Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/8jjHs2hfmPavLxBvxeBQQBKzyCo.roa
File:                     8jjHs2hfmPavLxBvxeBQQBKzyCo.roa (raw, json)
Hash identifier:          uWqJd3GkwkaDQ9ceeej0IfQuKYcNY2zZItZoBss/HE8=
Subject key identifier:   F2:38:C7:B3:68:5F:98:F6:AF:2F:10:6F:C5:E0:50:40:12:B3:C8:2A
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018CC86F4CA8B801E57134E29B8CDE8497AE
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/8jjHs2hfmPavLxBvxeBQQBKzyCo.roa
Signing time:             Tue 02 Jan 2024 04:29:46 +0000
ROA not before:           Tue 02 Jan 2024 04:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     393427
IP address blocks:        195.177.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:4c:a8:b8:01:e5:71:34:e2:9b:8c:de:84:97:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan  2 04:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f238c7b3685f98f6af2f106fc5e0504012b3c82a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:35:f4:ce:e7:3b:93:1f:5f:ef:4a:2a:b8:89:
                    87:83:61:de:e0:75:6e:21:10:88:2a:ec:96:f9:ff:
                    a7:b1:e1:71:ef:a5:0d:c6:94:2a:d5:74:e1:1f:a0:
                    75:3b:e0:b3:63:20:a8:df:33:f6:81:db:4c:00:37:
                    54:89:fb:a0:59:f1:2e:72:d8:30:7c:51:55:b1:a5:
                    da:9d:50:69:41:c3:0c:81:d3:28:fc:6d:a5:e8:ee:
                    95:78:26:8d:1b:7a:c4:07:c0:63:22:06:e3:25:1f:
                    59:8d:76:dd:56:c6:aa:f5:f9:01:23:10:78:b7:5f:
                    fa:e8:bd:9f:a4:42:8d:f2:00:96:f5:93:ac:09:59:
                    ca:73:74:ab:24:1a:66:24:95:39:07:93:69:96:2b:
                    de:42:62:1b:91:f6:9c:18:e0:af:d9:98:ee:c8:f7:
                    b7:cc:06:2e:9b:cb:57:c8:20:55:e1:b0:82:3c:d3:
                    1c:05:f1:62:b7:83:63:b0:92:40:79:bc:72:9d:66:
                    d0:c8:42:90:58:7e:9b:75:d0:99:20:e6:c9:84:34:
                    05:c2:b0:95:0a:a5:54:07:0d:f1:ff:34:e7:58:7c:
                    b6:d8:70:4a:10:a9:59:1d:e3:7f:8d:23:f9:3d:ba:
                    23:35:70:06:08:1a:49:8a:6e:d2:17:59:05:6e:91:
                    eb:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:38:C7:B3:68:5F:98:F6:AF:2F:10:6F:C5:E0:50:40:12:B3:C8:2A
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/8jjHs2hfmPavLxBvxeBQQBKzyCo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.177.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:72:5d:20:6d:d7:d2:5e:a2:12:20:09:a5:c2:7d:03:2c:f2:
         a1:5b:b0:c3:8d:da:c1:a8:e3:bf:9d:7a:5e:63:4f:a8:5f:5d:
         36:07:d5:9c:49:f3:60:7d:33:29:0d:ad:a4:e6:f5:38:fc:c5:
         38:c4:1d:fd:f8:34:2c:92:a8:9c:da:6c:a6:bc:2a:ce:15:26:
         3b:c7:d8:1f:39:4c:ba:23:cc:20:d0:42:4b:0c:12:fc:30:ae:
         8d:7d:38:eb:de:33:0c:48:92:e4:f9:7b:b7:75:7e:cc:33:4d:
         8f:ca:aa:7b:cf:e0:30:52:a0:8d:03:ca:10:02:a7:f0:29:28:
         c1:ae:23:65:7c:ca:5c:5c:ee:94:fb:78:7e:3a:a5:ca:13:3c:
         1b:67:9f:1d:73:82:c9:a6:01:a7:52:7f:7e:98:5f:ff:6e:9c:
         61:5c:e2:b5:11:94:75:47:82:0a:60:c7:ca:ca:c4:c5:37:cd:
         37:5c:7f:48:02:2b:27:62:f5:2e:8c:d0:c7:d1:86:af:84:e6:
         32:eb:bd:6a:e5:08:ce:03:1d:35:3b:b5:9b:13:ff:ca:4c:15:
         cc:d3:f0:91:fc:83:b9:02:28:27:3d:55:e2:8d:4c:bd:d2:5c:
         e8:65:f2:27:9e:84:96:a2:b2:53:54:a4:a8:ee:aa:ae:4c:1a:
         85:93:bf:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb0youAHlcTTim4zehJeuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwMTAyMDQyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjM4YzdiMzY4NWY5OGY2YWYyZjEwNmZjNWUwNTA0MDEyYjNjODJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjjX0zuc7kx9f70oquImHg2He4HVu
IRCIKuyW+f+nseFx76UNxpQq1XThH6B1O+CzYyCo3zP2gdtMADdUifugWfEuctgw
fFFVsaXanVBpQcMMgdMo/G2l6O6VeCaNG3rEB8BjIgbjJR9ZjXbdVsaq9fkBIxB4
t1/66L2fpEKN8gCW9ZOsCVnKc3SrJBpmJJU5B5NpliveQmIbkfacGOCv2ZjuyPe3
zAYum8tXyCBV4bCCPNMcBfFit4NjsJJAebxynWbQyEKQWH6bddCZIObJhDQFwrCV
CqVUBw3x/zTnWHy22HBKEKlZHeN/jSP5PbojNXAGCBpJim7SF1kFbpHrLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPI4x7NoX5j2ry8Qb8XgUEASs8gqMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvOGpqSHMyaGZtUGF2THhCdnhlQlFRQkt6eUNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7FeMA0G
CSqGSIb3DQEBCwUAA4IBAQBycl0gbdfSXqISIAmlwn0DLPKhW7DDjdrBqOO/nXpe
Y0+oX102B9WcSfNgfTMpDa2k5vU4/MU4xB39+DQskqic2mymvCrOFSY7x9gfOUy6
I8wg0EJLDBL8MK6NfTjr3jMMSJLk+Xu3dX7MM02Pyqp7z+AwUqCNA8oQAqfwKSjB
riNlfMpcXO6U+3h+OqXKEzwbZ58dc4LJpgGnUn9+mF//bpxhXOK1EZR1R4IKYMfK
ysTFN803XH9IAisnYvUujNDH0YavhOYy671q5QjOAx01O7WbE//KTBXM0/CR/IO5
AignPVXijUy90lzoZfInnoSWorJTVKSo7qquTBqFk7+D
-----END CERTIFICATE-----