Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/64e1ef-9ba8-4307-bfad-6587f76fd810/1/DLT-qf0mPCgBVfcE3EzZXZEvwCw.roa
File:                     DLT-qf0mPCgBVfcE3EzZXZEvwCw.roa (raw, json)
Hash identifier:          EziasmQQn4/mS8Ny+ltez3BPJHVjfcDPhdBNXyzmmbA=
Subject key identifier:   0C:B4:FE:A9:FD:26:3C:28:01:55:F7:04:DC:4C:D9:5D:91:2F:C0:2C
Certificate issuer:       /CN=fe1d18d9a222736dbac231110b88deac8db0336d
Certificate serial:       018CC64B142905F38DAEC098EDE38587D4DB
Authority key identifier: FE:1D:18:D9:A2:22:73:6D:BA:C2:31:11:0B:88:DE:AC:8D:B0:33:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_h0Y2aIic226wjERC4jerI2wM20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/64e1ef-9ba8-4307-bfad-6587f76fd810/1/DLT-qf0mPCgBVfcE3EzZXZEvwCw.roa
Signing time:             Mon 01 Jan 2024 18:30:58 +0000
ROA not before:           Mon 01 Jan 2024 18:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9186
IP address blocks:        213.58.0.0/16 maxlen: 24
                          195.245.128.0/18 maxlen: 24
                          2001:a40::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/64e1ef-9ba8-4307-bfad-6587f76fd810/1/_h0Y2aIic226wjERC4jerI2wM20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/64e1ef-9ba8-4307-bfad-6587f76fd810/1/_h0Y2aIic226wjERC4jerI2wM20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_h0Y2aIic226wjERC4jerI2wM20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 06:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:14:29:05:f3:8d:ae:c0:98:ed:e3:85:87:d4:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe1d18d9a222736dbac231110b88deac8db0336d
        Validity
            Not Before: Jan  1 18:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0cb4fea9fd263c280155f704dc4cd95d912fc02c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:ae:d4:75:df:78:97:03:77:14:c4:0c:9f:b5:
                    60:e8:1b:15:95:e5:37:34:4f:5c:a3:c5:6b:12:56:
                    74:7d:04:6a:52:67:50:0f:1b:5d:37:2f:6e:4e:8a:
                    53:64:be:92:c8:84:98:b2:1a:f5:06:e4:d1:ed:40:
                    bc:e4:e4:70:c2:ec:77:66:75:78:c7:8a:8c:1b:5c:
                    e2:e2:be:d8:de:de:d2:33:a3:d4:94:0a:44:da:f4:
                    b3:af:48:bf:61:cd:3e:8a:e7:b2:56:a4:49:9b:d3:
                    5c:ed:01:73:fc:09:b3:43:ad:88:44:5b:19:41:93:
                    e6:70:2e:62:2b:7f:03:50:7a:ab:00:ce:09:15:dd:
                    b2:a2:8f:95:d0:1d:a9:a0:f4:d4:03:3a:01:17:d1:
                    7b:61:f0:d5:be:a6:5d:2b:16:d2:74:cd:5f:41:6c:
                    eb:46:0b:c6:8d:56:ab:48:68:a4:05:82:34:72:d6:
                    6a:9a:51:ea:d9:66:8a:c0:95:86:21:c2:3d:f8:61:
                    91:f5:d9:f2:d2:45:b1:0d:67:c8:5a:f9:94:31:97:
                    38:bf:ce:01:1b:93:6d:a7:5e:bf:f2:46:75:e6:cf:
                    fd:e3:04:1c:21:48:db:51:57:10:c2:40:bb:8d:93:
                    89:f2:02:88:65:64:e1:1e:95:0a:6f:c0:cd:fb:8b:
                    65:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:B4:FE:A9:FD:26:3C:28:01:55:F7:04:DC:4C:D9:5D:91:2F:C0:2C
            X509v3 Authority Key Identifier:
                keyid:FE:1D:18:D9:A2:22:73:6D:BA:C2:31:11:0B:88:DE:AC:8D:B0:33:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_h0Y2aIic226wjERC4jerI2wM20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/64e1ef-9ba8-4307-bfad-6587f76fd810/1/DLT-qf0mPCgBVfcE3EzZXZEvwCw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/64e1ef-9ba8-4307-bfad-6587f76fd810/1/_h0Y2aIic226wjERC4jerI2wM20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.245.128.0/18
                  213.58.0.0/16
                IPv6:
                  2001:a40::/29

    Signature Algorithm: sha256WithRSAEncryption
         1d:df:f0:4b:6a:81:79:cf:5a:62:af:c0:21:2e:2d:4c:90:75:
         1a:cb:39:65:5d:d1:16:76:53:48:6b:71:35:64:9a:a0:e4:20:
         e5:7d:15:56:e4:28:e3:cd:57:cf:3d:37:93:8c:80:fe:16:2a:
         3b:40:e5:21:59:d3:fa:0e:0f:22:4e:56:5f:b5:c8:a4:4f:ca:
         9e:b5:b3:36:83:6f:1f:16:12:5f:c9:9b:79:35:24:c7:47:32:
         e0:91:14:80:ca:45:39:51:b5:4f:91:72:ba:aa:63:be:e4:35:
         2b:0c:e5:31:13:04:3e:7f:e4:1e:8f:0b:6a:8d:89:6a:63:55:
         b9:1a:35:f4:52:7f:20:2f:b5:98:24:16:32:9d:79:7f:54:17:
         48:82:65:79:6f:58:fd:4b:f4:9d:5f:a4:5b:f9:ba:75:90:05:
         95:b9:3e:ea:d1:8b:38:f7:ca:8d:7e:14:7a:bb:ad:5c:21:ba:
         fd:db:3d:9f:27:6d:37:4a:61:e6:fe:ca:b4:0b:f4:68:f0:e4:
         07:74:20:df:54:09:3c:08:74:09:d8:15:d5:66:95:de:50:47:
         c1:62:2e:de:ef:24:01:9c:3c:2d:34:f5:8e:81:e6:77:16:e2:
         a3:09:63:82:ce:12:24:7c:36:8f:c8:f0:67:ff:4d:99:a9:8a:
         83:4e:4c:f0
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYzGSxQpBfONrsCY7eOFh9TbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlMWQxOGQ5YTIyMjczNmRiYWMyMzExMTBiODhkZWFjOGRi
MDMzNmQwHhcNMjQwMTAxMTgzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2I0ZmVhOWZkMjYzYzI4MDE1NWY3MDRkYzRjZDk1ZDkxMmZjMDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg67Udd94lwN3FMQMn7Vg6BsVleU3
NE9co8VrElZ0fQRqUmdQDxtdNy9uTopTZL6SyISYshr1BuTR7UC85ORwwux3ZnV4
x4qMG1zi4r7Y3t7SM6PUlApE2vSzr0i/Yc0+iueyVqRJm9Nc7QFz/AmzQ62IRFsZ
QZPmcC5iK38DUHqrAM4JFd2yoo+V0B2poPTUAzoBF9F7YfDVvqZdKxbSdM1fQWzr
RgvGjVarSGikBYI0ctZqmlHq2WaKwJWGIcI9+GGR9dny0kWxDWfIWvmUMZc4v84B
G5Ntp16/8kZ15s/94wQcIUjbUVcQwkC7jZOJ8gKIZWThHpUKb8DN+4tlLQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFAy0/qn9JjwoAVX3BNxM2V2RL8AsMB8GA1UdIwQY
MBaAFP4dGNmiInNtusIxEQuI3qyNsDNtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2gwWTJhSWljMjI2d2pFUkM0amVySTJ3TTIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC82NGUxZWYtOWJhOC00MzA3LWJmYWQt
NjU4N2Y3NmZkODEwLzEvRExULXFmMG1QQ2dCVmZjRTNFelpYWkV2d0N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC82NGUxZWYtOWJhOC00MzA3LWJmYWQtNjU4N2Y3NmZkODEw
LzEvX2gwWTJhSWljMjI2d2pFUkM0amVySTJ3TTIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjARBAIAATALAwQGw/WAAwMA
1TowDQQCAAIwBwMFAyABCkAwDQYJKoZIhvcNAQELBQADggEBAB3f8EtqgXnPWmKv
wCEuLUyQdRrLOWVd0RZ2U0hrcTVkmqDkIOV9FVbkKOPNV889N5OMgP4WKjtA5SFZ
0/oODyJOVl+1yKRPyp61szaDbx8WEl/Jm3k1JMdHMuCRFIDKRTlRtU+RcrqqY77k
NSsM5TETBD5/5B6PC2qNiWpjVbkaNfRSfyAvtZgkFjKdeX9UF0iCZXlvWP1L9J1f
pFv5unWQBZW5PurRizj3yo1+FHq7rVwhuv3bPZ8nbTdKYeb+yrQL9Gjw5Ad0IN9U
CTwIdAnYFdVmld5QR8FiLt7vJAGcPC009Y6B5ncW4qMJY4LOEiR8No/I8Gf/TZmp
ioNOTPA=
-----END CERTIFICATE-----