Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/aTbGDZ1a8KaIXRsLBX-ysj1zB9w.roa
File:                     aTbGDZ1a8KaIXRsLBX-ysj1zB9w.roa (raw, json)
Hash identifier:          ifeeVQTYuwnbVEf0nxj33UT6I9VoMwxqoMKwpQCLTSo=
Subject key identifier:   69:36:C6:0D:9D:5A:F0:A6:88:5D:1B:0B:05:7F:B2:B2:3D:73:07:DC
Certificate issuer:       /CN=424feffb576e411de511871dc1e0bd7a20e2c4d7
Certificate serial:       018EEFBD06222FDE6A8D388D0511DC133BED
Authority key identifier: 42:4F:EF:FB:57:6E:41:1D:E5:11:87:1D:C1:E0:BD:7A:20:E2:C4:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qk_v-1duQR3lEYcdweC9eiDixNc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/aTbGDZ1a8KaIXRsLBX-ysj1zB9w.roa
Signing time:             Thu 18 Apr 2024 05:45:26 +0000
ROA not before:           Thu 18 Apr 2024 05:45:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204866
IP address blocks:        194.99.44.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/Qk_v-1duQR3lEYcdweC9eiDixNc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/Qk_v-1duQR3lEYcdweC9eiDixNc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qk_v-1duQR3lEYcdweC9eiDixNc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ef:bd:06:22:2f:de:6a:8d:38:8d:05:11:dc:13:3b:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=424feffb576e411de511871dc1e0bd7a20e2c4d7
        Validity
            Not Before: Apr 18 05:45:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6936c60d9d5af0a6885d1b0b057fb2b23d7307dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:f7:70:87:84:07:03:f9:6a:57:d8:e3:38:0f:
                    40:d7:c0:59:6b:81:a1:4f:59:1f:e6:4f:00:d5:0a:
                    50:73:cc:8e:19:61:75:66:92:b0:a0:35:2c:86:3e:
                    91:64:48:b4:ca:22:6f:40:88:a2:c8:13:16:05:c9:
                    65:2e:1a:80:b5:4e:14:26:e0:74:90:90:65:f9:b5:
                    6c:06:6a:c9:0e:85:e9:df:a0:85:33:41:3d:8a:0c:
                    c7:ed:60:fd:a9:a4:6c:2f:9a:d3:a9:fe:79:33:c5:
                    38:ba:d2:cb:7b:16:9d:96:33:9c:14:9b:aa:a0:0d:
                    3d:9d:82:69:48:56:b6:af:b8:b9:75:79:96:fc:89:
                    8d:e9:8a:9a:50:b5:ba:0f:44:1a:e3:6d:1e:09:97:
                    08:69:3f:ee:02:c2:ec:f6:76:9c:ad:bb:6f:6a:7f:
                    1d:88:c1:3e:d2:a7:38:b9:48:90:28:26:f7:0f:fe:
                    ae:69:33:3d:4a:c3:fb:81:52:8a:d4:63:84:9c:a4:
                    22:c7:fe:f3:ef:85:16:b8:c2:ce:df:da:6a:78:fc:
                    d1:8d:85:84:f7:97:5f:cf:b8:b2:c3:14:09:e6:fe:
                    a7:66:37:bb:bd:8f:b3:2b:56:b8:33:8f:95:e7:f7:
                    62:44:9e:57:f7:1b:fe:7a:62:49:5c:90:e5:ce:5b:
                    b0:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:36:C6:0D:9D:5A:F0:A6:88:5D:1B:0B:05:7F:B2:B2:3D:73:07:DC
            X509v3 Authority Key Identifier:
                keyid:42:4F:EF:FB:57:6E:41:1D:E5:11:87:1D:C1:E0:BD:7A:20:E2:C4:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qk_v-1duQR3lEYcdweC9eiDixNc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/aTbGDZ1a8KaIXRsLBX-ysj1zB9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/Qk_v-1duQR3lEYcdweC9eiDixNc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.99.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         38:49:26:d9:d4:56:ce:2c:2f:ef:24:7b:a7:41:6a:17:63:b5:
         96:e3:12:d6:f0:41:56:ac:53:46:d3:eb:e4:a8:67:9d:b9:11:
         4a:4e:7b:13:00:10:7d:8c:61:92:88:0c:e6:69:b3:ce:d2:77:
         fb:b4:91:28:eb:92:e7:2d:de:77:7b:6c:18:6b:c6:13:bd:4e:
         02:87:0c:ff:0a:28:ab:cb:74:2d:a3:05:af:d1:8c:ce:5c:b8:
         d9:81:39:35:bb:08:b7:6d:ce:6c:64:e0:b4:22:e1:80:3e:a9:
         07:64:96:9a:b2:93:4e:9a:41:28:b6:f5:3c:2b:96:0a:81:a1:
         da:c4:41:e2:50:a6:43:a2:da:c0:2a:6b:06:f7:10:25:6a:dd:
         c5:ba:2e:f4:b6:d2:79:a9:eb:46:5e:a4:84:66:bd:57:74:7d:
         46:8f:2d:16:16:73:4c:2d:9a:79:4b:fe:dd:6e:7a:e2:e8:81:
         26:23:e4:07:c8:35:26:3f:67:6a:d8:fc:1b:65:ab:44:71:b8:
         1b:11:ca:1b:a2:b0:d8:46:4d:a0:85:aa:a5:5e:8b:46:5f:93:
         f4:b0:07:fe:9c:0d:d8:6d:92:09:d1:29:d7:00:34:7f:c3:29:
         e6:ed:6a:56:1d:64:50:30:32:87:df:95:bd:77:f4:ce:35:13:
         fc:6a:36:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7vvQYiL95qjTiNBRHcEzvtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyNGZlZmZiNTc2ZTQxMWRlNTExODcxZGMxZTBiZDdhMjBl
MmM0ZDcwHhcNMjQwNDE4MDU0NTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTM2YzYwZDlkNWFmMGE2ODg1ZDFiMGIwNTdmYjJiMjNkNzMwN2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPdwh4QHA/lqV9jjOA9A18BZa4Gh
T1kf5k8A1QpQc8yOGWF1ZpKwoDUshj6RZEi0yiJvQIiiyBMWBcllLhqAtU4UJuB0
kJBl+bVsBmrJDoXp36CFM0E9igzH7WD9qaRsL5rTqf55M8U4utLLexadljOcFJuq
oA09nYJpSFa2r7i5dXmW/ImN6YqaULW6D0Qa420eCZcIaT/uAsLs9nacrbtvan8d
iME+0qc4uUiQKCb3D/6uaTM9SsP7gVKK1GOEnKQix/7z74UWuMLO39pqePzRjYWE
95dfz7iywxQJ5v6nZje7vY+zK1a4M4+V5/diRJ5X9xv+emJJXJDlzluwvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGk2xg2dWvCmiF0bCwV/srI9cwfcMB8GA1UdIwQY
MBaAFEJP7/tXbkEd5RGHHcHgvXog4sTXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWtfdi0xZHVRUjNsRVljZHdlQzllaURpeE5jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy82MTM1MDgtMDgzMi00MWY2LWFjYjct
ODMxZjdlNmY1Y2NkLzEvYVRiR0RaMWE4S2FJWFJzTEJYLXlzajF6Qjl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy82MTM1MDgtMDgzMi00MWY2LWFjYjctODMxZjdlNmY1Y2Nk
LzEvUWtfdi0xZHVRUjNsRVljZHdlQzllaURpeE5jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwmMsMA0G
CSqGSIb3DQEBCwUAA4IBAQA4SSbZ1FbOLC/vJHunQWoXY7WW4xLW8EFWrFNG0+vk
qGeduRFKTnsTABB9jGGSiAzmabPO0nf7tJEo65LnLd53e2wYa8YTvU4Chwz/Ciir
y3QtowWv0YzOXLjZgTk1uwi3bc5sZOC0IuGAPqkHZJaaspNOmkEotvU8K5YKgaHa
xEHiUKZDotrAKmsG9xAlat3Fui70ttJ5qetGXqSEZr1XdH1Gjy0WFnNMLZp5S/7d
bnri6IEmI+QHyDUmP2dq2PwbZatEcbgbEcoborDYRk2ghaqlXotGX5P0sAf+nA3Y
bZIJ0SnXADR/wynm7WpWHWRQMDKH35W9d/TONRP8ajYk
-----END CERTIFICATE-----