Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/CoIYpy3VLhMQV8g7pJcwywCQLGk.roa
File:                     CoIYpy3VLhMQV8g7pJcwywCQLGk.roa (raw, json)
Hash identifier:          dkcbFCYYFVDK6Brd0cU1w+sLxHPq6T3LWZ6PjqnmcSE=
Subject key identifier:   0A:82:18:A7:2D:D5:2E:13:10:57:C8:3B:A4:97:30:CB:00:90:2C:69
Certificate issuer:       /CN=9868a1992bb8037dde81d0c8cdc0695fcee17c27
Certificate serial:       018CC2DB021A2A670109785D08284322A3D9
Authority key identifier: 98:68:A1:99:2B:B8:03:7D:DE:81:D0:C8:CD:C0:69:5F:CE:E1:7C:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/CoIYpy3VLhMQV8g7pJcwywCQLGk.roa
Signing time:             Mon 01 Jan 2024 02:29:41 +0000
ROA not before:           Mon 01 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209854
IP address blocks:        94.154.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:02:1a:2a:67:01:09:78:5d:08:28:43:22:a3:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9868a1992bb8037dde81d0c8cdc0695fcee17c27
        Validity
            Not Before: Jan  1 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a8218a72dd52e131057c83ba49730cb00902c69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:48:cc:02:93:bf:18:b3:88:98:29:ae:4c:72:
                    c1:1c:7b:d1:90:9f:81:27:8d:9e:75:b7:d1:20:c3:
                    7e:88:ef:cc:45:59:1f:dd:11:0d:79:eb:c9:17:e1:
                    c4:8d:84:4c:4c:44:f9:1e:36:a3:ff:b2:06:b8:8b:
                    46:39:54:7d:51:48:81:1d:af:fe:73:e3:0b:88:55:
                    1f:fc:a5:d2:2e:80:b3:a9:e0:40:a0:aa:6b:d3:ec:
                    e9:65:db:c7:7f:a3:90:09:88:82:86:d8:91:0d:92:
                    1a:5d:c1:69:1e:d7:e5:0e:15:91:0c:97:de:4e:40:
                    ae:b1:2f:4b:5a:3a:eb:ed:70:c3:15:04:10:e7:37:
                    20:b3:e1:22:03:0c:69:a8:d9:4e:bb:e7:03:21:7d:
                    b0:c2:ad:25:1c:78:5c:30:ed:58:cc:d4:03:5e:5f:
                    72:66:f2:ac:5d:e1:96:09:1d:6f:ec:c0:e4:46:36:
                    b5:e2:45:eb:ba:2f:7a:47:b2:7c:cf:03:c3:ce:8b:
                    c1:37:1b:0b:98:1e:24:e8:c0:ef:d0:8d:4a:51:cc:
                    b5:ed:a9:59:56:85:d2:86:1c:2c:20:d8:75:d5:b5:
                    9e:e9:6c:12:74:f5:66:0f:4f:0a:e4:85:e2:6e:bd:
                    7e:59:aa:e9:55:8f:57:c8:93:a7:51:3c:0b:e6:9a:
                    dd:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:82:18:A7:2D:D5:2E:13:10:57:C8:3B:A4:97:30:CB:00:90:2C:69
            X509v3 Authority Key Identifier:
                keyid:98:68:A1:99:2B:B8:03:7D:DE:81:D0:C8:CD:C0:69:5F:CE:E1:7C:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/CoIYpy3VLhMQV8g7pJcwywCQLGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:e9:a7:7b:e8:ef:e3:7d:86:5c:a4:1f:d4:70:3a:2b:ff:20:
         81:6b:a7:94:cc:31:3c:63:ce:4e:6c:bb:a8:9b:d1:76:4a:32:
         93:a4:bf:04:8d:dc:57:9d:e8:a8:91:76:55:68:a6:7c:07:0d:
         36:3e:2a:cb:83:00:c4:4c:53:fa:1c:0d:6b:5d:85:48:40:c4:
         03:dc:a5:cd:21:7a:70:f5:c6:18:ab:ac:83:65:a5:61:ff:1d:
         9b:4e:64:24:9c:e8:ff:66:0a:ba:3b:dc:a9:8a:d7:58:c8:09:
         89:a3:37:39:e4:80:d0:2b:8c:c9:53:63:1c:e9:aa:5a:2f:38:
         5e:9d:9d:2e:e4:93:92:ef:40:97:18:6f:47:cf:16:6b:b6:3a:
         0d:9c:b1:3b:0f:b0:f5:fe:ff:df:da:90:ef:f7:20:11:a4:6f:
         d9:55:c5:ad:5f:27:69:d3:58:80:98:51:eb:45:82:ce:66:59:
         88:fa:5b:55:46:f7:cd:d4:84:37:29:c6:f0:fe:04:e4:ac:f2:
         e6:c6:dc:ed:0e:bc:80:90:cb:7c:70:8d:f9:e4:b8:74:15:83:
         64:73:05:38:90:dd:65:b3:82:6a:4a:33:dc:d2:dd:0a:61:6f:
         8e:f2:aa:c8:aa:f7:aa:15:07:92:ae:39:27:6c:18:e5:11:eb:
         21:e8:10:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2wIaKmcBCXhdCChDIqPZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4NjhhMTk5MmJiODAzN2RkZTgxZDBjOGNkYzA2OTVmY2Vl
MTdjMjcwHhcNMjQwMTAxMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTgyMThhNzJkZDUyZTEzMTA1N2M4M2JhNDk3MzBjYjAwOTAyYzY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUjMApO/GLOImCmuTHLBHHvRkJ+B
J42edbfRIMN+iO/MRVkf3RENeevJF+HEjYRMTET5Hjaj/7IGuItGOVR9UUiBHa/+
c+MLiFUf/KXSLoCzqeBAoKpr0+zpZdvHf6OQCYiChtiRDZIaXcFpHtflDhWRDJfe
TkCusS9LWjrr7XDDFQQQ5zcgs+EiAwxpqNlOu+cDIX2wwq0lHHhcMO1YzNQDXl9y
ZvKsXeGWCR1v7MDkRja14kXrui96R7J8zwPDzovBNxsLmB4k6MDv0I1KUcy17alZ
VoXShhwsINh11bWe6WwSdPVmD08K5IXibr1+WarpVY9XyJOnUTwL5prddwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAqCGKct1S4TEFfIO6SXMMsAkCxpMB8GA1UdIwQY
MBaAFJhooZkruAN93oHQyM3AaV/O4XwnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUdpaG1TdTRBMzNlZ2RESXpjQnBYODdoZkNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC82YjIyZTYtMzUyZi00ZTg4LTgyN2It
ZDc4ZDU2MzFkN2Y2LzEvQ29JWXB5M1ZMaE1RVjhnN3BKY3d5d0NRTEdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC82YjIyZTYtMzUyZi00ZTg4LTgyN2ItZDc4ZDU2MzFkN2Y2
LzEvbUdpaG1TdTRBMzNlZ2RESXpjQnBYODdoZkNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpp8MA0G
CSqGSIb3DQEBCwUAA4IBAQBK6ad76O/jfYZcpB/UcDor/yCBa6eUzDE8Y85ObLuo
m9F2SjKTpL8EjdxXneiokXZVaKZ8Bw02PirLgwDETFP6HA1rXYVIQMQD3KXNIXpw
9cYYq6yDZaVh/x2bTmQknOj/Zgq6O9ypitdYyAmJozc55IDQK4zJU2Mc6apaLzhe
nZ0u5JOS70CXGG9HzxZrtjoNnLE7D7D1/v/f2pDv9yARpG/ZVcWtXydp01iAmFHr
RYLOZlmI+ltVRvfN1IQ3Kcbw/gTkrPLmxtztDryAkMt8cI355Lh0FYNkcwU4kN1l
s4JqSjPc0t0KYW+O8qrIqveqFQeSrjknbBjlEesh6BAG
-----END CERTIFICATE-----