Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/5fb9fe-ddc7-4432-a4a3-16d9f7d074f3/1/jO_fqnNXgd3MOidtFd8E3NiISbE.roa
File:                     jO_fqnNXgd3MOidtFd8E3NiISbE.roa (raw, json)
Hash identifier:          f3/Illg5wbSvWeKgpSRB6YaD7H+QOeQcovAJt0CC95Q=
Subject key identifier:   8C:EF:DF:AA:73:57:81:DD:CC:3A:27:6D:15:DF:04:DC:D8:88:49:B1
Certificate issuer:       /CN=e8ca70c1fc95b9b1e9dc7775455badb9214f91d0
Certificate serial:       018CC500235EDE0DF00B4B14D88B7AB0EBBB
Authority key identifier: E8:CA:70:C1:FC:95:B9:B1:E9:DC:77:75:45:5B:AD:B9:21:4F:91:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6MpwwfyVubHp3Hd1RVutuSFPkdA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/5fb9fe-ddc7-4432-a4a3-16d9f7d074f3/1/jO_fqnNXgd3MOidtFd8E3NiISbE.roa
Signing time:             Mon 01 Jan 2024 12:29:29 +0000
ROA not before:           Mon 01 Jan 2024 12:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9136
IP address blocks:        194.39.104.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/5fb9fe-ddc7-4432-a4a3-16d9f7d074f3/1/6MpwwfyVubHp3Hd1RVutuSFPkdA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/5fb9fe-ddc7-4432-a4a3-16d9f7d074f3/1/6MpwwfyVubHp3Hd1RVutuSFPkdA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6MpwwfyVubHp3Hd1RVutuSFPkdA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:23:5e:de:0d:f0:0b:4b:14:d8:8b:7a:b0:eb:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8ca70c1fc95b9b1e9dc7775455badb9214f91d0
        Validity
            Not Before: Jan  1 12:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8cefdfaa735781ddcc3a276d15df04dcd88849b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:3e:96:e3:ac:18:a4:1a:f7:65:50:af:ea:cc:
                    69:a4:c4:72:53:22:a3:58:d4:be:28:47:c8:48:d7:
                    2e:15:d2:ac:93:9a:75:5d:45:fe:ce:65:00:0e:14:
                    3a:2f:49:44:2e:ac:b6:fc:bd:86:a4:55:79:6f:cd:
                    88:10:ae:39:b8:33:57:b0:48:6e:e9:ff:c7:91:dd:
                    26:85:b4:10:35:00:9e:d6:e3:2b:79:9d:82:94:93:
                    09:aa:4c:e7:88:77:19:da:6a:e3:a9:73:50:5d:77:
                    38:c1:80:c9:03:d0:7a:57:e0:95:e6:b8:74:d0:03:
                    a2:53:7c:58:56:8c:c2:51:16:d1:f9:3f:a9:0f:65:
                    97:8d:82:5a:df:f0:f0:a2:61:8e:86:d1:aa:05:1a:
                    6e:42:c2:17:d8:8f:1e:ef:d0:06:89:23:07:a2:6b:
                    f1:4a:2a:cb:c4:e8:a4:28:2a:e0:8d:d3:6d:a8:37:
                    41:fe:76:c0:fb:57:7d:0f:6e:78:4a:f5:54:be:1a:
                    d4:d7:91:2a:20:0f:a0:c3:b0:b7:28:31:f5:d9:bc:
                    e8:92:9b:b1:78:ec:62:fe:e6:39:35:df:41:33:53:
                    20:7b:5e:3d:cb:38:fa:50:f9:87:7f:38:89:cc:2d:
                    db:f3:7f:79:b2:a3:2b:d5:83:d9:8c:6b:85:0b:45:
                    bb:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:EF:DF:AA:73:57:81:DD:CC:3A:27:6D:15:DF:04:DC:D8:88:49:B1
            X509v3 Authority Key Identifier:
                keyid:E8:CA:70:C1:FC:95:B9:B1:E9:DC:77:75:45:5B:AD:B9:21:4F:91:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6MpwwfyVubHp3Hd1RVutuSFPkdA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/5fb9fe-ddc7-4432-a4a3-16d9f7d074f3/1/jO_fqnNXgd3MOidtFd8E3NiISbE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/5fb9fe-ddc7-4432-a4a3-16d9f7d074f3/1/6MpwwfyVubHp3Hd1RVutuSFPkdA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.39.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d6:03:5d:9e:a1:50:73:be:c0:29:43:8c:6c:1d:67:ac:06:74:
         da:2a:35:2f:15:9d:2f:d2:f7:13:b9:0a:f1:3c:a3:35:d2:9c:
         91:c5:35:42:a5:24:c8:a5:6a:94:34:ce:04:73:c7:99:c0:17:
         c3:2a:8d:4b:b9:9e:7c:0e:17:83:68:80:c8:1a:da:7c:4a:8a:
         e7:93:4a:d7:02:81:b2:f0:73:93:17:ee:33:7e:94:1c:aa:97:
         31:e6:f5:39:8c:08:64:16:e5:be:b9:85:63:f3:e6:0e:2a:fe:
         7c:25:0d:ac:0e:5b:01:1c:7e:6a:85:47:51:3e:3b:34:ed:83:
         50:52:73:d2:ff:ed:60:b9:28:94:ea:8b:58:7e:0e:d9:1a:e8:
         74:cf:1f:ca:68:f9:e8:aa:eb:4e:f8:6f:40:22:24:54:b6:c8:
         55:0d:e0:41:98:21:3b:0e:35:f5:e8:c0:0c:1c:cd:70:58:9d:
         56:93:77:53:f4:9b:92:08:ea:7a:4b:f8:e5:44:2d:b5:62:db:
         b0:8d:1b:22:53:53:ea:47:f2:90:43:59:85:65:9a:67:64:a9:
         49:2e:21:e1:1d:d5:93:9b:3d:c6:75:27:07:b1:38:45:ad:32:
         6c:9b:d9:52:af:ac:c0:d1:2b:65:58:2c:16:ed:22:cf:89:b5:
         9c:e9:2a:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFACNe3g3wC0sU2It6sOu7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4Y2E3MGMxZmM5NWI5YjFlOWRjNzc3NTQ1NWJhZGI5MjE0
ZjkxZDAwHhcNMjQwMTAxMTIyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2VmZGZhYTczNTc4MWRkY2MzYTI3NmQxNWRmMDRkY2Q4ODg0OWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkj6W46wYpBr3ZVCv6sxppMRyUyKj
WNS+KEfISNcuFdKsk5p1XUX+zmUADhQ6L0lELqy2/L2GpFV5b82IEK45uDNXsEhu
6f/Hkd0mhbQQNQCe1uMreZ2ClJMJqkzniHcZ2mrjqXNQXXc4wYDJA9B6V+CV5rh0
0AOiU3xYVozCURbR+T+pD2WXjYJa3/DwomGOhtGqBRpuQsIX2I8e79AGiSMHomvx
SirLxOikKCrgjdNtqDdB/nbA+1d9D254SvVUvhrU15EqIA+gw7C3KDH12bzokpux
eOxi/uY5Nd9BM1Mge149yzj6UPmHfziJzC3b8395sqMr1YPZjGuFC0W7IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIzv36pzV4HdzDonbRXfBNzYiEmxMB8GA1UdIwQY
MBaAFOjKcMH8lbmx6dx3dUVbrbkhT5HQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNk1wd3dmeVZ1YkhwM0hkMVJWdXR1U0ZQa2RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy81ZmI5ZmUtZGRjNy00NDMyLWE0YTMt
MTZkOWY3ZDA3NGYzLzEvak9fZnFuTlhnZDNNT2lkdEZkOEUzTmlJU2JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy81ZmI5ZmUtZGRjNy00NDMyLWE0YTMtMTZkOWY3ZDA3NGYz
LzEvNk1wd3dmeVZ1YkhwM0hkMVJWdXR1U0ZQa2RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwidoMA0G
CSqGSIb3DQEBCwUAA4IBAQDWA12eoVBzvsApQ4xsHWesBnTaKjUvFZ0v0vcTuQrx
PKM10pyRxTVCpSTIpWqUNM4Ec8eZwBfDKo1LuZ58DheDaIDIGtp8Sornk0rXAoGy
8HOTF+4zfpQcqpcx5vU5jAhkFuW+uYVj8+YOKv58JQ2sDlsBHH5qhUdRPjs07YNQ
UnPS/+1guSiU6otYfg7ZGuh0zx/KaPnoqutO+G9AIiRUtshVDeBBmCE7DjX16MAM
HM1wWJ1Wk3dT9JuSCOp6S/jlRC21YtuwjRsiU1PqR/KQQ1mFZZpnZKlJLiHhHdWT
mz3GdScHsThFrTJsm9lSr6zA0StlWCwW7SLPibWc6So4
-----END CERTIFICATE-----