Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/G4hn5PndxNEKIhm6IXKHgXGXXR4.roa
File:                     G4hn5PndxNEKIhm6IXKHgXGXXR4.roa (raw, json)
Hash identifier:          2Z+3xZMNW8/3W9Em4DcagZlWaB9P7oiGkTvCsF4att8=
Subject key identifier:   1B:88:67:E4:F9:DD:C4:D1:0A:22:19:BA:21:72:87:81:71:97:5D:1E
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018CC56E04DA2A81C9626EF62E012D8E62BB
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/G4hn5PndxNEKIhm6IXKHgXGXXR4.roa
Signing time:             Mon 01 Jan 2024 14:29:30 +0000
ROA not before:           Mon 01 Jan 2024 14:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44068
IP address blocks:        94.26.128.0/18 maxlen: 24
                          2a02:2510::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:04:da:2a:81:c9:62:6e:f6:2e:01:2d:8e:62:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  1 14:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b8867e4f9ddc4d10a2219ba2172878171975d1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b3:a5:c2:ad:d3:22:b4:8f:85:16:f9:a2:f3:
                    59:e6:84:78:c5:f3:45:bf:78:61:56:18:09:6e:8c:
                    34:bc:07:e8:33:21:4a:ec:4c:07:1a:83:43:81:9f:
                    16:16:c3:72:2a:86:23:ed:4c:3b:cd:3d:1d:11:5b:
                    62:d7:5a:99:df:18:9b:65:6d:dc:62:81:4a:19:65:
                    84:45:60:55:a3:f5:16:54:a2:c0:0a:48:4a:79:8d:
                    50:e2:45:d5:6b:3a:4d:20:af:c7:70:20:65:35:f4:
                    8d:5b:e3:c8:11:f8:b8:52:aa:b0:2d:4f:7b:73:be:
                    a0:c0:c8:10:ad:0c:cd:82:74:ee:1b:34:36:3f:18:
                    29:3a:84:f1:8c:23:8c:4b:24:68:2d:40:a1:ac:a3:
                    cb:8b:fb:79:05:8f:53:17:9f:61:42:81:7a:f1:32:
                    7e:84:04:e8:d5:d8:60:c3:e9:4c:ac:b2:e3:b3:ac:
                    98:12:65:be:d1:f4:18:8f:c2:c2:03:04:9a:c2:31:
                    03:e3:cd:6b:94:ad:ea:d3:24:91:18:92:08:ee:4a:
                    94:cd:03:ca:a3:91:06:6c:3d:31:e2:fd:83:ff:7e:
                    2a:33:57:96:41:78:8f:04:64:66:6f:40:ff:10:9a:
                    8f:05:7a:cf:c9:e9:c2:ef:79:5e:32:dd:31:9d:78:
                    f4:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:88:67:E4:F9:DD:C4:D1:0A:22:19:BA:21:72:87:81:71:97:5D:1E
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/G4hn5PndxNEKIhm6IXKHgXGXXR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.26.128.0/18
                IPv6:
                  2a02:2510::/32

    Signature Algorithm: sha256WithRSAEncryption
         0c:29:c7:51:d0:bb:41:f9:16:60:4e:00:41:2b:3f:79:bc:40:
         95:76:a1:cc:06:33:e0:cc:ce:e6:0b:c8:db:f0:f0:b4:92:db:
         56:5d:65:e7:1c:49:c2:a2:58:bd:97:7c:43:06:a6:33:13:ba:
         4d:7d:ab:d1:db:3f:6e:13:9f:59:c4:df:fc:ad:ad:f6:30:84:
         de:ed:9b:61:48:d4:c8:61:26:88:37:4d:38:ac:e7:86:a7:5d:
         96:ee:32:12:58:de:88:a7:69:f6:cd:de:2d:1f:0c:76:1f:f9:
         a4:f1:0b:9a:66:f7:a4:8b:2d:c7:00:c5:6c:4f:0a:8c:79:29:
         c9:32:e6:d5:b8:c6:f6:8d:05:8b:33:66:62:39:6a:62:e6:35:
         43:89:a8:0d:45:f3:26:a5:e1:c9:dc:13:d4:1b:49:98:b0:ae:
         1f:67:68:4d:ba:ba:0a:e6:aa:e5:42:18:de:f7:96:ed:aa:b6:
         67:4e:49:16:f3:22:e9:dd:81:90:7a:b8:71:f6:1f:5e:02:e0:
         61:f6:70:04:f7:61:79:c7:67:51:ab:c9:5c:47:f8:f1:d5:00:
         79:2d:7a:02:4e:62:7e:94:2c:40:c1:98:d1:8f:33:64:6b:9d:
         88:98:4b:c9:48:25:67:25:4a:70:ab:94:7d:b1:34:87:e3:dc:
         b8:34:9c:d6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbgTaKoHJYm72LgEtjmK7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwMTAxMTQyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjg4NjdlNGY5ZGRjNGQxMGEyMjE5YmEyMTcyODc4MTcxOTc1ZDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLOlwq3TIrSPhRb5ovNZ5oR4xfNF
v3hhVhgJbow0vAfoMyFK7EwHGoNDgZ8WFsNyKoYj7Uw7zT0dEVti11qZ3xibZW3c
YoFKGWWERWBVo/UWVKLACkhKeY1Q4kXVazpNIK/HcCBlNfSNW+PIEfi4UqqwLU97
c76gwMgQrQzNgnTuGzQ2PxgpOoTxjCOMSyRoLUChrKPLi/t5BY9TF59hQoF68TJ+
hATo1dhgw+lMrLLjs6yYEmW+0fQYj8LCAwSawjED481rlK3q0ySRGJII7kqUzQPK
o5EGbD0x4v2D/34qM1eWQXiPBGRmb0D/EJqPBXrPyenC73leMt0xnXj0zwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBuIZ+T53cTRCiIZuiFyh4Fxl10eMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvRzRobjVQbmR4TkVLSWhtNklYS0hnWEdYWFI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQGXhqAMA0E
AgACMAcDBQAqAiUQMA0GCSqGSIb3DQEBCwUAA4IBAQAMKcdR0LtB+RZgTgBBKz95
vECVdqHMBjPgzM7mC8jb8PC0kttWXWXnHEnColi9l3xDBqYzE7pNfavR2z9uE59Z
xN/8ra32MITe7ZthSNTIYSaIN004rOeGp12W7jISWN6Ip2n2zd4tHwx2H/mk8Qua
Zvekiy3HAMVsTwqMeSnJMubVuMb2jQWLM2ZiOWpi5jVDiagNRfMmpeHJ3BPUG0mY
sK4fZ2hNuroK5qrlQhje95btqrZnTkkW8yLp3YGQerhx9h9eAuBh9nAE92F5x2dR
q8lcR/jx1QB5LXoCTmJ+lCxAwZjRjzNka52ImEvJSCVnJUpwq5R9sTSH49y4NJzW
-----END CERTIFICATE-----