Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7c0274-74c6-4423-9a88-9a300b0a7ed2/1/k38sCvObWiOo_GcGhGyuOcxAHI0.roa
File:                     k38sCvObWiOo_GcGhGyuOcxAHI0.roa (raw, json)
Hash identifier:          ErsTl3uLZMSaftsOs40vxGX9NRveO+AlU/TWNHr9X3c=
Subject key identifier:   93:7F:2C:0A:F3:9B:5A:23:A8:FC:67:06:84:6C:AE:39:CC:40:1C:8D
Certificate issuer:       /CN=c9d0e9234cc6721957a4ac213eac6753ed85eea7
Certificate serial:       018E2D5BA70C54B9B60C7BFF11F127DA2CFA
Authority key identifier: C9:D0:E9:23:4C:C6:72:19:57:A4:AC:21:3E:AC:67:53:ED:85:EE:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydDpI0zGchlXpKwhPqxnU-2F7qc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7c0274-74c6-4423-9a88-9a300b0a7ed2/1/k38sCvObWiOo_GcGhGyuOcxAHI0.roa
Signing time:             Mon 11 Mar 2024 11:52:44 +0000
ROA not before:           Mon 11 Mar 2024 11:52:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1299
IP address blocks:        194.59.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7c0274-74c6-4423-9a88-9a300b0a7ed2/1/ydDpI0zGchlXpKwhPqxnU-2F7qc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7c0274-74c6-4423-9a88-9a300b0a7ed2/1/ydDpI0zGchlXpKwhPqxnU-2F7qc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydDpI0zGchlXpKwhPqxnU-2F7qc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:51:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:2d:5b:a7:0c:54:b9:b6:0c:7b:ff:11:f1:27:da:2c:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d0e9234cc6721957a4ac213eac6753ed85eea7
        Validity
            Not Before: Mar 11 11:52:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=937f2c0af39b5a23a8fc6706846cae39cc401c8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:4c:d9:ea:04:f3:7f:0a:a6:d4:c1:51:6c:9f:
                    38:53:fa:9d:a6:c2:4e:0a:04:ef:b7:29:29:08:bf:
                    e9:6a:d3:6f:dd:74:ab:f0:a4:16:c0:fa:4a:d0:34:
                    a9:8d:17:8d:28:97:6c:66:92:11:74:a8:ef:78:1e:
                    dc:c9:18:87:62:11:bc:0e:0a:dd:6b:f3:2e:0b:9a:
                    25:83:73:77:86:40:44:64:a8:08:b9:82:27:d7:cf:
                    6c:ef:d6:0c:68:f2:74:74:4f:6b:3b:41:d9:60:48:
                    2c:5d:b2:5b:95:0c:a3:6c:f8:a5:7d:74:4a:9b:1b:
                    c2:ae:82:3c:24:39:27:d8:ea:90:93:d5:6d:da:66:
                    d4:af:c4:20:1b:e9:8c:0e:27:05:09:32:bb:b1:e3:
                    05:fe:16:49:78:29:91:24:f6:d8:2e:7d:15:6f:24:
                    c6:4e:67:ee:0c:bf:9b:e2:b1:bd:7d:ed:f5:c2:68:
                    48:58:f0:d2:7c:81:d9:2a:d9:4d:d0:70:9a:56:47:
                    23:25:95:f2:ac:b8:34:60:e9:f9:97:62:4f:f4:17:
                    09:e7:e6:7e:08:ff:be:4f:d4:06:3f:88:4e:1e:b0:
                    d4:e1:3f:b8:d4:0b:d1:8b:3c:cd:fb:e1:ac:41:7b:
                    69:5b:80:85:f9:ed:f0:a1:22:66:e0:9f:6b:a5:ca:
                    d9:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:7F:2C:0A:F3:9B:5A:23:A8:FC:67:06:84:6C:AE:39:CC:40:1C:8D
            X509v3 Authority Key Identifier:
                keyid:C9:D0:E9:23:4C:C6:72:19:57:A4:AC:21:3E:AC:67:53:ED:85:EE:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydDpI0zGchlXpKwhPqxnU-2F7qc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7c0274-74c6-4423-9a88-9a300b0a7ed2/1/k38sCvObWiOo_GcGhGyuOcxAHI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7c0274-74c6-4423-9a88-9a300b0a7ed2/1/ydDpI0zGchlXpKwhPqxnU-2F7qc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.59.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:00:de:fc:66:cc:a1:74:8f:e6:75:63:46:bb:3d:55:b4:2d:
         49:be:00:ea:21:77:c7:02:02:77:8a:f2:30:5a:c0:32:a8:60:
         88:04:b8:3e:64:a5:14:5d:23:c4:50:b8:67:41:61:81:1c:33:
         cd:16:f5:a7:ac:12:02:aa:8f:d6:bf:ca:37:ef:3a:6d:b4:5d:
         04:e3:ef:12:33:32:74:eb:05:bc:5a:23:0d:b6:94:ef:52:b3:
         68:00:8c:8c:ac:79:8e:a5:53:d3:69:42:4e:fc:c8:4e:8c:35:
         87:33:03:c4:94:65:01:1b:dc:1f:7b:dc:23:c7:14:27:99:65:
         53:1f:6f:2b:c7:0e:41:c5:a0:7a:52:7f:06:b0:24:0b:07:20:
         e9:f9:ed:21:89:23:7a:a3:6b:9a:ab:60:cb:be:e1:4c:aa:85:
         3c:12:eb:03:f6:44:72:c2:b0:31:d2:36:43:b6:2b:64:23:8e:
         c0:d5:c8:cf:76:ba:fd:b4:71:94:16:38:3f:f9:37:94:09:76:
         c8:f4:74:05:7d:85:e6:f0:9c:13:a8:13:ed:9d:18:ac:f5:77:
         37:95:c7:d4:29:c6:51:a2:4d:16:0c:5c:57:43:9b:f5:87:ee:
         33:53:8b:ab:ae:77:17:53:e7:09:fb:b3:51:ee:50:90:da:18:
         a8:25:33:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4tW6cMVLm2DHv/EfEn2iz6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDBlOTIzNGNjNjcyMTk1N2E0YWMyMTNlYWM2NzUzZWQ4
NWVlYTcwHhcNMjQwMzExMTE1MjQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzdmMmMwYWYzOWI1YTIzYThmYzY3MDY4NDZjYWUzOWNjNDAxYzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0zZ6gTzfwqm1MFRbJ84U/qdpsJO
CgTvtykpCL/patNv3XSr8KQWwPpK0DSpjReNKJdsZpIRdKjveB7cyRiHYhG8Dgrd
a/MuC5olg3N3hkBEZKgIuYIn189s79YMaPJ0dE9rO0HZYEgsXbJblQyjbPilfXRK
mxvCroI8JDkn2OqQk9Vt2mbUr8QgG+mMDicFCTK7seMF/hZJeCmRJPbYLn0VbyTG
TmfuDL+b4rG9fe31wmhIWPDSfIHZKtlN0HCaVkcjJZXyrLg0YOn5l2JP9BcJ5+Z+
CP++T9QGP4hOHrDU4T+41AvRizzN++GsQXtpW4CF+e3woSJm4J9rpcrZyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJN/LArzm1ojqPxnBoRsrjnMQByNMB8GA1UdIwQY
MBaAFMnQ6SNMxnIZV6SsIT6sZ1Pthe6nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWREcEkwekdjaGxYcEt3aFBxeG5VLTJGN3FjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83YzAyNzQtNzRjNi00NDIzLTlhODgt
OWEzMDBiMGE3ZWQyLzEvazM4c0N2T2JXaU9vX0djR2hHeXVPY3hBSEkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83YzAyNzQtNzRjNi00NDIzLTlhODgtOWEzMDBiMGE3ZWQy
LzEveWREcEkwekdjaGxYcEt3aFBxeG5VLTJGN3FjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjsNMA0G
CSqGSIb3DQEBCwUAA4IBAQB1AN78ZsyhdI/mdWNGuz1VtC1JvgDqIXfHAgJ3ivIw
WsAyqGCIBLg+ZKUUXSPEULhnQWGBHDPNFvWnrBICqo/Wv8o37zpttF0E4+8SMzJ0
6wW8WiMNtpTvUrNoAIyMrHmOpVPTaUJO/MhOjDWHMwPElGUBG9wfe9wjxxQnmWVT
H28rxw5BxaB6Un8GsCQLByDp+e0hiSN6o2uaq2DLvuFMqoU8EusD9kRywrAx0jZD
titkI47A1cjPdrr9tHGUFjg/+TeUCXbI9HQFfYXm8JwTqBPtnRis9Xc3lcfUKcZR
ok0WDFxXQ5v1h+4zU4urrncXU+cJ+7NR7lCQ2hioJTPN
-----END CERTIFICATE-----