM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/dc5a62-064b-45b0-b89d-c01f80a1c805/1/brMKD2kQ_k3I889RG9UmNawYygw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/dc5a62-064b-45b0-b89d-c01f80a1c805/1/Dg9Icq0cH0_LITtrLts4ii2cmiM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.152.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:91:cd:3b:da:f7:3b:1f:ed:3b:dc:bd:69:f1:b0:7a:c5:de:
         e2:d9:a1:0c:de:26:cb:f6:24:54:59:a0:7e:b3:b2:46:55:f5:
         03:30:98:5c:b5:1e:06:2d:ab:a6:a3:35:d1:07:4c:3e:e4:c7:
         18:d5:29:48:04:2a:e6:c3:81:77:36:8e:f9:69:09:32:ed:72:
         f7:0e:b1:67:e2:82:a0:ed:c2:ab:94:df:d4:d0:0d:2a:b5:ac:
         91:d3:57:85:c4:eb:fc:2c:f9:5a:97:31:3a:d3:99:91:b4:f6:
         31:5a:51:0b:19:e0:ee:41:ff:90:05:f2:da:38:d4:9c:b5:db:
         d3:e6:b3:fb:1f:0d:61:55:57:47:aa:5b:36:58:33:c3:f6:b6:
         54:7c:74:5b:6f:36:b7:53:7b:33:2e:4b:7e:3d:ec:44:76:60:
         ea:e9:3f:cd:cf:23:f8:3b:79:28:50:d2:bb:ae:1a:3b:91:6c:
         89:c9:27:cd:3e:2f:88:2f:67:3d:a0:35:ae:54:39:7b:1a:53:
         02:95:20:fa:96:8c:67:7e:d6:92:a9:8d:88:fd:7b:0e:6b:bc:
         70:c3:af:8f:44:07:f8:00:b5:f8:82:a4:f0:5f:aa:9c:f2:18:
         9f:ba:68:9f:b8:cf:0c:18:62:d2:e6:75:5b:47:98:c9:c1:ff:
         14:65:fc:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtwX+z5NWzYJ50kvw4xUGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMGY0ODcyYWQxYzFmNGZjYjIxM2I2YjJlZGIzODhhMmQ5
YzlhMjMwHhcNMjQwMTAxMDYzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWIzMGEwZjY5MTBmZTRkYzhmM2NmNTExYmQ1MjYzNWFjMThjYTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAioDnXYIcy0PXdyVjiflTwCs6SN76
PMajA9NnLsmliRNMKHXnc9Zur6Ezf6tu92RDpkqq/UsFWtr+lklehceRdaZaZvGW
i3uYXHWQx0wE3vCyHZUYOPgxUBgYXo+H5gMTDOnD9tT0Cz9G28OXWH6nuOJ/NKir
aOb3vaLmuZ3/103CYoMiyYkTl7DkKEfOWgIpQTkvmP60aLvsqIY68WqI1sUHL2zu
NhQZ8RAVJXYxVIcvteExiTXqmd1BU7jsTsMs68SJP9mTmNAowY6brm6D3inVqzQQ
ybDA6twbjOUWHg6SDTRgC6grJ5RlM+z1SVIXLkNnSagg9ToN2L31b6uYqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG6zCg9pEP5NyPPPURvVJjWsGMoMMB8GA1UdIwQY
MBaAFA4PSHKtHB9PyyE7ay7bOIotnJojMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGc5SWNxMGNIMF9MSVR0ckx0czRpaTJjbWlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9kYzVhNjItMDY0Yi00NWIwLWI4OWQt
YzAxZjgwYTFjODA1LzEvYnJNS0Qya1FfazNJODg5Ukc5VW1OYXdZeWd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9kYzVhNjItMDY0Yi00NWIwLWI4OWQtYzAxZjgwYTFjODA1
LzEvRGc5SWNxMGNIMF9MSVR0ckx0czRpaTJjbWlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpj2MA0G
CSqGSIb3DQEBCwUAA4IBAQBukc072vc7H+073L1p8bB6xd7i2aEM3ibL9iRUWaB+
s7JGVfUDMJhctR4GLaumozXRB0w+5McY1SlIBCrmw4F3No75aQky7XL3DrFn4oKg
7cKrlN/U0A0qtayR01eFxOv8LPlalzE605mRtPYxWlELGeDuQf+QBfLaONSctdvT
5rP7Hw1hVVdHqls2WDPD9rZUfHRbbza3U3szLkt+PexEdmDq6T/NzyP4O3koUNK7
rho7kWyJySfNPi+IL2c9oDWuVDl7GlMClSD6loxnftaSqY2I/XsOa7xww6+PRAf4
ALX4gqTwX6qc8hifumifuM8MGGLS5nVbR5jJwf8UZfxp
-----END CERTIFICATE-----