Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/0ee78b-815c-4995-82e1-c80c288ebeea/1/h34z8F5f9FPKn-eucqv-9wISJ4E.roa
File:                     h34z8F5f9FPKn-eucqv-9wISJ4E.roa (raw, json)
Hash identifier:          qESRbNYIxa+NzoEd2bhVZzQEoBLbrs16ZCmP+lqrsOY=
Subject key identifier:   87:7E:33:F0:5E:5F:F4:53:CA:9F:E7:AE:72:AB:FE:F7:02:12:27:81
Certificate issuer:       /CN=7cd6c0236ff4d6050906957ffd380b3879e6ed6e
Certificate serial:       018CCA28582D69BE5C00ACF24DB99A075F78
Authority key identifier: 7C:D6:C0:23:6F:F4:D6:05:09:06:95:7F:FD:38:0B:38:79:E6:ED:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fNbAI2_01gUJBpV__TgLOHnm7W4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/0ee78b-815c-4995-82e1-c80c288ebeea/1/h34z8F5f9FPKn-eucqv-9wISJ4E.roa
Signing time:             Tue 02 Jan 2024 12:31:30 +0000
ROA not before:           Tue 02 Jan 2024 12:31:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205131
IP address blocks:        194.54.157.0/24 maxlen: 24
                          194.54.158.0/24 maxlen: 24
                          194.54.159.0/24 maxlen: 24
                          194.54.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/0ee78b-815c-4995-82e1-c80c288ebeea/1/fNbAI2_01gUJBpV__TgLOHnm7W4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/0ee78b-815c-4995-82e1-c80c288ebeea/1/fNbAI2_01gUJBpV__TgLOHnm7W4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fNbAI2_01gUJBpV__TgLOHnm7W4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:58:2d:69:be:5c:00:ac:f2:4d:b9:9a:07:5f:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7cd6c0236ff4d6050906957ffd380b3879e6ed6e
        Validity
            Not Before: Jan  2 12:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=877e33f05e5ff453ca9fe7ae72abfef702122781
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:6f:b8:a4:dd:b1:e8:b5:c5:c0:6f:37:52:47:
                    a1:ff:2b:6c:de:64:fe:9f:0a:fe:0e:7d:63:5c:28:
                    cb:3e:9f:a8:49:42:ca:82:93:1e:d2:29:fa:3b:5f:
                    16:af:e9:52:d7:94:bc:a6:8c:1c:6b:22:ac:21:9f:
                    81:f4:28:8f:f9:29:b6:aa:74:4f:ab:2f:33:41:04:
                    5e:0b:76:16:50:66:a1:8c:af:8f:4d:d4:2e:00:26:
                    3a:4d:0b:9d:81:ac:7c:59:aa:7a:15:fd:39:79:29:
                    4b:05:55:06:d3:b2:48:95:20:df:4d:94:c0:da:53:
                    b1:b6:a7:67:8e:12:10:2d:69:ed:62:27:9b:95:7d:
                    f0:1d:27:a9:d3:f2:85:49:44:9f:b0:cb:88:ad:f7:
                    2d:83:9c:4d:a6:8d:4a:9d:43:74:14:18:a2:9f:07:
                    b0:16:6e:8f:60:e8:6b:1c:2c:3c:9d:b9:27:a8:d3:
                    77:a0:15:c2:26:41:e0:6a:2a:4d:7a:df:24:23:ee:
                    89:72:9d:ec:72:05:38:6b:08:23:e3:60:00:42:0d:
                    4a:b5:56:2b:f1:21:b8:10:ec:53:68:89:a0:c9:0f:
                    c4:77:e3:35:88:a3:12:e1:b2:5a:ff:76:fa:cf:c2:
                    88:af:b9:b0:6a:f2:6d:36:08:cb:5e:a6:1a:b0:63:
                    f9:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:7E:33:F0:5E:5F:F4:53:CA:9F:E7:AE:72:AB:FE:F7:02:12:27:81
            X509v3 Authority Key Identifier:
                keyid:7C:D6:C0:23:6F:F4:D6:05:09:06:95:7F:FD:38:0B:38:79:E6:ED:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fNbAI2_01gUJBpV__TgLOHnm7W4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0ee78b-815c-4995-82e1-c80c288ebeea/1/h34z8F5f9FPKn-eucqv-9wISJ4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0ee78b-815c-4995-82e1-c80c288ebeea/1/fNbAI2_01gUJBpV__TgLOHnm7W4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.54.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0b:53:63:3c:b8:58:9f:41:88:32:97:df:bb:36:a3:20:98:39:
         5d:bd:a0:63:b1:30:8c:00:92:84:84:0b:0e:5c:e9:69:3b:c1:
         e2:08:33:cb:f5:3e:f2:ad:31:c6:8e:50:44:2f:42:68:15:27:
         58:bd:6f:82:19:7d:0d:2f:3f:30:88:2c:83:1c:cf:70:c5:3d:
         4e:fb:1e:62:42:ad:b2:80:da:f1:e7:57:bd:28:96:78:a7:ef:
         0c:08:f4:30:86:ee:6c:c5:64:b2:3b:3f:c4:45:a3:90:2a:bb:
         e6:86:bd:06:26:64:75:d4:92:cf:05:e2:1b:b9:93:e0:f6:e9:
         76:14:f8:a8:f2:54:37:25:ff:b6:97:e7:2a:18:d3:66:6b:e5:
         f0:39:4b:ed:a8:5a:03:b9:ec:38:5a:64:14:c0:2a:3e:1a:32:
         76:b4:47:81:4d:5f:6c:b5:3a:1d:f9:83:c9:bf:89:be:b3:0c:
         8f:89:80:56:a4:4e:e4:97:ec:1c:57:84:da:d8:2b:bf:18:7c:
         fd:06:7c:cd:5c:dc:3a:3b:bf:53:e9:58:d1:88:d1:f5:63:55:
         d1:3e:3b:ea:35:98:6f:5c:a9:00:43:16:97:45:63:14:94:eb:
         c0:cf:59:f9:12:fb:64:1a:48:43:45:fb:da:61:9f:01:a2:5e:
         ac:79:b9:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKFgtab5cAKzyTbmaB194MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjZDZjMDIzNmZmNGQ2MDUwOTA2OTU3ZmZkMzgwYjM4Nzll
NmVkNmUwHhcNMjQwMTAyMTIzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzdlMzNmMDVlNWZmNDUzY2E5ZmU3YWU3MmFiZmVmNzAyMTIyNzgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj2+4pN2x6LXFwG83Ukeh/yts3mT+
nwr+Dn1jXCjLPp+oSULKgpMe0in6O18Wr+lS15S8powcayKsIZ+B9CiP+Sm2qnRP
qy8zQQReC3YWUGahjK+PTdQuACY6TQudgax8Wap6Ff05eSlLBVUG07JIlSDfTZTA
2lOxtqdnjhIQLWntYieblX3wHSep0/KFSUSfsMuIrfctg5xNpo1KnUN0FBiinwew
Fm6PYOhrHCw8nbknqNN3oBXCJkHgaipNet8kI+6Jcp3scgU4awgj42AAQg1KtVYr
8SG4EOxTaImgyQ/Ed+M1iKMS4bJa/3b6z8KIr7mwavJtNgjLXqYasGP5LwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFId+M/BeX/RTyp/nrnKr/vcCEieBMB8GA1UdIwQY
MBaAFHzWwCNv9NYFCQaVf/04Czh55u1uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZk5iQUkyXzAxZ1VKQnBWX19UZ0xPSG5tN1c0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8wZWU3OGItODE1Yy00OTk1LTgyZTEt
YzgwYzI4OGViZWVhLzEvaDM0ejhGNWY5RlBLbi1ldWNxdi05d0lTSjRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8wZWU3OGItODE1Yy00OTk1LTgyZTEtYzgwYzI4OGViZWVh
LzEvZk5iQUkyXzAxZ1VKQnBWX19UZ0xPSG5tN1c0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwjacMA0G
CSqGSIb3DQEBCwUAA4IBAQALU2M8uFifQYgyl9+7NqMgmDldvaBjsTCMAJKEhAsO
XOlpO8HiCDPL9T7yrTHGjlBEL0JoFSdYvW+CGX0NLz8wiCyDHM9wxT1O+x5iQq2y
gNrx51e9KJZ4p+8MCPQwhu5sxWSyOz/ERaOQKrvmhr0GJmR11JLPBeIbuZPg9ul2
FPio8lQ3Jf+2l+cqGNNma+XwOUvtqFoDuew4WmQUwCo+GjJ2tEeBTV9stTod+YPJ
v4m+swyPiYBWpE7kl+wcV4Ta2Cu/GHz9BnzNXNw6O79T6VjRiNH1Y1XRPjvqNZhv
XKkAQxaXRWMUlOvAz1n5EvtkGkhDRfvaYZ8Bol6sebkM
-----END CERTIFICATE-----