Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/349c58-fbb0-4ddd-a080-d2c97d65efa8/1/lCu9Iu70vOQ4OR9pX6wVSo5NIGw.roa
File:                     lCu9Iu70vOQ4OR9pX6wVSo5NIGw.roa (raw, json)
Hash identifier:          BIKVM5zek309kiOnvuLN4OfE20mqXX4m60C28rZ6UPc=
Subject key identifier:   94:2B:BD:22:EE:F4:BC:E4:38:39:1F:69:5F:AC:15:4A:8E:4D:20:6C
Certificate issuer:       /CN=3da4c2fbdf10f8231f3df531ce5a3a2e3b23cefc
Certificate serial:       018CC870BB01B9BF34E10ADE13F046DF116B
Authority key identifier: 3D:A4:C2:FB:DF:10:F8:23:1F:3D:F5:31:CE:5A:3A:2E:3B:23:CE:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PaTC-98Q-CMfPfUxzlo6Ljsjzvw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/349c58-fbb0-4ddd-a080-d2c97d65efa8/1/lCu9Iu70vOQ4OR9pX6wVSo5NIGw.roa
Signing time:             Tue 02 Jan 2024 04:31:20 +0000
ROA not before:           Tue 02 Jan 2024 04:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28878
IP address blocks:        176.110.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/349c58-fbb0-4ddd-a080-d2c97d65efa8/1/PaTC-98Q-CMfPfUxzlo6Ljsjzvw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/349c58-fbb0-4ddd-a080-d2c97d65efa8/1/PaTC-98Q-CMfPfUxzlo6Ljsjzvw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PaTC-98Q-CMfPfUxzlo6Ljsjzvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:bb:01:b9:bf:34:e1:0a:de:13:f0:46:df:11:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3da4c2fbdf10f8231f3df531ce5a3a2e3b23cefc
        Validity
            Not Before: Jan  2 04:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=942bbd22eef4bce438391f695fac154a8e4d206c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:62:3c:96:32:16:8f:2e:27:f5:1e:ca:48:8c:
                    67:10:32:0c:a7:13:56:66:82:60:17:e8:52:b3:b8:
                    07:07:28:c6:57:b0:23:bb:0f:6c:32:4d:aa:5b:14:
                    18:d4:c8:0e:85:09:b1:12:26:91:43:9f:39:b3:78:
                    f5:be:ec:95:4b:3d:0f:b9:f4:04:d3:6a:37:d8:94:
                    19:3a:2e:43:92:15:2b:7c:c0:82:11:25:b5:8f:3b:
                    84:5a:c3:b7:a4:cb:42:ea:84:00:13:c7:52:cb:7c:
                    5f:ad:d4:99:c3:05:d5:d6:05:ed:65:94:a2:49:e6:
                    de:c3:25:a7:74:07:9c:84:8a:aa:b6:8f:d3:98:b0:
                    ff:ca:23:89:1f:86:30:b4:ff:1e:9d:2b:84:8d:46:
                    1f:b5:0a:04:78:b1:d1:66:24:07:20:71:10:d1:b8:
                    b2:73:90:04:aa:a3:26:28:c5:85:e3:9e:ad:ac:a5:
                    c0:58:51:9a:46:3c:39:a7:12:a3:cb:66:26:f6:36:
                    06:f9:c7:ea:e0:d3:9e:12:12:ca:a6:13:9e:90:50:
                    45:35:02:7f:c7:8d:a1:6c:41:ff:8d:d6:17:82:4b:
                    51:e5:d0:f3:60:d3:b4:d0:1a:13:6f:a7:28:3f:cc:
                    f2:63:81:2a:e8:a6:b4:e2:cb:77:e1:85:fa:76:cc:
                    36:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:2B:BD:22:EE:F4:BC:E4:38:39:1F:69:5F:AC:15:4A:8E:4D:20:6C
            X509v3 Authority Key Identifier:
                keyid:3D:A4:C2:FB:DF:10:F8:23:1F:3D:F5:31:CE:5A:3A:2E:3B:23:CE:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PaTC-98Q-CMfPfUxzlo6Ljsjzvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/349c58-fbb0-4ddd-a080-d2c97d65efa8/1/lCu9Iu70vOQ4OR9pX6wVSo5NIGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/349c58-fbb0-4ddd-a080-d2c97d65efa8/1/PaTC-98Q-CMfPfUxzlo6Ljsjzvw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.110.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:3c:e5:0e:8d:5e:9b:b8:19:a8:0e:fc:db:1b:ba:03:0d:69:
         ad:84:08:85:17:18:26:66:b3:84:88:bc:32:13:7d:f6:2d:94:
         a7:f0:1b:0e:cd:9b:4e:86:de:5d:14:e8:8f:2d:52:d8:a8:83:
         7e:ad:db:56:14:5d:c5:d6:85:52:f9:5f:87:04:e7:f3:8f:74:
         87:fb:8c:db:e8:9c:29:b5:7b:54:a2:af:16:eb:83:54:48:77:
         ec:35:2a:b8:d3:41:e6:d9:0b:8b:bf:b9:40:e9:b4:af:4d:75:
         61:3f:83:0e:e4:44:a8:ad:e5:67:e6:32:c9:74:43:ac:49:b4:
         ea:a0:b9:b1:3d:d0:33:06:ce:60:02:3a:df:84:84:66:df:fd:
         e3:1a:7f:22:35:0b:d2:70:bd:08:4c:50:f3:8a:38:3d:fa:46:
         2a:4b:9e:4e:6e:e2:e3:32:c6:97:ff:7d:bc:cc:e9:90:ac:5f:
         be:33:51:82:33:b0:37:96:34:16:d9:b2:58:16:91:1b:a7:9d:
         9a:f0:18:5c:6b:69:e2:3d:37:9e:47:57:e2:e2:a3:5b:cf:a2:
         5d:9f:10:31:00:82:e4:50:2d:05:a5:d2:bd:d0:0d:b2:83:59:
         5a:d0:e1:77:72:cc:be:00:92:9d:c3:ba:eb:c8:74:e0:7b:d5:
         26:76:5a:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcLsBub804QreE/BG3xFrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkYTRjMmZiZGYxMGY4MjMxZjNkZjUzMWNlNWEzYTJlM2Iy
M2NlZmMwHhcNMjQwMTAyMDQzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDJiYmQyMmVlZjRiY2U0MzgzOTFmNjk1ZmFjMTU0YThlNGQyMDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8GI8ljIWjy4n9R7KSIxnEDIMpxNW
ZoJgF+hSs7gHByjGV7Ajuw9sMk2qWxQY1MgOhQmxEiaRQ585s3j1vuyVSz0PufQE
02o32JQZOi5DkhUrfMCCESW1jzuEWsO3pMtC6oQAE8dSy3xfrdSZwwXV1gXtZZSi
SebewyWndAechIqqto/TmLD/yiOJH4YwtP8enSuEjUYftQoEeLHRZiQHIHEQ0biy
c5AEqqMmKMWF456trKXAWFGaRjw5pxKjy2Ym9jYG+cfq4NOeEhLKphOekFBFNQJ/
x42hbEH/jdYXgktR5dDzYNO00BoTb6coP8zyY4Eq6Ka04st34YX6dsw2AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJQrvSLu9LzkODkfaV+sFUqOTSBsMB8GA1UdIwQY
MBaAFD2kwvvfEPgjHz31Mc5aOi47I878MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGFUQy05OFEtQ01mUGZVeHpsbzZManNqenZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS8zNDljNTgtZmJiMC00ZGRkLWEwODAt
ZDJjOTdkNjVlZmE4LzEvbEN1OUl1NzB2T1E0T1I5cFg2d1ZTbzVOSUd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS8zNDljNTgtZmJiMC00ZGRkLWEwODAtZDJjOTdkNjVlZmE4
LzEvUGFUQy05OFEtQ01mUGZVeHpsbzZManNqenZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsG5oMA0G
CSqGSIb3DQEBCwUAA4IBAQAmPOUOjV6buBmoDvzbG7oDDWmthAiFFxgmZrOEiLwy
E332LZSn8BsOzZtOht5dFOiPLVLYqIN+rdtWFF3F1oVS+V+HBOfzj3SH+4zb6Jwp
tXtUoq8W64NUSHfsNSq400Hm2QuLv7lA6bSvTXVhP4MO5ESoreVn5jLJdEOsSbTq
oLmxPdAzBs5gAjrfhIRm3/3jGn8iNQvScL0ITFDzijg9+kYqS55ObuLjMsaX/328
zOmQrF++M1GCM7A3ljQW2bJYFpEbp52a8Bhca2niPTeeR1fi4qNbz6JdnxAxAILk
UC0FpdK90A2yg1la0OF3csy+AJKdw7rryHTge9Umdlpd
-----END CERTIFICATE-----