Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/2d4f7f-16e7-4fe6-a189-bd58d0021a09/1/8CQBA9UIbsIXK-KQ8bRKpzHFfF8.roa
File:                     8CQBA9UIbsIXK-KQ8bRKpzHFfF8.roa (raw, json)
Hash identifier:          iqQGG94M21CF5Z3HkA6hxLOLMuPvZwZiiDQ2KvSaibY=
Subject key identifier:   F0:24:01:03:D5:08:6E:C2:17:2B:E2:90:F1:B4:4A:A7:31:C5:7C:5F
Certificate issuer:       /CN=3dfa29368c8be69c8edd5aa193557fcba2a57ec8
Certificate serial:       018CC64AAA985177711D41DBED00C6A0FD88
Authority key identifier: 3D:FA:29:36:8C:8B:E6:9C:8E:DD:5A:A1:93:55:7F:CB:A2:A5:7E:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PfopNoyL5pyO3Vqhk1V_y6Klfsg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/2d4f7f-16e7-4fe6-a189-bd58d0021a09/1/8CQBA9UIbsIXK-KQ8bRKpzHFfF8.roa
Signing time:             Mon 01 Jan 2024 18:30:31 +0000
ROA not before:           Mon 01 Jan 2024 18:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29119
IP address blocks:        194.49.57.0/24 maxlen: 24
                          194.49.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/2d4f7f-16e7-4fe6-a189-bd58d0021a09/1/PfopNoyL5pyO3Vqhk1V_y6Klfsg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/2d4f7f-16e7-4fe6-a189-bd58d0021a09/1/PfopNoyL5pyO3Vqhk1V_y6Klfsg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PfopNoyL5pyO3Vqhk1V_y6Klfsg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:aa:98:51:77:71:1d:41:db:ed:00:c6:a0:fd:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3dfa29368c8be69c8edd5aa193557fcba2a57ec8
        Validity
            Not Before: Jan  1 18:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0240103d5086ec2172be290f1b44aa731c57c5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:db:3c:4c:23:e6:45:2c:57:46:b3:6e:69:e8:
                    2f:08:f0:cc:73:a8:ee:84:90:3c:f3:fe:a1:7d:03:
                    71:05:cf:0d:68:f1:4e:a4:21:73:e9:1b:2e:b1:29:
                    be:95:29:35:f4:58:64:b5:5d:c2:b9:9e:77:6b:79:
                    0f:1f:c8:1d:fb:c3:93:90:38:10:e3:67:0b:b8:42:
                    be:88:81:e6:b8:28:82:82:34:2c:36:9e:04:39:a0:
                    b4:27:fe:32:48:eb:e0:99:55:b0:d8:98:03:b3:d7:
                    f5:86:8e:f4:06:5f:74:d9:65:5b:37:13:df:fa:4a:
                    59:24:70:a6:c0:5f:69:d2:82:03:6e:78:50:94:8d:
                    ed:5e:50:f8:b0:83:a6:58:5c:11:4f:9e:cc:63:a4:
                    48:5b:54:32:0a:a8:aa:8f:96:78:40:8f:2f:74:82:
                    f7:41:2e:b9:66:73:e3:8c:56:2f:5b:10:48:2d:a4:
                    08:21:eb:3d:94:79:8c:bc:e9:3f:82:f5:55:af:b3:
                    2f:35:56:43:35:e1:b5:f4:ba:6a:76:13:4e:29:93:
                    43:4f:b4:3c:45:40:9c:00:3c:b2:88:78:43:c4:bf:
                    d4:2c:ab:74:59:f5:8c:46:5d:0f:9b:78:08:9e:86:
                    94:ae:b4:8b:c7:c1:1a:bb:e3:4c:a0:3b:db:4b:3a:
                    cb:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:24:01:03:D5:08:6E:C2:17:2B:E2:90:F1:B4:4A:A7:31:C5:7C:5F
            X509v3 Authority Key Identifier:
                keyid:3D:FA:29:36:8C:8B:E6:9C:8E:DD:5A:A1:93:55:7F:CB:A2:A5:7E:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PfopNoyL5pyO3Vqhk1V_y6Klfsg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/2d4f7f-16e7-4fe6-a189-bd58d0021a09/1/8CQBA9UIbsIXK-KQ8bRKpzHFfF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/2d4f7f-16e7-4fe6-a189-bd58d0021a09/1/PfopNoyL5pyO3Vqhk1V_y6Klfsg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.49.57.0/24
                  194.49.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:18:95:65:6e:58:eb:56:b1:bc:7d:de:d4:2d:83:3c:3b:41:
         23:54:25:d6:f0:57:3b:f8:eb:fe:ed:55:ed:71:d5:ad:7f:65:
         ec:b5:59:ea:8d:0f:b3:23:51:27:d6:b4:d7:b0:5f:46:66:df:
         48:d8:16:70:fb:5d:b1:f1:48:8d:5f:68:fe:e8:cf:0a:e1:3c:
         02:a8:5c:1f:23:56:e0:fd:05:e2:8d:77:45:1b:52:f0:64:8c:
         7a:b0:90:1e:bb:be:ce:d9:f2:b6:07:64:05:1b:3c:ca:7e:60:
         63:5a:bc:bc:f1:e8:7c:71:53:b9:a5:e1:70:7a:b8:08:60:26:
         8f:bc:5f:58:b7:c7:0b:2d:ed:bb:fe:bc:bd:62:d3:f3:6d:88:
         71:1a:67:fe:7f:17:33:c8:f5:7d:83:61:df:22:c8:e9:68:7e:
         2c:81:ff:b9:cd:b8:43:dd:28:cc:40:10:8a:9c:41:99:fc:ba:
         c0:9c:16:83:15:0a:94:33:01:bf:69:25:5b:66:e9:cb:f0:18:
         5d:a5:cd:93:68:e1:81:13:93:79:39:cd:af:04:52:47:bc:c1:
         aa:b0:16:c0:28:f7:7e:79:12:ad:88:c9:01:3f:0d:21:2b:41:
         54:c7:f8:54:8b:b8:54:2c:1c:15:86:09:18:f1:ef:26:c8:ce:
         ff:6b:f5:1b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSqqYUXdxHUHb7QDGoP2IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkZmEyOTM2OGM4YmU2OWM4ZWRkNWFhMTkzNTU3ZmNiYTJh
NTdlYzgwHhcNMjQwMTAxMTgzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDI0MDEwM2Q1MDg2ZWMyMTcyYmUyOTBmMWI0NGFhNzMxYzU3YzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjts8TCPmRSxXRrNuaegvCPDMc6ju
hJA88/6hfQNxBc8NaPFOpCFz6RsusSm+lSk19FhktV3CuZ53a3kPH8gd+8OTkDgQ
42cLuEK+iIHmuCiCgjQsNp4EOaC0J/4ySOvgmVWw2JgDs9f1ho70Bl902WVbNxPf
+kpZJHCmwF9p0oIDbnhQlI3tXlD4sIOmWFwRT57MY6RIW1QyCqiqj5Z4QI8vdIL3
QS65ZnPjjFYvWxBILaQIIes9lHmMvOk/gvVVr7MvNVZDNeG19LpqdhNOKZNDT7Q8
RUCcADyyiHhDxL/ULKt0WfWMRl0Pm3gInoaUrrSLx8Eau+NMoDvbSzrLUwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPAkAQPVCG7CFyvikPG0SqcxxXxfMB8GA1UdIwQY
MBaAFD36KTaMi+acjt1aoZNVf8uipX7IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGZvcE5veUw1cHlPM1ZxaGsxVl95NktsZnNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My8yZDRmN2YtMTZlNy00ZmU2LWExODkt
YmQ1OGQwMDIxYTA5LzEvOENRQkE5VUlic0lYSy1LUThiUktwekhGZkY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My8yZDRmN2YtMTZlNy00ZmU2LWExODktYmQ1OGQwMDIxYTA5
LzEvUGZvcE5veUw1cHlPM1ZxaGsxVl95NktsZnNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwjE5AwQA
wjE7MA0GCSqGSIb3DQEBCwUAA4IBAQBWGJVlbljrVrG8fd7ULYM8O0EjVCXW8Fc7
+Ov+7VXtcdWtf2XstVnqjQ+zI1En1rTXsF9GZt9I2BZw+12x8UiNX2j+6M8K4TwC
qFwfI1bg/QXijXdFG1LwZIx6sJAeu77O2fK2B2QFGzzKfmBjWry88eh8cVO5peFw
ergIYCaPvF9Yt8cLLe27/ry9YtPzbYhxGmf+fxczyPV9g2HfIsjpaH4sgf+5zbhD
3SjMQBCKnEGZ/LrAnBaDFQqUMwG/aSVbZunL8Bhdpc2TaOGBE5N5Oc2vBFJHvMGq
sBbAKPd+eRKtiMkBPw0hK0FUx/hUi7hULBwVhgkY8e8myM7/a/Ub
-----END CERTIFICATE-----