Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/6bdf6c-a181-42fc-b9bf-83bc7cc463de/1/sA34ONw0A3RdOQPI1EDC3Nh91z8.roa
File:                     sA34ONw0A3RdOQPI1EDC3Nh91z8.roa (raw, json)
Hash identifier:          0vEOHECAyiIeKd+CP9TWS9/O4ANgCuQS5O9q4xKYNvk=
Subject key identifier:   B0:0D:F8:38:DC:34:03:74:5D:39:03:C8:D4:40:C2:DC:D8:7D:D7:3F
Certificate issuer:       /CN=2f15d78b256d28459b869b726f23294ab3ff173f
Certificate serial:       018EAF0471CF1EE539058126F65AD3B19644
Authority key identifier: 2F:15:D7:8B:25:6D:28:45:9B:86:9B:72:6F:23:29:4A:B3:FF:17:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LxXXiyVtKEWbhptybyMpSrP_Fz8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/6bdf6c-a181-42fc-b9bf-83bc7cc463de/1/sA34ONw0A3RdOQPI1EDC3Nh91z8.roa
Signing time:             Fri 05 Apr 2024 16:08:07 +0000
ROA not before:           Fri 05 Apr 2024 16:08:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39704
IP address blocks:        194.13.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/6bdf6c-a181-42fc-b9bf-83bc7cc463de/1/LxXXiyVtKEWbhptybyMpSrP_Fz8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/6bdf6c-a181-42fc-b9bf-83bc7cc463de/1/LxXXiyVtKEWbhptybyMpSrP_Fz8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LxXXiyVtKEWbhptybyMpSrP_Fz8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 13:03:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:af:04:71:cf:1e:e5:39:05:81:26:f6:5a:d3:b1:96:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f15d78b256d28459b869b726f23294ab3ff173f
        Validity
            Not Before: Apr  5 16:08:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b00df838dc3403745d3903c8d440c2dcd87dd73f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:c8:41:e4:cc:b8:67:0a:7a:b2:b4:21:9b:21:
                    8f:40:3e:63:00:ce:38:c4:18:5c:52:b2:ed:5e:60:
                    af:bf:be:79:67:82:c4:b2:46:70:76:c7:ee:dc:77:
                    16:cb:15:8e:db:0a:03:62:4d:63:21:c8:99:80:5f:
                    6d:9c:59:d5:60:ef:fe:49:4b:23:db:52:cb:d6:f3:
                    65:9c:b7:fd:19:53:0a:a5:8b:4e:2e:51:79:91:44:
                    53:a4:6d:33:7d:e0:8d:10:14:b7:81:77:9a:a6:0a:
                    6c:bf:2e:c5:36:ad:34:d6:a1:31:5b:1d:1c:1c:24:
                    b2:0a:30:85:4e:63:36:df:8f:1d:45:9b:f4:44:4f:
                    d5:d3:a0:8e:40:90:5b:71:75:6f:4d:7d:72:75:76:
                    73:83:60:9b:b7:70:9a:03:c0:39:bf:5e:33:d1:52:
                    44:d9:9b:af:79:96:f9:0f:25:c7:91:18:cf:48:35:
                    a0:be:29:19:bc:9c:f0:8a:13:82:c7:e0:96:b1:f6:
                    21:88:6f:1a:69:2c:2a:5b:c1:93:e5:ca:d2:3b:7b:
                    75:43:ae:43:fe:c0:6e:e6:df:4d:a1:51:b4:a9:e0:
                    bd:7f:52:62:80:b0:d5:ee:43:c7:6b:a5:f7:92:d8:
                    03:ed:e1:09:46:0d:96:e0:9b:79:7a:27:ff:cc:67:
                    46:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:0D:F8:38:DC:34:03:74:5D:39:03:C8:D4:40:C2:DC:D8:7D:D7:3F
            X509v3 Authority Key Identifier:
                keyid:2F:15:D7:8B:25:6D:28:45:9B:86:9B:72:6F:23:29:4A:B3:FF:17:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LxXXiyVtKEWbhptybyMpSrP_Fz8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/6bdf6c-a181-42fc-b9bf-83bc7cc463de/1/sA34ONw0A3RdOQPI1EDC3Nh91z8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/6bdf6c-a181-42fc-b9bf-83bc7cc463de/1/LxXXiyVtKEWbhptybyMpSrP_Fz8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.13.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:c9:14:14:90:a4:d3:95:ac:35:84:38:f1:09:4d:e4:51:f9:
         bb:7f:b7:ae:07:1a:f9:7b:e6:5a:ad:2a:ec:a1:f1:41:96:d0:
         42:c1:c9:6c:e1:8d:c0:12:50:5f:7c:99:3b:1b:15:ba:bb:d0:
         fa:cb:b1:2d:ad:31:05:f5:63:d5:a8:d5:65:ee:94:e4:d5:48:
         ac:7e:95:cf:15:d6:ea:88:c4:0d:f0:8e:a5:ed:93:9f:71:5f:
         44:97:06:88:44:74:b9:17:23:a5:a6:02:54:bf:e2:1a:2f:98:
         b0:d2:79:a1:70:a8:bd:f0:8d:e5:98:b7:dd:43:74:40:ad:fc:
         a6:81:e8:56:40:d3:0d:ff:98:18:42:0a:05:80:87:4e:0a:79:
         11:47:d6:e6:36:3d:f6:ba:88:39:74:5e:86:23:8b:36:ed:8b:
         40:91:6e:35:d5:14:75:db:a3:6d:8a:f3:c4:75:67:b1:86:d7:
         da:65:fd:59:e8:42:0f:c4:cf:b7:93:8c:99:53:b7:64:31:89:
         c3:b3:9e:5a:6b:f0:ad:c9:cd:7a:7c:91:c0:5d:52:6d:05:fc:
         84:7f:10:a0:0c:7f:e4:9b:8c:f6:5a:17:56:ea:ea:d5:8b:57:
         e9:bd:d9:69:ee:91:5f:b0:11:41:a7:50:9f:64:83:71:98:d9:
         d0:70:12:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6vBHHPHuU5BYEm9lrTsZZEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMTVkNzhiMjU2ZDI4NDU5Yjg2OWI3MjZmMjMyOTRhYjNm
ZjE3M2YwHhcNMjQwNDA1MTYwODA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDBkZjgzOGRjMzQwMzc0NWQzOTAzYzhkNDQwYzJkY2Q4N2RkNzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAichB5My4Zwp6srQhmyGPQD5jAM44
xBhcUrLtXmCvv755Z4LEskZwdsfu3HcWyxWO2woDYk1jIciZgF9tnFnVYO/+SUsj
21LL1vNlnLf9GVMKpYtOLlF5kURTpG0zfeCNEBS3gXeapgpsvy7FNq001qExWx0c
HCSyCjCFTmM2348dRZv0RE/V06COQJBbcXVvTX1ydXZzg2Cbt3CaA8A5v14z0VJE
2ZuveZb5DyXHkRjPSDWgvikZvJzwihOCx+CWsfYhiG8aaSwqW8GT5crSO3t1Q65D
/sBu5t9NoVG0qeC9f1JigLDV7kPHa6X3ktgD7eEJRg2W4Jt5eif/zGdGIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLAN+DjcNAN0XTkDyNRAwtzYfdc/MB8GA1UdIwQY
MBaAFC8V14slbShFm4abcm8jKUqz/xc/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHhYWGl5VnRLRVdiaHB0eWJ5TXBTclBfRno4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS82YmRmNmMtYTE4MS00MmZjLWI5YmYt
ODNiYzdjYzQ2M2RlLzEvc0EzNE9OdzBBM1JkT1FQSTFFREMzTmg5MXo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS82YmRmNmMtYTE4MS00MmZjLWI5YmYtODNiYzdjYzQ2M2Rl
LzEvTHhYWGl5VnRLRVdiaHB0eWJ5TXBTclBfRno4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwg1CMA0G
CSqGSIb3DQEBCwUAA4IBAQBPyRQUkKTTlaw1hDjxCU3kUfm7f7euBxr5e+ZarSrs
ofFBltBCwcls4Y3AElBffJk7GxW6u9D6y7EtrTEF9WPVqNVl7pTk1UisfpXPFdbq
iMQN8I6l7ZOfcV9ElwaIRHS5FyOlpgJUv+IaL5iw0nmhcKi98I3lmLfdQ3RArfym
gehWQNMN/5gYQgoFgIdOCnkRR9bmNj32uog5dF6GI4s27YtAkW411RR126NtivPE
dWexhtfaZf1Z6EIPxM+3k4yZU7dkMYnDs55aa/Ctyc16fJHAXVJtBfyEfxCgDH/k
m4z2WhdW6urVi1fpvdlp7pFfsBFBp1CfZINxmNnQcBL6
-----END CERTIFICATE-----