Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/0547cb-c5dc-4e2f-aff7-3eca7df2ae57/1/8DTCar55WQbcrzSs9Yij_D-Vk4I.roa
File:                     8DTCar55WQbcrzSs9Yij_D-Vk4I.roa (raw, json)
Hash identifier:          lsWPdX7nFGHsrG0CaMMZvhgzmxZe/UIXAUerY0Q8PSk=
Subject key identifier:   F0:34:C2:6A:BE:79:59:06:DC:AF:34:AC:F5:88:A3:FC:3F:95:93:82
Certificate issuer:       /CN=8f368feb9e553bdd131562584a3353b1d7555c50
Certificate serial:       01910E85073DE50B9C5ED9A2D12578343497
Authority key identifier: 8F:36:8F:EB:9E:55:3B:DD:13:15:62:58:4A:33:53:B1:D7:55:5C:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jzaP655VO90TFWJYSjNTsddVXFA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/0547cb-c5dc-4e2f-aff7-3eca7df2ae57/1/8DTCar55WQbcrzSs9Yij_D-Vk4I.roa
Signing time:             Thu 01 Aug 2024 15:18:04 +0000
ROA not before:           Thu 01 Aug 2024 15:18:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56754
IP address blocks:        94.176.184.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/0547cb-c5dc-4e2f-aff7-3eca7df2ae57/1/jzaP655VO90TFWJYSjNTsddVXFA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/0547cb-c5dc-4e2f-aff7-3eca7df2ae57/1/jzaP655VO90TFWJYSjNTsddVXFA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jzaP655VO90TFWJYSjNTsddVXFA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 09:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:0e:85:07:3d:e5:0b:9c:5e:d9:a2:d1:25:78:34:34:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f368feb9e553bdd131562584a3353b1d7555c50
        Validity
            Not Before: Aug  1 15:18:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f034c26abe795906dcaf34acf588a3fc3f959382
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:15:cd:ff:be:66:bd:d5:3d:bc:6b:17:b6:c5:
                    0d:3e:e2:6f:08:3e:a2:9e:69:89:96:92:ee:72:ca:
                    93:82:43:53:21:7d:c8:d9:48:8f:e0:2e:62:f4:cf:
                    63:12:2d:7c:b3:86:69:a1:1b:31:53:9f:76:be:42:
                    e4:ca:f8:4e:93:33:aa:24:e0:34:85:40:1c:1a:6f:
                    82:0d:c6:82:0c:e9:f5:6c:e2:39:55:2f:b0:38:35:
                    50:2b:d9:2e:2c:9c:c8:41:c7:14:6c:d0:ab:f5:d1:
                    8e:a0:35:7e:56:6d:fb:a6:44:14:79:76:3c:4e:d8:
                    53:f6:34:e4:6a:11:ee:bd:9a:0e:9f:3e:5e:15:ed:
                    1b:bb:4b:23:b2:9a:d4:f2:b8:fb:64:0c:b4:1d:df:
                    b5:50:14:58:b1:fa:a9:8d:b0:bb:35:99:66:b3:9e:
                    51:57:a0:76:96:b9:e5:22:64:f9:21:d8:6b:db:e5:
                    76:02:1f:c0:81:1a:e7:78:59:fc:f3:5e:ac:9d:6c:
                    dd:cb:48:f6:7d:2e:c7:d2:b2:1b:cb:22:3d:99:6a:
                    b4:52:1f:02:7d:ce:7c:ab:b8:5a:62:86:57:90:8f:
                    74:91:51:81:90:0c:e9:88:4d:08:58:3e:d1:1b:2c:
                    02:1a:81:a1:bd:43:68:26:6a:96:b3:fd:62:2e:65:
                    5e:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:34:C2:6A:BE:79:59:06:DC:AF:34:AC:F5:88:A3:FC:3F:95:93:82
            X509v3 Authority Key Identifier:
                keyid:8F:36:8F:EB:9E:55:3B:DD:13:15:62:58:4A:33:53:B1:D7:55:5C:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jzaP655VO90TFWJYSjNTsddVXFA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/0547cb-c5dc-4e2f-aff7-3eca7df2ae57/1/8DTCar55WQbcrzSs9Yij_D-Vk4I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/0547cb-c5dc-4e2f-aff7-3eca7df2ae57/1/jzaP655VO90TFWJYSjNTsddVXFA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.176.184.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1a:d6:99:ad:2c:f0:05:cd:b6:51:85:02:de:ba:d4:3a:a6:8b:
         cf:3a:f8:76:97:47:15:d0:f3:14:5c:24:a5:3e:52:52:e3:21:
         bd:73:86:84:0f:8d:15:eb:c4:d4:ec:14:a1:a8:4b:72:e1:0a:
         d0:5f:3a:ce:8d:f5:69:83:e1:c9:ac:f8:1d:1d:9d:83:a1:b3:
         ae:a4:ae:93:8d:b7:b3:32:80:3c:0e:f4:26:ef:74:e8:d1:1f:
         cf:97:2e:36:72:3d:2b:6c:4e:76:a4:cd:69:14:ff:28:d8:3a:
         86:bd:01:1a:55:40:62:9e:ba:ca:51:bb:d8:11:eb:c8:c3:ae:
         fc:48:9f:49:d4:6c:9e:ea:db:c7:36:fb:ca:d3:c3:f4:05:f1:
         fa:86:45:20:ca:5c:40:34:f9:0d:78:97:5d:ac:0a:b2:ee:8d:
         c5:0d:b8:53:a4:22:be:10:36:92:73:86:f1:c8:14:26:12:0f:
         9d:56:e1:58:d0:05:f7:1a:b3:b9:a0:e4:cc:be:63:3a:20:25:
         6d:52:3f:0d:48:ca:50:c5:eb:a2:7c:cc:b4:18:21:51:9d:5c:
         ee:79:09:eb:9e:93:2b:05:f5:86:17:00:26:56:1c:f3:3b:6c:
         86:af:58:91:19:c1:88:ae:9d:e2:ce:16:da:da:16:9e:43:03:
         33:f5:ed:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEOhQc95QucXtmi0SV4NDSXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMzY4ZmViOWU1NTNiZGQxMzE1NjI1ODRhMzM1M2IxZDc1
NTVjNTAwHhcNMjQwODAxMTUxODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDM0YzI2YWJlNzk1OTA2ZGNhZjM0YWNmNTg4YTNmYzNmOTU5MzgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxXN/75mvdU9vGsXtsUNPuJvCD6i
nmmJlpLucsqTgkNTIX3I2UiP4C5i9M9jEi18s4ZpoRsxU592vkLkyvhOkzOqJOA0
hUAcGm+CDcaCDOn1bOI5VS+wODVQK9kuLJzIQccUbNCr9dGOoDV+Vm37pkQUeXY8
TthT9jTkahHuvZoOnz5eFe0bu0sjsprU8rj7ZAy0Hd+1UBRYsfqpjbC7NZlms55R
V6B2lrnlImT5Idhr2+V2Ah/AgRrneFn8816snWzdy0j2fS7H0rIbyyI9mWq0Uh8C
fc58q7haYoZXkI90kVGBkAzpiE0IWD7RGywCGoGhvUNoJmqWs/1iLmVeVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPA0wmq+eVkG3K80rPWIo/w/lZOCMB8GA1UdIwQY
MBaAFI82j+ueVTvdExViWEozU7HXVVxQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanphUDY1NVZPOTBURldKWVNqTlRzZGRWWEZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8wNTQ3Y2ItYzVkYy00ZTJmLWFmZjct
M2VjYTdkZjJhZTU3LzEvOERUQ2FyNTVXUWJjcnpTczlZaWpfRC1WazRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8wNTQ3Y2ItYzVkYy00ZTJmLWFmZjctM2VjYTdkZjJhZTU3
LzEvanphUDY1NVZPOTBURldKWVNqTlRzZGRWWEZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXrC4MA0G
CSqGSIb3DQEBCwUAA4IBAQAa1pmtLPAFzbZRhQLeutQ6povPOvh2l0cV0PMUXCSl
PlJS4yG9c4aED40V68TU7BShqEty4QrQXzrOjfVpg+HJrPgdHZ2DobOupK6Tjbez
MoA8DvQm73To0R/Ply42cj0rbE52pM1pFP8o2DqGvQEaVUBinrrKUbvYEevIw678
SJ9J1Gye6tvHNvvK08P0BfH6hkUgylxANPkNeJddrAqy7o3FDbhTpCK+EDaSc4bx
yBQmEg+dVuFY0AX3GrO5oOTMvmM6ICVtUj8NSMpQxeuifMy0GCFRnVzueQnrnpMr
BfWGFwAmVhzzO2yGr1iRGcGIrp3izhba2haeQwMz9e0D
-----END CERTIFICATE-----