Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/f8d98d-1ffe-4639-b373-9ba1172a68c0/1/8G5WOfNAPRAudLFVMst4--QebAM.roa
File:                     8G5WOfNAPRAudLFVMst4--QebAM.roa (raw, json)
Hash identifier:          aFRXyl+QKbTHn1LKo2T7vJwlclOO77zLOtlTAqFrU04=
Subject key identifier:   F0:6E:56:39:F3:40:3D:10:2E:74:B1:55:32:CB:78:FB:E4:1E:6C:03
Certificate issuer:       /CN=d1b4beb0a6a7e1284abf4385348cf486100b9f80
Certificate serial:       018CC871490077AF137FD10A48979374DA45
Authority key identifier: D1:B4:BE:B0:A6:A7:E1:28:4A:BF:43:85:34:8C:F4:86:10:0B:9F:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0bS-sKan4ShKv0OFNIz0hhALn4A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/f8d98d-1ffe-4639-b373-9ba1172a68c0/1/8G5WOfNAPRAudLFVMst4--QebAM.roa
Signing time:             Tue 02 Jan 2024 04:31:56 +0000
ROA not before:           Tue 02 Jan 2024 04:31:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41907
IP address blocks:        194.34.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/f8d98d-1ffe-4639-b373-9ba1172a68c0/1/0bS-sKan4ShKv0OFNIz0hhALn4A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/f8d98d-1ffe-4639-b373-9ba1172a68c0/1/0bS-sKan4ShKv0OFNIz0hhALn4A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0bS-sKan4ShKv0OFNIz0hhALn4A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 04:01:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:49:00:77:af:13:7f:d1:0a:48:97:93:74:da:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1b4beb0a6a7e1284abf4385348cf486100b9f80
        Validity
            Not Before: Jan  2 04:31:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f06e5639f3403d102e74b15532cb78fbe41e6c03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:87:42:86:b2:25:e2:9e:be:4f:1f:89:f7:27:
                    34:e4:80:d3:0e:52:eb:99:06:f8:9e:da:eb:7a:12:
                    54:68:c2:3b:58:a5:ed:64:60:fd:de:dd:43:8a:88:
                    8f:b2:3d:5f:76:41:34:a5:1c:4a:b2:a8:25:aa:72:
                    b8:68:15:fc:c2:2c:b7:ee:80:f2:7b:14:db:e4:1b:
                    44:3c:32:15:39:78:4b:d5:ed:5a:90:c8:47:a6:f2:
                    e1:ff:c5:ff:c6:4f:1f:ec:2e:8f:69:1c:6c:0c:88:
                    89:55:cb:30:9c:c8:28:2c:e3:ca:c8:6e:3d:f6:eb:
                    29:89:c9:7e:08:12:0e:ee:be:a4:9d:ad:04:ad:69:
                    55:f2:dd:ec:25:dc:c3:48:95:15:6a:11:aa:e7:f0:
                    22:51:54:a8:e8:6f:f2:db:43:9d:a9:6b:4d:c1:5d:
                    0d:75:43:87:e7:20:eb:1a:80:3a:ea:d4:5f:da:3a:
                    25:e6:05:4c:5c:d7:9c:80:d5:ec:e7:cd:c8:b1:9d:
                    3b:be:20:7d:08:5c:7c:62:95:2d:96:66:02:b4:86:
                    8f:b6:15:2d:51:f3:ee:5e:70:c3:c1:dd:6c:d7:d8:
                    ff:03:f0:0d:a6:a9:fd:39:2b:01:0e:f9:28:8c:28:
                    4b:bd:50:ba:e8:81:d8:a9:87:58:ea:d6:a5:f8:10:
                    66:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:6E:56:39:F3:40:3D:10:2E:74:B1:55:32:CB:78:FB:E4:1E:6C:03
            X509v3 Authority Key Identifier:
                keyid:D1:B4:BE:B0:A6:A7:E1:28:4A:BF:43:85:34:8C:F4:86:10:0B:9F:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0bS-sKan4ShKv0OFNIz0hhALn4A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/f8d98d-1ffe-4639-b373-9ba1172a68c0/1/8G5WOfNAPRAudLFVMst4--QebAM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/f8d98d-1ffe-4639-b373-9ba1172a68c0/1/0bS-sKan4ShKv0OFNIz0hhALn4A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.34.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ce:46:58:62:a2:dc:7b:73:ba:44:c1:36:e6:89:d3:3c:b1:7d:
         79:50:c4:b6:46:8b:32:10:c7:38:64:85:bd:b3:c1:21:dd:57:
         23:ff:44:49:df:fa:33:43:9e:97:bc:9e:7a:79:28:89:5f:85:
         96:4c:d2:17:29:74:94:ae:9e:19:bd:6d:78:cf:74:3f:82:4b:
         96:04:b7:ea:c9:59:49:98:2f:0a:01:00:cd:4d:20:ae:66:35:
         7a:cb:e0:23:76:1e:41:7b:f0:47:ed:8a:cc:f4:bc:99:de:43:
         a4:a1:c0:2e:b8:6e:fe:33:f6:65:31:48:48:fa:07:8c:8e:4e:
         2d:3e:e8:35:54:c0:f1:36:36:7a:67:6f:64:4c:60:0e:1d:3f:
         97:02:34:fb:7e:cb:3d:5a:21:ff:e5:48:2f:88:ff:72:bf:3c:
         32:a4:ee:af:84:2d:74:5e:e5:46:f4:71:54:81:26:9d:22:b2:
         a0:2b:06:ef:62:a5:cb:4f:c4:ff:f0:62:b7:b9:da:e8:93:5f:
         d4:77:5a:11:d5:ec:3f:49:94:32:fb:08:13:c2:85:d2:62:65:
         a7:84:85:f1:d3:10:c1:50:1c:04:56:af:fe:61:0f:cc:03:23:
         03:3a:a1:55:18:dc:43:7d:cf:79:b5:2e:18:3a:5f:b2:d5:11:
         62:af:fd:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcUkAd68Tf9EKSJeTdNpFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxYjRiZWIwYTZhN2UxMjg0YWJmNDM4NTM0OGNmNDg2MTAw
YjlmODAwHhcNMjQwMTAyMDQzMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDZlNTYzOWYzNDAzZDEwMmU3NGIxNTUzMmNiNzhmYmU0MWU2YzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0IdChrIl4p6+Tx+J9yc05IDTDlLr
mQb4ntrrehJUaMI7WKXtZGD93t1DioiPsj1fdkE0pRxKsqglqnK4aBX8wiy37oDy
exTb5BtEPDIVOXhL1e1akMhHpvLh/8X/xk8f7C6PaRxsDIiJVcswnMgoLOPKyG49
9uspicl+CBIO7r6kna0ErWlV8t3sJdzDSJUVahGq5/AiUVSo6G/y20OdqWtNwV0N
dUOH5yDrGoA66tRf2jol5gVMXNecgNXs583IsZ07viB9CFx8YpUtlmYCtIaPthUt
UfPuXnDDwd1s19j/A/ANpqn9OSsBDvkojChLvVC66IHYqYdY6tal+BBmcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPBuVjnzQD0QLnSxVTLLePvkHmwDMB8GA1UdIwQY
MBaAFNG0vrCmp+EoSr9DhTSM9IYQC5+AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGJTLXNLYW40U2hLdjBPRk5JejBoaEFMbjRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9mOGQ5OGQtMWZmZS00NjM5LWIzNzMt
OWJhMTE3MmE2OGMwLzEvOEc1V09mTkFQUkF1ZExGVk1zdDQtLVFlYkFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9mOGQ5OGQtMWZmZS00NjM5LWIzNzMtOWJhMTE3MmE2OGMw
LzEvMGJTLXNLYW40U2hLdjBPRk5JejBoaEFMbjRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiLGMA0G
CSqGSIb3DQEBCwUAA4IBAQDORlhiotx7c7pEwTbmidM8sX15UMS2RosyEMc4ZIW9
s8Eh3Vcj/0RJ3/ozQ56XvJ56eSiJX4WWTNIXKXSUrp4ZvW14z3Q/gkuWBLfqyVlJ
mC8KAQDNTSCuZjV6y+Ajdh5Be/BH7YrM9LyZ3kOkocAuuG7+M/ZlMUhI+geMjk4t
Pug1VMDxNjZ6Z29kTGAOHT+XAjT7fss9WiH/5UgviP9yvzwypO6vhC10XuVG9HFU
gSadIrKgKwbvYqXLT8T/8GK3udrok1/Ud1oR1ew/SZQy+wgTwoXSYmWnhIXx0xDB
UBwEVq/+YQ/MAyMDOqFVGNxDfc95tS4YOl+y1RFir/2b
-----END CERTIFICATE-----