Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/e64625-cb8b-49cb-8569-266ac104f7b4/1/oF8Oo0HCyqgso79MJidJrJiWal0.roa
File:                     oF8Oo0HCyqgso79MJidJrJiWal0.roa (raw, json)
Hash identifier:          dLXrM4BHKewQOmK56qwsV1pm0e8zzsvH7IEJPmaQtVw=
Subject key identifier:   A0:5F:0E:A3:41:C2:CA:A8:2C:A3:BF:4C:26:27:49:AC:98:96:6A:5D
Certificate issuer:       /CN=954b071a03db5d233d05ab0394548007767f83e7
Certificate serial:       018CC26D67A8BDB21D915EBC3D3F995FA11F
Authority key identifier: 95:4B:07:1A:03:DB:5D:23:3D:05:AB:03:94:54:80:07:76:7F:83:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lUsHGgPbXSM9BasDlFSAB3Z_g-c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/e64625-cb8b-49cb-8569-266ac104f7b4/1/oF8Oo0HCyqgso79MJidJrJiWal0.roa
Signing time:             Mon 01 Jan 2024 00:29:59 +0000
ROA not before:           Mon 01 Jan 2024 00:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47204
IP address blocks:        194.88.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/e64625-cb8b-49cb-8569-266ac104f7b4/1/lUsHGgPbXSM9BasDlFSAB3Z_g-c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/e64625-cb8b-49cb-8569-266ac104f7b4/1/lUsHGgPbXSM9BasDlFSAB3Z_g-c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lUsHGgPbXSM9BasDlFSAB3Z_g-c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:67:a8:bd:b2:1d:91:5e:bc:3d:3f:99:5f:a1:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=954b071a03db5d233d05ab0394548007767f83e7
        Validity
            Not Before: Jan  1 00:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a05f0ea341c2caa82ca3bf4c262749ac98966a5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:7c:1d:bc:93:34:60:f8:f4:6a:2f:6e:0a:66:
                    7d:df:e6:95:88:4c:3d:c1:05:d3:aa:73:21:cc:15:
                    8a:b1:77:91:b6:76:e8:af:f0:7f:d0:26:6b:61:c1:
                    7f:9c:75:d4:8a:80:7c:06:20:b8:e7:0f:b0:a4:55:
                    c2:1a:67:a0:24:55:00:4d:38:01:07:16:f3:e2:dc:
                    c8:27:e3:0d:b4:d2:7c:4f:bb:65:f5:30:1b:54:a1:
                    0d:c6:8a:ba:05:68:3f:6d:ce:cc:81:35:81:b3:9d:
                    9a:69:00:91:36:b3:9d:26:08:18:16:89:a9:39:0a:
                    ee:af:a9:8c:56:03:7b:16:b1:f6:35:b3:6b:d3:dd:
                    54:e2:4d:ac:45:3f:46:e4:4d:ac:e0:41:28:1d:3a:
                    db:c2:1e:b5:e7:51:99:b8:21:ed:39:76:51:7f:44:
                    90:23:ee:2f:a4:03:ad:70:63:31:d8:ad:b1:3b:74:
                    5f:25:72:e5:75:c2:a3:ce:70:5b:b0:44:b1:35:b0:
                    ef:80:07:b8:ab:1b:79:1c:48:32:42:e6:98:56:f2:
                    4c:41:34:63:cc:5f:a9:32:03:ff:4c:f1:9e:16:4a:
                    ff:7e:f8:37:73:e4:ce:29:9b:af:73:61:07:2e:27:
                    e4:aa:88:a0:bf:67:a1:f6:a0:81:a8:4e:94:af:3b:
                    66:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:5F:0E:A3:41:C2:CA:A8:2C:A3:BF:4C:26:27:49:AC:98:96:6A:5D
            X509v3 Authority Key Identifier:
                keyid:95:4B:07:1A:03:DB:5D:23:3D:05:AB:03:94:54:80:07:76:7F:83:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lUsHGgPbXSM9BasDlFSAB3Z_g-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/e64625-cb8b-49cb-8569-266ac104f7b4/1/oF8Oo0HCyqgso79MJidJrJiWal0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/e64625-cb8b-49cb-8569-266ac104f7b4/1/lUsHGgPbXSM9BasDlFSAB3Z_g-c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.88.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:e1:50:5e:66:cf:32:b4:f5:f5:b8:81:93:b1:39:b9:da:e7:
         ff:a6:cf:8a:cf:8e:a4:36:ca:6c:f5:d7:7b:75:6d:74:ad:b3:
         dc:c8:fb:61:a0:fa:f5:e3:0b:d7:a4:6d:d3:a2:57:6f:a3:02:
         0b:80:d2:d3:56:72:a2:46:98:84:d9:40:66:a2:61:0e:3f:f7:
         2c:3a:e8:f6:da:43:8f:fc:cd:53:bf:1d:05:96:0e:04:eb:5f:
         98:02:01:79:56:99:78:4e:db:6c:c2:4a:68:3c:4d:e5:26:94:
         e8:03:79:e0:33:40:48:9b:c3:13:4d:6f:02:69:74:77:2b:a7:
         62:c4:0f:5f:16:bc:11:e5:78:79:89:76:d4:94:dd:07:fc:ce:
         d0:d8:c6:12:5e:d7:0f:0d:e5:e3:fb:2c:01:df:d3:e4:60:04:
         ac:9e:ff:50:06:1d:2a:3d:d3:87:c9:58:ca:38:f5:07:0b:28:
         6c:8b:9e:a7:ae:f6:c4:46:dd:15:01:86:59:35:cb:5c:f5:6c:
         0c:41:bb:eb:e9:75:f4:80:a7:2e:d7:ac:01:f7:cb:08:e9:eb:
         98:fc:3d:1b:f1:74:12:10:14:e5:07:af:0d:b3:25:06:8a:3f:
         87:0c:71:f2:35:48:01:59:c7:7e:91:9f:64:86:1f:34:e4:b5:
         85:c5:3c:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbWeovbIdkV68PT+ZX6EfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1NGIwNzFhMDNkYjVkMjMzZDA1YWIwMzk0NTQ4MDA3NzY3
ZjgzZTcwHhcNMjQwMTAxMDAyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDVmMGVhMzQxYzJjYWE4MmNhM2JmNGMyNjI3NDlhYzk4OTY2YTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl3wdvJM0YPj0ai9uCmZ93+aViEw9
wQXTqnMhzBWKsXeRtnbor/B/0CZrYcF/nHXUioB8BiC45w+wpFXCGmegJFUATTgB
Bxbz4tzIJ+MNtNJ8T7tl9TAbVKENxoq6BWg/bc7MgTWBs52aaQCRNrOdJggYFomp
OQrur6mMVgN7FrH2NbNr091U4k2sRT9G5E2s4EEoHTrbwh6151GZuCHtOXZRf0SQ
I+4vpAOtcGMx2K2xO3RfJXLldcKjznBbsESxNbDvgAe4qxt5HEgyQuaYVvJMQTRj
zF+pMgP/TPGeFkr/fvg3c+TOKZuvc2EHLifkqoigv2eh9qCBqE6UrztmUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKBfDqNBwsqoLKO/TCYnSayYlmpdMB8GA1UdIwQY
MBaAFJVLBxoD210jPQWrA5RUgAd2f4PnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFVzSEdnUGJYU005QmFzRGxGU0FCM1pfZy1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9lNjQ2MjUtY2I4Yi00OWNiLTg1Njkt
MjY2YWMxMDRmN2I0LzEvb0Y4T28wSEN5cWdzbzc5TUppZEpySmlXYWwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9lNjQ2MjUtY2I4Yi00OWNiLTg1NjktMjY2YWMxMDRmN2I0
LzEvbFVzSEdnUGJYU005QmFzRGxGU0FCM1pfZy1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwljHMA0G
CSqGSIb3DQEBCwUAA4IBAQAo4VBeZs8ytPX1uIGTsTm52uf/ps+Kz46kNsps9dd7
dW10rbPcyPthoPr14wvXpG3ToldvowILgNLTVnKiRpiE2UBmomEOP/csOuj22kOP
/M1Tvx0Flg4E61+YAgF5Vpl4TttswkpoPE3lJpToA3ngM0BIm8MTTW8CaXR3K6di
xA9fFrwR5Xh5iXbUlN0H/M7Q2MYSXtcPDeXj+ywB39PkYASsnv9QBh0qPdOHyVjK
OPUHCyhsi56nrvbERt0VAYZZNctc9WwMQbvr6XX0gKcu16wB98sI6euY/D0b8XQS
EBTlB68NsyUGij+HDHHyNUgBWcd+kZ9khh805LWFxTzs
-----END CERTIFICATE-----