Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/584997-83ab-4817-aac3-88cf72ca9e46/1/8UsBPyZ54lZeSI9LrLWyg87Geok.roa
File:                     8UsBPyZ54lZeSI9LrLWyg87Geok.roa (raw, json)
Hash identifier:          sQdPQaP0vgT1WzF9oMvL0oBGBM7FbrjeSQxNiDpz/no=
Subject key identifier:   F1:4B:01:3F:26:79:E2:56:5E:48:8F:4B:AC:B5:B2:83:CE:C6:7A:89
Certificate issuer:       /CN=6eb64fa8e05a2d7f564acf289ae757c404cdd9d0
Certificate serial:       019049DCA1E99B3B7ABA161C728CF79E1B8A
Authority key identifier: 6E:B6:4F:A8:E0:5A:2D:7F:56:4A:CF:28:9A:E7:57:C4:04:CD:D9:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/brZPqOBaLX9WSs8omudXxATN2dA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/584997-83ab-4817-aac3-88cf72ca9e46/1/8UsBPyZ54lZeSI9LrLWyg87Geok.roa
Signing time:             Mon 24 Jun 2024 10:48:34 +0000
ROA not before:           Mon 24 Jun 2024 10:48:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        194.164.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/584997-83ab-4817-aac3-88cf72ca9e46/1/brZPqOBaLX9WSs8omudXxATN2dA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/584997-83ab-4817-aac3-88cf72ca9e46/1/brZPqOBaLX9WSs8omudXxATN2dA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/brZPqOBaLX9WSs8omudXxATN2dA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:49:dc:a1:e9:9b:3b:7a:ba:16:1c:72:8c:f7:9e:1b:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6eb64fa8e05a2d7f564acf289ae757c404cdd9d0
        Validity
            Not Before: Jun 24 10:48:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f14b013f2679e2565e488f4bacb5b283cec67a89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:46:e6:7c:63:78:4f:e0:0e:01:8b:f3:16:ac:
                    a4:a3:fd:e6:8f:72:ee:46:60:69:d2:dd:58:62:83:
                    d5:5a:09:69:80:fc:cc:c3:c6:09:7e:51:14:ed:1b:
                    b1:a0:3a:1b:5f:8b:00:b6:39:14:c9:e2:84:39:d6:
                    58:53:85:98:66:b7:ae:6f:9f:ae:a7:c0:02:7c:32:
                    42:fa:bb:66:39:39:6a:2e:27:a9:6a:df:d9:70:df:
                    30:46:37:25:1a:4a:13:95:28:99:98:5b:52:0b:c3:
                    89:86:90:ab:b1:70:75:72:79:c0:f2:f2:39:f5:cb:
                    49:38:8f:91:83:8d:ef:56:db:11:18:b4:4e:d1:2e:
                    ec:0c:f0:72:82:57:12:26:dc:fb:dd:0c:b5:3c:8b:
                    77:08:c2:01:49:bc:e0:e7:7a:ee:06:f1:13:f7:95:
                    51:51:3f:b7:ff:a6:36:81:0d:62:67:6b:dc:97:7d:
                    e2:9c:bd:44:fd:95:e5:d6:96:91:06:d3:48:bd:c5:
                    14:0b:be:fe:38:8e:e6:49:56:aa:91:7c:b8:2a:37:
                    a0:cf:d4:5d:da:85:dd:35:7a:f2:3b:8b:9c:61:aa:
                    2b:9b:10:e6:b8:37:a3:1e:6b:4e:3d:c3:6b:79:79:
                    b8:78:c3:5b:c9:fe:e7:13:9f:88:34:2c:84:cc:bb:
                    60:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:4B:01:3F:26:79:E2:56:5E:48:8F:4B:AC:B5:B2:83:CE:C6:7A:89
            X509v3 Authority Key Identifier:
                keyid:6E:B6:4F:A8:E0:5A:2D:7F:56:4A:CF:28:9A:E7:57:C4:04:CD:D9:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/brZPqOBaLX9WSs8omudXxATN2dA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/584997-83ab-4817-aac3-88cf72ca9e46/1/8UsBPyZ54lZeSI9LrLWyg87Geok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/584997-83ab-4817-aac3-88cf72ca9e46/1/brZPqOBaLX9WSs8omudXxATN2dA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.164.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:c3:b0:68:49:32:d2:bc:18:5e:35:7b:88:da:2f:fe:b0:ef:
         43:d3:50:72:d5:62:3f:75:28:6a:48:ad:61:fc:db:4a:3a:e4:
         1b:c4:e5:47:f0:0f:0f:cb:94:64:fa:7f:18:28:f4:b6:d2:33:
         7b:22:c1:65:45:63:7f:bd:0e:11:ed:d9:e2:b7:1d:19:b3:ee:
         79:6e:c8:7d:0e:de:24:e8:f6:e3:b7:8c:23:f0:2a:e6:a9:ad:
         85:5b:42:87:9c:33:02:1d:47:2f:af:f8:86:b1:5c:ed:d7:4b:
         cd:14:51:7c:01:d3:aa:4e:0b:51:80:6a:41:92:e7:87:c6:2e:
         68:d2:45:79:99:f5:49:99:a3:27:38:ec:07:9a:3e:6c:83:bd:
         14:ec:9e:9d:83:a2:bd:f0:e9:90:43:97:00:f3:b8:7f:62:75:
         cb:b2:42:0b:71:de:c3:62:fc:0d:3a:30:82:dd:09:6b:ce:0c:
         55:72:2e:7d:8a:52:40:2c:42:ce:35:de:e3:12:17:bf:92:ea:
         40:5e:36:cb:05:d3:3f:2c:8b:19:a2:5e:b8:b4:f8:d7:1e:19:
         f2:81:82:36:1e:89:73:b7:70:11:1e:29:e9:00:62:ac:73:03:
         19:78:3c:39:1b:ac:7a:76:73:b9:d4:db:eb:d0:31:81:31:1e:
         51:57:26:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBJ3KHpmzt6uhYccoz3nhuKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlYjY0ZmE4ZTA1YTJkN2Y1NjRhY2YyODlhZTc1N2M0MDRj
ZGQ5ZDAwHhcNMjQwNjI0MTA0ODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTRiMDEzZjI2NzllMjU2NWU0ODhmNGJhY2I1YjI4M2NlYzY3YTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn0bmfGN4T+AOAYvzFqyko/3mj3Lu
RmBp0t1YYoPVWglpgPzMw8YJflEU7RuxoDobX4sAtjkUyeKEOdZYU4WYZreub5+u
p8ACfDJC+rtmOTlqLiepat/ZcN8wRjclGkoTlSiZmFtSC8OJhpCrsXB1cnnA8vI5
9ctJOI+Rg43vVtsRGLRO0S7sDPByglcSJtz73Qy1PIt3CMIBSbzg53ruBvET95VR
UT+3/6Y2gQ1iZ2vcl33inL1E/ZXl1paRBtNIvcUUC77+OI7mSVaqkXy4Kjegz9Rd
2oXdNXryO4ucYaormxDmuDejHmtOPcNreXm4eMNbyf7nE5+INCyEzLtgtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPFLAT8meeJWXkiPS6y1soPOxnqJMB8GA1UdIwQY
MBaAFG62T6jgWi1/VkrPKJrnV8QEzdnQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnJaUHFPQmFMWDlXU3M4b211ZFh4QVROMmRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy81ODQ5OTctODNhYi00ODE3LWFhYzMt
ODhjZjcyY2E5ZTQ2LzEvOFVzQlB5WjU0bFplU0k5THJMV3lnODdHZW9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy81ODQ5OTctODNhYi00ODE3LWFhYzMtODhjZjcyY2E5ZTQ2
LzEvYnJaUHFPQmFMWDlXU3M4b211ZFh4QVROMmRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqT2MA0G
CSqGSIb3DQEBCwUAA4IBAQCXw7BoSTLSvBheNXuI2i/+sO9D01By1WI/dShqSK1h
/NtKOuQbxOVH8A8Py5Rk+n8YKPS20jN7IsFlRWN/vQ4R7dnitx0Zs+55bsh9Dt4k
6Pbjt4wj8Crmqa2FW0KHnDMCHUcvr/iGsVzt10vNFFF8AdOqTgtRgGpBkueHxi5o
0kV5mfVJmaMnOOwHmj5sg70U7J6dg6K98OmQQ5cA87h/YnXLskILcd7DYvwNOjCC
3QlrzgxVci59ilJALELONd7jEhe/kupAXjbLBdM/LIsZol64tPjXHhnygYI2Holz
t3ARHinpAGKscwMZeDw5G6x6dnO51Nvr0DGBMR5RVyaI
-----END CERTIFICATE-----