Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/081b84-4ece-4005-b28d-9f293172bb6b/1/8UzgeFU9TnnQuXy-yOcG-pbjMys.roa
File:                     8UzgeFU9TnnQuXy-yOcG-pbjMys.roa (raw, json)
Hash identifier:          J5rN3yTU1bHUzwhJmXaCj63semfup4l9XeO+En0veOw=
Subject key identifier:   F1:4C:E0:78:55:3D:4E:79:D0:B9:7C:BE:C8:E7:06:FA:96:E3:33:2B
Certificate issuer:       /CN=67fd3e19f583361fe5d90a412b1280f7cffb801f
Certificate serial:       018CC8DF5C4DEBA5040462866EC486ABBEB3
Authority key identifier: 67:FD:3E:19:F5:83:36:1F:E5:D9:0A:41:2B:12:80:F7:CF:FB:80:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_0-GfWDNh_l2QpBKxKA98_7gB8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/081b84-4ece-4005-b28d-9f293172bb6b/1/8UzgeFU9TnnQuXy-yOcG-pbjMys.roa
Signing time:             Tue 02 Jan 2024 06:32:10 +0000
ROA not before:           Tue 02 Jan 2024 06:32:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51395
IP address blocks:        194.15.228.0/22 maxlen: 22
                          2001:67c:2f0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/081b84-4ece-4005-b28d-9f293172bb6b/1/Z_0-GfWDNh_l2QpBKxKA98_7gB8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/081b84-4ece-4005-b28d-9f293172bb6b/1/Z_0-GfWDNh_l2QpBKxKA98_7gB8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_0-GfWDNh_l2QpBKxKA98_7gB8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:5c:4d:eb:a5:04:04:62:86:6e:c4:86:ab:be:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67fd3e19f583361fe5d90a412b1280f7cffb801f
        Validity
            Not Before: Jan  2 06:32:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f14ce078553d4e79d0b97cbec8e706fa96e3332b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:d4:04:92:f9:82:31:93:45:0b:19:20:3e:74:
                    e7:db:ee:2c:18:02:ad:19:f5:96:d3:77:70:ad:be:
                    cd:ff:18:d6:01:e1:33:a0:c3:37:3a:1a:e0:28:4e:
                    93:a6:60:c9:12:b8:b9:45:f2:6c:99:77:c1:a1:6d:
                    7b:c2:7b:09:52:96:ba:55:01:79:d8:72:73:fd:0f:
                    f7:9e:88:9e:8c:b1:5e:91:54:83:60:7c:e2:fe:ed:
                    0c:19:2c:b2:a1:2f:81:20:f0:0b:59:48:12:2d:04:
                    fc:b5:8c:00:ab:80:2d:6f:e0:5a:69:aa:e0:c8:0a:
                    02:ec:44:8a:db:3f:9f:c8:d0:83:38:e9:47:7c:c2:
                    78:56:29:44:54:51:42:fc:d9:38:89:0a:43:81:62:
                    96:fb:46:22:cb:b9:a3:bd:ad:29:33:9a:2f:ad:a8:
                    6e:e2:b5:e8:5e:de:73:a9:25:0e:ca:2f:34:d3:53:
                    f8:f1:9d:ef:bf:a7:e9:7f:a6:85:13:dc:c9:cf:96:
                    84:0d:5a:a7:44:d3:62:57:4e:e8:52:87:23:7e:c7:
                    cd:68:69:6a:ae:38:1d:ea:27:dc:de:9e:b2:73:81:
                    76:d8:41:32:10:07:37:1c:82:32:23:91:ed:f5:c9:
                    20:2b:5e:73:79:2a:60:20:21:af:0f:a0:00:d0:15:
                    23:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:4C:E0:78:55:3D:4E:79:D0:B9:7C:BE:C8:E7:06:FA:96:E3:33:2B
            X509v3 Authority Key Identifier:
                keyid:67:FD:3E:19:F5:83:36:1F:E5:D9:0A:41:2B:12:80:F7:CF:FB:80:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_0-GfWDNh_l2QpBKxKA98_7gB8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/081b84-4ece-4005-b28d-9f293172bb6b/1/8UzgeFU9TnnQuXy-yOcG-pbjMys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/081b84-4ece-4005-b28d-9f293172bb6b/1/Z_0-GfWDNh_l2QpBKxKA98_7gB8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.228.0/22
                IPv6:
                  2001:67c:2f0::/48

    Signature Algorithm: sha256WithRSAEncryption
         38:d8:07:82:7b:57:d3:8c:5f:5c:f5:8b:39:c5:ab:4b:f2:94:
         27:b7:8c:22:24:53:5a:36:fe:6c:d5:93:1b:cc:6b:3b:ce:da:
         e4:a6:06:70:a3:31:db:27:96:b6:dc:4d:cb:75:26:90:f4:e0:
         a4:a1:54:65:01:fc:00:4c:40:7b:5f:c5:ae:c3:6f:c5:7f:2b:
         1e:8a:fd:bc:f2:04:53:ed:ed:a4:33:60:7c:ed:7f:8b:63:ba:
         cc:8f:e0:26:e9:e2:67:c6:79:f3:44:f0:aa:0d:51:70:8b:34:
         36:f8:09:60:58:e6:88:2d:d7:b1:14:2b:e2:fc:e4:f0:fb:dd:
         04:61:59:32:e7:93:b8:a0:87:be:1f:1b:5f:7c:e7:47:9b:53:
         45:3a:44:c6:d7:85:41:56:3b:ae:4e:9b:c2:52:d6:be:e1:53:
         9e:6c:2b:28:5c:08:91:42:67:01:6c:80:50:b7:fd:75:c1:6c:
         ad:5b:60:b8:2d:e2:3d:9c:6f:54:56:dd:f4:42:35:cc:15:bc:
         c5:93:69:3c:af:1d:36:4c:77:31:89:20:82:3c:03:91:89:34:
         51:ff:56:1d:12:ec:bb:65:d8:d1:94:7f:61:cd:62:c0:8b:42:
         07:2f:16:f9:5a:a5:3d:00:93:23:d9:81:e4:26:50:50:87:60:
         22:0e:34:ad
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzI31xN66UEBGKGbsSGq76zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZmQzZTE5ZjU4MzM2MWZlNWQ5MGE0MTJiMTI4MGY3Y2Zm
YjgwMWYwHhcNMjQwMTAyMDYzMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTRjZTA3ODU1M2Q0ZTc5ZDBiOTdjYmVjOGU3MDZmYTk2ZTMzMzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtQEkvmCMZNFCxkgPnTn2+4sGAKt
GfWW03dwrb7N/xjWAeEzoMM3OhrgKE6TpmDJEri5RfJsmXfBoW17wnsJUpa6VQF5
2HJz/Q/3noiejLFekVSDYHzi/u0MGSyyoS+BIPALWUgSLQT8tYwAq4Atb+Baaarg
yAoC7ESK2z+fyNCDOOlHfMJ4VilEVFFC/Nk4iQpDgWKW+0Yiy7mjva0pM5ovrahu
4rXoXt5zqSUOyi8001P48Z3vv6fpf6aFE9zJz5aEDVqnRNNiV07oUocjfsfNaGlq
rjgd6ifc3p6yc4F22EEyEAc3HIIyI5Ht9ckgK15zeSpgICGvD6AA0BUjfwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPFM4HhVPU550Ll8vsjnBvqW4zMrMB8GA1UdIwQY
MBaAFGf9Phn1gzYf5dkKQSsSgPfP+4AfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl8wLUdmV0ROaF9sMlFwQkt4S0E5OF83Z0I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy8wODFiODQtNGVjZS00MDA1LWIyOGQt
OWYyOTMxNzJiYjZiLzEvOFV6Z2VGVTlUbm5RdVh5LXlPY0ctcGJqTXlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy8wODFiODQtNGVjZS00MDA1LWIyOGQtOWYyOTMxNzJiYjZi
LzEvWl8wLUdmV0ROaF9sMlFwQkt4S0E5OF83Z0I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCwg/kMA8E
AgACMAkDBwAgAQZ8AvAwDQYJKoZIhvcNAQELBQADggEBADjYB4J7V9OMX1z1iznF
q0vylCe3jCIkU1o2/mzVkxvMazvO2uSmBnCjMdsnlrbcTct1JpD04KShVGUB/ABM
QHtfxa7Db8V/Kx6K/bzyBFPt7aQzYHztf4tjusyP4Cbp4mfGefNE8KoNUXCLNDb4
CWBY5ogt17EUK+L85PD73QRhWTLnk7igh74fG19850ebU0U6RMbXhUFWO65Om8JS
1r7hU55sKyhcCJFCZwFsgFC3/XXBbK1bYLgt4j2cb1RW3fRCNcwVvMWTaTyvHTZM
dzGJIII8A5GJNFH/Vh0S7Ltl2NGUf2HNYsCLQgcvFvlapT0AkyPZgeQmUFCHYCIO
NK0=
-----END CERTIFICATE-----