Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/5LOjIq-3yd7hw4pT3lo56aj_ga8.roa
File:                     5LOjIq-3yd7hw4pT3lo56aj_ga8.roa (raw, json)
Hash identifier:          Y/WZghkZ/7xQ5qFzFAFEWHEqRXKLclQ8G7V6awR4F0w=
Subject key identifier:   E4:B3:A3:22:AF:B7:C9:DE:E1:C3:8A:53:DE:5A:39:E9:A8:FF:81:AF
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       018CC8DE2FF2A040166B4C9C2BFCCD25A4FB
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/5LOjIq-3yd7hw4pT3lo56aj_ga8.roa
Signing time:             Tue 02 Jan 2024 06:30:53 +0000
ROA not before:           Tue 02 Jan 2024 06:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40676
IP address blocks:        94.158.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:2f:f2:a0:40:16:6b:4c:9c:2b:fc:cd:25:a4:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Jan  2 06:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e4b3a322afb7c9dee1c38a53de5a39e9a8ff81af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:53:b8:29:b2:fc:88:a4:3b:53:c0:63:bb:64:
                    fd:60:48:57:6e:1d:3e:63:17:86:b5:ba:c9:12:ee:
                    41:58:16:10:91:2f:4f:b2:f6:2d:54:bf:dc:35:d3:
                    69:3f:b7:83:4d:af:9e:56:02:43:05:0e:dc:84:2d:
                    dd:f4:eb:cd:fd:f3:39:22:de:91:35:52:c7:36:41:
                    f7:c0:27:52:89:a7:cc:35:3d:67:89:99:84:c8:9e:
                    22:69:ad:5d:86:40:65:87:77:a2:05:f6:6b:11:49:
                    b3:51:cc:3e:4a:7c:38:16:72:9d:27:f2:36:39:8c:
                    f4:07:e2:33:1d:0e:e3:29:29:ea:01:a4:87:ee:23:
                    e2:86:65:e6:f3:45:e4:c9:df:c9:ad:2e:1b:f5:59:
                    69:c1:78:d1:41:3b:84:1e:db:ba:f5:3c:9a:97:42:
                    4d:19:70:42:f9:74:4c:b3:5a:14:34:6e:6b:db:03:
                    9d:d0:04:85:bb:a0:68:42:10:ec:c5:dc:5e:47:10:
                    e2:34:9b:30:ae:b0:c6:2c:f8:b9:6a:21:71:bc:32:
                    3c:9d:12:3f:df:0a:86:05:4b:aa:e6:34:4f:fe:09:
                    af:a4:62:2e:9a:9a:e5:d9:e2:6d:41:46:fa:e9:6e:
                    e4:9f:3f:a8:af:08:e5:03:c5:14:82:b7:5d:2e:1e:
                    bb:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:B3:A3:22:AF:B7:C9:DE:E1:C3:8A:53:DE:5A:39:E9:A8:FF:81:AF
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/5LOjIq-3yd7hw4pT3lo56aj_ga8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.158.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:49:26:e1:98:e2:a3:ce:9a:e3:7b:a3:fe:5d:68:18:55:6d:
         6e:d8:af:b9:10:6f:83:17:3b:62:cb:a5:3e:85:ba:12:42:b1:
         5a:49:f8:77:49:84:c4:ba:34:52:2a:7f:b0:e3:1e:b9:35:04:
         36:3e:bd:89:60:8c:7c:84:74:33:c9:42:7a:7d:2c:28:57:c4:
         ec:73:ab:8a:a1:3f:e7:b8:23:21:d8:57:e0:08:70:ad:6e:2e:
         71:48:69:c9:0d:ea:2d:21:f7:53:d9:83:23:40:57:7a:92:a6:
         bd:8e:fd:f4:22:61:a9:22:31:5b:20:6a:81:15:03:e0:e5:54:
         5f:0a:25:10:2f:48:14:92:2e:63:3c:b8:b7:6a:8e:1e:52:20:
         83:b0:27:51:bd:ec:4e:e7:ad:5b:bf:bf:75:f2:ed:4c:fa:0a:
         ce:ed:7e:26:e8:01:07:12:9c:83:7b:0a:f8:4a:67:f7:70:ef:
         de:bc:50:49:f5:b9:35:e3:bc:c3:c9:75:16:d1:21:68:90:b1:
         c7:2a:1e:37:be:8a:ca:ec:2f:f0:44:eb:cc:0b:53:d5:d9:85:
         83:1a:4e:7f:df:c0:ec:2f:89:cb:8b:6a:d2:47:c5:6a:86:a1:
         54:28:e9:6d:d1:7c:5f:c3:1d:5e:2d:bd:cc:ed:1f:b9:8b:87:
         9e:83:de:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3i/yoEAWa0ycK/zNJaT7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjQwMTAyMDYzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGIzYTMyMmFmYjdjOWRlZTFjMzhhNTNkZTVhMzllOWE4ZmY4MWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFO4KbL8iKQ7U8Bju2T9YEhXbh0+
YxeGtbrJEu5BWBYQkS9PsvYtVL/cNdNpP7eDTa+eVgJDBQ7chC3d9OvN/fM5It6R
NVLHNkH3wCdSiafMNT1niZmEyJ4iaa1dhkBlh3eiBfZrEUmzUcw+Snw4FnKdJ/I2
OYz0B+IzHQ7jKSnqAaSH7iPihmXm80Xkyd/JrS4b9VlpwXjRQTuEHtu69Tyal0JN
GXBC+XRMs1oUNG5r2wOd0ASFu6BoQhDsxdxeRxDiNJswrrDGLPi5aiFxvDI8nRI/
3wqGBUuq5jRP/gmvpGIumprl2eJtQUb66W7knz+orwjlA8UUgrddLh67wQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOSzoyKvt8ne4cOKU95aOemo/4GvMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvNUxPaklxLTN5ZDdodzRwVDNsbzU2YWpfZ2E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXp4VMA0G
CSqGSIb3DQEBCwUAA4IBAQBCSSbhmOKjzprje6P+XWgYVW1u2K+5EG+DFztiy6U+
hboSQrFaSfh3SYTEujRSKn+w4x65NQQ2Pr2JYIx8hHQzyUJ6fSwoV8Tsc6uKoT/n
uCMh2FfgCHCtbi5xSGnJDeotIfdT2YMjQFd6kqa9jv30ImGpIjFbIGqBFQPg5VRf
CiUQL0gUki5jPLi3ao4eUiCDsCdRvexO561bv7918u1M+grO7X4m6AEHEpyDewr4
Smf3cO/evFBJ9bk147zDyXUW0SFokLHHKh43vorK7C/wROvMC1PV2YWDGk5/38Ds
L4nLi2rSR8VqhqFUKOlt0Xxfwx1eLb3M7R+5i4eeg95N
-----END CERTIFICATE-----