Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/958cbc-c2f4-48f7-addd-e804dcbdd762/1/b_28mtE99e-SZ_iQ97YM1PbCs24.roa
File:                     b_28mtE99e-SZ_iQ97YM1PbCs24.roa (raw, json)
Hash identifier:          lqOUCzm8kA3sGIpXj3e1DGwNFjeTOH9jEWEGTg7S5UM=
Subject key identifier:   6F:FD:BC:9A:D1:3D:F5:EF:92:67:F8:90:F7:B6:0C:D4:F6:C2:B3:6E
Certificate issuer:       /CN=952093150f4a46101acd7ea3a26bb438513123b5
Certificate serial:       018CC64A94655D99A2393EA8D8B03F3744B5
Authority key identifier: 95:20:93:15:0F:4A:46:10:1A:CD:7E:A3:A2:6B:B4:38:51:31:23:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lSCTFQ9KRhAazX6jomu0OFExI7U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/958cbc-c2f4-48f7-addd-e804dcbdd762/1/b_28mtE99e-SZ_iQ97YM1PbCs24.roa
Signing time:             Mon 01 Jan 2024 18:30:25 +0000
ROA not before:           Mon 01 Jan 2024 18:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        194.113.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/958cbc-c2f4-48f7-addd-e804dcbdd762/1/lSCTFQ9KRhAazX6jomu0OFExI7U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/958cbc-c2f4-48f7-addd-e804dcbdd762/1/lSCTFQ9KRhAazX6jomu0OFExI7U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lSCTFQ9KRhAazX6jomu0OFExI7U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:94:65:5d:99:a2:39:3e:a8:d8:b0:3f:37:44:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=952093150f4a46101acd7ea3a26bb438513123b5
        Validity
            Not Before: Jan  1 18:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ffdbc9ad13df5ef9267f890f7b60cd4f6c2b36e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c8:11:41:3f:80:4e:be:69:2f:80:6c:71:f6:
                    62:2a:98:6d:d4:fb:c4:99:be:54:d4:34:c2:47:f1:
                    8f:77:7a:81:bd:f5:b2:d3:48:04:51:a7:30:20:20:
                    9e:9c:15:69:01:be:a2:1c:51:63:4c:22:ea:c8:93:
                    8c:9e:5f:e3:85:41:9e:3f:9d:9f:21:73:27:d6:56:
                    d9:6f:b6:cb:82:aa:c6:cc:2a:06:76:1b:35:54:6a:
                    1a:f5:cf:00:e4:07:73:86:a2:0c:9e:1c:dc:5e:ff:
                    d5:ec:fc:1d:cc:cc:95:96:73:67:5d:e5:7e:32:aa:
                    bc:f6:68:98:e1:05:4f:00:61:0b:0a:cb:f7:20:9c:
                    83:c2:be:81:dc:ac:56:bc:de:b9:20:e1:f8:bc:2c:
                    97:d3:93:92:c8:2c:53:ba:fd:01:be:6a:25:e3:93:
                    15:57:43:43:17:6d:1d:1a:d8:55:44:a3:0b:d1:f3:
                    c8:0b:1d:d1:59:33:e5:fd:3b:34:4c:33:a7:59:35:
                    cf:d2:2e:24:ec:b0:71:2c:cd:09:4b:62:ce:59:a9:
                    b2:33:7d:b7:a8:f9:bb:7b:f9:d9:81:7c:ac:36:40:
                    e7:7d:e2:5c:d1:73:2b:94:d4:7e:11:ef:f9:2c:d2:
                    b1:97:3b:a0:32:e9:06:74:49:53:75:bc:2a:b2:6a:
                    9e:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:FD:BC:9A:D1:3D:F5:EF:92:67:F8:90:F7:B6:0C:D4:F6:C2:B3:6E
            X509v3 Authority Key Identifier:
                keyid:95:20:93:15:0F:4A:46:10:1A:CD:7E:A3:A2:6B:B4:38:51:31:23:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lSCTFQ9KRhAazX6jomu0OFExI7U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/958cbc-c2f4-48f7-addd-e804dcbdd762/1/b_28mtE99e-SZ_iQ97YM1PbCs24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/958cbc-c2f4-48f7-addd-e804dcbdd762/1/lSCTFQ9KRhAazX6jomu0OFExI7U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.113.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:39:24:fe:76:ae:49:72:37:5d:c2:48:d5:91:9c:2e:11:35:
         75:1f:75:ca:29:ea:5c:84:9e:22:e9:68:76:46:8a:1c:a1:3f:
         7c:d5:39:06:1f:b4:f7:7a:83:7e:72:0c:4e:78:a9:3f:24:e2:
         bf:0c:47:c3:01:77:a8:aa:50:0b:fe:d5:98:79:6a:cf:ee:c0:
         f5:4a:13:5c:35:b1:00:ee:8b:e8:5d:f9:8f:fd:a9:d9:fb:5d:
         b7:5f:6d:c4:fa:1e:11:d6:df:5c:60:24:47:aa:d1:e1:15:66:
         45:49:43:de:fb:5c:39:5a:d6:16:5a:fd:59:21:7b:56:e5:98:
         31:b7:37:c3:e0:9f:a5:47:fc:b3:1b:5b:c0:a7:bc:8c:ec:bd:
         51:fc:ec:e1:b7:8d:3d:82:df:9f:ac:c6:9b:e6:d9:15:e3:69:
         d6:14:89:ca:2d:c1:21:11:4d:c4:75:23:19:c5:e7:8e:15:df:
         13:5d:f9:bc:ef:2e:cb:dc:9d:5a:b1:24:fb:35:31:4e:c2:2c:
         78:5e:0d:6e:f2:2f:d2:6f:47:31:55:74:fa:c8:a0:73:f7:72:
         ea:6d:5f:8f:b5:92:bd:16:71:9b:d9:b9:d7:e7:9e:4c:df:20:
         4f:83:9b:2b:3d:b7:de:c5:e5:99:59:8f:3a:d4:c8:d3:84:08:
         f8:8d:ca:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSpRlXZmiOT6o2LA/N0S1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MjA5MzE1MGY0YTQ2MTAxYWNkN2VhM2EyNmJiNDM4NTEz
MTIzYjUwHhcNMjQwMTAxMTgzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmZkYmM5YWQxM2RmNWVmOTI2N2Y4OTBmN2I2MGNkNGY2YzJiMzZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcgRQT+ATr5pL4BscfZiKpht1PvE
mb5U1DTCR/GPd3qBvfWy00gEUacwICCenBVpAb6iHFFjTCLqyJOMnl/jhUGeP52f
IXMn1lbZb7bLgqrGzCoGdhs1VGoa9c8A5AdzhqIMnhzcXv/V7PwdzMyVlnNnXeV+
Mqq89miY4QVPAGELCsv3IJyDwr6B3KxWvN65IOH4vCyX05OSyCxTuv0Bvmol45MV
V0NDF20dGthVRKML0fPICx3RWTPl/Ts0TDOnWTXP0i4k7LBxLM0JS2LOWamyM323
qPm7e/nZgXysNkDnfeJc0XMrlNR+Ee/5LNKxlzugMukGdElTdbwqsmqeoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG/9vJrRPfXvkmf4kPe2DNT2wrNuMB8GA1UdIwQY
MBaAFJUgkxUPSkYQGs1+o6JrtDhRMSO1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFNDVEZROUtSaEFhelg2am9tdTBPRkV4STdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi85NThjYmMtYzJmNC00OGY3LWFkZGQt
ZTgwNGRjYmRkNzYyLzEvYl8yOG10RTk5ZS1TWl9pUTk3WU0xUGJDczI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi85NThjYmMtYzJmNC00OGY3LWFkZGQtZTgwNGRjYmRkNzYy
LzEvbFNDVEZROUtSaEFhelg2am9tdTBPRkV4STdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnHQMA0G
CSqGSIb3DQEBCwUAA4IBAQB/OST+dq5JcjddwkjVkZwuETV1H3XKKepchJ4i6Wh2
RoocoT981TkGH7T3eoN+cgxOeKk/JOK/DEfDAXeoqlAL/tWYeWrP7sD1ShNcNbEA
7ovoXfmP/anZ+123X23E+h4R1t9cYCRHqtHhFWZFSUPe+1w5WtYWWv1ZIXtW5Zgx
tzfD4J+lR/yzG1vAp7yM7L1R/Ozht409gt+frMab5tkV42nWFInKLcEhEU3EdSMZ
xeeOFd8TXfm87y7L3J1asST7NTFOwix4Xg1u8i/Sb0cxVXT6yKBz93LqbV+PtZK9
FnGb2bnX555M3yBPg5srPbfexeWZWY861MjThAj4jcpr
-----END CERTIFICATE-----