Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/oD8kAv-o9eVYnjLoAgToxJe2TsQ.roa
File:                     oD8kAv-o9eVYnjLoAgToxJe2TsQ.roa (raw, json)
Hash identifier:          yK7g4aIRWN50zLSMYmkQgW8H2aDP/DPqJCRjD8imXow=
Subject key identifier:   A0:3F:24:02:FF:A8:F5:E5:58:9E:32:E8:02:04:E8:C4:97:B6:4E:C4
Certificate issuer:       /CN=7dc4acedcb86cddfed7f6de8cadfca00469bbc8e
Certificate serial:       018CC5DC4B42A1468398E52B45FF3112A2EE
Authority key identifier: 7D:C4:AC:ED:CB:86:CD:DF:ED:7F:6D:E8:CA:DF:CA:00:46:9B:BC:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fcSs7cuGzd_tf23oyt_KAEabvI4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/oD8kAv-o9eVYnjLoAgToxJe2TsQ.roa
Signing time:             Mon 01 Jan 2024 16:29:57 +0000
ROA not before:           Mon 01 Jan 2024 16:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201627
IP address blocks:        193.71.224.0/21 maxlen: 21
                          193.71.224.0/22 maxlen: 22
                          193.71.228.0/24 maxlen: 24
                          193.71.228.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/fcSs7cuGzd_tf23oyt_KAEabvI4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/fcSs7cuGzd_tf23oyt_KAEabvI4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fcSs7cuGzd_tf23oyt_KAEabvI4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:4b:42:a1:46:83:98:e5:2b:45:ff:31:12:a2:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7dc4acedcb86cddfed7f6de8cadfca00469bbc8e
        Validity
            Not Before: Jan  1 16:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a03f2402ffa8f5e5589e32e80204e8c497b64ec4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:70:19:66:ca:67:fd:ba:15:39:c2:f1:27:e3:
                    eb:e3:f3:3e:dd:72:45:c4:51:5e:c5:4e:34:bc:02:
                    8a:f6:34:1f:53:d8:e8:e8:96:6b:fc:d8:d1:2b:6b:
                    af:bc:61:67:e2:6d:41:f1:30:9a:94:06:fd:44:fd:
                    b4:38:3b:a7:08:03:48:b2:ab:74:27:74:cb:ac:d8:
                    ab:35:b8:b0:83:f1:c8:bb:db:09:e6:cf:05:91:41:
                    24:92:79:b6:06:34:19:05:bb:92:e2:0e:6d:d7:e4:
                    35:35:c3:87:d6:c4:27:7c:f7:84:5f:14:4d:e8:27:
                    b0:42:dc:f3:56:71:2c:4e:52:b4:b7:c0:25:a3:dd:
                    c5:98:15:60:a7:61:32:9e:12:81:d2:e3:0a:36:3d:
                    9e:4b:85:02:4f:1f:79:3a:d5:2b:fe:bd:a6:ac:53:
                    05:8e:3e:b8:6c:28:31:95:2e:44:e0:77:c3:3a:e1:
                    c1:af:22:06:63:87:14:32:31:4c:4c:e8:d4:f2:9a:
                    88:2f:ea:93:5d:9f:19:48:49:10:0e:c0:7f:5a:57:
                    85:6a:d0:86:5c:11:15:a5:72:3e:6c:1a:a7:dc:88:
                    81:f6:36:82:d7:51:88:ee:75:9f:8c:77:e9:8c:a3:
                    bb:ab:06:45:5d:7d:20:01:a2:27:87:00:5b:65:ae:
                    27:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:3F:24:02:FF:A8:F5:E5:58:9E:32:E8:02:04:E8:C4:97:B6:4E:C4
            X509v3 Authority Key Identifier:
                keyid:7D:C4:AC:ED:CB:86:CD:DF:ED:7F:6D:E8:CA:DF:CA:00:46:9B:BC:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fcSs7cuGzd_tf23oyt_KAEabvI4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/oD8kAv-o9eVYnjLoAgToxJe2TsQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/fcSs7cuGzd_tf23oyt_KAEabvI4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.71.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3b:bc:33:81:ed:d1:76:cc:b5:3d:62:af:11:67:0b:35:d4:4e:
         f5:08:ce:61:10:47:7f:96:12:2f:ff:2e:eb:b5:3b:2c:93:23:
         4b:db:8e:0b:35:ad:f7:23:da:59:84:74:a7:a2:07:bb:92:5c:
         c0:df:ff:b3:f3:00:65:44:25:e0:45:8b:b7:07:dd:69:e7:41:
         31:c2:00:17:d6:09:e5:71:4c:54:2e:70:11:fc:a9:78:cf:e4:
         23:b5:23:0c:7d:52:ba:9f:1c:3e:e6:d4:5a:f2:0c:01:17:8f:
         d6:35:f3:cb:b6:7d:18:30:f4:dc:b9:93:fe:4c:1c:6f:ed:cc:
         70:d3:68:30:fc:9c:bd:cd:3e:69:4b:d9:d4:b8:cd:b2:9d:97:
         0b:34:e5:fe:2b:a7:9f:04:84:9f:64:7b:a8:02:38:e2:28:db:
         1c:31:e8:0a:65:c8:d4:c1:56:a9:3e:32:c1:c5:9c:3d:df:d7:
         59:80:24:89:4c:0f:c0:d5:21:90:e5:c5:e3:49:04:6d:19:2b:
         97:3a:d2:93:e0:a4:5d:49:c5:e2:ef:d2:4f:ed:6b:85:20:35:
         7f:62:df:b3:16:b0:49:f4:79:f1:82:13:91:07:7f:37:a2:7f:
         58:02:f6:e2:8f:6d:cb:46:21:19:87:2f:a6:5a:cc:a0:4b:aa:
         49:71:65:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3EtCoUaDmOUrRf8xEqLuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYzRhY2VkY2I4NmNkZGZlZDdmNmRlOGNhZGZjYTAwNDY5
YmJjOGUwHhcNMjQwMTAxMTYyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDNmMjQwMmZmYThmNWU1NTg5ZTMyZTgwMjA0ZThjNDk3YjY0ZWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg3AZZspn/boVOcLxJ+Pr4/M+3XJF
xFFexU40vAKK9jQfU9jo6JZr/NjRK2uvvGFn4m1B8TCalAb9RP20ODunCANIsqt0
J3TLrNirNbiwg/HIu9sJ5s8FkUEkknm2BjQZBbuS4g5t1+Q1NcOH1sQnfPeEXxRN
6CewQtzzVnEsTlK0t8Alo93FmBVgp2EynhKB0uMKNj2eS4UCTx95OtUr/r2mrFMF
jj64bCgxlS5E4HfDOuHBryIGY4cUMjFMTOjU8pqIL+qTXZ8ZSEkQDsB/WleFatCG
XBEVpXI+bBqn3IiB9jaC11GI7nWfjHfpjKO7qwZFXX0gAaInhwBbZa4nDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKA/JAL/qPXlWJ4y6AIE6MSXtk7EMB8GA1UdIwQY
MBaAFH3ErO3Lhs3f7X9t6MrfygBGm7yOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmNTczdjdUd6ZF90ZjIzb3l0X0tBRWFidkk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8zZDJhMTQtNmI3OS00Njg5LTk1Nzkt
Mzk0ODAyODVhOTQ4LzEvb0Q4a0F2LW85ZVZZbmpMb0FnVG94SmUyVHNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8zZDJhMTQtNmI3OS00Njg5LTk1NzktMzk0ODAyODVhOTQ4
LzEvZmNTczdjdUd6ZF90ZjIzb3l0X0tBRWFidkk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwUfgMA0G
CSqGSIb3DQEBCwUAA4IBAQA7vDOB7dF2zLU9Yq8RZws11E71CM5hEEd/lhIv/y7r
tTsskyNL244LNa33I9pZhHSnoge7klzA3/+z8wBlRCXgRYu3B91p50ExwgAX1gnl
cUxULnAR/Kl4z+QjtSMMfVK6nxw+5tRa8gwBF4/WNfPLtn0YMPTcuZP+TBxv7cxw
02gw/Jy9zT5pS9nUuM2ynZcLNOX+K6efBISfZHuoAjjiKNscMegKZcjUwVapPjLB
xZw939dZgCSJTA/A1SGQ5cXjSQRtGSuXOtKT4KRdScXi79JP7WuFIDV/Yt+zFrBJ
9HnxghORB383on9YAvbij23LRiEZhy+mWsygS6pJcWU5
-----END CERTIFICATE-----