Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/8zHV8uBfe2VDCacVDzbsrH4Ifrg.roa
File:                     8zHV8uBfe2VDCacVDzbsrH4Ifrg.roa (raw, json)
Hash identifier:          i6LY4YjWLrMXZVxsDpN6PerAD8b4l958CXOX0mB2t9U=
Subject key identifier:   F3:31:D5:F2:E0:5F:7B:65:43:09:A7:15:0F:36:EC:AC:7E:08:7E:B8
Certificate issuer:       /CN=e30cc9429b63382e9b1714d21b3c96d2e5ebe257
Certificate serial:       018CC72741D5D4585C07B926838A7C124727
Authority key identifier: E3:0C:C9:42:9B:63:38:2E:9B:17:14:D2:1B:3C:96:D2:E5:EB:E2:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4wzJQptjOC6bFxTSGzyW0uXr4lc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/8zHV8uBfe2VDCacVDzbsrH4Ifrg.roa
Signing time:             Mon 01 Jan 2024 22:31:27 +0000
ROA not before:           Mon 01 Jan 2024 22:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8084
IP address blocks:        94.31.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/4wzJQptjOC6bFxTSGzyW0uXr4lc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/4wzJQptjOC6bFxTSGzyW0uXr4lc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4wzJQptjOC6bFxTSGzyW0uXr4lc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:41:d5:d4:58:5c:07:b9:26:83:8a:7c:12:47:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e30cc9429b63382e9b1714d21b3c96d2e5ebe257
        Validity
            Not Before: Jan  1 22:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f331d5f2e05f7b654309a7150f36ecac7e087eb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d6:d4:f7:f1:41:bc:84:20:a3:b2:47:42:a3:
                    7d:5d:79:7c:c5:c2:08:da:31:49:43:1c:d9:85:7a:
                    1b:b1:4b:ed:aa:3d:05:82:ad:9a:61:f8:b8:f4:16:
                    37:65:a3:67:b6:30:a9:b1:f0:71:30:ee:27:71:b4:
                    0d:cd:d6:08:6f:61:71:be:96:1f:f9:09:12:0b:8d:
                    90:1c:71:4b:36:0c:3f:08:78:b7:cd:8a:e9:2b:b1:
                    52:aa:a2:93:33:0a:53:3f:f5:49:3d:c6:ab:11:32:
                    08:96:11:3a:c5:7a:8b:33:86:f9:ba:b5:71:b4:9d:
                    f8:32:61:1f:75:db:c7:c3:b2:27:df:ee:3e:ad:dc:
                    60:d1:54:4c:a2:8f:08:10:c8:1f:8a:7e:9f:45:1a:
                    5a:95:3d:f7:b9:f7:43:d6:ed:62:96:bc:77:cf:22:
                    f5:46:86:54:59:85:cf:ff:b4:71:d0:26:23:01:97:
                    53:0a:28:24:67:61:d9:51:4b:61:5b:01:ab:d8:c9:
                    f4:d8:fd:3e:22:bb:66:fa:18:99:92:0d:ee:22:a0:
                    cb:90:d7:24:8a:e4:39:fd:d5:50:fd:b9:8c:d8:4d:
                    14:e5:84:7a:2b:3b:f2:a5:67:6d:53:07:76:a3:88:
                    07:ec:ae:17:8d:03:1a:1f:06:20:31:59:21:2f:a7:
                    ff:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:31:D5:F2:E0:5F:7B:65:43:09:A7:15:0F:36:EC:AC:7E:08:7E:B8
            X509v3 Authority Key Identifier:
                keyid:E3:0C:C9:42:9B:63:38:2E:9B:17:14:D2:1B:3C:96:D2:E5:EB:E2:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4wzJQptjOC6bFxTSGzyW0uXr4lc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/8zHV8uBfe2VDCacVDzbsrH4Ifrg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/4wzJQptjOC6bFxTSGzyW0uXr4lc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.31.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:e2:08:ca:76:bf:e7:27:5a:36:2c:f6:23:e5:5f:fb:fd:3f:
         f1:42:d9:07:af:f4:a1:a8:56:ca:d9:6d:ee:03:29:35:86:55:
         3a:13:f4:ea:40:61:fa:b9:79:0c:25:92:dd:e5:b5:90:44:48:
         d6:38:5a:8b:dd:49:f1:12:04:84:0b:7e:cb:80:e3:f6:31:6e:
         d9:d1:9a:5e:3e:ff:a3:53:62:29:f8:b3:87:4b:35:79:94:84:
         7d:86:5b:26:5f:37:da:fd:20:bf:18:2d:09:f7:51:93:bd:73:
         ea:a3:31:03:aa:22:33:8f:f8:2a:57:7a:04:27:bb:1a:47:3c:
         53:09:0e:f2:53:f1:75:4e:64:b0:be:72:14:47:9d:68:5c:b2:
         e1:d3:a0:5d:26:fc:bf:42:ac:29:31:59:86:0b:fd:f9:16:2c:
         fe:2e:74:bd:89:c1:6b:98:f0:38:aa:cd:5b:1b:f9:83:f1:5b:
         7f:f5:8a:33:37:62:d9:54:6b:45:b4:a8:53:0f:c8:dd:c0:e8:
         91:95:2a:39:0b:60:57:c6:8b:c2:90:87:b8:53:9f:7e:97:dd:
         65:17:0e:1d:c2:db:df:05:a6:b9:c1:2c:c0:6f:cc:08:9a:c8:
         04:97:43:c2:b3:80:c0:87:67:b8:b4:ae:fe:97:c2:f3:c0:6a:
         06:1f:b7:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ0HV1FhcB7kmg4p8EkcnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMGNjOTQyOWI2MzM4MmU5YjE3MTRkMjFiM2M5NmQyZTVl
YmUyNTcwHhcNMjQwMTAxMjIzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzMxZDVmMmUwNWY3YjY1NDMwOWE3MTUwZjM2ZWNhYzdlMDg3ZWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9bU9/FBvIQgo7JHQqN9XXl8xcII
2jFJQxzZhXobsUvtqj0Fgq2aYfi49BY3ZaNntjCpsfBxMO4ncbQNzdYIb2FxvpYf
+QkSC42QHHFLNgw/CHi3zYrpK7FSqqKTMwpTP/VJPcarETIIlhE6xXqLM4b5urVx
tJ34MmEfddvHw7In3+4+rdxg0VRMoo8IEMgfin6fRRpalT33ufdD1u1ilrx3zyL1
RoZUWYXP/7Rx0CYjAZdTCigkZ2HZUUthWwGr2Mn02P0+Irtm+hiZkg3uIqDLkNck
iuQ5/dVQ/bmM2E0U5YR6KzvypWdtUwd2o4gH7K4XjQMaHwYgMVkhL6f/JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPMx1fLgX3tlQwmnFQ827Kx+CH64MB8GA1UdIwQY
MBaAFOMMyUKbYzgumxcU0hs8ltLl6+JXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHd6SlFwdGpPQzZiRnhUU0d6eVcwdVhyNGxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNzMyODctYjFiMS00YWNhLWJkMmUt
ZGI0ZjM1MmU5YWQzLzEvOHpIVjh1QmZlMlZEQ2FjVkR6YnNySDRJZnJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNzMyODctYjFiMS00YWNhLWJkMmUtZGI0ZjM1MmU5YWQz
LzEvNHd6SlFwdGpPQzZiRnhUU0d6eVcwdVhyNGxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXh86MA0G
CSqGSIb3DQEBCwUAA4IBAQA54gjKdr/nJ1o2LPYj5V/7/T/xQtkHr/ShqFbK2W3u
Ayk1hlU6E/TqQGH6uXkMJZLd5bWQREjWOFqL3UnxEgSEC37LgOP2MW7Z0ZpePv+j
U2Ip+LOHSzV5lIR9hlsmXzfa/SC/GC0J91GTvXPqozEDqiIzj/gqV3oEJ7saRzxT
CQ7yU/F1TmSwvnIUR51oXLLh06BdJvy/QqwpMVmGC/35Fiz+LnS9icFrmPA4qs1b
G/mD8Vt/9YozN2LZVGtFtKhTD8jdwOiRlSo5C2BXxovCkIe4U59+l91lFw4dwtvf
Baa5wSzAb8wImsgEl0PCs4DAh2e4tK7+l8LzwGoGH7cB
-----END CERTIFICATE-----