Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/jx3A9GfsxTZE1wFwCtuKqt-Wl04.roa
File:                     jx3A9GfsxTZE1wFwCtuKqt-Wl04.roa (raw, json)
Hash identifier:          vqrRqeD4rW5EoF0b8WA81RULqeDitkYVBlv07bI7ZcI=
Subject key identifier:   8F:1D:C0:F4:67:EC:C5:36:44:D7:01:70:0A:DB:8A:AA:DF:96:97:4E
Certificate issuer:       /CN=e30cc9429b63382e9b1714d21b3c96d2e5ebe257
Certificate serial:       018CC727447B797450E2E62BAF66F6039ADD
Authority key identifier: E3:0C:C9:42:9B:63:38:2E:9B:17:14:D2:1B:3C:96:D2:E5:EB:E2:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4wzJQptjOC6bFxTSGzyW0uXr4lc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/jx3A9GfsxTZE1wFwCtuKqt-Wl04.roa
Signing time:             Mon 01 Jan 2024 22:31:28 +0000
ROA not before:           Mon 01 Jan 2024 22:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     26114
IP address blocks:        94.31.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/4wzJQptjOC6bFxTSGzyW0uXr4lc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/4wzJQptjOC6bFxTSGzyW0uXr4lc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4wzJQptjOC6bFxTSGzyW0uXr4lc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 13:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:44:7b:79:74:50:e2:e6:2b:af:66:f6:03:9a:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e30cc9429b63382e9b1714d21b3c96d2e5ebe257
        Validity
            Not Before: Jan  1 22:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f1dc0f467ecc53644d701700adb8aaadf96974e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:3a:b1:ea:78:0d:6e:d4:37:95:e2:10:a4:a9:
                    75:ac:ec:da:62:18:78:21:fb:79:7e:a7:a4:05:f0:
                    45:d0:ab:44:a0:59:a7:3a:7f:ed:d8:1f:77:07:df:
                    13:d1:de:6e:2b:a9:24:7e:dd:3e:8f:e3:95:a0:e8:
                    d5:cc:84:4a:a9:f3:da:f5:77:46:75:e0:08:d0:8c:
                    80:86:12:85:da:04:77:f2:06:0d:97:ba:05:ab:18:
                    68:9e:47:50:56:c0:fc:07:2b:c2:cc:4a:db:54:2a:
                    2a:b6:07:23:30:c7:7c:45:f7:48:73:4b:06:f8:69:
                    d1:9d:af:ca:63:18:fb:d8:89:17:47:51:be:0e:48:
                    d3:2a:84:75:53:d9:0d:ea:c9:99:52:83:16:f3:f7:
                    e2:66:bf:4a:54:f7:ae:20:7b:79:45:44:61:19:59:
                    59:61:48:5c:b6:f6:b3:30:e7:9f:93:43:21:9f:0f:
                    2a:17:98:41:8d:37:ce:bc:3e:1b:c6:96:33:a8:7e:
                    2f:82:97:d6:29:c4:d6:30:07:d8:8d:71:24:06:2c:
                    17:ea:c8:4d:7e:f6:ed:d2:f1:85:7d:ff:97:a9:97:
                    37:9c:9e:df:20:1f:21:2f:17:86:e6:26:b8:39:a2:
                    1e:ed:c5:7f:76:09:e9:8a:b2:ad:be:a5:d7:22:56:
                    9f:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:1D:C0:F4:67:EC:C5:36:44:D7:01:70:0A:DB:8A:AA:DF:96:97:4E
            X509v3 Authority Key Identifier:
                keyid:E3:0C:C9:42:9B:63:38:2E:9B:17:14:D2:1B:3C:96:D2:E5:EB:E2:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4wzJQptjOC6bFxTSGzyW0uXr4lc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/jx3A9GfsxTZE1wFwCtuKqt-Wl04.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/4wzJQptjOC6bFxTSGzyW0uXr4lc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.31.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:e4:d9:a5:9e:8e:fc:0a:50:24:4a:2e:06:21:04:8d:23:42:
         c7:a5:d5:80:82:a6:f9:3b:98:b5:55:56:df:42:9b:ce:af:44:
         e1:b6:b6:0c:5e:f0:72:19:43:1e:1a:56:fa:48:98:db:08:d8:
         13:26:39:b0:1b:39:8b:3b:f9:9d:94:cc:fe:90:53:19:c5:31:
         0a:eb:a7:6d:e2:4e:3f:19:4b:19:a4:ea:96:1f:e2:bc:98:66:
         12:b2:bf:b5:9a:36:2b:9c:14:2c:6e:0f:25:b8:1e:d5:57:3b:
         36:c9:ce:0a:fd:22:24:ec:2e:5e:f8:84:a1:87:94:e4:1b:ce:
         cc:ac:e0:6f:72:50:e8:45:b4:ab:d9:66:06:80:b4:87:c1:87:
         80:53:5e:63:3e:8c:a7:cd:1d:80:fd:f6:9b:02:66:22:18:cc:
         e6:4e:27:e3:19:a5:9e:96:d9:d4:99:4e:63:0d:3a:14:0f:9d:
         f1:89:fa:1d:46:80:bd:00:d0:47:6c:fe:a7:d0:d2:34:0a:0f:
         22:0b:d6:1d:3e:46:9d:c4:54:ef:6a:02:d5:6a:8b:f7:de:76:
         cd:99:bc:05:a2:b2:fd:8b:59:f3:2b:36:25:d9:d0:73:f6:53:
         de:76:7e:1c:e1:1d:b0:d8:8f:44:08:79:16:68:8a:e4:fe:59:
         ea:cc:25:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ0R7eXRQ4uYrr2b2A5rdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMGNjOTQyOWI2MzM4MmU5YjE3MTRkMjFiM2M5NmQyZTVl
YmUyNTcwHhcNMjQwMTAxMjIzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjFkYzBmNDY3ZWNjNTM2NDRkNzAxNzAwYWRiOGFhYWRmOTY5NzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoTqx6ngNbtQ3leIQpKl1rOzaYhh4
Ift5fqekBfBF0KtEoFmnOn/t2B93B98T0d5uK6kkft0+j+OVoOjVzIRKqfPa9XdG
deAI0IyAhhKF2gR38gYNl7oFqxhonkdQVsD8ByvCzErbVCoqtgcjMMd8RfdIc0sG
+GnRna/KYxj72IkXR1G+DkjTKoR1U9kN6smZUoMW8/fiZr9KVPeuIHt5RURhGVlZ
YUhctvazMOefk0Mhnw8qF5hBjTfOvD4bxpYzqH4vgpfWKcTWMAfYjXEkBiwX6shN
fvbt0vGFff+XqZc3nJ7fIB8hLxeG5ia4OaIe7cV/dgnpirKtvqXXIlafIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI8dwPRn7MU2RNcBcArbiqrflpdOMB8GA1UdIwQY
MBaAFOMMyUKbYzgumxcU0hs8ltLl6+JXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHd6SlFwdGpPQzZiRnhUU0d6eVcwdVhyNGxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNzMyODctYjFiMS00YWNhLWJkMmUt
ZGI0ZjM1MmU5YWQzLzEvangzQTlHZnN4VFpFMXdGd0N0dUtxdC1XbDA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNzMyODctYjFiMS00YWNhLWJkMmUtZGI0ZjM1MmU5YWQz
LzEvNHd6SlFwdGpPQzZiRnhUU0d6eVcwdVhyNGxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXh8sMA0G
CSqGSIb3DQEBCwUAA4IBAQAS5Nmlno78ClAkSi4GIQSNI0LHpdWAgqb5O5i1VVbf
QpvOr0ThtrYMXvByGUMeGlb6SJjbCNgTJjmwGzmLO/mdlMz+kFMZxTEK66dt4k4/
GUsZpOqWH+K8mGYSsr+1mjYrnBQsbg8luB7VVzs2yc4K/SIk7C5e+IShh5TkG87M
rOBvclDoRbSr2WYGgLSHwYeAU15jPoynzR2A/fabAmYiGMzmTifjGaWeltnUmU5j
DToUD53xifodRoC9ANBHbP6n0NI0Cg8iC9YdPkadxFTvagLVaov33nbNmbwForL9
i1nzKzYl2dBz9lPedn4c4R2w2I9ECHkWaIrk/lnqzCUB
-----END CERTIFICATE-----