Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/bd7820-5c1c-4884-9ab8-c5ab97dba898/1/D_XMm6KH2cBFaJNIWr-c0ofl2Wg.roa
File:                     D_XMm6KH2cBFaJNIWr-c0ofl2Wg.roa (raw, json)
Hash identifier:          SsxZZOiNSBo0oYcebMhAfAnW83h0334qbG0xOO+JVIQ=
Subject key identifier:   0F:F5:CC:9B:A2:87:D9:C0:45:68:93:48:5A:BF:9C:D2:87:E5:D9:68
Certificate issuer:       /CN=93af348ec5a4e65e0cb137821ae6a139ed7fac00
Certificate serial:       018CC42501C8B25575052F93D03549007B2A
Authority key identifier: 93:AF:34:8E:C5:A4:E6:5E:0C:B1:37:82:1A:E6:A1:39:ED:7F:AC:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k680jsWk5l4MsTeCGuahOe1_rAA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/bd7820-5c1c-4884-9ab8-c5ab97dba898/1/D_XMm6KH2cBFaJNIWr-c0ofl2Wg.roa
Signing time:             Mon 01 Jan 2024 08:30:08 +0000
ROA not before:           Mon 01 Jan 2024 08:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208678
IP address blocks:        194.110.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/bd7820-5c1c-4884-9ab8-c5ab97dba898/1/k680jsWk5l4MsTeCGuahOe1_rAA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/bd7820-5c1c-4884-9ab8-c5ab97dba898/1/k680jsWk5l4MsTeCGuahOe1_rAA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k680jsWk5l4MsTeCGuahOe1_rAA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:01:c8:b2:55:75:05:2f:93:d0:35:49:00:7b:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93af348ec5a4e65e0cb137821ae6a139ed7fac00
        Validity
            Not Before: Jan  1 08:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ff5cc9ba287d9c0456893485abf9cd287e5d968
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:70:f4:d5:25:64:11:67:9e:66:fd:08:bc:47:
                    8b:1e:04:a1:b0:65:6e:11:ca:7b:23:00:0a:7b:ad:
                    09:22:2b:da:3b:ab:41:50:fa:a3:32:69:ae:ed:25:
                    fc:54:8c:e5:a5:a7:c7:db:b9:18:98:3e:b6:de:c9:
                    df:f5:6c:80:a7:eb:7d:95:c0:47:31:98:b9:08:b8:
                    81:3e:1f:3c:95:4f:10:23:fb:0d:bb:15:b0:b1:4f:
                    cb:cb:60:bd:99:78:57:06:be:75:d1:61:d7:cf:b6:
                    06:e2:5f:59:3c:3d:b7:1a:4e:66:cb:78:d7:ab:b0:
                    0a:6b:5e:51:40:3e:5d:50:8a:c7:02:0d:73:39:76:
                    f0:ab:32:c2:a1:b3:4e:d9:be:2d:e9:ee:52:98:ff:
                    0e:ba:52:be:a1:ca:38:d0:f5:46:77:a3:26:58:13:
                    de:27:e3:0b:b3:82:90:7c:ca:33:b7:68:67:76:68:
                    28:03:00:1c:cd:3e:68:50:a4:3b:82:48:dc:fd:55:
                    a4:1c:25:26:46:e6:9f:fb:30:69:3f:99:c3:96:a4:
                    13:82:32:92:b4:0f:ce:f4:1e:9e:62:b3:a9:87:8b:
                    83:64:43:d6:c3:a4:0b:95:ca:33:40:63:20:2c:35:
                    f7:60:0a:ff:7a:4e:f6:b8:e8:de:92:35:90:a4:0d:
                    3a:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:F5:CC:9B:A2:87:D9:C0:45:68:93:48:5A:BF:9C:D2:87:E5:D9:68
            X509v3 Authority Key Identifier:
                keyid:93:AF:34:8E:C5:A4:E6:5E:0C:B1:37:82:1A:E6:A1:39:ED:7F:AC:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k680jsWk5l4MsTeCGuahOe1_rAA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/bd7820-5c1c-4884-9ab8-c5ab97dba898/1/D_XMm6KH2cBFaJNIWr-c0ofl2Wg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/bd7820-5c1c-4884-9ab8-c5ab97dba898/1/k680jsWk5l4MsTeCGuahOe1_rAA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.110.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:e6:4f:8d:af:81:06:1f:36:3e:61:98:a9:ac:33:4d:12:8f:
         3e:28:1d:7b:25:f0:9f:8c:77:17:b1:2f:43:0f:50:dc:56:1c:
         59:61:92:80:61:74:05:3f:d5:92:07:e4:3a:7c:b2:9b:c5:d4:
         a7:22:40:5f:15:89:a8:e3:35:f8:48:da:0a:4a:dd:67:85:32:
         e3:eb:47:0b:ee:40:ef:8c:be:f8:f1:fc:3c:7a:69:f3:56:41:
         ab:05:f1:ce:1e:7d:e9:b1:fb:a3:4d:bd:53:6e:ad:8a:2f:07:
         9c:58:4f:da:21:55:41:fb:6a:d8:d0:5b:03:d0:b3:99:94:50:
         10:b7:60:a0:6e:2c:b5:c9:f6:9d:e8:b3:52:61:4e:da:04:29:
         ac:1e:eb:59:a2:ec:14:e2:71:c9:f0:f0:de:50:7b:7a:92:06:
         38:53:55:36:7c:03:c7:c9:59:f1:60:b7:9b:04:12:da:7d:dd:
         8f:8e:db:13:f7:bb:a4:3d:84:29:65:c5:f3:d9:0e:a3:83:4d:
         05:c5:34:8a:1c:56:88:6e:e9:2c:64:1a:89:29:a3:ea:cd:09:
         cf:62:0f:98:bc:77:ca:f5:38:4b:e6:01:87:45:e8:a3:e2:51:
         e7:74:ae:3f:fe:29:36:12:82:ce:65:29:53:f9:15:ea:89:07:
         be:54:70:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJQHIslV1BS+T0DVJAHsqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzYWYzNDhlYzVhNGU2NWUwY2IxMzc4MjFhZTZhMTM5ZWQ3
ZmFjMDAwHhcNMjQwMTAxMDgzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmY1Y2M5YmEyODdkOWMwNDU2ODkzNDg1YWJmOWNkMjg3ZTVkOTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk3D01SVkEWeeZv0IvEeLHgShsGVu
Ecp7IwAKe60JIivaO6tBUPqjMmmu7SX8VIzlpafH27kYmD623snf9WyAp+t9lcBH
MZi5CLiBPh88lU8QI/sNuxWwsU/Ly2C9mXhXBr510WHXz7YG4l9ZPD23Gk5my3jX
q7AKa15RQD5dUIrHAg1zOXbwqzLCobNO2b4t6e5SmP8OulK+oco40PVGd6MmWBPe
J+MLs4KQfMozt2hndmgoAwAczT5oUKQ7gkjc/VWkHCUmRuaf+zBpP5nDlqQTgjKS
tA/O9B6eYrOph4uDZEPWw6QLlcozQGMgLDX3YAr/ek72uOjekjWQpA06MQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA/1zJuih9nARWiTSFq/nNKH5dloMB8GA1UdIwQY
MBaAFJOvNI7FpOZeDLE3ghrmoTntf6wAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazY4MGpzV2s1bDRNc1RlQ0d1YWhPZTFfckFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9iZDc4MjAtNWMxYy00ODg0LTlhYjgt
YzVhYjk3ZGJhODk4LzEvRF9YTW02S0gyY0JGYUpOSVdyLWMwb2ZsMldnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9iZDc4MjAtNWMxYy00ODg0LTlhYjgtYzVhYjk3ZGJhODk4
LzEvazY4MGpzV2s1bDRNc1RlQ0d1YWhPZTFfckFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwm6aMA0G
CSqGSIb3DQEBCwUAA4IBAQBi5k+Nr4EGHzY+YZiprDNNEo8+KB17JfCfjHcXsS9D
D1DcVhxZYZKAYXQFP9WSB+Q6fLKbxdSnIkBfFYmo4zX4SNoKSt1nhTLj60cL7kDv
jL748fw8emnzVkGrBfHOHn3psfujTb1Tbq2KLwecWE/aIVVB+2rY0FsD0LOZlFAQ
t2Cgbiy1yfad6LNSYU7aBCmsHutZouwU4nHJ8PDeUHt6kgY4U1U2fAPHyVnxYLeb
BBLafd2PjtsT97ukPYQpZcXz2Q6jg00FxTSKHFaIbuksZBqJKaPqzQnPYg+YvHfK
9ThL5gGHReij4lHndK4//ik2EoLOZSlT+RXqiQe+VHAB
-----END CERTIFICATE-----