Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8fa78f-1d73-4c5a-9e0b-66d80ed09bc7/1/dlRfTpp8KMGl77wGO7UXbghB1Mg.roa
File:                     dlRfTpp8KMGl77wGO7UXbghB1Mg.roa (raw, json)
Hash identifier:          bfoY4dS2soWxfl3bQDMJissWtRlxUJvZGxFkPA4i178=
Subject key identifier:   76:54:5F:4E:9A:7C:28:C1:A5:EF:BC:06:3B:B5:17:6E:08:41:D4:C8
Certificate issuer:       /CN=82e014f1c8ca3966a93ef39dbc612daac0d83dc0
Certificate serial:       018CC56E9FB7DA1F44967EE6EB9AA6F35DF8
Authority key identifier: 82:E0:14:F1:C8:CA:39:66:A9:3E:F3:9D:BC:61:2D:AA:C0:D8:3D:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/guAU8cjKOWapPvOdvGEtqsDYPcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8fa78f-1d73-4c5a-9e0b-66d80ed09bc7/1/dlRfTpp8KMGl77wGO7UXbghB1Mg.roa
Signing time:             Mon 01 Jan 2024 14:30:10 +0000
ROA not before:           Mon 01 Jan 2024 14:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42346
IP address blocks:        194.56.124.0/23 maxlen: 23
                          194.56.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8fa78f-1d73-4c5a-9e0b-66d80ed09bc7/1/guAU8cjKOWapPvOdvGEtqsDYPcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8fa78f-1d73-4c5a-9e0b-66d80ed09bc7/1/guAU8cjKOWapPvOdvGEtqsDYPcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/guAU8cjKOWapPvOdvGEtqsDYPcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 05:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:9f:b7:da:1f:44:96:7e:e6:eb:9a:a6:f3:5d:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=82e014f1c8ca3966a93ef39dbc612daac0d83dc0
        Validity
            Not Before: Jan  1 14:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76545f4e9a7c28c1a5efbc063bb5176e0841d4c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:04:e7:fc:60:c8:b6:f1:3f:75:37:2f:64:0a:
                    a0:96:19:5d:0e:ff:00:bb:8a:d6:19:7f:76:24:01:
                    ac:c2:d4:1f:5a:bb:6d:18:f6:12:a7:cd:65:e6:96:
                    ef:1b:ba:64:6f:75:8b:d4:8e:f3:3a:11:79:0c:76:
                    36:c9:0c:cd:61:86:51:08:12:db:7e:3b:ff:51:77:
                    ef:dc:59:3d:f8:2c:7c:b1:36:d0:75:53:e7:fd:af:
                    1e:57:28:44:36:56:26:09:c9:30:6c:ed:bf:ad:af:
                    7e:59:5c:04:9f:0f:21:c0:2b:27:4c:6d:29:77:2e:
                    cc:53:32:22:4d:95:53:ee:b8:b8:24:f9:5f:92:1a:
                    47:e7:7f:e6:77:21:53:e7:07:60:2e:f8:c4:c9:57:
                    78:2b:6f:fe:ae:fc:62:16:08:58:d5:bb:e0:65:cc:
                    aa:5e:19:e8:fa:2a:fd:80:da:4e:26:93:e8:8f:e2:
                    d7:a3:6a:79:88:9e:ef:69:41:f4:a0:ad:5b:52:4c:
                    d9:cf:16:8e:7b:99:40:33:05:7f:6c:78:e4:14:d7:
                    47:4a:e4:40:f9:40:8f:6d:72:1d:b0:a7:fa:d0:87:
                    14:9e:54:85:00:57:3d:3c:ca:c2:19:0c:f2:d9:00:
                    71:e0:27:7d:f3:0a:d9:16:89:50:bc:a8:ca:bb:93:
                    39:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:54:5F:4E:9A:7C:28:C1:A5:EF:BC:06:3B:B5:17:6E:08:41:D4:C8
            X509v3 Authority Key Identifier:
                keyid:82:E0:14:F1:C8:CA:39:66:A9:3E:F3:9D:BC:61:2D:AA:C0:D8:3D:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/guAU8cjKOWapPvOdvGEtqsDYPcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8fa78f-1d73-4c5a-9e0b-66d80ed09bc7/1/dlRfTpp8KMGl77wGO7UXbghB1Mg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8fa78f-1d73-4c5a-9e0b-66d80ed09bc7/1/guAU8cjKOWapPvOdvGEtqsDYPcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.56.124.0-194.56.126.255

    Signature Algorithm: sha256WithRSAEncryption
         3d:16:a1:6e:9e:9f:f5:e6:6a:d4:b1:c3:6d:e7:a9:f8:6f:51:
         64:69:39:35:20:34:35:61:7e:8d:84:40:8e:f3:52:4a:4b:71:
         2f:33:b1:a5:e3:b8:a4:e4:59:6a:44:e7:00:8c:a6:e0:72:57:
         be:fe:00:13:79:27:3b:3c:05:dc:83:de:b6:ab:0d:13:c1:12:
         8a:6f:67:8b:f3:70:0a:4e:cc:a4:2a:0c:ba:7e:62:b4:a7:cf:
         20:ec:f8:57:33:2d:13:82:0b:1d:31:8a:5a:21:4f:25:2b:d1:
         52:3c:15:07:c9:c3:2f:c9:71:25:ea:3e:44:8e:04:9d:4e:36:
         2b:fa:57:26:33:ff:ce:85:d6:d8:0a:90:92:32:d5:45:ed:11:
         27:5b:82:ea:d3:86:e7:ae:23:bc:da:eb:70:42:59:71:21:dd:
         c5:f0:d4:4a:9e:90:e2:3e:a6:6c:19:11:9e:96:8e:e2:bb:8e:
         f3:d1:b2:1a:5e:85:b2:03:bf:9b:cf:0d:0b:ca:47:9a:9e:76:
         34:43:0e:d8:5d:c2:ef:2f:55:4f:55:af:90:d2:65:17:1d:f4:
         c4:55:13:6b:64:34:6f:28:f8:43:0f:0c:47:20:b9:8d:33:8d:
         c4:2e:36:14:85:88:02:8f:a7:33:97:96:55:bd:b7:66:22:f3:
         fb:21:f1:59
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzFbp+32h9Eln7m65qm8134MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyZTAxNGYxYzhjYTM5NjZhOTNlZjM5ZGJjNjEyZGFhYzBk
ODNkYzAwHhcNMjQwMTAxMTQzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjU0NWY0ZTlhN2MyOGMxYTVlZmJjMDYzYmI1MTc2ZTA4NDFkNGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAogTn/GDItvE/dTcvZAqglhldDv8A
u4rWGX92JAGswtQfWrttGPYSp81l5pbvG7pkb3WL1I7zOhF5DHY2yQzNYYZRCBLb
fjv/UXfv3Fk9+Cx8sTbQdVPn/a8eVyhENlYmCckwbO2/ra9+WVwEnw8hwCsnTG0p
dy7MUzIiTZVT7ri4JPlfkhpH53/mdyFT5wdgLvjEyVd4K2/+rvxiFghY1bvgZcyq
Xhno+ir9gNpOJpPoj+LXo2p5iJ7vaUH0oK1bUkzZzxaOe5lAMwV/bHjkFNdHSuRA
+UCPbXIdsKf60IcUnlSFAFc9PMrCGQzy2QBx4Cd98wrZFolQvKjKu5M5NwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHZUX06afCjBpe+8Bju1F24IQdTIMB8GA1UdIwQY
MBaAFILgFPHIyjlmqT7znbxhLarA2D3AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3VBVThjaktPV2FwUHZPZHZHRXRxc0RZUGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84ZmE3OGYtMWQ3My00YzVhLTllMGIt
NjZkODBlZDA5YmM3LzEvZGxSZlRwcDhLTUdsNzd3R083VVhiZ2hCMU1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84ZmE3OGYtMWQ3My00YzVhLTllMGItNjZkODBlZDA5YmM3
LzEvZ3VBVThjaktPV2FwUHZPZHZHRXRxc0RZUGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBALCOHwD
BADCOH4wDQYJKoZIhvcNAQELBQADggEBAD0WoW6en/XmatSxw23nqfhvUWRpOTUg
NDVhfo2EQI7zUkpLcS8zsaXjuKTkWWpE5wCMpuByV77+ABN5Jzs8BdyD3rarDRPB
EopvZ4vzcApOzKQqDLp+YrSnzyDs+FczLROCCx0xilohTyUr0VI8FQfJwy/JcSXq
PkSOBJ1ONiv6VyYz/86F1tgKkJIy1UXtESdbgurThueuI7za63BCWXEh3cXw1Eqe
kOI+pmwZEZ6WjuK7jvPRshpehbIDv5vPDQvKR5qedjRDDthdwu8vVU9Vr5DSZRcd
9MRVE2tkNG8o+EMPDEcguY0zjcQuNhSFiAKPpzOXllW9t2Yi8/sh8Vk=
-----END CERTIFICATE-----