Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/e65c27-aef5-486d-b5d7-59d6ca65ccbc/1/vm0krXscR0UG4r3WGK3bw8sZnH0.roa
File:                     vm0krXscR0UG4r3WGK3bw8sZnH0.roa (raw, json)
Hash identifier:          amOQlHDozhpXMT0VBUSBbojs7b7B0+qQUnjpZw9YPtw=
Subject key identifier:   BE:6D:24:AD:7B:1C:47:45:06:E2:BD:D6:18:AD:DB:C3:CB:19:9C:7D
Certificate issuer:       /CN=3a685cf88a7fc43fe1c7fe34a6ff3ddbb414f0b5
Certificate serial:       018CC56E2491A80AA18E72098785281C95D6
Authority key identifier: 3A:68:5C:F8:8A:7F:C4:3F:E1:C7:FE:34:A6:FF:3D:DB:B4:14:F0:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Omhc-Ip_xD_hx_40pv8927QU8LU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/e65c27-aef5-486d-b5d7-59d6ca65ccbc/1/vm0krXscR0UG4r3WGK3bw8sZnH0.roa
Signing time:             Mon 01 Jan 2024 14:29:39 +0000
ROA not before:           Mon 01 Jan 2024 14:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42
IP address blocks:        194.0.47.0/24 maxlen: 24
                          2001:678:78::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/e65c27-aef5-486d-b5d7-59d6ca65ccbc/1/Omhc-Ip_xD_hx_40pv8927QU8LU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/e65c27-aef5-486d-b5d7-59d6ca65ccbc/1/Omhc-Ip_xD_hx_40pv8927QU8LU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Omhc-Ip_xD_hx_40pv8927QU8LU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:24:91:a8:0a:a1:8e:72:09:87:85:28:1c:95:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a685cf88a7fc43fe1c7fe34a6ff3ddbb414f0b5
        Validity
            Not Before: Jan  1 14:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be6d24ad7b1c474506e2bdd618addbc3cb199c7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:49:a1:f4:b9:50:ac:3c:6b:75:86:e1:1b:b3:
                    bc:b6:06:00:9d:eb:47:58:14:b1:64:3d:9d:64:75:
                    92:28:68:89:30:fe:22:00:be:ad:e0:57:59:40:2c:
                    43:a7:3b:e2:05:4c:0d:b5:df:bf:50:4e:a3:1c:49:
                    a6:02:2a:46:13:6e:32:1e:a2:80:1c:db:53:a5:5d:
                    bb:48:c6:31:0c:cf:97:c4:a5:42:c4:9c:b4:32:ac:
                    e3:de:9b:ae:e6:79:7b:b7:84:51:a4:20:3e:f1:a7:
                    60:eb:c9:c6:46:1d:8c:45:cc:72:91:57:22:23:df:
                    b5:28:f3:11:ff:68:8c:7b:23:51:f9:4a:61:72:0a:
                    6f:13:cd:ae:a1:85:b3:dc:fc:29:bc:86:be:6d:f1:
                    90:8a:5a:d8:f5:bd:40:f8:8f:82:54:58:e4:37:2a:
                    2c:4e:b5:12:39:94:ea:12:96:da:c0:f8:1c:54:04:
                    5e:5b:f5:aa:af:b1:dc:a6:0c:2e:2c:ae:cc:28:36:
                    f3:5d:07:2d:71:ba:af:39:c5:c3:88:82:ca:6b:56:
                    4f:b1:2c:95:58:7f:dd:d6:88:be:8e:0b:5d:d0:56:
                    3e:6a:59:0d:f1:27:7d:3e:20:82:ae:b3:79:26:bb:
                    eb:8e:ea:7d:b5:38:65:fb:81:93:6d:6a:7b:05:95:
                    03:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:6D:24:AD:7B:1C:47:45:06:E2:BD:D6:18:AD:DB:C3:CB:19:9C:7D
            X509v3 Authority Key Identifier:
                keyid:3A:68:5C:F8:8A:7F:C4:3F:E1:C7:FE:34:A6:FF:3D:DB:B4:14:F0:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Omhc-Ip_xD_hx_40pv8927QU8LU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/e65c27-aef5-486d-b5d7-59d6ca65ccbc/1/vm0krXscR0UG4r3WGK3bw8sZnH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/e65c27-aef5-486d-b5d7-59d6ca65ccbc/1/Omhc-Ip_xD_hx_40pv8927QU8LU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.47.0/24
                IPv6:
                  2001:678:78::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:67:e4:cf:0c:d7:3c:a1:80:aa:8f:0e:a6:a4:64:2c:48:72:
         e7:98:cf:0b:ae:6d:41:70:5f:3c:d2:c2:30:f2:34:59:68:8c:
         f7:68:07:47:19:15:29:df:ac:d9:f2:93:c1:bf:06:af:4f:e4:
         be:95:30:98:14:35:9b:b7:e0:f5:64:e8:a5:be:c1:ed:b0:d6:
         20:d9:39:b8:17:06:1f:44:45:aa:f7:bf:64:5c:ef:1a:b9:e8:
         23:33:04:eb:5a:18:19:7a:ce:bc:fe:a8:d3:88:7b:fa:00:72:
         3c:09:f2:94:17:44:de:af:a7:87:62:7c:7b:51:9b:d5:fb:1c:
         12:73:ff:cb:d4:36:f9:04:f6:73:c1:42:e5:58:59:dd:68:7e:
         18:ae:f0:9b:e8:f6:c6:c8:d2:82:1a:08:01:46:20:f2:f0:41:
         df:e8:6c:55:54:f1:dd:68:92:12:04:45:ab:6f:43:6d:62:2c:
         c9:a3:a1:cc:a8:6f:5d:90:8c:c9:12:85:36:07:00:48:9c:58:
         0a:2c:b5:85:cc:b2:45:b4:ff:38:12:f8:9f:79:4d:01:e2:7f:
         55:81:f6:81:d0:7d:70:14:3c:be:84:d5:8a:d0:62:8f:55:3e:
         06:29:e5:14:3b:0e:56:bd:ff:28:95:0a:9f:0b:7a:5b:56:66:
         ab:88:84:e6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzFbiSRqAqhjnIJh4UoHJXWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhNjg1Y2Y4OGE3ZmM0M2ZlMWM3ZmUzNGE2ZmYzZGRiYjQx
NGYwYjUwHhcNMjQwMTAxMTQyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTZkMjRhZDdiMWM0NzQ1MDZlMmJkZDYxOGFkZGJjM2NiMTk5YzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgUmh9LlQrDxrdYbhG7O8tgYAnetH
WBSxZD2dZHWSKGiJMP4iAL6t4FdZQCxDpzviBUwNtd+/UE6jHEmmAipGE24yHqKA
HNtTpV27SMYxDM+XxKVCxJy0Mqzj3puu5nl7t4RRpCA+8adg68nGRh2MRcxykVci
I9+1KPMR/2iMeyNR+UphcgpvE82uoYWz3PwpvIa+bfGQilrY9b1A+I+CVFjkNyos
TrUSOZTqEpbawPgcVAReW/Wqr7HcpgwuLK7MKDbzXQctcbqvOcXDiILKa1ZPsSyV
WH/d1oi+jgtd0FY+alkN8Sd9PiCCrrN5Jrvrjup9tThl+4GTbWp7BZUDGQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFL5tJK17HEdFBuK91hit28PLGZx9MB8GA1UdIwQY
MBaAFDpoXPiKf8Q/4cf+NKb/Pdu0FPC1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT21oYy1JcF94RF9oeF80MHB2ODkyN1FVOExVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9lNjVjMjctYWVmNS00ODZkLWI1ZDct
NTlkNmNhNjVjY2JjLzEvdm0wa3JYc2NSMFVHNHIzV0dLM2J3OHNabkgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9lNjVjMjctYWVmNS00ODZkLWI1ZDctNTlkNmNhNjVjY2Jj
LzEvT21oYy1JcF94RF9oeF80MHB2ODkyN1FVOExVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwgAvMA8E
AgACMAkDBwAgAQZ4AHgwDQYJKoZIhvcNAQELBQADggEBACJn5M8M1zyhgKqPDqak
ZCxIcueYzwuubUFwXzzSwjDyNFlojPdoB0cZFSnfrNnyk8G/Bq9P5L6VMJgUNZu3
4PVk6KW+we2w1iDZObgXBh9ERar3v2Rc7xq56CMzBOtaGBl6zrz+qNOIe/oAcjwJ
8pQXRN6vp4difHtRm9X7HBJz/8vUNvkE9nPBQuVYWd1ofhiu8Jvo9sbI0oIaCAFG
IPLwQd/obFVU8d1okhIERatvQ21iLMmjocyob12QjMkShTYHAEicWAostYXMskW0
/zgS+J95TQHif1WB9oHQfXAUPL6E1YrQYo9VPgYp5RQ7Dla9/yiVCp8LeltWZquI
hOY=
-----END CERTIFICATE-----