Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/00ddaf-3be5-420d-919f-3b4cb975a9bc/1/tU7e_uRjj5akzwAaHazoescmYVc.roa
File:                     tU7e_uRjj5akzwAaHazoescmYVc.roa (raw, json)
Hash identifier:          SKK+uAtzFBYq4NSKYYPs7mLlmNz9/CXlCFe+mTuSh6A=
Subject key identifier:   B5:4E:DE:FE:E4:63:8F:96:A4:CF:00:1A:1D:AC:E8:7A:C7:26:61:57
Certificate issuer:       /CN=b9b87b3b09ccb69a6de20468e90ecbb18f5ecbb6
Certificate serial:       018CC8711FF896017F5A9BC67F4D9AB2E919
Authority key identifier: B9:B8:7B:3B:09:CC:B6:9A:6D:E2:04:68:E9:0E:CB:B1:8F:5E:CB:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ubh7OwnMtppt4gRo6Q7LsY9ey7Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/00ddaf-3be5-420d-919f-3b4cb975a9bc/1/tU7e_uRjj5akzwAaHazoescmYVc.roa
Signing time:             Tue 02 Jan 2024 04:31:46 +0000
ROA not before:           Tue 02 Jan 2024 04:31:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48850
IP address blocks:        94.246.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/00ddaf-3be5-420d-919f-3b4cb975a9bc/1/ubh7OwnMtppt4gRo6Q7LsY9ey7Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/00ddaf-3be5-420d-919f-3b4cb975a9bc/1/ubh7OwnMtppt4gRo6Q7LsY9ey7Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ubh7OwnMtppt4gRo6Q7LsY9ey7Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 12:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:1f:f8:96:01:7f:5a:9b:c6:7f:4d:9a:b2:e9:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9b87b3b09ccb69a6de20468e90ecbb18f5ecbb6
        Validity
            Not Before: Jan  2 04:31:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b54edefee4638f96a4cf001a1dace87ac7266157
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:98:2a:23:84:14:0e:18:68:16:0d:6a:43:d2:
                    fb:d0:02:5a:d2:10:3f:a9:ff:77:7b:4a:07:58:e1:
                    57:c5:40:b8:9c:ac:8a:60:7b:0a:bc:00:4d:2c:02:
                    41:eb:83:5e:e8:3b:f9:3c:06:5c:1f:35:76:4b:a1:
                    a1:dc:e1:cd:98:7a:a4:59:58:e1:c3:0a:86:44:4c:
                    4c:75:50:f7:00:8f:b3:c3:1e:80:3c:90:0c:5f:bb:
                    49:aa:cb:33:a5:17:11:0c:04:3d:fa:1e:10:82:fa:
                    6a:67:29:8c:46:ab:54:9f:37:9b:90:77:19:ad:77:
                    4c:7e:bf:97:46:44:f3:ac:0b:61:00:81:cf:9b:81:
                    c4:5c:0e:f8:c8:52:1d:23:ac:a3:d9:f8:c7:41:36:
                    55:f4:ac:b3:18:ff:07:c1:b6:fa:5a:8d:b2:87:55:
                    fa:b5:c9:82:b5:60:b1:a5:cb:af:cf:91:0f:f0:29:
                    bd:cb:5b:8d:11:a2:43:b4:d8:9f:1c:16:b0:0e:57:
                    2e:86:04:3f:6b:d7:fc:53:ec:18:0d:eb:1f:10:7e:
                    40:58:9f:e6:cb:64:de:42:2c:4a:53:1e:51:eb:9d:
                    c8:17:28:3b:f3:b2:22:e3:b0:81:f9:33:17:b3:8c:
                    f7:59:75:b2:85:84:64:6e:d8:0d:26:73:21:50:7a:
                    59:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:4E:DE:FE:E4:63:8F:96:A4:CF:00:1A:1D:AC:E8:7A:C7:26:61:57
            X509v3 Authority Key Identifier:
                keyid:B9:B8:7B:3B:09:CC:B6:9A:6D:E2:04:68:E9:0E:CB:B1:8F:5E:CB:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ubh7OwnMtppt4gRo6Q7LsY9ey7Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/00ddaf-3be5-420d-919f-3b4cb975a9bc/1/tU7e_uRjj5akzwAaHazoescmYVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/00ddaf-3be5-420d-919f-3b4cb975a9bc/1/ubh7OwnMtppt4gRo6Q7LsY9ey7Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.246.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:7c:65:b6:98:b2:9c:4b:ab:66:84:f1:64:fe:c7:01:b5:86:
         a7:11:a4:25:02:a0:b6:66:5e:70:e0:6a:bf:9f:48:60:ac:1b:
         87:13:c0:f6:56:6f:cb:a9:b3:50:e5:1d:40:20:69:6a:bc:80:
         49:e1:a3:2e:cf:b5:23:7a:12:13:01:2d:e6:35:9e:7e:a4:af:
         43:d5:c3:30:88:86:10:c1:d7:90:1b:1b:eb:70:1d:24:b6:40:
         3a:ce:67:fc:17:b9:39:47:be:f6:4a:7b:a1:c6:aa:0b:f3:2f:
         a9:d2:8f:4d:86:b8:d3:36:57:70:ed:6e:2f:de:a9:79:27:9e:
         86:3f:55:44:4a:c7:ef:4d:49:53:af:91:a8:9d:39:e7:1f:ed:
         c8:6d:73:d7:c8:26:34:c0:69:93:a5:af:b7:48:e8:76:19:98:
         63:32:6c:ab:c9:29:c8:73:a7:0d:e8:27:a6:90:d8:0e:b1:2b:
         0f:50:5f:6c:82:9d:8e:f9:ab:e2:56:27:40:63:67:2f:fa:f7:
         c6:f2:ba:14:d9:38:61:73:b5:00:48:aa:7c:48:6b:e3:a4:7a:
         c4:ca:0e:be:5f:b2:f4:a5:18:f5:34:ff:f6:53:17:37:61:b3:
         7b:32:b8:1f:6d:5c:0e:f2:32:01:70:24:6c:b8:43:19:68:f6:
         e4:33:d8:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcR/4lgF/WpvGf02asukZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5Yjg3YjNiMDljY2I2OWE2ZGUyMDQ2OGU5MGVjYmIxOGY1
ZWNiYjYwHhcNMjQwMTAyMDQzMTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTRlZGVmZWU0NjM4Zjk2YTRjZjAwMWExZGFjZTg3YWM3MjY2MTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmJgqI4QUDhhoFg1qQ9L70AJa0hA/
qf93e0oHWOFXxUC4nKyKYHsKvABNLAJB64Ne6Dv5PAZcHzV2S6Gh3OHNmHqkWVjh
wwqGRExMdVD3AI+zwx6APJAMX7tJqsszpRcRDAQ9+h4QgvpqZymMRqtUnzebkHcZ
rXdMfr+XRkTzrAthAIHPm4HEXA74yFIdI6yj2fjHQTZV9KyzGP8Hwbb6Wo2yh1X6
tcmCtWCxpcuvz5EP8Cm9y1uNEaJDtNifHBawDlcuhgQ/a9f8U+wYDesfEH5AWJ/m
y2TeQixKUx5R653IFyg787Ii47CB+TMXs4z3WXWyhYRkbtgNJnMhUHpZ3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLVO3v7kY4+WpM8AGh2s6HrHJmFXMB8GA1UdIwQY
MBaAFLm4ezsJzLaabeIEaOkOy7GPXsu2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWJoN093bk10cHB0NGdSbzZRN0xzWTlleTdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8wMGRkYWYtM2JlNS00MjBkLTkxOWYt
M2I0Y2I5NzVhOWJjLzEvdFU3ZV91UmpqNWFrendBYUhhem9lc2NtWVZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8wMGRkYWYtM2JlNS00MjBkLTkxOWYtM2I0Y2I5NzVhOWJj
LzEvdWJoN093bk10cHB0NGdSbzZRN0xzWTlleTdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXva3MA0G
CSqGSIb3DQEBCwUAA4IBAQAHfGW2mLKcS6tmhPFk/scBtYanEaQlAqC2Zl5w4Gq/
n0hgrBuHE8D2Vm/LqbNQ5R1AIGlqvIBJ4aMuz7UjehITAS3mNZ5+pK9D1cMwiIYQ
wdeQGxvrcB0ktkA6zmf8F7k5R772SnuhxqoL8y+p0o9NhrjTNldw7W4v3ql5J56G
P1VESsfvTUlTr5GonTnnH+3IbXPXyCY0wGmTpa+3SOh2GZhjMmyrySnIc6cN6Cem
kNgOsSsPUF9sgp2O+aviVidAY2cv+vfG8roU2Thhc7UASKp8SGvjpHrEyg6+X7L0
pRj1NP/2Uxc3YbN7MrgfbVwO8jIBcCRsuEMZaPbkM9j2
-----END CERTIFICATE-----