Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/fd62c0-e5db-4d94-ba0f-251562f00fc5/1/ooQCfuIaMa2JpJ3EKg2kjR5H7pA.roa
File:                     ooQCfuIaMa2JpJ3EKg2kjR5H7pA.roa (raw, json)
Hash identifier:          KaV6Nsh64ypX19DbFKaak23PvPUab/EA6mseakgM3QA=
Subject key identifier:   A2:84:02:7E:E2:1A:31:AD:89:A4:9D:C4:2A:0D:A4:8D:1E:47:EE:90
Certificate issuer:       /CN=22eeb242fb0afaa037d9caf5604c6587e40de3b5
Certificate serial:       018CC49248139F736EFEF348BFFF509B82C8
Authority key identifier: 22:EE:B2:42:FB:0A:FA:A0:37:D9:CA:F5:60:4C:65:87:E4:0D:E3:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Iu6yQvsK-qA32cr1YExlh-QN47U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/fd62c0-e5db-4d94-ba0f-251562f00fc5/1/ooQCfuIaMa2JpJ3EKg2kjR5H7pA.roa
Signing time:             Mon 01 Jan 2024 10:29:30 +0000
ROA not before:           Mon 01 Jan 2024 10:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204818
IP address blocks:        193.218.120.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/fd62c0-e5db-4d94-ba0f-251562f00fc5/1/Iu6yQvsK-qA32cr1YExlh-QN47U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/fd62c0-e5db-4d94-ba0f-251562f00fc5/1/Iu6yQvsK-qA32cr1YExlh-QN47U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Iu6yQvsK-qA32cr1YExlh-QN47U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:48:13:9f:73:6e:fe:f3:48:bf:ff:50:9b:82:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22eeb242fb0afaa037d9caf5604c6587e40de3b5
        Validity
            Not Before: Jan  1 10:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a284027ee21a31ad89a49dc42a0da48d1e47ee90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:47:5a:8b:d1:bc:b2:32:bc:3c:4d:90:11:22:
                    76:51:5f:3c:e8:f4:67:3b:82:47:2c:84:52:eb:fe:
                    43:f2:92:69:18:15:fd:86:ca:4c:d4:cb:4c:9b:e2:
                    48:a5:f1:ba:74:62:c4:2a:80:e7:df:02:00:71:be:
                    14:fe:f0:cd:2a:cd:e0:8b:02:85:35:cb:cb:e8:38:
                    cd:8c:46:ce:9f:7c:ee:7d:3b:69:54:ca:72:0e:39:
                    5e:24:2d:1f:e7:e0:1e:ad:f1:8d:6f:50:88:29:53:
                    69:44:9f:de:79:8f:ef:84:e3:45:f3:4e:54:76:aa:
                    47:a5:28:ea:8d:7b:46:a9:c5:aa:07:43:e7:37:6f:
                    29:f4:f3:29:f2:60:e3:9b:61:ea:63:08:28:6e:25:
                    32:92:06:04:3c:fa:21:4f:84:f6:5d:bb:cb:a6:3c:
                    23:45:99:ae:b8:dc:bf:d8:a0:54:85:48:96:da:52:
                    0e:0c:28:22:32:c7:91:ce:ed:af:2e:d0:3a:ad:34:
                    23:0a:34:e2:17:5d:2f:ee:8e:d7:90:dd:f0:ce:bd:
                    1f:82:34:94:01:e2:76:c3:79:a8:f3:1e:0e:c3:34:
                    f7:1a:66:d3:37:13:61:c3:74:43:72:e2:5f:7e:48:
                    c8:7e:86:4c:e7:35:23:68:91:88:4b:05:27:2a:47:
                    9f:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:84:02:7E:E2:1A:31:AD:89:A4:9D:C4:2A:0D:A4:8D:1E:47:EE:90
            X509v3 Authority Key Identifier:
                keyid:22:EE:B2:42:FB:0A:FA:A0:37:D9:CA:F5:60:4C:65:87:E4:0D:E3:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Iu6yQvsK-qA32cr1YExlh-QN47U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/fd62c0-e5db-4d94-ba0f-251562f00fc5/1/ooQCfuIaMa2JpJ3EKg2kjR5H7pA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/fd62c0-e5db-4d94-ba0f-251562f00fc5/1/Iu6yQvsK-qA32cr1YExlh-QN47U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.218.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d3:eb:af:9e:a6:55:ec:e9:49:f5:82:ba:5b:fb:32:73:ed:05:
         b9:4c:00:9f:f9:47:ca:e5:67:a6:3e:a5:72:70:2d:98:e4:b8:
         fa:31:5e:2d:57:94:06:58:d8:3d:16:44:c2:b0:53:fd:92:12:
         2c:67:64:3e:a8:e3:28:f2:1a:6d:8d:49:e3:ca:92:2e:75:be:
         13:02:57:2a:fc:50:d6:69:71:2a:89:63:99:f4:74:de:44:fc:
         84:a9:e7:a3:6f:06:a4:7e:00:59:b4:ae:e6:96:9e:21:9b:68:
         2e:f1:0e:63:82:99:a1:98:3a:ae:29:bc:91:59:37:94:db:bc:
         cf:28:bd:65:5a:3a:40:98:e5:44:7f:fa:4f:f1:fe:ed:de:e1:
         d4:f6:74:54:b4:6d:77:d9:26:2b:23:93:12:d6:4e:ad:89:ef:
         16:52:5a:c5:39:8e:be:36:45:55:ff:0c:df:55:78:94:77:9f:
         e8:24:e3:eb:85:1f:47:02:2d:e2:f5:3f:e1:29:01:12:c0:e8:
         23:13:24:c4:dd:5f:37:80:be:8d:9c:c5:34:15:58:80:31:9b:
         8d:ae:af:2c:56:a0:62:0e:e4:33:a1:32:5a:ea:f9:60:87:37:
         71:0e:15:b1:4e:7a:a1:e3:72:78:21:c5:7a:41:e2:80:fa:52:
         01:34:ad:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkkgTn3Nu/vNIv/9Qm4LIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZWViMjQyZmIwYWZhYTAzN2Q5Y2FmNTYwNGM2NTg3ZTQw
ZGUzYjUwHhcNMjQwMTAxMTAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjg0MDI3ZWUyMWEzMWFkODlhNDlkYzQyYTBkYTQ4ZDFlNDdlZTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmkdai9G8sjK8PE2QESJ2UV886PRn
O4JHLIRS6/5D8pJpGBX9hspM1MtMm+JIpfG6dGLEKoDn3wIAcb4U/vDNKs3giwKF
NcvL6DjNjEbOn3zufTtpVMpyDjleJC0f5+AerfGNb1CIKVNpRJ/eeY/vhONF805U
dqpHpSjqjXtGqcWqB0PnN28p9PMp8mDjm2HqYwgobiUykgYEPPohT4T2XbvLpjwj
RZmuuNy/2KBUhUiW2lIODCgiMseRzu2vLtA6rTQjCjTiF10v7o7XkN3wzr0fgjSU
AeJ2w3mo8x4OwzT3GmbTNxNhw3RDcuJffkjIfoZM5zUjaJGISwUnKkefkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKKEAn7iGjGtiaSdxCoNpI0eR+6QMB8GA1UdIwQY
MBaAFCLuskL7CvqgN9nK9WBMZYfkDeO1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXU2eVF2c0stcUEzMmNyMVlFeGxoLVFONDdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9mZDYyYzAtZTVkYi00ZDk0LWJhMGYt
MjUxNTYyZjAwZmM1LzEvb29RQ2Z1SWFNYTJKcEozRUtnMmtqUjVIN3BBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9mZDYyYzAtZTVkYi00ZDk0LWJhMGYtMjUxNTYyZjAwZmM1
LzEvSXU2eVF2c0stcUEzMmNyMVlFeGxoLVFONDdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwdp4MA0G
CSqGSIb3DQEBCwUAA4IBAQDT66+eplXs6Un1grpb+zJz7QW5TACf+UfK5WemPqVy
cC2Y5Lj6MV4tV5QGWNg9FkTCsFP9khIsZ2Q+qOMo8hptjUnjypIudb4TAlcq/FDW
aXEqiWOZ9HTeRPyEqeejbwakfgBZtK7mlp4hm2gu8Q5jgpmhmDquKbyRWTeU27zP
KL1lWjpAmOVEf/pP8f7t3uHU9nRUtG132SYrI5MS1k6tie8WUlrFOY6+NkVV/wzf
VXiUd5/oJOPrhR9HAi3i9T/hKQESwOgjEyTE3V83gL6NnMU0FViAMZuNrq8sVqBi
DuQzoTJa6vlghzdxDhWxTnqh43J4IcV6QeKA+lIBNK1Y
-----END CERTIFICATE-----