Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/2a0d78-7656-4516-9875-dc01ac228451/1/QmU5DTO-rhOPLNLW0dXWoN6Jn3g.roa
File:                     QmU5DTO-rhOPLNLW0dXWoN6Jn3g.roa (raw, json)
Hash identifier:          tdFMhPIxv1WWbC7yFqXy1kFuIFNTX4YcCIVslmqEJrU=
Subject key identifier:   42:65:39:0D:33:BE:AE:13:8F:2C:D2:D6:D1:D5:D6:A0:DE:89:9F:78
Certificate issuer:       /CN=8dc0c82181b90df6c496914c319d31ff8b2a4082
Certificate serial:       018CC493654245CFE50E25EA99E0852DA73E
Authority key identifier: 8D:C0:C8:21:81:B9:0D:F6:C4:96:91:4C:31:9D:31:FF:8B:2A:40:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jcDIIYG5DfbElpFMMZ0x_4sqQII.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/2a0d78-7656-4516-9875-dc01ac228451/1/QmU5DTO-rhOPLNLW0dXWoN6Jn3g.roa
Signing time:             Mon 01 Jan 2024 10:30:43 +0000
ROA not before:           Mon 01 Jan 2024 10:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42234
IP address blocks:        193.200.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/2a0d78-7656-4516-9875-dc01ac228451/1/jcDIIYG5DfbElpFMMZ0x_4sqQII.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/2a0d78-7656-4516-9875-dc01ac228451/1/jcDIIYG5DfbElpFMMZ0x_4sqQII.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jcDIIYG5DfbElpFMMZ0x_4sqQII.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:65:42:45:cf:e5:0e:25:ea:99:e0:85:2d:a7:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8dc0c82181b90df6c496914c319d31ff8b2a4082
        Validity
            Not Before: Jan  1 10:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4265390d33beae138f2cd2d6d1d5d6a0de899f78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:33:41:2b:49:ac:3f:bf:92:c2:09:75:79:73:
                    30:a9:69:93:fb:d4:cc:40:8e:bd:0d:49:7d:d8:02:
                    59:e9:1d:18:35:0c:a4:a1:bf:d4:72:1b:0f:5f:ff:
                    96:81:f1:0f:f4:05:26:cb:e7:43:63:5b:29:3f:29:
                    aa:35:f8:41:8d:a0:44:3b:e9:32:45:89:f3:ec:73:
                    48:35:6c:ba:38:6b:8c:b0:ca:3b:0a:3f:2a:ac:1e:
                    68:95:59:67:5c:fb:d8:a5:df:ba:cb:4f:63:7c:96:
                    54:07:04:19:7f:29:9b:62:b3:48:e6:b4:b3:84:7b:
                    76:15:93:d2:cf:19:14:93:b0:aa:a8:0e:b4:dd:54:
                    2b:f9:14:33:6e:aa:62:d1:76:ae:72:19:f4:73:c7:
                    e9:ef:24:51:2f:a4:7c:98:ff:47:65:4c:26:c3:51:
                    b3:3d:c5:7e:48:73:9e:06:7b:2f:3f:34:0a:fa:33:
                    3b:9b:a2:c2:86:86:fc:05:30:17:2b:34:96:42:7b:
                    89:39:4c:42:e8:de:c4:94:95:6d:96:01:77:97:30:
                    45:cb:bf:d2:7b:78:b9:a7:30:12:a6:9c:4e:7d:a0:
                    bd:b2:14:00:be:ff:dc:2b:af:6a:40:ba:50:ce:54:
                    45:e7:37:4e:02:21:a4:9e:89:ea:18:d7:cb:6f:f8:
                    56:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:65:39:0D:33:BE:AE:13:8F:2C:D2:D6:D1:D5:D6:A0:DE:89:9F:78
            X509v3 Authority Key Identifier:
                keyid:8D:C0:C8:21:81:B9:0D:F6:C4:96:91:4C:31:9D:31:FF:8B:2A:40:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jcDIIYG5DfbElpFMMZ0x_4sqQII.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2a0d78-7656-4516-9875-dc01ac228451/1/QmU5DTO-rhOPLNLW0dXWoN6Jn3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2a0d78-7656-4516-9875-dc01ac228451/1/jcDIIYG5DfbElpFMMZ0x_4sqQII.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:84:b2:a0:05:c7:a8:fe:e3:15:a0:c1:89:6b:cf:d4:e5:e6:
         a0:c3:30:27:b0:18:6a:61:d2:30:57:74:99:df:fe:ec:1e:dd:
         e0:d4:63:69:24:8e:c4:08:f1:3e:dc:7b:2f:ad:ec:92:2c:75:
         ba:03:46:99:68:83:83:66:6a:fd:ac:4a:63:fd:87:4b:56:60:
         c8:1b:60:d0:e8:dd:1d:5f:29:58:8e:a8:77:f2:18:f2:0a:ae:
         29:6f:73:b6:00:e7:a2:85:0d:cb:56:8b:68:04:7c:1c:5e:04:
         73:72:41:15:1b:4b:c3:52:7c:8b:b1:d8:3e:ec:96:6b:ad:b9:
         ca:34:90:c1:16:47:c0:90:cb:49:75:0b:85:a0:75:82:ad:63:
         1e:9a:2f:d0:76:fd:ce:99:e3:c1:9e:b3:4c:80:18:86:60:d1:
         94:32:f8:ca:eb:cd:77:80:23:1e:bb:e1:3c:89:07:fa:54:9c:
         3e:d1:bb:dc:c9:ce:ae:42:73:44:f5:d9:81:64:9d:dd:29:48:
         c9:be:36:12:8f:c0:c4:31:42:16:a7:27:8c:0e:1f:b5:9a:c8:
         0c:0d:47:0d:2a:ec:42:11:d8:07:46:8d:be:c0:70:3f:ae:4b:
         08:89:a2:e6:59:f6:39:a9:24:81:e3:3e:b8:0c:4b:b5:68:8f:
         24:3d:c9:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk2VCRc/lDiXqmeCFLac+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYzBjODIxODFiOTBkZjZjNDk2OTE0YzMxOWQzMWZmOGIy
YTQwODIwHhcNMjQwMTAxMTAzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjY1MzkwZDMzYmVhZTEzOGYyY2QyZDZkMWQ1ZDZhMGRlODk5Zjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDNBK0msP7+Swgl1eXMwqWmT+9TM
QI69DUl92AJZ6R0YNQykob/UchsPX/+WgfEP9AUmy+dDY1spPymqNfhBjaBEO+ky
RYnz7HNINWy6OGuMsMo7Cj8qrB5olVlnXPvYpd+6y09jfJZUBwQZfymbYrNI5rSz
hHt2FZPSzxkUk7CqqA603VQr+RQzbqpi0Xauchn0c8fp7yRRL6R8mP9HZUwmw1Gz
PcV+SHOeBnsvPzQK+jM7m6LChob8BTAXKzSWQnuJOUxC6N7ElJVtlgF3lzBFy7/S
e3i5pzASppxOfaC9shQAvv/cK69qQLpQzlRF5zdOAiGknonqGNfLb/hWNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEJlOQ0zvq4TjyzS1tHV1qDeiZ94MB8GA1UdIwQY
MBaAFI3AyCGBuQ32xJaRTDGdMf+LKkCCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamNESUlZRzVEZmJFbHBGTU1aMHhfNHNxUUlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8yYTBkNzgtNzY1Ni00NTE2LTk4NzUt
ZGMwMWFjMjI4NDUxLzEvUW1VNURUTy1yaE9QTE5MVzBkWFdvTjZKbjNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8yYTBkNzgtNzY1Ni00NTE2LTk4NzUtZGMwMWFjMjI4NDUx
LzEvamNESUlZRzVEZmJFbHBGTU1aMHhfNHNxUUlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcgTMA0G
CSqGSIb3DQEBCwUAA4IBAQCJhLKgBceo/uMVoMGJa8/U5eagwzAnsBhqYdIwV3SZ
3/7sHt3g1GNpJI7ECPE+3HsvreySLHW6A0aZaIODZmr9rEpj/YdLVmDIG2DQ6N0d
XylYjqh38hjyCq4pb3O2AOeihQ3LVotoBHwcXgRzckEVG0vDUnyLsdg+7JZrrbnK
NJDBFkfAkMtJdQuFoHWCrWMemi/Qdv3OmePBnrNMgBiGYNGUMvjK6813gCMeu+E8
iQf6VJw+0bvcyc6uQnNE9dmBZJ3dKUjJvjYSj8DEMUIWpyeMDh+1msgMDUcNKuxC
EdgHRo2+wHA/rksIiaLmWfY5qSSB4z64DEu1aI8kPclB
-----END CERTIFICATE-----