Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/fac406-1d9b-461d-855b-58865d1e14e0/1/qOClEkSznWtkGgGJ0fJlOeVAxP8.roa
File:                     qOClEkSznWtkGgGJ0fJlOeVAxP8.roa (raw, json)
Hash identifier:          uSga8YNNdA2UirqabkZJDer5R6cSGIOfGqkvUGbSCKY=
Subject key identifier:   A8:E0:A5:12:44:B3:9D:6B:64:1A:01:89:D1:F2:65:39:E5:40:C4:FF
Certificate issuer:       /CN=d45a8d91fe44f1a9639aed561c1bcafcbf10b25d
Certificate serial:       018CC8DF5071C38099686A394896B812189D
Authority key identifier: D4:5A:8D:91:FE:44:F1:A9:63:9A:ED:56:1C:1B:CA:FC:BF:10:B2:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1FqNkf5E8aljmu1WHBvK_L8Qsl0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/fac406-1d9b-461d-855b-58865d1e14e0/1/qOClEkSznWtkGgGJ0fJlOeVAxP8.roa
Signing time:             Tue 02 Jan 2024 06:32:07 +0000
ROA not before:           Tue 02 Jan 2024 06:32:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24956
IP address blocks:        194.120.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/fac406-1d9b-461d-855b-58865d1e14e0/1/1FqNkf5E8aljmu1WHBvK_L8Qsl0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/fac406-1d9b-461d-855b-58865d1e14e0/1/1FqNkf5E8aljmu1WHBvK_L8Qsl0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1FqNkf5E8aljmu1WHBvK_L8Qsl0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:50:71:c3:80:99:68:6a:39:48:96:b8:12:18:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d45a8d91fe44f1a9639aed561c1bcafcbf10b25d
        Validity
            Not Before: Jan  2 06:32:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8e0a51244b39d6b641a0189d1f26539e540c4ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:86:a1:b7:31:d0:14:27:aa:f1:2b:6a:11:44:
                    ee:d8:c7:53:88:86:01:a2:71:e1:38:3a:25:50:b1:
                    5e:1e:04:ff:88:e4:6b:44:8c:1a:cd:bb:27:a1:18:
                    eb:73:ed:5f:da:54:cb:82:9e:07:d5:eb:66:4f:bc:
                    ac:ab:00:46:10:d3:b0:de:04:a7:c9:63:fe:ee:8c:
                    14:31:e7:7a:0c:eb:e9:fb:ca:70:fd:18:57:d3:2c:
                    e5:c5:43:3c:89:5f:74:5e:d1:56:ba:69:9b:a4:56:
                    c8:c3:a9:ce:cf:20:9e:f0:3b:12:b7:43:9d:cd:d2:
                    71:d5:65:53:24:17:c0:28:01:fe:39:d7:02:2d:92:
                    ad:0d:c1:95:e5:e0:42:28:ff:03:4d:19:78:31:5b:
                    b5:65:76:bd:56:96:48:08:0a:e9:a3:39:45:f6:70:
                    89:af:36:39:8b:61:98:bd:ad:0d:8a:03:0e:6b:12:
                    89:d4:f9:e0:6e:b0:56:b7:89:12:fa:75:dd:0b:a3:
                    08:9d:3b:8f:c6:e5:44:6e:0b:e7:03:8f:06:73:4e:
                    37:52:41:9f:cf:b2:85:8a:78:bd:f6:4c:d6:0e:b2:
                    3c:1a:ed:80:cb:0e:53:92:ae:29:28:e3:cc:60:dc:
                    38:93:41:41:ea:d5:dd:c4:49:db:c8:95:4f:06:61:
                    f2:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:E0:A5:12:44:B3:9D:6B:64:1A:01:89:D1:F2:65:39:E5:40:C4:FF
            X509v3 Authority Key Identifier:
                keyid:D4:5A:8D:91:FE:44:F1:A9:63:9A:ED:56:1C:1B:CA:FC:BF:10:B2:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1FqNkf5E8aljmu1WHBvK_L8Qsl0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/fac406-1d9b-461d-855b-58865d1e14e0/1/qOClEkSznWtkGgGJ0fJlOeVAxP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/fac406-1d9b-461d-855b-58865d1e14e0/1/1FqNkf5E8aljmu1WHBvK_L8Qsl0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.120.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:25:91:92:68:6b:bb:df:ff:37:44:df:98:74:44:ae:2b:01:
         32:a1:60:8e:fd:2d:34:8b:0e:44:13:3b:6c:42:1b:91:80:17:
         df:4d:84:19:15:87:93:24:92:37:c6:9d:44:37:ee:c5:6f:b0:
         90:8d:77:1f:71:de:68:f2:08:2f:7d:12:45:e2:af:57:92:c9:
         10:c3:2c:ee:a2:7b:cc:f6:95:29:3c:dd:6e:95:86:68:21:78:
         be:5a:a3:72:53:c5:d0:bc:30:a4:0c:e3:36:bc:6f:3c:64:9e:
         bd:55:9b:75:d1:19:ae:9e:d7:5d:ae:b4:4e:37:ee:35:1a:0a:
         84:e8:02:0a:0f:54:bf:51:90:46:2c:f1:0e:01:36:b8:42:44:
         bd:3e:af:e5:35:1d:8a:7a:04:c2:c5:8e:ff:8a:07:55:69:1c:
         a4:68:d4:ea:d2:41:b5:1f:45:26:a1:2f:65:7b:14:f9:e0:d4:
         98:30:bf:d3:e9:38:da:40:e1:0e:0e:a0:c7:9d:f5:74:6d:d0:
         88:3d:de:65:04:a3:df:cd:5c:6a:cd:03:55:ea:42:b2:0d:43:
         37:6c:65:4e:7c:06:43:57:81:ea:cb:5e:94:b5:9d:c2:b7:1c:
         28:df:e7:9d:ee:80:b4:0b:6c:57:02:ea:e6:68:4d:49:ef:66:
         b4:8e:7e:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI31Bxw4CZaGo5SJa4EhidMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NWE4ZDkxZmU0NGYxYTk2MzlhZWQ1NjFjMWJjYWZjYmYx
MGIyNWQwHhcNMjQwMTAyMDYzMjA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGUwYTUxMjQ0YjM5ZDZiNjQxYTAxODlkMWYyNjUzOWU1NDBjNGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgoahtzHQFCeq8StqEUTu2MdTiIYB
onHhODolULFeHgT/iORrRIwazbsnoRjrc+1f2lTLgp4H1etmT7ysqwBGENOw3gSn
yWP+7owUMed6DOvp+8pw/RhX0yzlxUM8iV90XtFWummbpFbIw6nOzyCe8DsSt0Od
zdJx1WVTJBfAKAH+OdcCLZKtDcGV5eBCKP8DTRl4MVu1ZXa9VpZICArpozlF9nCJ
rzY5i2GYva0NigMOaxKJ1PngbrBWt4kS+nXdC6MInTuPxuVEbgvnA48Gc043UkGf
z7KFini99kzWDrI8Gu2Ayw5Tkq4pKOPMYNw4k0FB6tXdxEnbyJVPBmHy2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKjgpRJEs51rZBoBidHyZTnlQMT/MB8GA1UdIwQY
MBaAFNRajZH+RPGpY5rtVhwbyvy/ELJdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUZxTmtmNUU4YWxqbXUxV0hCdktfTDhRc2wwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS9mYWM0MDYtMWQ5Yi00NjFkLTg1NWIt
NTg4NjVkMWUxNGUwLzEvcU9DbEVrU3puV3RrR2dHSjBmSmxPZVZBeFA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS9mYWM0MDYtMWQ5Yi00NjFkLTg1NWItNTg4NjVkMWUxNGUw
LzEvMUZxTmtmNUU4YWxqbXUxV0hCdktfTDhRc2wwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnjqMA0G
CSqGSIb3DQEBCwUAA4IBAQANJZGSaGu73/83RN+YdESuKwEyoWCO/S00iw5EEzts
QhuRgBffTYQZFYeTJJI3xp1EN+7Fb7CQjXcfcd5o8ggvfRJF4q9XkskQwyzuonvM
9pUpPN1ulYZoIXi+WqNyU8XQvDCkDOM2vG88ZJ69VZt10RmuntddrrRON+41GgqE
6AIKD1S/UZBGLPEOATa4QkS9Pq/lNR2KegTCxY7/igdVaRykaNTq0kG1H0UmoS9l
exT54NSYML/T6TjaQOEODqDHnfV0bdCIPd5lBKPfzVxqzQNV6kKyDUM3bGVOfAZD
V4Hqy16UtZ3Ctxwo3+ed7oC0C2xXAurmaE1J72a0jn7J
-----END CERTIFICATE-----