Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/AjVopUaFCJstvhxSA1qPxZax-2U.roa
File:                     AjVopUaFCJstvhxSA1qPxZax-2U.roa (raw, json)
Hash identifier:          pTJU/NfRU63JIGJ6iKnPyLbRreZcnMbDFrN5+1HNj8o=
Subject key identifier:   02:35:68:A5:46:85:08:9B:2D:BE:1C:52:03:5A:8F:C5:96:B1:FB:65
Certificate issuer:       /CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
Certificate serial:       018CC7257C13BB649DD450601C02AC8E92BF
Authority key identifier: E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/AjVopUaFCJstvhxSA1qPxZax-2U.roa
Signing time:             Mon 01 Jan 2024 22:29:31 +0000
ROA not before:           Mon 01 Jan 2024 22:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57100
IP address blocks:        94.154.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:7c:13:bb:64:9d:d4:50:60:1c:02:ac:8e:92:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
        Validity
            Not Before: Jan  1 22:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=023568a54685089b2dbe1c52035a8fc596b1fb65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:43:7a:4c:04:7e:39:55:9b:18:07:85:e1:cc:
                    c6:1a:e0:22:d9:53:74:06:aa:49:38:8b:0c:7f:05:
                    2c:aa:71:c5:3d:dd:9f:45:ee:c6:80:9f:88:5c:3b:
                    ad:06:87:9c:b5:e9:05:40:21:e7:5b:5d:54:ca:95:
                    da:10:51:1c:e5:a7:63:9c:d5:dc:87:ef:81:25:5a:
                    d1:43:3b:a6:08:f1:de:93:96:61:d1:b9:85:0a:36:
                    6a:f1:0d:e4:53:7f:4a:4d:9d:30:68:d1:60:ae:da:
                    0f:76:f0:16:a8:23:3d:03:53:cc:aa:3e:00:5b:cf:
                    4b:9e:2e:5d:52:41:05:77:94:fc:cd:62:e3:f0:28:
                    86:0a:b8:44:1f:7b:59:21:f7:55:d6:57:20:29:2a:
                    34:0f:83:1e:38:41:36:89:23:57:07:1a:2f:bc:4b:
                    8c:8a:0d:fc:e5:5e:04:17:73:45:e8:41:b9:12:f4:
                    67:ec:d5:60:2c:4f:31:bc:24:3d:d0:6b:38:6f:af:
                    c6:5b:88:d6:81:0a:61:58:41:9a:62:30:60:de:5d:
                    74:ae:2e:ef:a9:a3:69:7a:f5:d3:14:05:df:05:c1:
                    d7:12:e3:a1:94:e8:1d:da:4f:43:62:2e:b3:29:df:
                    aa:16:72:72:f6:1c:28:be:ca:c2:a4:07:69:a9:af:
                    51:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:35:68:A5:46:85:08:9B:2D:BE:1C:52:03:5A:8F:C5:96:B1:FB:65
            X509v3 Authority Key Identifier:
                keyid:E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/AjVopUaFCJstvhxSA1qPxZax-2U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:33:f0:21:61:ad:62:ad:df:f9:a4:4d:c0:ed:dd:ab:a0:79:
         83:80:53:df:36:41:f9:1e:d3:8d:1f:ba:19:69:da:7f:25:20:
         ca:4b:47:59:2b:38:7a:11:c2:f1:fa:4d:43:d6:1a:6b:ac:24:
         c9:00:0a:68:c7:56:b5:3f:46:ba:bb:57:e7:c2:23:b2:5e:33:
         44:a9:7b:25:14:f9:0a:1e:0d:00:a2:3e:95:8c:52:e9:6d:6c:
         40:06:72:fc:da:0c:c8:c6:f1:60:54:46:64:5f:83:cf:c4:0d:
         9d:8c:7a:86:ab:09:18:92:f3:24:92:43:ed:a2:4e:5c:ba:2a:
         d7:6e:32:e2:bb:4e:fc:85:7d:62:75:08:bb:bc:2d:56:94:39:
         3c:ea:14:61:d1:7f:3c:c7:c3:4e:8a:d5:e2:0d:46:ce:3b:cd:
         10:75:e1:8b:3a:af:3d:f9:3e:bc:b5:75:c8:83:d2:1b:56:46:
         6d:53:e9:c4:d3:29:c7:b5:c8:df:7c:0d:16:cc:3b:4a:4b:e0:
         29:59:99:53:93:31:5f:e9:51:73:26:62:a7:72:3f:0a:c4:cd:
         24:b1:d4:ac:47:fd:b5:32:cf:dc:f8:04:db:ee:7f:6d:f6:ab:
         d0:21:da:43:99:24:4d:56:b7:7f:da:9e:94:f2:4b:ad:4d:b9:
         b5:7d:d1:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJXwTu2Sd1FBgHAKsjpK/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3Y2YzODg0Yjc4MDA3YTI1ZGJlMmUyY2VmMGNjNzNiNjk5
MjFmODgwHhcNMjQwMTAxMjIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjM1NjhhNTQ2ODUwODliMmRiZTFjNTIwMzVhOGZjNTk2YjFmYjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0N6TAR+OVWbGAeF4czGGuAi2VN0
BqpJOIsMfwUsqnHFPd2fRe7GgJ+IXDutBoectekFQCHnW11UypXaEFEc5adjnNXc
h++BJVrRQzumCPHek5Zh0bmFCjZq8Q3kU39KTZ0waNFgrtoPdvAWqCM9A1PMqj4A
W89Lni5dUkEFd5T8zWLj8CiGCrhEH3tZIfdV1lcgKSo0D4MeOEE2iSNXBxovvEuM
ig385V4EF3NF6EG5EvRn7NVgLE8xvCQ90Gs4b6/GW4jWgQphWEGaYjBg3l10ri7v
qaNpevXTFAXfBcHXEuOhlOgd2k9DYi6zKd+qFnJy9hwovsrCpAdpqa9RUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAI1aKVGhQibLb4cUgNaj8WWsftlMB8GA1UdIwQY
MBaAFOfPOIS3gAeiXb4uLO8Mxztpkh+IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgt
YTE4NGYzNTU2ZTQzLzEvQWpWb3BVYUZDSnN0dmh4U0ExcVB4WmF4LTJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgtYTE4NGYzNTU2ZTQz
LzEvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXponMA0G
CSqGSIb3DQEBCwUAA4IBAQBcM/AhYa1ird/5pE3A7d2roHmDgFPfNkH5HtONH7oZ
adp/JSDKS0dZKzh6EcLx+k1D1hprrCTJAApox1a1P0a6u1fnwiOyXjNEqXslFPkK
Hg0Aoj6VjFLpbWxABnL82gzIxvFgVEZkX4PPxA2djHqGqwkYkvMkkkPtok5cuirX
bjLiu078hX1idQi7vC1WlDk86hRh0X88x8NOitXiDUbOO80QdeGLOq89+T68tXXI
g9IbVkZtU+nE0ynHtcjffA0WzDtKS+ApWZlTkzFf6VFzJmKncj8KxM0ksdSsR/21
Ms/c+ATb7n9t9qvQIdpDmSRNVrd/2p6U8kutTbm1fdFq
-----END CERTIFICATE-----