Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/1s8zTXwe3C_w0xm0Uxg9xhFQlf8.roa
File:                     1s8zTXwe3C_w0xm0Uxg9xhFQlf8.roa (raw, json)
Hash identifier:          6CA6WLIiN/KEnYBQq2Nah/pLHh2LsXmNWSHRDlfMs3c=
Subject key identifier:   D6:CF:33:4D:7C:1E:DC:2F:F0:D3:19:B4:53:18:3D:C6:11:50:95:FF
Certificate issuer:       /CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
Certificate serial:       018CC9BC8E20B09DA769D8F58B29BAA7D605
Authority key identifier: 4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/1s8zTXwe3C_w0xm0Uxg9xhFQlf8.roa
Signing time:             Tue 02 Jan 2024 10:33:46 +0000
ROA not before:           Tue 02 Jan 2024 10:33:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     18994
IP address blocks:        62.73.169.48/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:8e:20:b0:9d:a7:69:d8:f5:8b:29:ba:a7:d6:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
        Validity
            Not Before: Jan  2 10:33:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d6cf334d7c1edc2ff0d319b453183dc6115095ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:2e:64:7f:f6:1b:06:39:c2:35:25:1d:13:36:
                    ec:03:8a:2e:76:33:f2:a9:3a:9c:a6:f2:58:22:75:
                    3a:5f:93:2f:8b:bb:3c:16:52:4a:7f:93:11:39:05:
                    8e:95:9f:60:e2:95:6a:fd:98:1e:8f:82:58:19:6e:
                    0e:69:84:0c:c7:ca:68:3b:c7:87:f0:09:7f:9c:ef:
                    e8:fd:5b:16:9d:97:02:fd:50:a5:b7:28:bd:6d:76:
                    ff:fd:60:6d:15:5c:68:d5:ac:87:40:ee:91:b7:2b:
                    ec:0e:ac:e8:dd:06:14:a6:0c:0f:cb:cd:0e:8a:ad:
                    23:33:85:85:c2:8c:95:50:68:cc:7b:63:f8:dd:79:
                    ee:89:d8:30:e2:d6:de:db:77:54:09:89:63:1d:e4:
                    12:85:c8:01:aa:95:5c:37:88:6d:d6:f4:95:0b:45:
                    14:99:08:24:bd:98:7f:bb:5f:a2:09:d5:9f:31:c2:
                    62:06:84:d3:04:ea:6c:12:f7:d2:7a:e9:6f:91:45:
                    f2:c5:8a:b1:5d:fe:aa:09:38:f9:ea:f9:a1:05:67:
                    75:97:0b:31:cb:25:51:bb:d6:ad:8e:44:a8:2a:39:
                    8b:22:9d:1f:bc:36:fe:aa:c2:8c:7f:7f:2f:b1:fe:
                    c7:8a:0f:64:6c:26:bc:49:02:07:eb:04:d6:28:aa:
                    7f:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:CF:33:4D:7C:1E:DC:2F:F0:D3:19:B4:53:18:3D:C6:11:50:95:FF
            X509v3 Authority Key Identifier:
                keyid:4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/1s8zTXwe3C_w0xm0Uxg9xhFQlf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.73.169.48/29

    Signature Algorithm: sha256WithRSAEncryption
         9a:4a:ce:a9:81:90:e3:bc:bb:f1:20:1e:91:57:b8:06:50:d9:
         84:54:48:93:96:bc:43:5f:42:6e:0b:f7:ed:82:19:45:04:cc:
         7d:0b:75:31:1f:b3:c9:61:07:1d:33:84:d9:f8:c7:97:01:ce:
         5f:fa:67:25:d4:00:e8:62:e4:3e:5c:98:0c:83:28:51:78:00:
         56:b6:fd:ad:df:cc:12:43:b1:16:96:91:4c:10:de:98:87:a5:
         ad:1b:0b:84:ee:5e:ee:27:a9:e4:bd:30:31:b0:af:3a:5d:dc:
         e3:ff:1a:dc:a1:6d:9f:52:d8:c1:d0:16:ff:4f:61:60:c7:91:
         e5:da:5b:0e:25:6d:21:be:a6:23:18:63:c4:ef:b6:52:59:52:
         65:26:ba:24:a5:d2:23:b4:cf:1a:d2:2f:f8:5b:9d:8c:b9:40:
         e2:24:47:df:a2:2e:16:49:16:bc:2d:8c:5d:8d:5e:34:65:58:
         2c:fa:39:ce:8c:ca:d4:7b:7b:98:9d:01:68:87:2c:a3:4e:61:
         13:41:aa:37:83:0a:97:7d:85:7a:6d:91:b7:2b:ee:ff:ad:04:
         e4:f3:bf:eb:db:d3:76:38:e9:a5:b1:32:82:20:92:13:df:26:
         f2:43:8b:65:27:24:0f:e6:dd:e7:41:f1:02:54:cf:1a:7b:62:
         f9:34:6d:95
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJvI4gsJ2nadj1iym6p9YFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNWEyOTIxZmJlYjhhNDQ4ZTdhZTFlYzVhMTFiOGFiODk4
ZDIyZmQwHhcNMjQwMTAyMTAzMzQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmNmMzM0ZDdjMWVkYzJmZjBkMzE5YjQ1MzE4M2RjNjExNTA5NWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgy5kf/YbBjnCNSUdEzbsA4oudjPy
qTqcpvJYInU6X5Mvi7s8FlJKf5MROQWOlZ9g4pVq/Zgej4JYGW4OaYQMx8poO8eH
8Al/nO/o/VsWnZcC/VCltyi9bXb//WBtFVxo1ayHQO6RtyvsDqzo3QYUpgwPy80O
iq0jM4WFwoyVUGjMe2P43Xnuidgw4tbe23dUCYljHeQShcgBqpVcN4ht1vSVC0UU
mQgkvZh/u1+iCdWfMcJiBoTTBOpsEvfSeulvkUXyxYqxXf6qCTj56vmhBWd1lwsx
yyVRu9atjkSoKjmLIp0fvDb+qsKMf38vsf7Hig9kbCa8SQIH6wTWKKp/QQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNbPM018Htwv8NMZtFMYPcYRUJX/MB8GA1UdIwQY
MBaAFE1aKSH764pEjnrh7FoRuKuJjSL9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUt
NzgwYTI1Y2QwZGQ5LzEvMXM4elRYd2UzQ193MHhtMFV4Zzl4aEZRbGY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUtNzgwYTI1Y2QwZGQ5
LzEvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUDPkmpMDAN
BgkqhkiG9w0BAQsFAAOCAQEAmkrOqYGQ47y78SAekVe4BlDZhFRIk5a8Q19Cbgv3
7YIZRQTMfQt1MR+zyWEHHTOE2fjHlwHOX/pnJdQA6GLkPlyYDIMoUXgAVrb9rd/M
EkOxFpaRTBDemIelrRsLhO5e7iep5L0wMbCvOl3c4/8a3KFtn1LYwdAW/09hYMeR
5dpbDiVtIb6mIxhjxO+2UllSZSa6JKXSI7TPGtIv+FudjLlA4iRH36IuFkkWvC2M
XY1eNGVYLPo5zozK1Ht7mJ0BaIcso05hE0GqN4MKl32Fem2Rtyvu/60E5PO/69vT
djjppbEygiCSE98m8kOLZSckD+bd50HxAlTPGnti+TRtlQ==
-----END CERTIFICATE-----