Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/15ab28-268d-49b9-ba4f-96fe22605323/1/fFuVaH0HUNv_bc4z9S523PeJolE.roa
File:                     fFuVaH0HUNv_bc4z9S523PeJolE.roa (raw, json)
Hash identifier:          UyO3/Kma3jJjpuXfGgHtbbKgqRgVmChX+4hH25Q2ERg=
Subject key identifier:   7C:5B:95:68:7D:07:50:DB:FF:6D:CE:33:F5:2E:76:DC:F7:89:A2:51
Certificate issuer:       /CN=1d671cf79fcf66d29fec0d77a66a7d0ea1bb759b
Certificate serial:       018CC5DC00B6CF0E02C5667C16D46CE78F22
Authority key identifier: 1D:67:1C:F7:9F:CF:66:D2:9F:EC:0D:77:A6:6A:7D:0E:A1:BB:75:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HWcc95_PZtKf7A13pmp9DqG7dZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/15ab28-268d-49b9-ba4f-96fe22605323/1/fFuVaH0HUNv_bc4z9S523PeJolE.roa
Signing time:             Mon 01 Jan 2024 16:29:38 +0000
ROA not before:           Mon 01 Jan 2024 16:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61401
IP address blocks:        194.54.147.0/24 maxlen: 24
                          2a12:c840::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/15ab28-268d-49b9-ba4f-96fe22605323/1/HWcc95_PZtKf7A13pmp9DqG7dZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/15ab28-268d-49b9-ba4f-96fe22605323/1/HWcc95_PZtKf7A13pmp9DqG7dZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HWcc95_PZtKf7A13pmp9DqG7dZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 14:49:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:00:b6:cf:0e:02:c5:66:7c:16:d4:6c:e7:8f:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d671cf79fcf66d29fec0d77a66a7d0ea1bb759b
        Validity
            Not Before: Jan  1 16:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c5b95687d0750dbff6dce33f52e76dcf789a251
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:ef:77:6b:44:a9:72:1b:bd:60:c4:b6:ed:4f:
                    00:04:ba:c1:78:06:38:ca:32:e8:cb:59:25:f3:22:
                    0a:37:19:31:dc:62:60:3b:6d:62:be:67:2f:5c:fc:
                    b0:3f:c4:66:4a:1e:0a:f3:fd:40:d1:c2:bd:c4:f2:
                    bd:da:ad:ac:b2:2c:b6:67:46:83:b1:74:cd:5a:af:
                    86:a7:a8:c2:54:4e:f4:74:db:37:4b:af:82:c7:4f:
                    d5:91:c6:64:1b:0f:9c:1e:ae:e6:3f:08:a2:29:2e:
                    4a:ad:7e:60:e3:b0:7b:00:ff:12:40:44:f3:06:46:
                    9b:39:fe:06:f0:3b:f9:82:bf:34:af:4f:fd:6e:c2:
                    98:07:08:52:c0:70:de:cc:36:e8:c0:00:95:25:e3:
                    8e:d0:e0:96:42:0c:46:3e:7c:c7:b6:bd:5b:06:59:
                    a5:cc:c7:3e:e3:28:76:ee:0f:f6:33:6f:d7:f1:ee:
                    73:c2:6c:ec:55:81:a2:af:a6:ea:42:61:e4:53:da:
                    8f:a9:22:ef:19:3b:13:23:4c:48:0c:c2:7d:6f:4f:
                    b3:66:e3:c5:a4:73:9e:2c:b4:dd:c1:d1:7e:ba:b0:
                    2f:b6:bf:cb:3f:ba:aa:4d:0a:8d:6b:7a:4f:22:c3:
                    a6:94:c5:73:95:bc:2f:f1:4a:81:0d:37:4b:2c:cd:
                    c4:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:5B:95:68:7D:07:50:DB:FF:6D:CE:33:F5:2E:76:DC:F7:89:A2:51
            X509v3 Authority Key Identifier:
                keyid:1D:67:1C:F7:9F:CF:66:D2:9F:EC:0D:77:A6:6A:7D:0E:A1:BB:75:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HWcc95_PZtKf7A13pmp9DqG7dZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/15ab28-268d-49b9-ba4f-96fe22605323/1/fFuVaH0HUNv_bc4z9S523PeJolE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/15ab28-268d-49b9-ba4f-96fe22605323/1/HWcc95_PZtKf7A13pmp9DqG7dZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.54.147.0/24
                IPv6:
                  2a12:c840::/29

    Signature Algorithm: sha256WithRSAEncryption
         58:d2:84:6f:a3:e0:ee:0c:a5:65:21:23:38:84:b4:36:91:9f:
         ef:2b:49:50:e8:86:97:b2:e3:02:df:a3:9f:e9:2d:89:4f:5c:
         42:34:52:f5:cc:97:cf:9b:36:9d:4c:0c:f8:ed:09:4b:03:30:
         e6:a9:73:87:0f:7e:d4:73:17:6d:46:9c:d0:c0:b5:4f:0c:c3:
         e3:98:1a:f3:22:d6:14:c2:89:cb:25:fc:8c:40:71:54:61:90:
         6f:42:e6:03:94:21:1b:ed:c3:e0:5a:76:15:5c:84:08:58:b1:
         79:ec:34:a4:60:48:75:4d:3e:39:6a:6b:eb:62:9e:00:25:9f:
         94:cf:8e:4a:60:ab:93:bf:43:09:87:a2:82:4b:e1:af:20:b0:
         68:03:d7:f6:4f:0b:e4:1d:6a:fc:1e:59:79:34:d4:31:4b:3c:
         22:4e:0e:08:f3:b1:dc:31:cd:8c:06:20:bb:75:c6:05:d2:4b:
         8e:d6:bd:17:2c:02:fb:9a:a2:32:2a:b2:30:70:06:1d:bc:f8:
         9c:20:24:9a:7a:00:31:8d:28:d4:ce:ef:32:bc:da:6d:1c:f0:
         23:e1:67:2c:90:cc:50:30:9a:78:e4:f8:3b:d8:c3:cd:32:88:
         b8:6e:68:03:04:c7:76:91:0c:8d:c7:1c:0a:bc:d4:f9:82:4c:
         40:9e:52:86
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3AC2zw4CxWZ8FtRs548iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNjcxY2Y3OWZjZjY2ZDI5ZmVjMGQ3N2E2NmE3ZDBlYTFi
Yjc1OWIwHhcNMjQwMTAxMTYyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzViOTU2ODdkMDc1MGRiZmY2ZGNlMzNmNTJlNzZkY2Y3ODlhMjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuu93a0Spchu9YMS27U8ABLrBeAY4
yjLoy1kl8yIKNxkx3GJgO21ivmcvXPywP8RmSh4K8/1A0cK9xPK92q2ssiy2Z0aD
sXTNWq+Gp6jCVE70dNs3S6+Cx0/VkcZkGw+cHq7mPwiiKS5KrX5g47B7AP8SQETz
BkabOf4G8Dv5gr80r0/9bsKYBwhSwHDezDbowACVJeOO0OCWQgxGPnzHtr1bBlml
zMc+4yh27g/2M2/X8e5zwmzsVYGir6bqQmHkU9qPqSLvGTsTI0xIDMJ9b0+zZuPF
pHOeLLTdwdF+urAvtr/LP7qqTQqNa3pPIsOmlMVzlbwv8UqBDTdLLM3EhQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHxblWh9B1Db/23OM/Uudtz3iaJRMB8GA1UdIwQY
MBaAFB1nHPefz2bSn+wNd6ZqfQ6hu3WbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFdjYzk1X1BadEtmN0ExM3BtcDlEcUc3ZFpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8xNWFiMjgtMjY4ZC00OWI5LWJhNGYt
OTZmZTIyNjA1MzIzLzEvZkZ1VmFIMEhVTnZfYmM0ejlTNTIzUGVKb2xFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8xNWFiMjgtMjY4ZC00OWI5LWJhNGYtOTZmZTIyNjA1MzIz
LzEvSFdjYzk1X1BadEtmN0ExM3BtcDlEcUc3ZFpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwjaTMA0E
AgACMAcDBQMqEshAMA0GCSqGSIb3DQEBCwUAA4IBAQBY0oRvo+DuDKVlISM4hLQ2
kZ/vK0lQ6IaXsuMC36Of6S2JT1xCNFL1zJfPmzadTAz47QlLAzDmqXOHD37Ucxdt
RpzQwLVPDMPjmBrzItYUwonLJfyMQHFUYZBvQuYDlCEb7cPgWnYVXIQIWLF57DSk
YEh1TT45amvrYp4AJZ+Uz45KYKuTv0MJh6KCS+GvILBoA9f2TwvkHWr8Hll5NNQx
SzwiTg4I87HcMc2MBiC7dcYF0kuO1r0XLAL7mqIyKrIwcAYdvPicICSaegAxjSjU
zu8yvNptHPAj4WcskMxQMJp45Pg72MPNMoi4bmgDBMd2kQyNxxwKvNT5gkxAnlKG
-----END CERTIFICATE-----