Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/5ccbaf-c51d-4e76-a3ee-35ab420173db/1/DJdrHOs_LzON3boH9pctBoHtDHs.roa
File:                     DJdrHOs_LzON3boH9pctBoHtDHs.roa (raw, json)
Hash identifier:          X49gXuQ3JgZ1pzVZ7POdtuGR5bXsS5aRxCCK8x8MMFc=
Subject key identifier:   0C:97:6B:1C:EB:3F:2F:33:8D:DD:BA:07:F6:97:2D:06:81:ED:0C:7B
Certificate issuer:       /CN=997c27d15b46db184bc02b303c86b47c449c1b54
Certificate serial:       018CC72739071530FA387994A9052C698F2F
Authority key identifier: 99:7C:27:D1:5B:46:DB:18:4B:C0:2B:30:3C:86:B4:7C:44:9C:1B:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mXwn0VtG2xhLwCswPIa0fEScG1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/5ccbaf-c51d-4e76-a3ee-35ab420173db/1/DJdrHOs_LzON3boH9pctBoHtDHs.roa
Signing time:             Mon 01 Jan 2024 22:31:25 +0000
ROA not before:           Mon 01 Jan 2024 22:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210693
IP address blocks:        188.93.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/5ccbaf-c51d-4e76-a3ee-35ab420173db/1/mXwn0VtG2xhLwCswPIa0fEScG1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/5ccbaf-c51d-4e76-a3ee-35ab420173db/1/mXwn0VtG2xhLwCswPIa0fEScG1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mXwn0VtG2xhLwCswPIa0fEScG1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:39:07:15:30:fa:38:79:94:a9:05:2c:69:8f:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=997c27d15b46db184bc02b303c86b47c449c1b54
        Validity
            Not Before: Jan  1 22:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c976b1ceb3f2f338dddba07f6972d0681ed0c7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:33:08:96:29:be:d6:79:aa:7f:12:d2:86:6b:
                    4a:5d:96:a7:38:ee:19:0a:d0:11:4a:7f:73:15:e8:
                    82:b2:ee:7e:e5:9c:b5:3b:2e:e3:bf:a1:9f:bd:61:
                    4b:07:f6:4b:c7:fd:63:a0:15:4f:f1:b6:8c:48:56:
                    f1:48:3f:d4:19:0e:97:3d:31:fc:a7:26:d6:44:46:
                    ab:1d:ce:d7:29:50:fd:72:0a:ca:97:c8:8e:e0:ad:
                    39:9f:89:53:08:15:9e:a4:c7:d5:09:1b:7d:ac:e0:
                    b3:e5:88:b0:ac:fc:88:d9:d5:2a:55:98:19:ba:68:
                    7c:e8:19:50:5a:fe:e5:31:b4:8b:29:3f:94:1d:06:
                    b9:82:f2:4f:6e:c4:ab:1b:c4:06:38:93:c6:a8:83:
                    10:e3:45:74:02:1b:0b:b0:d3:45:64:83:2b:07:b6:
                    3f:9f:90:b8:6d:c6:55:ce:fe:cd:99:00:71:17:d0:
                    2d:c5:59:56:c3:3c:cc:56:93:30:63:ff:c4:bc:48:
                    b0:ad:a8:c3:15:dd:8e:24:de:06:de:e7:98:94:92:
                    9d:a6:05:e1:e2:fe:c7:b9:1c:4c:3e:77:03:d8:a5:
                    66:11:8f:e9:57:0a:03:7b:49:55:f0:ad:3a:7e:e8:
                    86:75:25:53:2d:8a:78:9d:2b:6f:7c:55:c1:88:1a:
                    5d:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:97:6B:1C:EB:3F:2F:33:8D:DD:BA:07:F6:97:2D:06:81:ED:0C:7B
            X509v3 Authority Key Identifier:
                keyid:99:7C:27:D1:5B:46:DB:18:4B:C0:2B:30:3C:86:B4:7C:44:9C:1B:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mXwn0VtG2xhLwCswPIa0fEScG1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/5ccbaf-c51d-4e76-a3ee-35ab420173db/1/DJdrHOs_LzON3boH9pctBoHtDHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/5ccbaf-c51d-4e76-a3ee-35ab420173db/1/mXwn0VtG2xhLwCswPIa0fEScG1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.93.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:5c:29:16:36:46:7f:01:ad:6e:ba:25:ec:b8:29:fa:d8:02:
         cb:7d:5e:fc:3f:18:b3:b6:26:27:21:36:9f:bf:16:75:4a:09:
         b7:1b:09:ae:a5:cc:1d:96:de:fe:42:70:b9:91:94:90:11:cb:
         fb:c3:4d:7c:96:26:d8:af:f1:c3:a1:b4:08:a5:f2:77:ae:a7:
         00:47:7a:d4:4b:dd:3f:23:b3:90:66:83:fb:da:79:3d:e6:40:
         7b:b1:77:b9:e0:86:f5:0b:4b:d6:a5:e5:c8:ed:a0:fa:5f:9b:
         c8:96:a0:aa:73:71:a2:40:38:5a:6d:0c:a3:85:68:aa:5e:7b:
         cf:17:ce:01:e8:9d:f4:c2:ca:83:89:b4:88:59:b3:ca:4a:f5:
         3e:a9:45:f2:fd:92:67:cc:b7:5c:11:d6:22:44:ae:02:64:86:
         88:b7:f1:6f:ac:9c:f5:4c:6b:1c:60:82:e0:2f:89:e7:5e:f8:
         6e:26:58:b5:af:5f:e3:0a:b8:ec:e4:f8:51:78:de:19:a4:38:
         fb:f5:99:38:04:cd:6a:93:4a:9d:7c:b7:b9:8f:21:bf:19:e2:
         1f:28:d4:9b:6f:d7:be:d8:26:db:99:6a:1a:8f:96:62:1a:1c:
         6f:97:87:8a:88:b4:fb:6e:4f:ff:1a:a1:35:32:e4:f5:78:09:
         e4:d8:2b:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJzkHFTD6OHmUqQUsaY8vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5N2MyN2QxNWI0NmRiMTg0YmMwMmIzMDNjODZiNDdjNDQ5
YzFiNTQwHhcNMjQwMTAxMjIzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzk3NmIxY2ViM2YyZjMzOGRkZGJhMDdmNjk3MmQwNjgxZWQwYzdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1jMIlim+1nmqfxLShmtKXZanOO4Z
CtARSn9zFeiCsu5+5Zy1Oy7jv6GfvWFLB/ZLx/1joBVP8baMSFbxSD/UGQ6XPTH8
pybWREarHc7XKVD9cgrKl8iO4K05n4lTCBWepMfVCRt9rOCz5YiwrPyI2dUqVZgZ
umh86BlQWv7lMbSLKT+UHQa5gvJPbsSrG8QGOJPGqIMQ40V0AhsLsNNFZIMrB7Y/
n5C4bcZVzv7NmQBxF9AtxVlWwzzMVpMwY//EvEiwrajDFd2OJN4G3ueYlJKdpgXh
4v7HuRxMPncD2KVmEY/pVwoDe0lV8K06fuiGdSVTLYp4nStvfFXBiBpdswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAyXaxzrPy8zjd26B/aXLQaB7Qx7MB8GA1UdIwQY
MBaAFJl8J9FbRtsYS8ArMDyGtHxEnBtUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVh3bjBWdEcyeGhMd0Nzd1BJYTBmRVNjRzFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi81Y2NiYWYtYzUxZC00ZTc2LWEzZWUt
MzVhYjQyMDE3M2RiLzEvREpkckhPc19Mek9OM2JvSDlwY3RCb0h0REhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi81Y2NiYWYtYzUxZC00ZTc2LWEzZWUtMzVhYjQyMDE3M2Ri
LzEvbVh3bjBWdEcyeGhMd0Nzd1BJYTBmRVNjRzFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvF1wMA0G
CSqGSIb3DQEBCwUAA4IBAQAEXCkWNkZ/Aa1uuiXsuCn62ALLfV78PxiztiYnITaf
vxZ1Sgm3Gwmupcwdlt7+QnC5kZSQEcv7w018libYr/HDobQIpfJ3rqcAR3rUS90/
I7OQZoP72nk95kB7sXe54Ib1C0vWpeXI7aD6X5vIlqCqc3GiQDhabQyjhWiqXnvP
F84B6J30wsqDibSIWbPKSvU+qUXy/ZJnzLdcEdYiRK4CZIaIt/FvrJz1TGscYILg
L4nnXvhuJli1r1/jCrjs5PhReN4ZpDj79Zk4BM1qk0qdfLe5jyG/GeIfKNSbb9e+
2CbbmWoaj5ZiGhxvl4eKiLT7bk//GqE1MuT1eAnk2CtL
-----END CERTIFICATE-----