Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/4g7lMIH5AwXmBJ0wcyd_bUB8kBE.roa
File:                     4g7lMIH5AwXmBJ0wcyd_bUB8kBE.roa (raw, json)
Hash identifier:          B1iD/wdou/Tw3+NNzvAJ0zogbbl2tmZdY0GdOjcC7S0=
Subject key identifier:   E2:0E:E5:30:81:F9:03:05:E6:04:9D:30:73:27:7F:6D:40:7C:90:11
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348D76A7878DDCEA790F0FE7DFE3226
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/4g7lMIH5AwXmBJ0wcyd_bUB8kBE.roa
Signing time:             Mon 01 Jan 2024 04:29:40 +0000
ROA not before:           Mon 01 Jan 2024 04:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31141
IP address blocks:        194.6.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:d7:6a:78:78:dd:ce:a7:90:f0:fe:7d:fe:32:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e20ee53081f90305e6049d3073277f6d407c9011
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:50:02:7d:83:0f:ad:24:7a:dd:60:5b:48:e1:
                    23:28:e1:0a:c3:2d:30:fb:91:73:da:d9:8b:8e:0a:
                    2f:47:99:5d:29:8f:08:ba:3d:f7:c0:f8:15:fd:d7:
                    53:eb:b4:f9:56:f2:17:8e:a6:ff:6c:0c:4d:e4:fd:
                    ea:9f:d6:0e:a5:9d:dc:d8:b7:7b:b4:6d:3a:fa:33:
                    21:6b:e3:2a:ad:b7:a7:9f:75:69:88:da:15:1a:1a:
                    10:3f:05:85:b7:6b:93:56:5c:40:ef:a6:a7:39:41:
                    e3:2c:11:35:d5:ae:ac:41:f6:81:f2:00:47:07:ba:
                    e6:53:c5:93:73:5f:b8:e9:92:73:cb:bc:f3:ad:b1:
                    6a:fe:2a:3f:76:96:04:74:5e:50:9d:a5:14:a0:56:
                    e3:fd:c4:d8:2b:03:8f:24:98:55:81:19:18:a0:6b:
                    6f:31:5f:9c:23:06:93:33:a8:b4:db:ca:1e:c6:78:
                    74:67:bf:e8:75:9d:ae:2a:ae:04:6e:0a:e1:78:7a:
                    a5:ab:44:b0:11:ef:f2:d5:aa:cd:b4:e5:22:0f:fd:
                    bb:42:a5:30:10:0c:bc:cb:43:e9:55:eb:b5:19:8c:
                    33:35:bc:7d:a7:f4:13:d4:3c:98:94:4e:56:c1:3c:
                    59:04:1f:ef:2b:c2:0e:a5:f3:59:a2:0c:c5:b6:ec:
                    60:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:0E:E5:30:81:F9:03:05:E6:04:9D:30:73:27:7F:6D:40:7C:90:11
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/4g7lMIH5AwXmBJ0wcyd_bUB8kBE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.6.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:3a:2f:6c:71:bd:6a:f5:78:53:16:f8:8b:de:c6:c2:35:a7:
         8c:90:ed:13:29:17:ae:9a:19:82:aa:2d:e3:82:6b:6f:50:62:
         b6:0a:01:e8:92:cd:74:bc:fa:95:21:e4:fd:f6:4c:5f:df:21:
         3d:b9:84:32:30:c9:b7:ec:09:e2:3b:e8:db:af:11:d9:ad:6e:
         58:5a:3b:4c:49:85:da:38:c8:5d:53:96:93:7c:c3:d2:d6:9f:
         3d:72:2d:a2:fb:72:f8:49:07:48:78:ab:a7:90:b7:01:77:c6:
         e6:c0:b6:54:07:66:5e:af:c4:40:ed:9f:67:31:fc:52:75:03:
         15:6b:02:03:8d:c7:fb:3e:20:65:c4:a4:2e:7a:14:19:02:ac:
         84:9f:07:07:f2:a5:dd:cf:7f:98:09:fb:4d:bf:8d:30:52:05:
         8f:c6:0d:fe:21:88:6f:ba:9c:c7:2b:83:8e:b4:14:e1:e0:8f:
         3a:f2:c7:db:0f:a6:8a:67:d5:6c:9a:0d:f9:a5:08:04:6e:52:
         10:75:69:2f:19:2a:23:83:21:18:1b:94:d2:71:23:85:2f:02:
         cc:d3:bb:13:9d:65:be:21:b4:2e:37:91:23:4a:a5:fb:05:9b:
         c9:f2:4d:39:a6:d2:36:7e:41:a0:35:e1:93:4e:8e:7a:5f:48:
         d7:d2:cc:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSNdqeHjdzqeQ8P59/jImMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjBlZTUzMDgxZjkwMzA1ZTYwNDlkMzA3MzI3N2Y2ZDQwN2M5MDExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh1ACfYMPrSR63WBbSOEjKOEKwy0w
+5Fz2tmLjgovR5ldKY8Iuj33wPgV/ddT67T5VvIXjqb/bAxN5P3qn9YOpZ3c2Ld7
tG06+jMha+Mqrbenn3VpiNoVGhoQPwWFt2uTVlxA76anOUHjLBE11a6sQfaB8gBH
B7rmU8WTc1+46ZJzy7zzrbFq/io/dpYEdF5QnaUUoFbj/cTYKwOPJJhVgRkYoGtv
MV+cIwaTM6i028oexnh0Z7/odZ2uKq4EbgrheHqlq0SwEe/y1arNtOUiD/27QqUw
EAy8y0PpVeu1GYwzNbx9p/QT1DyYlE5WwTxZBB/vK8IOpfNZogzFtuxgrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOIO5TCB+QMF5gSdMHMnf21AfJARMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvNGc3bE1JSDVBd1htQkowd2N5ZF9iVUI4a0JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwga8MA0G
CSqGSIb3DQEBCwUAA4IBAQCOOi9scb1q9XhTFviL3sbCNaeMkO0TKReumhmCqi3j
gmtvUGK2CgHoks10vPqVIeT99kxf3yE9uYQyMMm37AniO+jbrxHZrW5YWjtMSYXa
OMhdU5aTfMPS1p89ci2i+3L4SQdIeKunkLcBd8bmwLZUB2Zer8RA7Z9nMfxSdQMV
awIDjcf7PiBlxKQuehQZAqyEnwcH8qXdz3+YCftNv40wUgWPxg3+IYhvupzHK4OO
tBTh4I868sfbD6aKZ9Vsmg35pQgEblIQdWkvGSojgyEYG5TScSOFLwLM07sTnWW+
IbQuN5EjSqX7BZvJ8k05ptI2fkGgNeGTTo56X0jX0sw0
-----END CERTIFICATE-----