Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/d7a26c-c373-4e6d-9fd8-bf191d9a2c9c/1/8tN7vCtTVTP8AliPCaRO_M6I8KY.roa
File:                     8tN7vCtTVTP8AliPCaRO_M6I8KY.roa (raw, json)
Hash identifier:          ju1x2rJTpwOt57Rc1SxTcEVhJfjHXfIZXXWAgpJnE0g=
Subject key identifier:   F2:D3:7B:BC:2B:53:55:33:FC:02:58:8F:09:A4:4E:FC:CE:88:F0:A6
Certificate issuer:       /CN=c50491092130dedd8466ffd5cc510576c894df6e
Certificate serial:       018CC8DF4041703B74CE347715D72283A68A
Authority key identifier: C5:04:91:09:21:30:DE:DD:84:66:FF:D5:CC:51:05:76:C8:94:DF:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xQSRCSEw3t2EZv_VzFEFdsiU324.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/d7a26c-c373-4e6d-9fd8-bf191d9a2c9c/1/8tN7vCtTVTP8AliPCaRO_M6I8KY.roa
Signing time:             Tue 02 Jan 2024 06:32:03 +0000
ROA not before:           Tue 02 Jan 2024 06:32:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204455
IP address blocks:        94.154.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/d7a26c-c373-4e6d-9fd8-bf191d9a2c9c/1/xQSRCSEw3t2EZv_VzFEFdsiU324.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/d7a26c-c373-4e6d-9fd8-bf191d9a2c9c/1/xQSRCSEw3t2EZv_VzFEFdsiU324.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xQSRCSEw3t2EZv_VzFEFdsiU324.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 18:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:40:41:70:3b:74:ce:34:77:15:d7:22:83:a6:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c50491092130dedd8466ffd5cc510576c894df6e
        Validity
            Not Before: Jan  2 06:32:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2d37bbc2b535533fc02588f09a44efcce88f0a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:fd:37:f2:d2:c5:f4:83:0c:62:00:a5:d3:98:
                    dc:c9:77:52:31:dd:9c:61:24:29:ac:cf:b9:a2:c9:
                    b2:92:43:c9:1e:47:2a:b3:76:61:0f:53:a3:f4:82:
                    dd:dc:aa:64:44:77:12:4c:a4:05:79:74:79:a3:1f:
                    c2:a0:16:29:30:dc:e2:6c:53:52:b7:91:bb:f5:e6:
                    9e:a0:76:66:7d:b5:34:e6:17:eb:1c:c9:3d:67:88:
                    ba:d1:d3:ee:4b:0c:68:19:c1:34:64:70:c0:95:28:
                    10:1c:71:3f:6c:d8:6d:dc:96:b8:c6:59:88:d9:ca:
                    bc:ae:6e:92:00:31:b1:6a:a2:d9:6a:37:10:ea:5a:
                    f9:14:fb:17:84:1d:46:1c:6d:42:7f:a1:0a:98:2e:
                    ec:23:3a:b8:84:73:bc:8a:e4:e4:71:17:ac:f9:af:
                    a1:9f:cf:3d:e6:91:81:81:7d:52:ab:25:44:08:90:
                    9e:dd:d7:35:dc:d5:bf:d1:d8:2e:e2:db:6e:c5:9d:
                    3f:e4:d5:04:fe:5d:94:44:17:dd:f2:50:61:0c:76:
                    e5:7d:22:38:d3:3b:85:aa:0a:0f:89:b8:ac:d7:64:
                    aa:ca:21:41:b5:cc:15:fb:c4:a3:5f:e6:de:66:c7:
                    f4:03:78:f5:87:0b:80:8b:b1:36:db:63:8c:c7:d2:
                    e8:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:D3:7B:BC:2B:53:55:33:FC:02:58:8F:09:A4:4E:FC:CE:88:F0:A6
            X509v3 Authority Key Identifier:
                keyid:C5:04:91:09:21:30:DE:DD:84:66:FF:D5:CC:51:05:76:C8:94:DF:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xQSRCSEw3t2EZv_VzFEFdsiU324.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d7a26c-c373-4e6d-9fd8-bf191d9a2c9c/1/8tN7vCtTVTP8AliPCaRO_M6I8KY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d7a26c-c373-4e6d-9fd8-bf191d9a2c9c/1/xQSRCSEw3t2EZv_VzFEFdsiU324.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:f0:3a:f5:35:b5:7a:91:e3:93:1b:65:15:05:ac:89:dd:de:
         35:7d:17:9a:a3:cc:f7:2d:fa:11:a7:77:ce:a6:0f:0f:5f:de:
         23:4a:74:ea:9d:94:59:f2:bf:55:fc:e2:c1:9f:e3:1f:1d:ed:
         f3:c7:96:c4:7c:45:77:d1:b3:9c:3b:a7:11:4e:57:4e:d0:f3:
         e2:7a:95:24:96:e0:c6:4b:0e:e8:3a:61:02:6b:9d:56:97:ac:
         b9:c7:cf:8a:19:3a:82:3d:ce:f2:aa:de:c6:36:a8:b5:2c:09:
         10:9d:aa:0d:bb:70:c4:cb:e0:d9:31:fd:b1:9a:e4:8d:1d:6d:
         e8:87:f6:b3:e4:f3:e1:22:e5:24:82:b8:fb:4c:3d:cc:ba:43:
         dd:0d:f0:0a:55:94:cc:7c:26:a9:45:54:42:1e:80:21:94:ea:
         24:b4:a0:6b:8f:20:86:4a:6d:a3:c5:05:5a:c3:14:cd:65:8e:
         22:d6:48:be:f4:5c:d1:fd:70:97:bf:67:9d:d0:4d:cf:44:62:
         b9:b8:ee:31:9b:1c:1c:31:54:2e:38:04:08:da:37:43:6b:84:
         1b:6e:bc:1d:bc:cd:00:f7:e5:d6:23:f7:62:99:34:60:93:87:
         47:4a:0e:fc:63:f4:db:9b:95:6f:76:4b:a5:55:c3:ee:73:67:
         32:84:89:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI30BBcDt0zjR3Fdcig6aKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1MDQ5MTA5MjEzMGRlZGQ4NDY2ZmZkNWNjNTEwNTc2Yzg5
NGRmNmUwHhcNMjQwMTAyMDYzMjAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmQzN2JiYzJiNTM1NTMzZmMwMjU4OGYwOWE0NGVmY2NlODhmMGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArf038tLF9IMMYgCl05jcyXdSMd2c
YSQprM+5osmykkPJHkcqs3ZhD1Oj9ILd3KpkRHcSTKQFeXR5ox/CoBYpMNzibFNS
t5G79eaeoHZmfbU05hfrHMk9Z4i60dPuSwxoGcE0ZHDAlSgQHHE/bNht3Ja4xlmI
2cq8rm6SADGxaqLZajcQ6lr5FPsXhB1GHG1Cf6EKmC7sIzq4hHO8iuTkcRes+a+h
n8895pGBgX1SqyVECJCe3dc13NW/0dgu4ttuxZ0/5NUE/l2URBfd8lBhDHblfSI4
0zuFqgoPibis12SqyiFBtcwV+8SjX+beZsf0A3j1hwuAi7E222OMx9LoZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPLTe7wrU1Uz/AJYjwmkTvzOiPCmMB8GA1UdIwQY
MBaAFMUEkQkhMN7dhGb/1cxRBXbIlN9uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFFTUkNTRXczdDJFWnZfVnpGRUZkc2lVMzI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9kN2EyNmMtYzM3My00ZTZkLTlmZDgt
YmYxOTFkOWEyYzljLzEvOHRON3ZDdFRWVFA4QWxpUENhUk9fTTZJOEtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9kN2EyNmMtYzM3My00ZTZkLTlmZDgtYmYxOTFkOWEyYzlj
LzEveFFTUkNTRXczdDJFWnZfVnpGRUZkc2lVMzI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpovMA0G
CSqGSIb3DQEBCwUAA4IBAQBD8Dr1NbV6keOTG2UVBayJ3d41fReao8z3LfoRp3fO
pg8PX94jSnTqnZRZ8r9V/OLBn+MfHe3zx5bEfEV30bOcO6cRTldO0PPiepUkluDG
Sw7oOmECa51Wl6y5x8+KGTqCPc7yqt7GNqi1LAkQnaoNu3DEy+DZMf2xmuSNHW3o
h/az5PPhIuUkgrj7TD3MukPdDfAKVZTMfCapRVRCHoAhlOoktKBrjyCGSm2jxQVa
wxTNZY4i1ki+9FzR/XCXv2ed0E3PRGK5uO4xmxwcMVQuOAQI2jdDa4QbbrwdvM0A
9+XWI/dimTRgk4dHSg78Y/Tbm5VvdkulVcPuc2cyhIkw
-----END CERTIFICATE-----