Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/6c1e01-1595-47b0-9e03-cf7232ddebec/1/fAsxgYyVcHSoAG3aCyyvg0iPx_U.roa
File:                     fAsxgYyVcHSoAG3aCyyvg0iPx_U.roa (raw, json)
Hash identifier:          rD53toD4tsd7wUi1pJ1ZCtUz2bLSHXKmrSZVljz2szk=
Subject key identifier:   7C:0B:31:81:8C:95:70:74:A8:00:6D:DA:0B:2C:AF:83:48:8F:C7:F5
Certificate issuer:       /CN=0c57cb3a1e53e7629ee3b9f2672d4571ef85d2c8
Certificate serial:       018CC2DACF45F3B0ED925C1A0CE2FEF0B5A2
Authority key identifier: 0C:57:CB:3A:1E:53:E7:62:9E:E3:B9:F2:67:2D:45:71:EF:85:D2:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DFfLOh5T52Ke47nyZy1Fce-F0sg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/6c1e01-1595-47b0-9e03-cf7232ddebec/1/fAsxgYyVcHSoAG3aCyyvg0iPx_U.roa
Signing time:             Mon 01 Jan 2024 02:29:28 +0000
ROA not before:           Mon 01 Jan 2024 02:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200884
IP address blocks:        94.126.50.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/6c1e01-1595-47b0-9e03-cf7232ddebec/1/DFfLOh5T52Ke47nyZy1Fce-F0sg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/6c1e01-1595-47b0-9e03-cf7232ddebec/1/DFfLOh5T52Ke47nyZy1Fce-F0sg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DFfLOh5T52Ke47nyZy1Fce-F0sg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:cf:45:f3:b0:ed:92:5c:1a:0c:e2:fe:f0:b5:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c57cb3a1e53e7629ee3b9f2672d4571ef85d2c8
        Validity
            Not Before: Jan  1 02:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c0b31818c957074a8006dda0b2caf83488fc7f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c5:62:e2:5f:3b:e9:3c:f9:65:27:a5:02:72:
                    f8:8f:11:99:d9:89:f9:36:fd:3e:eb:44:cb:ae:68:
                    be:f3:56:58:09:b3:c6:59:4b:3d:fc:be:66:8c:0f:
                    0c:05:44:c6:f6:b5:da:f0:d2:79:9c:30:88:df:96:
                    21:7a:9e:6a:5a:b9:fd:a3:76:2b:6f:9b:55:9b:17:
                    1d:c0:51:c8:3a:06:cd:db:99:35:b8:cf:b6:3e:38:
                    8a:89:37:17:f0:60:a6:0d:20:f9:fa:07:53:d9:e3:
                    a3:ab:0b:2a:8a:ad:f7:7d:9f:87:10:ae:e6:84:e6:
                    90:7c:d4:f7:d3:87:7c:b9:df:b1:e8:c1:62:8f:a9:
                    6a:43:b8:d8:c3:5e:15:39:d9:54:fa:3d:b1:cc:8f:
                    e4:ac:91:27:a4:8b:fc:57:0d:ce:c5:35:60:10:cc:
                    4e:16:4e:f9:98:b5:a4:68:86:59:90:89:19:62:d8:
                    ac:f5:2c:ae:45:20:7e:fb:4b:7a:e9:b9:0f:da:0c:
                    85:58:2b:5f:e5:d1:79:c4:6b:03:48:a1:6a:8a:3c:
                    2d:3d:5d:a8:65:d4:cd:4d:66:d9:27:92:ab:71:4a:
                    47:5b:aa:55:79:1a:71:fa:c4:ce:b1:9a:cb:86:4f:
                    4a:e8:16:14:69:4c:25:e4:a6:c5:82:47:d7:d4:4a:
                    47:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:0B:31:81:8C:95:70:74:A8:00:6D:DA:0B:2C:AF:83:48:8F:C7:F5
            X509v3 Authority Key Identifier:
                keyid:0C:57:CB:3A:1E:53:E7:62:9E:E3:B9:F2:67:2D:45:71:EF:85:D2:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DFfLOh5T52Ke47nyZy1Fce-F0sg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6c1e01-1595-47b0-9e03-cf7232ddebec/1/fAsxgYyVcHSoAG3aCyyvg0iPx_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6c1e01-1595-47b0-9e03-cf7232ddebec/1/DFfLOh5T52Ke47nyZy1Fce-F0sg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.126.50.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4b:b6:d7:c8:b4:fd:35:91:23:c4:8c:7f:e8:bd:d4:72:6e:7f:
         81:6f:70:bd:3a:3a:6a:29:89:68:89:b6:9c:33:27:29:2e:fc:
         86:b5:29:2d:59:3a:b8:54:52:11:79:e9:1f:73:cf:be:fa:3c:
         40:d9:dc:2f:bc:7b:41:1b:17:18:14:29:02:72:f3:c6:09:a5:
         20:82:73:b5:2c:78:ea:d9:7e:dd:77:88:3c:d3:86:91:00:bc:
         42:71:67:e8:03:fc:af:a1:16:9e:ae:03:38:55:86:34:85:1f:
         6f:aa:ad:93:b6:6b:2f:70:1f:d1:96:2d:39:1e:3e:5d:b4:25:
         aa:94:7d:01:cf:56:0b:d8:63:4e:55:37:b5:f5:ff:6c:b7:a9:
         42:20:d6:8e:21:ed:71:1a:1b:31:1b:0f:36:51:df:27:cc:bc:
         ac:ba:34:36:a6:5d:04:18:b3:58:41:68:5d:30:ff:dd:6c:fe:
         48:63:64:15:0c:09:b0:9b:02:10:36:2b:58:92:8d:50:34:48:
         51:ae:8a:be:2f:7a:13:5c:f8:71:36:ec:31:0c:c6:3e:78:03:
         b9:e7:70:83:fc:b8:3b:8e:17:3e:86:1b:03:69:82:93:74:77:
         c7:10:55:24:7f:35:24:cc:9d:e9:7e:40:12:b6:41:cc:ba:05:
         f3:a1:f9:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2s9F87DtklwaDOL+8LWiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjNTdjYjNhMWU1M2U3NjI5ZWUzYjlmMjY3MmQ0NTcxZWY4
NWQyYzgwHhcNMjQwMTAxMDIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzBiMzE4MThjOTU3MDc0YTgwMDZkZGEwYjJjYWY4MzQ4OGZjN2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcVi4l876Tz5ZSelAnL4jxGZ2Yn5
Nv0+60TLrmi+81ZYCbPGWUs9/L5mjA8MBUTG9rXa8NJ5nDCI35Yhep5qWrn9o3Yr
b5tVmxcdwFHIOgbN25k1uM+2PjiKiTcX8GCmDSD5+gdT2eOjqwsqiq33fZ+HEK7m
hOaQfNT304d8ud+x6MFij6lqQ7jYw14VOdlU+j2xzI/krJEnpIv8Vw3OxTVgEMxO
Fk75mLWkaIZZkIkZYtis9SyuRSB++0t66bkP2gyFWCtf5dF5xGsDSKFqijwtPV2o
ZdTNTWbZJ5KrcUpHW6pVeRpx+sTOsZrLhk9K6BYUaUwl5KbFgkfX1EpHnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHwLMYGMlXB0qABt2gssr4NIj8f1MB8GA1UdIwQY
MBaAFAxXyzoeU+dinuO58mctRXHvhdLIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREZmTE9oNVQ1MktlNDdueVp5MUZjZS1GMHNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS82YzFlMDEtMTU5NS00N2IwLTllMDMt
Y2Y3MjMyZGRlYmVjLzEvZkFzeGdZeVZjSFNvQUczYUN5eXZnMGlQeF9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS82YzFlMDEtMTU5NS00N2IwLTllMDMtY2Y3MjMyZGRlYmVj
LzEvREZmTE9oNVQ1MktlNDdueVp5MUZjZS1GMHNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXn4yMA0G
CSqGSIb3DQEBCwUAA4IBAQBLttfItP01kSPEjH/ovdRybn+Bb3C9OjpqKYloibac
MycpLvyGtSktWTq4VFIReekfc8+++jxA2dwvvHtBGxcYFCkCcvPGCaUggnO1LHjq
2X7dd4g804aRALxCcWfoA/yvoRaergM4VYY0hR9vqq2TtmsvcB/Rli05Hj5dtCWq
lH0Bz1YL2GNOVTe19f9st6lCINaOIe1xGhsxGw82Ud8nzLysujQ2pl0EGLNYQWhd
MP/dbP5IY2QVDAmwmwIQNitYko1QNEhRroq+L3oTXPhxNuwxDMY+eAO553CD/Lg7
jhc+hhsDaYKTdHfHEFUkfzUkzJ3pfkAStkHMugXzofmA
-----END CERTIFICATE-----