Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/RcMnuhckCxrXDJo2NQw4dIp_3Ns.roa
File:                     RcMnuhckCxrXDJo2NQw4dIp_3Ns.roa (raw, json)
Hash identifier:          UdFEJVdLKIIdC1gHePv1xre5I/i+ik4x9EgeyPD34oI=
Subject key identifier:   45:C3:27:BA:17:24:0B:1A:D7:0C:9A:36:35:0C:38:74:8A:7F:DC:DB
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       018CC86FB4FB437F5EB585438BA91193F6B1
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/RcMnuhckCxrXDJo2NQw4dIp_3Ns.roa
Signing time:             Tue 02 Jan 2024 04:30:13 +0000
ROA not before:           Tue 02 Jan 2024 04:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206683
IP address blocks:        194.8.238.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:b4:fb:43:7f:5e:b5:85:43:8b:a9:11:93:f6:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Jan  2 04:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45c327ba17240b1ad70c9a36350c38748a7fdcdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:7e:94:70:20:ed:99:5b:2e:ba:bd:c9:6e:9e:
                    0f:b7:52:63:a1:3c:db:26:8c:71:11:c3:cb:59:9d:
                    03:64:c7:cf:ba:a2:6c:65:f0:91:24:5c:0f:07:54:
                    2e:0f:ca:a0:2a:3d:0a:f4:40:5b:17:d0:f9:5f:03:
                    0b:74:dc:64:44:e1:44:be:37:71:a9:de:db:d5:11:
                    3e:2f:f8:e8:6d:9a:32:9a:a9:25:0c:24:55:21:fa:
                    09:9f:97:cc:f3:28:6d:32:fd:e1:a0:ca:5d:b4:c3:
                    ca:c7:fb:e0:a6:41:77:61:c6:01:4c:64:9a:cc:43:
                    e0:f0:dd:35:db:f9:1d:ac:89:da:21:d2:54:c0:da:
                    7c:44:96:4f:52:91:93:df:9f:90:15:9a:a9:35:32:
                    e8:15:ee:8c:a6:7e:11:0a:f7:62:fa:81:e5:d8:0e:
                    e0:f4:cf:6f:88:47:61:02:af:6d:ad:fb:4b:8a:9f:
                    f6:1c:d3:66:5a:cf:8f:eb:54:05:da:35:3a:aa:a9:
                    41:ae:f3:bd:d2:f8:5c:4b:f9:b7:ec:55:52:c1:ae:
                    a3:d9:dc:15:2f:ed:ca:68:e5:e7:a4:77:d7:40:3a:
                    c1:d7:ad:40:5c:fc:52:ee:23:33:b0:b6:ed:5e:e2:
                    9e:85:b5:4f:fe:ac:d0:5c:9b:30:49:3f:52:2a:e8:
                    3e:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:C3:27:BA:17:24:0B:1A:D7:0C:9A:36:35:0C:38:74:8A:7F:DC:DB
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/RcMnuhckCxrXDJo2NQw4dIp_3Ns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.8.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:b3:f3:e1:de:8b:75:20:fa:8c:b9:7e:d1:ca:5a:73:bf:da:
         13:d5:72:d4:27:9e:d4:e0:33:8c:72:ec:3b:b2:67:62:50:5a:
         8a:a8:17:88:37:0f:3b:3f:a9:ce:a1:a9:69:32:99:ab:00:df:
         3b:f8:0c:fa:24:0d:37:73:46:d0:d3:56:11:c2:20:40:54:e8:
         b3:7d:db:07:a6:3d:03:34:48:b7:3b:eb:50:fc:70:c8:1d:f9:
         f8:01:46:c0:e6:00:79:21:d3:62:ca:94:fa:3d:4f:a0:aa:56:
         06:c2:c4:58:f4:c6:3f:6c:53:04:59:26:f3:bc:e7:93:f3:d3:
         bd:53:f7:47:51:4e:d6:cd:25:ca:c6:4e:93:3b:6b:9c:1a:cc:
         a4:f7:3a:17:cc:63:b6:f4:c0:91:77:91:19:93:92:45:c8:e4:
         7b:7a:56:5a:42:93:4f:2f:c7:97:ed:df:49:42:a4:28:4f:9b:
         0b:6d:f4:14:5e:ad:10:ac:f2:00:51:74:e6:ad:9a:28:e0:4e:
         c6:96:bc:9b:c5:2e:fa:7e:8e:0b:39:39:cf:5a:d5:0a:2c:9f:
         70:00:a7:93:35:c4:44:90:99:74:6a:fc:a3:0a:c5:9a:fc:32:
         04:f5:ea:a3:f2:12:88:54:4a:46:52:92:04:ce:e2:25:93:3a:
         bb:e1:94:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb7T7Q39etYVDi6kRk/axMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjQwMTAyMDQzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWMzMjdiYTE3MjQwYjFhZDcwYzlhMzYzNTBjMzg3NDhhN2ZkY2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqX6UcCDtmVsuur3Jbp4Pt1JjoTzb
JoxxEcPLWZ0DZMfPuqJsZfCRJFwPB1QuD8qgKj0K9EBbF9D5XwMLdNxkROFEvjdx
qd7b1RE+L/jobZoymqklDCRVIfoJn5fM8yhtMv3hoMpdtMPKx/vgpkF3YcYBTGSa
zEPg8N012/kdrInaIdJUwNp8RJZPUpGT35+QFZqpNTLoFe6Mpn4RCvdi+oHl2A7g
9M9viEdhAq9trftLip/2HNNmWs+P61QF2jU6qqlBrvO90vhcS/m37FVSwa6j2dwV
L+3KaOXnpHfXQDrB161AXPxS7iMzsLbtXuKehbVP/qzQXJswST9SKug+fQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEXDJ7oXJAsa1wyaNjUMOHSKf9zbMB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvUmNNbnVoY2tDeHJYREpvMk5RdzRkSXBfM05zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgjuMA0G
CSqGSIb3DQEBCwUAA4IBAQCLs/Ph3ot1IPqMuX7Rylpzv9oT1XLUJ57U4DOMcuw7
smdiUFqKqBeINw87P6nOoalpMpmrAN87+Az6JA03c0bQ01YRwiBAVOizfdsHpj0D
NEi3O+tQ/HDIHfn4AUbA5gB5IdNiypT6PU+gqlYGwsRY9MY/bFMEWSbzvOeT89O9
U/dHUU7WzSXKxk6TO2ucGsyk9zoXzGO29MCRd5EZk5JFyOR7elZaQpNPL8eX7d9J
QqQoT5sLbfQUXq0QrPIAUXTmrZoo4E7GlrybxS76fo4LOTnPWtUKLJ9wAKeTNcRE
kJl0avyjCsWa/DIE9eqj8hKIVEpGUpIEzuIlkzq74ZT9
-----END CERTIFICATE-----