Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/5d561c-063c-4fbb-903b-2f21e9dd5708/1/SoN5qze0Y-CytCsKp_ragC3n8p0.roa
File:                     SoN5qze0Y-CytCsKp_ragC3n8p0.roa (raw, json)
Hash identifier:          QTjBPTcvilstGzal9E3QA+637DjK5fwcDKj3l4D5IH4=
Subject key identifier:   4A:83:79:AB:37:B4:63:E0:B2:B4:2B:0A:A7:FA:DA:80:2D:E7:F2:9D
Certificate issuer:       /CN=86f17c3e27e9a2b8fe69dd75f489bf720af7d2aa
Certificate serial:       018CC3B73291882AC1784CE2A34416F27CA2
Authority key identifier: 86:F1:7C:3E:27:E9:A2:B8:FE:69:DD:75:F4:89:BF:72:0A:F7:D2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hvF8Pifporj-ad119Im_cgr30qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/5d561c-063c-4fbb-903b-2f21e9dd5708/1/SoN5qze0Y-CytCsKp_ragC3n8p0.roa
Signing time:             Mon 01 Jan 2024 06:30:12 +0000
ROA not before:           Mon 01 Jan 2024 06:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203329
IP address blocks:        194.121.56.0/24 maxlen: 24
                          2001:678:f44::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/5d561c-063c-4fbb-903b-2f21e9dd5708/1/hvF8Pifporj-ad119Im_cgr30qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/5d561c-063c-4fbb-903b-2f21e9dd5708/1/hvF8Pifporj-ad119Im_cgr30qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hvF8Pifporj-ad119Im_cgr30qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:32:91:88:2a:c1:78:4c:e2:a3:44:16:f2:7c:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86f17c3e27e9a2b8fe69dd75f489bf720af7d2aa
        Validity
            Not Before: Jan  1 06:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a8379ab37b463e0b2b42b0aa7fada802de7f29d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:03:a2:e4:9a:d8:35:96:ed:9c:bc:05:7d:2e:
                    fe:51:cf:63:fa:1b:43:9c:12:0b:ae:51:0a:d5:c4:
                    a8:c7:a8:c7:69:50:6f:47:48:75:54:ce:b4:2f:2d:
                    0f:7a:6b:5e:b1:13:94:c9:56:75:5b:c8:a0:3d:37:
                    f1:37:c7:eb:22:ee:4d:3e:dc:ac:3a:47:05:4a:9c:
                    be:28:3a:db:d2:90:55:bb:c2:c1:4c:26:48:81:29:
                    8c:19:eb:93:4d:a5:b4:d9:c1:00:80:89:f0:7b:b9:
                    67:4a:86:55:f6:63:99:1f:b0:7c:74:8b:37:81:bc:
                    e8:58:d0:15:a0:a4:33:10:6a:52:9d:d1:c7:60:67:
                    a3:6a:ee:9d:d6:6b:df:14:32:b4:8e:ba:6e:7a:bd:
                    63:c8:fc:60:68:9d:c8:6b:1a:19:bb:17:d3:9d:ba:
                    e5:6e:fc:60:d3:e5:66:e2:3c:ad:60:1d:ef:f7:59:
                    86:a7:5f:c3:c4:9c:0f:02:3c:cc:2f:52:0b:04:a4:
                    04:86:b1:82:75:1a:2a:31:f3:29:e3:9f:d0:16:0f:
                    2c:d1:19:59:de:a1:a7:7e:ec:61:c8:df:d8:cc:02:
                    8e:4a:60:30:fb:ca:b7:ae:e8:6a:76:76:4b:27:89:
                    d0:00:df:06:0b:c7:2d:d3:14:fe:31:2d:fa:ba:f8:
                    33:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:83:79:AB:37:B4:63:E0:B2:B4:2B:0A:A7:FA:DA:80:2D:E7:F2:9D
            X509v3 Authority Key Identifier:
                keyid:86:F1:7C:3E:27:E9:A2:B8:FE:69:DD:75:F4:89:BF:72:0A:F7:D2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hvF8Pifporj-ad119Im_cgr30qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/5d561c-063c-4fbb-903b-2f21e9dd5708/1/SoN5qze0Y-CytCsKp_ragC3n8p0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/5d561c-063c-4fbb-903b-2f21e9dd5708/1/hvF8Pifporj-ad119Im_cgr30qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.121.56.0/24
                IPv6:
                  2001:678:f44::/48

    Signature Algorithm: sha256WithRSAEncryption
         8b:e7:c4:c4:19:5e:9d:06:8c:a6:a4:5c:42:e2:07:59:cf:d1:
         85:54:aa:de:ef:41:80:7d:d8:86:f5:64:55:9a:4b:6c:ef:6c:
         0e:6a:cc:0e:5c:7a:34:ee:74:23:1a:28:18:21:33:ea:d8:98:
         21:61:83:3a:66:b6:b4:f5:50:a6:51:cc:28:f1:d1:aa:62:31:
         4a:5a:58:a2:d7:3c:4c:37:b8:f0:ed:0e:dd:0e:3b:ab:1a:76:
         08:72:54:af:45:4b:64:cf:da:c8:3d:64:d0:d7:eb:39:21:e7:
         e5:d7:52:2b:4a:5b:a5:c4:80:59:01:9a:92:0a:54:1f:6a:43:
         44:91:d1:89:62:06:3d:fd:0b:9a:39:a5:6f:82:da:7b:9c:d6:
         57:7b:59:f0:14:5b:22:78:b3:4d:ad:7a:8c:27:6d:f0:24:7e:
         13:a8:66:c6:78:8d:29:a1:82:60:98:d7:4c:27:a1:9e:95:df:
         50:bb:98:84:fc:c7:bb:ac:1f:3b:a3:30:51:f2:48:e5:93:9d:
         f4:94:6d:e0:f2:bc:71:dc:50:05:3b:13:ea:5c:70:77:99:6b:
         e8:41:bb:9a:12:4a:53:39:f7:f1:7c:4e:f3:be:46:98:f7:10:
         58:2a:84:20:e5:28:83:22:00:db:30:2a:4a:43:49:0c:82:77:
         19:a3:29:4c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzDtzKRiCrBeEzio0QW8nyiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZjE3YzNlMjdlOWEyYjhmZTY5ZGQ3NWY0ODliZjcyMGFm
N2QyYWEwHhcNMjQwMTAxMDYzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTgzNzlhYjM3YjQ2M2UwYjJiNDJiMGFhN2ZhZGE4MDJkZTdmMjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjQOi5JrYNZbtnLwFfS7+Uc9j+htD
nBILrlEK1cSox6jHaVBvR0h1VM60Ly0PemtesROUyVZ1W8igPTfxN8frIu5NPtys
OkcFSpy+KDrb0pBVu8LBTCZIgSmMGeuTTaW02cEAgInwe7lnSoZV9mOZH7B8dIs3
gbzoWNAVoKQzEGpSndHHYGejau6d1mvfFDK0jrpuer1jyPxgaJ3IaxoZuxfTnbrl
bvxg0+Vm4jytYB3v91mGp1/DxJwPAjzML1ILBKQEhrGCdRoqMfMp45/QFg8s0RlZ
3qGnfuxhyN/YzAKOSmAw+8q3ruhqdnZLJ4nQAN8GC8ct0xT+MS36uvgz3wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEqDeas3tGPgsrQrCqf62oAt5/KdMB8GA1UdIwQY
MBaAFIbxfD4n6aK4/mnddfSJv3IK99KqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHZGOFBpZnBvcmotYWQxMTlJbV9jZ3IzMHFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy81ZDU2MWMtMDYzYy00ZmJiLTkwM2It
MmYyMWU5ZGQ1NzA4LzEvU29ONXF6ZTBZLUN5dENzS3BfcmFnQzNuOHAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy81ZDU2MWMtMDYzYy00ZmJiLTkwM2ItMmYyMWU5ZGQ1NzA4
LzEvaHZGOFBpZnBvcmotYWQxMTlJbV9jZ3IzMHFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwnk4MA8E
AgACMAkDBwAgAQZ4D0QwDQYJKoZIhvcNAQELBQADggEBAIvnxMQZXp0GjKakXELi
B1nP0YVUqt7vQYB92Ib1ZFWaS2zvbA5qzA5cejTudCMaKBghM+rYmCFhgzpmtrT1
UKZRzCjx0apiMUpaWKLXPEw3uPDtDt0OO6sadghyVK9FS2TP2sg9ZNDX6zkh5+XX
UitKW6XEgFkBmpIKVB9qQ0SR0YliBj39C5o5pW+C2nuc1ld7WfAUWyJ4s02teown
bfAkfhOoZsZ4jSmhgmCY10wnoZ6V31C7mIT8x7usHzujMFHySOWTnfSUbeDyvHHc
UAU7E+pccHeZa+hBu5oSSlM59/F8TvO+Rpj3EFgqhCDlKIMiANswKkpDSQyCdxmj
KUw=
-----END CERTIFICATE-----