Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/92e46a-4b9f-4f83-b111-ef00198b4342/1/h6J8ZXoXYjQl0XoQYqMN0cjLBrY.roa
File:                     h6J8ZXoXYjQl0XoQYqMN0cjLBrY.roa (raw, json)
Hash identifier:          h8LWGKh1ey5cIzDj/TpEnAb+V9d1lVnKz5Y0o9bQaGw=
Subject key identifier:   87:A2:7C:65:7A:17:62:34:25:D1:7A:10:62:A3:0D:D1:C8:CB:06:B6
Certificate issuer:       /CN=0fde97eed4d8e845eb9f8e7ff326e3fe524800fa
Certificate serial:       018CC26D06D8AA75991C31CEE3BD02716CCF
Authority key identifier: 0F:DE:97:EE:D4:D8:E8:45:EB:9F:8E:7F:F3:26:E3:FE:52:48:00:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D96X7tTY6EXrn45_8ybj_lJIAPo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/92e46a-4b9f-4f83-b111-ef00198b4342/1/h6J8ZXoXYjQl0XoQYqMN0cjLBrY.roa
Signing time:             Mon 01 Jan 2024 00:29:34 +0000
ROA not before:           Mon 01 Jan 2024 00:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     45015
IP address blocks:        194.35.176.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/92e46a-4b9f-4f83-b111-ef00198b4342/1/D96X7tTY6EXrn45_8ybj_lJIAPo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/92e46a-4b9f-4f83-b111-ef00198b4342/1/D96X7tTY6EXrn45_8ybj_lJIAPo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D96X7tTY6EXrn45_8ybj_lJIAPo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 19:02:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:06:d8:aa:75:99:1c:31:ce:e3:bd:02:71:6c:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0fde97eed4d8e845eb9f8e7ff326e3fe524800fa
        Validity
            Not Before: Jan  1 00:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87a27c657a17623425d17a1062a30dd1c8cb06b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:1f:94:6f:35:ea:a4:e3:61:83:00:e3:66:fc:
                    f5:71:ff:a7:28:82:94:46:00:2f:9b:35:cd:7e:88:
                    26:5a:6e:02:39:3e:a4:a1:1e:96:a3:9c:ef:04:0d:
                    84:e8:c4:91:03:5f:5a:15:bd:f5:89:a7:28:8e:d2:
                    6d:2f:29:95:cb:e0:b5:62:4b:a7:ae:1b:33:c1:4c:
                    69:9e:12:93:eb:5a:58:e7:35:b6:61:3d:02:48:d1:
                    98:2e:24:49:62:4d:a8:50:53:c6:d0:ac:80:a4:82:
                    99:1e:f4:48:dc:ef:f4:c9:c0:55:39:84:05:27:f7:
                    5c:9f:0a:d9:6d:27:51:e9:3f:ed:35:a2:c0:bb:4e:
                    0c:64:2a:88:76:d2:da:f4:6f:a9:fc:2e:1b:f9:27:
                    77:57:bc:4d:b0:b8:2b:25:40:4c:27:7e:03:4d:9c:
                    fa:74:13:9a:dd:eb:6f:63:35:47:26:83:d6:dd:70:
                    69:57:62:a0:e9:33:64:cb:6b:73:31:97:c1:ba:fb:
                    c3:82:4b:a8:af:2b:02:e8:01:a4:4a:78:96:f5:a1:
                    9e:48:25:c5:1d:29:52:c3:ec:8c:4e:50:d1:1a:e2:
                    5a:91:00:d6:8c:9b:b6:d1:73:b4:21:55:55:f0:7e:
                    f1:67:c2:1f:7c:84:b3:b2:77:81:56:d9:ea:8a:0f:
                    02:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:A2:7C:65:7A:17:62:34:25:D1:7A:10:62:A3:0D:D1:C8:CB:06:B6
            X509v3 Authority Key Identifier:
                keyid:0F:DE:97:EE:D4:D8:E8:45:EB:9F:8E:7F:F3:26:E3:FE:52:48:00:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D96X7tTY6EXrn45_8ybj_lJIAPo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/92e46a-4b9f-4f83-b111-ef00198b4342/1/h6J8ZXoXYjQl0XoQYqMN0cjLBrY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/92e46a-4b9f-4f83-b111-ef00198b4342/1/D96X7tTY6EXrn45_8ybj_lJIAPo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.35.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         89:fd:d9:ac:e5:3e:4d:71:dd:7a:f7:56:54:b6:e9:8b:47:00:
         be:9c:73:95:b8:cb:2e:a6:3b:34:85:91:69:87:60:4c:09:97:
         a7:2d:c8:bb:83:ad:d6:82:c8:f2:4d:cc:b3:29:6c:11:6c:ae:
         9a:53:43:1c:d4:44:cb:65:a0:05:c1:70:96:9a:d1:d2:34:04:
         39:3c:7d:5d:1d:07:52:96:ca:03:f7:c2:4c:32:53:be:84:f2:
         e8:7e:6c:48:66:bb:f7:3a:e9:af:70:48:f3:f8:c7:da:98:fd:
         52:c4:02:cd:45:84:44:ca:44:09:f2:3e:41:11:f0:fd:87:a7:
         41:ca:70:94:50:86:a2:c0:66:71:86:d1:de:28:06:d9:a5:09:
         b4:09:c9:9b:a3:59:17:80:12:d6:28:87:e0:08:eb:a8:5f:c6:
         66:85:4e:b9:98:68:f3:d4:63:8f:11:7b:6e:32:42:b8:64:5d:
         00:df:aa:a0:35:db:68:3e:88:5f:15:13:a4:c9:db:b0:1a:c1:
         e0:9d:ea:ac:aa:f1:3b:e3:67:23:10:31:ca:f6:60:e4:83:39:
         8a:1c:6d:6b:db:5a:40:6c:b8:e8:8a:ac:39:79:e6:d2:16:c2:
         bf:01:f8:e2:b7:ec:ba:89:e4:14:8c:9b:34:ba:79:3d:21:7c:
         b6:3f:24:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbQbYqnWZHDHO470CcWzPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZGU5N2VlZDRkOGU4NDVlYjlmOGU3ZmYzMjZlM2ZlNTI0
ODAwZmEwHhcNMjQwMTAxMDAyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2EyN2M2NTdhMTc2MjM0MjVkMTdhMTA2MmEzMGRkMWM4Y2IwNmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnR+UbzXqpONhgwDjZvz1cf+nKIKU
RgAvmzXNfogmWm4COT6koR6Wo5zvBA2E6MSRA19aFb31iacojtJtLymVy+C1Ykun
rhszwUxpnhKT61pY5zW2YT0CSNGYLiRJYk2oUFPG0KyApIKZHvRI3O/0ycBVOYQF
J/dcnwrZbSdR6T/tNaLAu04MZCqIdtLa9G+p/C4b+Sd3V7xNsLgrJUBMJ34DTZz6
dBOa3etvYzVHJoPW3XBpV2Kg6TNky2tzMZfBuvvDgkuorysC6AGkSniW9aGeSCXF
HSlSw+yMTlDRGuJakQDWjJu20XO0IVVV8H7xZ8IffISzsneBVtnqig8CAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIeifGV6F2I0JdF6EGKjDdHIywa2MB8GA1UdIwQY
MBaAFA/el+7U2OhF65+Of/Mm4/5SSAD6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDk2WDd0VFk2RVhybjQ1Xzh5YmpfbEpJQVBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy85MmU0NmEtNGI5Zi00ZjgzLWIxMTEt
ZWYwMDE5OGI0MzQyLzEvaDZKOFpYb1hZalFsMFhvUVlxTU4wY2pMQnJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy85MmU0NmEtNGI5Zi00ZjgzLWIxMTEtZWYwMDE5OGI0MzQy
LzEvRDk2WDd0VFk2RVhybjQ1Xzh5YmpfbEpJQVBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwiOwMA0G
CSqGSIb3DQEBCwUAA4IBAQCJ/dms5T5Ncd1691ZUtumLRwC+nHOVuMsupjs0hZFp
h2BMCZenLci7g63WgsjyTcyzKWwRbK6aU0Mc1ETLZaAFwXCWmtHSNAQ5PH1dHQdS
lsoD98JMMlO+hPLofmxIZrv3OumvcEjz+MfamP1SxALNRYREykQJ8j5BEfD9h6dB
ynCUUIaiwGZxhtHeKAbZpQm0Ccmbo1kXgBLWKIfgCOuoX8ZmhU65mGjz1GOPEXtu
MkK4ZF0A36qgNdtoPohfFROkyduwGsHgneqsqvE742cjEDHK9mDkgzmKHG1r21pA
bLjoiqw5eebSFsK/Afjit+y6ieQUjJs0unk9IXy2PyRj
-----END CERTIFICATE-----