Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/f231e4-67a6-4c55-91f5-934b4439092d/1/aDRt8KRevBqEeF5pgfu7Zl-vkfY.roa
File:                     aDRt8KRevBqEeF5pgfu7Zl-vkfY.roa (raw, json)
Hash identifier:          Fy1x6oZyhBZpS8l1pTAE/TgfKF0XHSB1BgnLqzNWkaU=
Subject key identifier:   68:34:6D:F0:A4:5E:BC:1A:84:78:5E:69:81:FB:BB:66:5F:AF:91:F6
Certificate issuer:       /CN=e8c89b3dcdfa2697b48721308c76b67372a13b15
Certificate serial:       018CC3B6A9696F1851F2E3CFB2C4AC3F820D
Authority key identifier: E8:C8:9B:3D:CD:FA:26:97:B4:87:21:30:8C:76:B6:73:72:A1:3B:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6MibPc36Jpe0hyEwjHa2c3KhOxU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/f231e4-67a6-4c55-91f5-934b4439092d/1/aDRt8KRevBqEeF5pgfu7Zl-vkfY.roa
Signing time:             Mon 01 Jan 2024 06:29:37 +0000
ROA not before:           Mon 01 Jan 2024 06:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7155
IP address blocks:        194.53.214.0/23 maxlen: 24
                          194.53.128.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/f231e4-67a6-4c55-91f5-934b4439092d/1/6MibPc36Jpe0hyEwjHa2c3KhOxU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/f231e4-67a6-4c55-91f5-934b4439092d/1/6MibPc36Jpe0hyEwjHa2c3KhOxU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6MibPc36Jpe0hyEwjHa2c3KhOxU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:a9:69:6f:18:51:f2:e3:cf:b2:c4:ac:3f:82:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8c89b3dcdfa2697b48721308c76b67372a13b15
        Validity
            Not Before: Jan  1 06:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68346df0a45ebc1a84785e6981fbbb665faf91f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:2b:d2:e3:bc:f9:7d:be:4b:66:6a:45:37:f1:
                    5f:c4:87:b3:27:85:ba:a7:33:9c:71:1f:35:89:d5:
                    c7:8b:c5:0a:7e:e5:3d:fd:3c:b0:e4:de:49:e9:df:
                    39:95:c1:82:3b:ee:7e:6f:86:93:3f:0a:bd:df:d5:
                    c5:1b:b0:98:33:5c:60:76:0e:36:d9:dd:05:a9:bc:
                    fd:35:e4:db:74:03:d9:20:ea:9c:17:8f:d7:23:1d:
                    94:25:fd:90:ef:6d:61:0b:f5:fb:ef:0f:43:f8:85:
                    5d:cc:24:84:fb:55:0a:74:45:f2:eb:bd:38:38:3f:
                    fb:f1:1f:f4:a0:89:e3:3d:f4:24:e4:9b:b5:d1:44:
                    23:a6:19:a9:ad:28:43:27:5e:ba:61:32:3b:77:61:
                    8a:98:ea:d1:26:d9:bb:6b:d4:97:40:83:bb:94:c6:
                    36:d0:91:27:05:54:cb:b8:88:70:12:f1:f8:6a:c9:
                    8f:19:da:fb:97:f3:9c:b2:df:39:fb:9f:f8:b4:1a:
                    03:32:9f:ce:02:23:2d:a7:99:37:ad:e9:55:7a:d6:
                    ac:1d:1a:54:52:93:12:b4:a9:d4:52:58:55:e1:ae:
                    46:da:27:e5:66:5e:19:5c:ef:f9:76:0a:a8:37:e5:
                    11:f1:5b:39:50:23:16:6a:5f:39:59:0a:1b:15:1c:
                    db:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:34:6D:F0:A4:5E:BC:1A:84:78:5E:69:81:FB:BB:66:5F:AF:91:F6
            X509v3 Authority Key Identifier:
                keyid:E8:C8:9B:3D:CD:FA:26:97:B4:87:21:30:8C:76:B6:73:72:A1:3B:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6MibPc36Jpe0hyEwjHa2c3KhOxU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/f231e4-67a6-4c55-91f5-934b4439092d/1/aDRt8KRevBqEeF5pgfu7Zl-vkfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/f231e4-67a6-4c55-91f5-934b4439092d/1/6MibPc36Jpe0hyEwjHa2c3KhOxU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.53.128.0/23
                  194.53.214.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7e:c8:55:74:55:93:cd:b6:78:4f:a7:19:68:e2:9c:71:9d:56:
         94:c5:59:bf:13:47:1d:7a:a7:c6:8c:5c:65:70:f6:53:5c:c0:
         8e:84:d5:62:53:54:82:63:28:61:50:23:33:6a:4c:5b:a1:2c:
         6f:bb:cf:a8:1f:eb:29:1b:e3:5e:e8:6f:e8:59:a0:a1:97:96:
         9b:6f:bd:1a:b0:fe:5a:e4:1f:fe:aa:40:ca:33:99:18:98:d4:
         82:ab:9d:6e:81:44:fc:65:c5:66:bf:09:b1:8f:b7:c0:20:f6:
         fd:b9:91:01:af:72:b1:ee:36:82:c1:23:2b:b3:86:57:12:49:
         51:3f:0e:e4:7c:b7:8b:5b:93:54:32:f0:58:4a:6f:93:3d:c2:
         02:cc:ce:c3:b6:7f:89:5c:b7:dc:02:39:d0:b3:87:0d:9f:ba:
         b6:14:e1:09:af:ff:6e:19:8e:db:03:2c:b9:03:e9:a9:3d:1b:
         d5:dd:ac:20:39:7e:57:28:0f:09:9f:a4:d5:c7:22:f4:cc:0e:
         c7:59:d2:f8:af:f8:44:0c:3d:08:b9:94:78:55:21:2e:7c:35:
         63:56:ad:66:a4:23:75:57:72:2a:fe:13:e5:84:fb:56:2e:28:
         63:8d:fb:08:95:1e:16:bf:13:da:8d:14:3d:6f:d2:3e:ae:b2:
         f5:d2:6f:35
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtqlpbxhR8uPPssSsP4INMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4Yzg5YjNkY2RmYTI2OTdiNDg3MjEzMDhjNzZiNjczNzJh
MTNiMTUwHhcNMjQwMTAxMDYyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODM0NmRmMGE0NWViYzFhODQ3ODVlNjk4MWZiYmI2NjVmYWY5MWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoCvS47z5fb5LZmpFN/FfxIezJ4W6
pzOccR81idXHi8UKfuU9/Tyw5N5J6d85lcGCO+5+b4aTPwq939XFG7CYM1xgdg42
2d0Fqbz9NeTbdAPZIOqcF4/XIx2UJf2Q721hC/X77w9D+IVdzCSE+1UKdEXy6704
OD/78R/0oInjPfQk5Ju10UQjphmprShDJ166YTI7d2GKmOrRJtm7a9SXQIO7lMY2
0JEnBVTLuIhwEvH4asmPGdr7l/Ocst85+5/4tBoDMp/OAiMtp5k3relVetasHRpU
UpMStKnUUlhV4a5G2iflZl4ZXO/5dgqoN+UR8Vs5UCMWal85WQobFRzbDwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGg0bfCkXrwahHheaYH7u2Zfr5H2MB8GA1UdIwQY
MBaAFOjImz3N+iaXtIchMIx2tnNyoTsVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNk1pYlBjMzZKcGUwaHlFd2pIYTJjM0toT3hVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9mMjMxZTQtNjdhNi00YzU1LTkxZjUt
OTM0YjQ0MzkwOTJkLzEvYURSdDhLUmV2QnFFZUY1cGdmdTdabC12a2ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9mMjMxZTQtNjdhNi00YzU1LTkxZjUtOTM0YjQ0MzkwOTJk
LzEvNk1pYlBjMzZKcGUwaHlFd2pIYTJjM0toT3hVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwjWAAwQB
wjXWMA0GCSqGSIb3DQEBCwUAA4IBAQB+yFV0VZPNtnhPpxlo4pxxnVaUxVm/E0cd
eqfGjFxlcPZTXMCOhNViU1SCYyhhUCMzakxboSxvu8+oH+spG+Ne6G/oWaChl5ab
b70asP5a5B/+qkDKM5kYmNSCq51ugUT8ZcVmvwmxj7fAIPb9uZEBr3Kx7jaCwSMr
s4ZXEklRPw7kfLeLW5NUMvBYSm+TPcICzM7Dtn+JXLfcAjnQs4cNn7q2FOEJr/9u
GY7bAyy5A+mpPRvV3awgOX5XKA8Jn6TVxyL0zA7HWdL4r/hEDD0IuZR4VSEufDVj
Vq1mpCN1V3Iq/hPlhPtWLihjjfsIlR4WvxPajRQ9b9I+rrL10m81
-----END CERTIFICATE-----