Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/5cd3e3-d843-4d6b-8136-6abfb8b90132/1/dw2h89mPDTYMb2bMZo4uMKtq3ws.roa
File:                     dw2h89mPDTYMb2bMZo4uMKtq3ws.roa (raw, json)
Hash identifier:          QHoKvRMpwdDefKHWuY+PPeLO/XkaKKr7JFKLtW8/xJc=
Subject key identifier:   77:0D:A1:F3:D9:8F:0D:36:0C:6F:66:CC:66:8E:2E:30:AB:6A:DF:0B
Certificate issuer:       /CN=04ad12fbae546d0183c6047d4f75e88e00e07053
Certificate serial:       018CC26D169A8E38A80079729A3E1843B4C5
Authority key identifier: 04:AD:12:FB:AE:54:6D:01:83:C6:04:7D:4F:75:E8:8E:00:E0:70:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BK0S-65UbQGDxgR9T3XojgDgcFM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/5cd3e3-d843-4d6b-8136-6abfb8b90132/1/dw2h89mPDTYMb2bMZo4uMKtq3ws.roa
Signing time:             Mon 01 Jan 2024 00:29:38 +0000
ROA not before:           Mon 01 Jan 2024 00:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12843
IP address blocks:        194.153.147.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/5cd3e3-d843-4d6b-8136-6abfb8b90132/1/BK0S-65UbQGDxgR9T3XojgDgcFM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/5cd3e3-d843-4d6b-8136-6abfb8b90132/1/BK0S-65UbQGDxgR9T3XojgDgcFM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BK0S-65UbQGDxgR9T3XojgDgcFM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:16:9a:8e:38:a8:00:79:72:9a:3e:18:43:b4:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04ad12fbae546d0183c6047d4f75e88e00e07053
        Validity
            Not Before: Jan  1 00:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=770da1f3d98f0d360c6f66cc668e2e30ab6adf0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:bf:07:f1:03:b4:a6:82:81:fa:9b:d2:6b:3e:
                    27:f7:5c:17:7c:1e:9d:7b:c1:eb:9a:95:1b:7b:61:
                    e8:12:99:f5:54:f6:de:9f:cd:b9:a1:5e:03:97:f3:
                    7a:88:f3:75:dc:dc:c8:b5:b5:6a:d9:a2:09:94:aa:
                    e3:87:c2:e9:11:11:0c:92:6b:a3:b7:c2:7c:4c:38:
                    f3:fe:ef:ff:09:85:a2:71:a1:9f:34:f9:1d:ed:35:
                    80:c7:52:dc:81:3f:e1:ec:2a:16:79:ad:4b:e6:34:
                    81:f4:2c:3c:58:19:d7:60:3e:41:16:d8:01:6c:e2:
                    5c:cb:0c:7b:e7:4b:eb:da:88:29:cf:d3:61:f6:0b:
                    aa:08:fe:a0:97:24:5e:96:fb:57:02:29:a7:ea:16:
                    dd:f5:91:03:89:7f:9a:70:26:2b:a6:35:bb:b1:3d:
                    f8:ca:80:6b:68:4c:7c:0b:d4:44:e1:75:1c:66:fe:
                    8d:1d:dc:46:d1:7e:9b:53:0d:98:e3:93:9a:4c:b0:
                    19:6c:b9:a8:4f:58:25:84:6c:9c:71:ec:53:3a:4d:
                    0a:c7:ec:75:83:31:be:48:3d:d7:be:e8:57:34:d8:
                    c5:e2:60:8e:c9:9b:5d:bf:4e:70:68:3a:46:e4:3c:
                    98:9e:78:14:a2:81:b8:04:3e:93:5e:d0:af:d6:8d:
                    52:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:0D:A1:F3:D9:8F:0D:36:0C:6F:66:CC:66:8E:2E:30:AB:6A:DF:0B
            X509v3 Authority Key Identifier:
                keyid:04:AD:12:FB:AE:54:6D:01:83:C6:04:7D:4F:75:E8:8E:00:E0:70:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BK0S-65UbQGDxgR9T3XojgDgcFM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/5cd3e3-d843-4d6b-8136-6abfb8b90132/1/dw2h89mPDTYMb2bMZo4uMKtq3ws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/5cd3e3-d843-4d6b-8136-6abfb8b90132/1/BK0S-65UbQGDxgR9T3XojgDgcFM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.153.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:80:7c:d6:4b:bf:81:fc:15:7b:49:0e:cc:24:08:bb:f9:8c:
         40:21:c7:60:45:16:6b:89:69:bd:2c:b6:81:ac:37:52:e6:9f:
         5f:c3:2d:e7:1f:88:64:f3:8c:f5:24:1e:fb:09:4a:2f:10:15:
         74:96:5d:fb:a1:06:1c:73:fd:be:fd:3b:50:d1:eb:8b:af:a9:
         3b:0e:e3:c6:56:c1:8f:48:5d:af:6a:60:b5:3c:5b:f9:29:d7:
         68:73:e7:02:be:88:e1:35:76:f3:84:ae:14:0a:00:e7:bf:c5:
         7a:35:e3:00:c3:7d:62:e7:c1:75:be:df:3b:fa:0a:7c:3b:09:
         0f:71:4b:3a:9b:3c:97:8e:a9:d8:b1:fa:26:ea:cd:41:e7:f5:
         2f:93:b2:c7:91:1c:e9:b3:06:de:b4:8d:39:b6:f1:0e:43:a7:
         93:89:fd:4e:f4:2e:19:85:e6:aa:b2:b5:81:9d:f6:41:73:5c:
         db:7c:e7:4e:02:6c:ba:0e:64:32:f7:53:2e:d2:28:66:43:5d:
         5c:12:b7:ad:7a:82:16:50:7d:56:0a:48:d9:75:07:af:57:54:
         40:98:19:f8:ba:4d:fc:13:a4:23:f4:bf:92:a5:c7:76:9d:6f:
         3c:9e:4d:3a:e6:c6:e2:2f:d2:55:1e:37:cd:04:89:85:7c:e6:
         50:9d:94:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbRaajjioAHlymj4YQ7TFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0YWQxMmZiYWU1NDZkMDE4M2M2MDQ3ZDRmNzVlODhlMDBl
MDcwNTMwHhcNMjQwMTAxMDAyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzBkYTFmM2Q5OGYwZDM2MGM2ZjY2Y2M2NjhlMmUzMGFiNmFkZjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj78H8QO0poKB+pvSaz4n91wXfB6d
e8HrmpUbe2HoEpn1VPben825oV4Dl/N6iPN13NzItbVq2aIJlKrjh8LpEREMkmuj
t8J8TDjz/u//CYWicaGfNPkd7TWAx1LcgT/h7CoWea1L5jSB9Cw8WBnXYD5BFtgB
bOJcywx750vr2ogpz9Nh9guqCP6glyRelvtXAimn6hbd9ZEDiX+acCYrpjW7sT34
yoBraEx8C9RE4XUcZv6NHdxG0X6bUw2Y45OaTLAZbLmoT1glhGyccexTOk0Kx+x1
gzG+SD3XvuhXNNjF4mCOyZtdv05waDpG5DyYnngUooG4BD6TXtCv1o1STQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHcNofPZjw02DG9mzGaOLjCrat8LMB8GA1UdIwQY
MBaAFAStEvuuVG0Bg8YEfU916I4A4HBTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkswUy02NVViUUdEeGdSOVQzWG9qZ0RnY0ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi81Y2QzZTMtZDg0My00ZDZiLTgxMzYt
NmFiZmI4YjkwMTMyLzEvZHcyaDg5bVBEVFlNYjJiTVpvNHVNS3RxM3dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi81Y2QzZTMtZDg0My00ZDZiLTgxMzYtNmFiZmI4YjkwMTMy
LzEvQkswUy02NVViUUdEeGdSOVQzWG9qZ0RnY0ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpmTMA0G
CSqGSIb3DQEBCwUAA4IBAQBDgHzWS7+B/BV7SQ7MJAi7+YxAIcdgRRZriWm9LLaB
rDdS5p9fwy3nH4hk84z1JB77CUovEBV0ll37oQYcc/2+/TtQ0euLr6k7DuPGVsGP
SF2vamC1PFv5Kddoc+cCvojhNXbzhK4UCgDnv8V6NeMAw31i58F1vt87+gp8OwkP
cUs6mzyXjqnYsfom6s1B5/Uvk7LHkRzpswbetI05tvEOQ6eTif1O9C4ZheaqsrWB
nfZBc1zbfOdOAmy6DmQy91Mu0ihmQ11cEreteoIWUH1WCkjZdQevV1RAmBn4uk38
E6Qj9L+Spcd2nW88nk065sbiL9JVHjfNBImFfOZQnZTe
-----END CERTIFICATE-----