Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/1c062a-04d4-4c05-a2d2-90bdcc4aa5db/1/goj8FBuh72o11NinP5EhoJOvmHc.roa
File:                     goj8FBuh72o11NinP5EhoJOvmHc.roa (raw, json)
Hash identifier:          rd+fqggmNGYrN8wjZREJqfMsJ7JujvpJKUsfA2jZync=
Subject key identifier:   82:88:FC:14:1B:A1:EF:6A:35:D4:D8:A7:3F:91:21:A0:93:AF:98:77
Certificate issuer:       /CN=722325ecf368c9148a7c41281d607fa6d804a0c9
Certificate serial:       018CC7266D7F8882F7F5D90534CF3FEAD24B
Authority key identifier: 72:23:25:EC:F3:68:C9:14:8A:7C:41:28:1D:60:7F:A6:D8:04:A0:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ciMl7PNoyRSKfEEoHWB_ptgEoMk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/1c062a-04d4-4c05-a2d2-90bdcc4aa5db/1/goj8FBuh72o11NinP5EhoJOvmHc.roa
Signing time:             Mon 01 Jan 2024 22:30:33 +0000
ROA not before:           Mon 01 Jan 2024 22:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9121
IP address blocks:        194.15.45.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/1c062a-04d4-4c05-a2d2-90bdcc4aa5db/1/ciMl7PNoyRSKfEEoHWB_ptgEoMk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/1c062a-04d4-4c05-a2d2-90bdcc4aa5db/1/ciMl7PNoyRSKfEEoHWB_ptgEoMk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ciMl7PNoyRSKfEEoHWB_ptgEoMk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:6d:7f:88:82:f7:f5:d9:05:34:cf:3f:ea:d2:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=722325ecf368c9148a7c41281d607fa6d804a0c9
        Validity
            Not Before: Jan  1 22:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8288fc141ba1ef6a35d4d8a73f9121a093af9877
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:b1:54:13:a8:55:67:19:1f:b3:ff:f7:78:c7:
                    e4:2b:2e:c5:f3:4a:3b:52:36:29:33:e1:e9:70:0d:
                    79:42:f0:6f:5f:0b:d7:3c:f1:17:cc:09:db:33:a8:
                    53:8f:26:60:b6:c6:32:23:50:2f:57:3c:9a:34:aa:
                    6f:c4:73:72:ce:55:6b:75:34:ff:dc:f7:76:6e:46:
                    80:3d:e7:bf:3b:9e:9c:b2:21:90:a4:e1:13:cb:4c:
                    eb:63:cd:52:7b:b6:6b:3b:8b:7b:31:f6:cf:f7:be:
                    69:5f:6f:8b:5e:71:e8:98:7b:2b:02:76:56:3e:3c:
                    89:44:37:19:2c:93:19:c0:33:46:33:a9:fe:eb:69:
                    88:17:43:93:79:ab:03:c4:97:ed:6d:55:7c:17:ac:
                    2c:03:ab:ec:87:b3:25:15:e5:ac:3f:af:52:8a:63:
                    12:f4:8e:a5:cc:d1:73:eb:30:53:13:89:07:a5:4b:
                    33:5a:54:4c:db:f7:85:84:e5:a8:5c:79:52:b8:24:
                    4a:b9:fd:23:9b:53:f1:b6:1e:d4:cf:05:b0:e8:7a:
                    62:e0:1d:51:c8:c2:99:cd:3b:0b:e0:bf:45:99:a8:
                    1c:5c:54:39:69:90:f8:41:71:63:8b:e6:5d:86:1f:
                    3d:68:b5:e1:85:5c:7b:3a:0e:54:e9:36:d8:4d:40:
                    4f:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:88:FC:14:1B:A1:EF:6A:35:D4:D8:A7:3F:91:21:A0:93:AF:98:77
            X509v3 Authority Key Identifier:
                keyid:72:23:25:EC:F3:68:C9:14:8A:7C:41:28:1D:60:7F:A6:D8:04:A0:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ciMl7PNoyRSKfEEoHWB_ptgEoMk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/1c062a-04d4-4c05-a2d2-90bdcc4aa5db/1/goj8FBuh72o11NinP5EhoJOvmHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/1c062a-04d4-4c05-a2d2-90bdcc4aa5db/1/ciMl7PNoyRSKfEEoHWB_ptgEoMk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:00:77:8d:68:a6:72:00:ff:88:fd:79:ca:0f:3a:c1:f5:ea:
         c0:d2:1c:f3:3f:f2:44:9b:3d:27:bf:93:65:d7:05:18:0f:38:
         20:6b:38:2a:92:a5:cd:22:03:05:c9:f7:8f:c1:9b:ac:74:da:
         e0:d4:d8:ec:13:75:0c:7e:83:02:93:a1:81:a8:24:bb:27:8a:
         75:a5:ea:de:2e:8f:32:0b:0a:d6:19:e5:60:ee:0f:fa:29:11:
         8e:a9:fc:ac:7f:34:88:76:9e:2d:3c:8c:ef:41:30:31:f9:56:
         4d:d2:4a:8f:ef:c4:87:73:f8:a0:21:96:52:b7:b0:67:54:29:
         33:5e:3f:d8:f4:f4:5d:4f:42:82:7c:e4:bb:e1:59:95:3d:83:
         88:18:6a:50:cc:aa:6e:0a:82:84:f5:fc:17:8d:52:da:ea:45:
         0e:f1:af:58:da:c5:4c:bc:48:e8:57:03:47:c2:0a:c2:fe:c1:
         5e:5f:3c:fc:33:80:a1:a7:7e:89:14:d7:45:09:7d:a9:27:c5:
         29:26:ea:b5:d4:34:be:fd:f4:96:c9:dc:0c:e8:04:3d:d3:42:
         6e:ee:d3:50:85:c9:6f:69:9b:20:6c:ea:2a:0f:60:85:f7:db:
         1f:65:2b:d4:36:ec:97:e0:90:14:b8:b3:d1:02:f3:52:37:44:
         b4:b1:d7:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJm1/iIL39dkFNM8/6tJLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMjMyNWVjZjM2OGM5MTQ4YTdjNDEyODFkNjA3ZmE2ZDgw
NGEwYzkwHhcNMjQwMTAxMjIzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Mjg4ZmMxNDFiYTFlZjZhMzVkNGQ4YTczZjkxMjFhMDkzYWY5ODc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjrFUE6hVZxkfs//3eMfkKy7F80o7
UjYpM+HpcA15QvBvXwvXPPEXzAnbM6hTjyZgtsYyI1AvVzyaNKpvxHNyzlVrdTT/
3Pd2bkaAPee/O56csiGQpOETy0zrY81Se7ZrO4t7MfbP975pX2+LXnHomHsrAnZW
PjyJRDcZLJMZwDNGM6n+62mIF0OTeasDxJftbVV8F6wsA6vsh7MlFeWsP69SimMS
9I6lzNFz6zBTE4kHpUszWlRM2/eFhOWoXHlSuCRKuf0jm1Pxth7UzwWw6Hpi4B1R
yMKZzTsL4L9FmagcXFQ5aZD4QXFji+Zdhh89aLXhhVx7Og5U6TbYTUBPCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIKI/BQboe9qNdTYpz+RIaCTr5h3MB8GA1UdIwQY
MBaAFHIjJezzaMkUinxBKB1gf6bYBKDJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2lNbDdQTm95UlNLZkVFb0hXQl9wdGdFb01rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC8xYzA2MmEtMDRkNC00YzA1LWEyZDIt
OTBiZGNjNGFhNWRiLzEvZ29qOEZCdWg3Mm8xMU5pblA1RWhvSk92bUhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC8xYzA2MmEtMDRkNC00YzA1LWEyZDItOTBiZGNjNGFhNWRi
LzEvY2lNbDdQTm95UlNLZkVFb0hXQl9wdGdFb01rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwg8tMA0G
CSqGSIb3DQEBCwUAA4IBAQB9AHeNaKZyAP+I/XnKDzrB9erA0hzzP/JEmz0nv5Nl
1wUYDzggazgqkqXNIgMFyfePwZusdNrg1NjsE3UMfoMCk6GBqCS7J4p1pereLo8y
CwrWGeVg7g/6KRGOqfysfzSIdp4tPIzvQTAx+VZN0kqP78SHc/igIZZSt7BnVCkz
Xj/Y9PRdT0KCfOS74VmVPYOIGGpQzKpuCoKE9fwXjVLa6kUO8a9Y2sVMvEjoVwNH
wgrC/sFeXzz8M4Chp36JFNdFCX2pJ8UpJuq11DS+/fSWydwM6AQ900Ju7tNQhclv
aZsgbOoqD2CF99sfZSvUNuyX4JAUuLPRAvNSN0S0sdcc
-----END CERTIFICATE-----