Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/b8ea5b-3dd4-4374-a793-c5e6d23f8b09/1/rChp1SE1osz1bzWwWemxib3hVGs.roa
File:                     rChp1SE1osz1bzWwWemxib3hVGs.roa (raw, json)
Hash identifier:          laTWpsz289tYmTMK27Kywq5ayL7s/tjBUcslxTSBk7Q=
Subject key identifier:   AC:28:69:D5:21:35:A2:CC:F5:6F:35:B0:59:E9:B1:89:BD:E1:54:6B
Certificate issuer:       /CN=e5a1b36552f9daccb92ac5c3b44b426d643749e2
Certificate serial:       018CC5DC0F12B4D9E4B9B2A69F488982AB8C
Authority key identifier: E5:A1:B3:65:52:F9:DA:CC:B9:2A:C5:C3:B4:4B:42:6D:64:37:49:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5aGzZVL52sy5KsXDtEtCbWQ3SeI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/b8ea5b-3dd4-4374-a793-c5e6d23f8b09/1/rChp1SE1osz1bzWwWemxib3hVGs.roa
Signing time:             Mon 01 Jan 2024 16:29:42 +0000
ROA not before:           Mon 01 Jan 2024 16:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34994
IP address blocks:        82.193.95.0/24 maxlen: 32
                          82.193.94.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/b8ea5b-3dd4-4374-a793-c5e6d23f8b09/1/5aGzZVL52sy5KsXDtEtCbWQ3SeI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/b8ea5b-3dd4-4374-a793-c5e6d23f8b09/1/5aGzZVL52sy5KsXDtEtCbWQ3SeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5aGzZVL52sy5KsXDtEtCbWQ3SeI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 01:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:0f:12:b4:d9:e4:b9:b2:a6:9f:48:89:82:ab:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5a1b36552f9daccb92ac5c3b44b426d643749e2
        Validity
            Not Before: Jan  1 16:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac2869d52135a2ccf56f35b059e9b189bde1546b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:25:9e:34:20:3a:d6:3d:b9:e7:34:62:97:cf:
                    fc:e4:a0:0e:ed:ac:8a:e8:80:29:cc:62:60:a8:21:
                    00:01:80:ef:de:1d:c8:bf:bf:f5:09:64:af:43:61:
                    a0:15:05:bc:bc:5e:ed:bd:12:71:c9:fe:c1:d8:32:
                    1e:36:bf:22:31:68:49:d3:80:4c:34:45:d2:dc:94:
                    27:03:55:ba:ef:12:e0:35:18:33:39:f0:04:39:2a:
                    aa:99:6f:2b:46:05:1e:ff:59:53:18:02:4c:50:1f:
                    37:02:88:4c:d9:ef:bd:38:46:5f:5b:1d:03:97:05:
                    c0:f8:a3:08:d9:d3:d8:c9:9b:e5:b4:c5:f4:25:cf:
                    c2:9e:c4:22:ef:60:b3:83:57:3f:74:0b:62:f3:6f:
                    ac:14:b5:27:a8:07:ac:95:08:10:fc:20:72:90:d6:
                    9b:60:6f:e5:d8:b7:aa:43:2f:95:da:9c:2f:ef:45:
                    6f:fe:17:6a:44:43:0a:94:2f:bc:54:04:37:c5:3e:
                    fd:52:0f:3e:15:2f:4a:99:bf:24:2b:e5:9a:f7:ba:
                    6f:ff:fb:48:b2:7a:75:26:46:96:7a:dc:6d:f8:f5:
                    8e:ca:b5:bb:ff:7a:d4:ca:17:ae:9b:a2:21:75:07:
                    40:4a:18:cb:13:bc:6e:ea:2d:11:e4:b3:0c:38:74:
                    47:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:28:69:D5:21:35:A2:CC:F5:6F:35:B0:59:E9:B1:89:BD:E1:54:6B
            X509v3 Authority Key Identifier:
                keyid:E5:A1:B3:65:52:F9:DA:CC:B9:2A:C5:C3:B4:4B:42:6D:64:37:49:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5aGzZVL52sy5KsXDtEtCbWQ3SeI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b8ea5b-3dd4-4374-a793-c5e6d23f8b09/1/rChp1SE1osz1bzWwWemxib3hVGs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b8ea5b-3dd4-4374-a793-c5e6d23f8b09/1/5aGzZVL52sy5KsXDtEtCbWQ3SeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.193.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         88:6f:a5:ec:72:80:6c:36:41:35:a0:c1:82:78:21:04:9a:e2:
         f1:da:ca:f9:04:5c:7d:39:7c:03:4c:81:61:a4:e0:e9:41:d1:
         bd:ab:7e:e4:17:70:6b:56:35:0b:19:5d:2b:d0:a4:85:93:55:
         77:ac:62:20:2a:de:77:b1:be:2f:5f:b0:f3:b4:c3:c6:b9:51:
         cf:c5:d8:18:88:23:92:60:fd:69:51:4e:eb:68:d3:59:6c:7c:
         50:93:9b:23:0f:ea:f5:57:4c:60:75:a6:5b:3e:78:bc:5e:92:
         01:0e:b1:0e:dd:e0:a2:1c:2b:6e:13:8c:4b:6b:f6:e7:de:1c:
         4a:0d:9d:3d:6c:02:87:e7:22:78:ce:16:99:0c:71:d4:ea:bc:
         ce:2b:0d:0f:4d:25:a4:fa:20:ca:15:d7:1e:8b:ca:0a:e3:ba:
         b0:70:62:aa:74:c6:86:7c:84:22:85:b6:3f:2a:46:fd:ff:ea:
         d0:95:ee:2f:d3:71:91:22:48:22:73:47:51:8b:e9:71:a0:b8:
         6f:90:75:71:39:c4:57:07:39:05:66:8d:5c:e7:9b:2e:bb:1c:
         b9:b7:74:10:03:e3:73:58:ba:22:3b:9e:7a:7d:73:d9:eb:ee:
         50:3f:99:92:4c:27:8c:85:9e:8c:b3:3f:2d:41:86:b2:7d:c8:
         b6:b6:28:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3A8StNnkubKmn0iJgquMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1YTFiMzY1NTJmOWRhY2NiOTJhYzVjM2I0NGI0MjZkNjQz
NzQ5ZTIwHhcNMjQwMTAxMTYyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzI4NjlkNTIxMzVhMmNjZjU2ZjM1YjA1OWU5YjE4OWJkZTE1NDZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwCWeNCA61j255zRil8/85KAO7ayK
6IApzGJgqCEAAYDv3h3Iv7/1CWSvQ2GgFQW8vF7tvRJxyf7B2DIeNr8iMWhJ04BM
NEXS3JQnA1W67xLgNRgzOfAEOSqqmW8rRgUe/1lTGAJMUB83AohM2e+9OEZfWx0D
lwXA+KMI2dPYyZvltMX0Jc/CnsQi72Czg1c/dAti82+sFLUnqAeslQgQ/CBykNab
YG/l2LeqQy+V2pwv70Vv/hdqREMKlC+8VAQ3xT79Ug8+FS9Kmb8kK+Wa97pv//tI
snp1JkaWetxt+PWOyrW7/3rUyheum6IhdQdAShjLE7xu6i0R5LMMOHRH2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKwoadUhNaLM9W81sFnpsYm94VRrMB8GA1UdIwQY
MBaAFOWhs2VS+drMuSrFw7RLQm1kN0niMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWFHelpWTDUyc3k1S3NYRHRFdENiV1EzU2VJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9iOGVhNWItM2RkNC00Mzc0LWE3OTMt
YzVlNmQyM2Y4YjA5LzEvckNocDFTRTFvc3oxYnpXd1dlbXhpYjNoVkdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9iOGVhNWItM2RkNC00Mzc0LWE3OTMtYzVlNmQyM2Y4YjA5
LzEvNWFHelpWTDUyc3k1S3NYRHRFdENiV1EzU2VJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUsFeMA0G
CSqGSIb3DQEBCwUAA4IBAQCIb6XscoBsNkE1oMGCeCEEmuLx2sr5BFx9OXwDTIFh
pODpQdG9q37kF3BrVjULGV0r0KSFk1V3rGIgKt53sb4vX7DztMPGuVHPxdgYiCOS
YP1pUU7raNNZbHxQk5sjD+r1V0xgdaZbPni8XpIBDrEO3eCiHCtuE4xLa/bn3hxK
DZ09bAKH5yJ4zhaZDHHU6rzOKw0PTSWk+iDKFdcei8oK47qwcGKqdMaGfIQihbY/
Kkb9/+rQle4v03GRIkgic0dRi+lxoLhvkHVxOcRXBzkFZo1c55suuxy5t3QQA+Nz
WLoiO556fXPZ6+5QP5mSTCeMhZ6Msz8tQYayfci2tigv
-----END CERTIFICATE-----