Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/6118f4-ca11-458d-bc60-11828e0e427b/1/_8MqzUpXHFtvS_-aapsPkkgm398.roa
File:                     _8MqzUpXHFtvS_-aapsPkkgm398.roa (raw, json)
Hash identifier:          aG5nioCsyMWLKMP0LPCoEcRC1BNgh3TKNat+pOR4YYw=
Subject key identifier:   FF:C3:2A:CD:4A:57:1C:5B:6F:4B:FF:9A:6A:9B:0F:92:48:26:DF:DF
Certificate issuer:       /CN=144b315ae0f24c891fca18456c66917792af165e
Certificate serial:       018CCA28F3C55D4E0C30F8FA3DDF8A4ABC1C
Authority key identifier: 14:4B:31:5A:E0:F2:4C:89:1F:CA:18:45:6C:66:91:77:92:AF:16:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FEsxWuDyTIkfyhhFbGaRd5KvFl4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/6118f4-ca11-458d-bc60-11828e0e427b/1/_8MqzUpXHFtvS_-aapsPkkgm398.roa
Signing time:             Tue 02 Jan 2024 12:32:10 +0000
ROA not before:           Tue 02 Jan 2024 12:32:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8412
IP address blocks:        194.113.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/6118f4-ca11-458d-bc60-11828e0e427b/1/FEsxWuDyTIkfyhhFbGaRd5KvFl4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/6118f4-ca11-458d-bc60-11828e0e427b/1/FEsxWuDyTIkfyhhFbGaRd5KvFl4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FEsxWuDyTIkfyhhFbGaRd5KvFl4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 01:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:f3:c5:5d:4e:0c:30:f8:fa:3d:df:8a:4a:bc:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=144b315ae0f24c891fca18456c66917792af165e
        Validity
            Not Before: Jan  2 12:32:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ffc32acd4a571c5b6f4bff9a6a9b0f924826dfdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:c2:b7:81:ef:8b:36:28:d4:bf:70:88:37:eb:
                    ba:d4:e5:18:5e:8f:69:39:fe:a4:bc:98:30:13:ab:
                    8a:a4:3d:33:8f:d6:d0:86:cd:ed:79:1e:c4:0c:69:
                    00:7e:c6:98:40:24:d6:a2:33:01:48:23:a5:c7:24:
                    3d:0b:53:7f:c2:39:c2:7e:ec:fc:b6:b6:2c:96:e7:
                    64:13:db:cb:43:51:60:45:c7:98:18:6d:62:12:9e:
                    8e:99:e7:9b:40:94:00:41:f7:23:c8:0b:73:97:5b:
                    c7:80:99:e7:c6:94:40:b6:8d:2d:88:23:46:29:7f:
                    92:de:2f:6d:a1:4b:22:db:6b:f9:14:79:38:e5:95:
                    cb:51:2f:4a:83:e0:36:6d:f3:5b:41:57:85:bc:97:
                    e7:24:ee:0f:ab:cd:a2:1e:03:d5:b7:83:35:46:e8:
                    20:6b:b1:bc:77:1e:a1:9d:d6:51:01:e6:ac:02:14:
                    dd:c1:04:c1:52:d8:08:f3:20:27:fa:9e:a5:38:d0:
                    ba:80:f4:da:99:b5:c0:87:06:a3:6a:a7:ce:78:03:
                    80:e7:f7:c0:14:58:0d:64:c6:3b:3f:f3:05:40:07:
                    b1:a1:ae:27:0a:4f:22:95:10:7e:b4:c2:f6:c0:51:
                    60:7d:1d:5f:51:c0:b2:52:82:78:73:03:17:6f:3d:
                    9a:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:C3:2A:CD:4A:57:1C:5B:6F:4B:FF:9A:6A:9B:0F:92:48:26:DF:DF
            X509v3 Authority Key Identifier:
                keyid:14:4B:31:5A:E0:F2:4C:89:1F:CA:18:45:6C:66:91:77:92:AF:16:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FEsxWuDyTIkfyhhFbGaRd5KvFl4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/6118f4-ca11-458d-bc60-11828e0e427b/1/_8MqzUpXHFtvS_-aapsPkkgm398.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/6118f4-ca11-458d-bc60-11828e0e427b/1/FEsxWuDyTIkfyhhFbGaRd5KvFl4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.113.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:f7:b3:65:25:0f:db:11:d9:e4:e9:1b:ef:c9:22:ba:73:3f:
         b3:3c:28:e9:f6:df:90:1c:3f:f4:4d:f7:7b:fc:ab:be:87:7c:
         08:61:f5:7f:6f:6d:26:be:bb:3a:ec:89:7b:1c:bf:df:b8:9c:
         69:ee:d5:80:05:4e:7c:37:fd:e9:09:70:14:9d:7f:62:77:45:
         35:69:6f:d4:c2:ab:3a:78:ac:7e:65:81:93:57:17:07:bf:f3:
         fc:f5:d3:58:08:86:d2:5f:75:50:59:84:30:0d:74:b0:bc:1d:
         5e:52:e0:45:f4:74:9f:b5:b1:a6:d5:66:f9:03:58:ba:96:d6:
         98:47:71:3e:96:5c:e9:63:a6:a6:40:61:d6:cb:63:2f:47:8a:
         40:3d:92:e8:23:a2:a5:dc:fa:d0:df:b4:0c:e5:8a:16:4c:4a:
         90:1d:60:85:ab:79:30:49:e2:e4:12:4e:98:0c:96:2a:4b:d7:
         db:9d:f0:67:68:0b:d5:9c:ff:54:b4:f6:cc:e6:04:b3:ee:37:
         a5:30:5f:9c:45:c6:3f:00:d4:e5:42:6f:dc:81:05:38:f1:74:
         03:04:37:05:ab:dc:39:af:bb:f5:4f:de:95:dc:61:21:ee:bc:
         c6:1e:ca:e1:0f:9a:6b:ce:be:7d:89:0d:35:9d:c0:73:b5:4a:
         49:79:ca:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKPPFXU4MMPj6Pd+KSrwcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0NGIzMTVhZTBmMjRjODkxZmNhMTg0NTZjNjY5MTc3OTJh
ZjE2NWUwHhcNMjQwMTAyMTIzMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmMzMmFjZDRhNTcxYzViNmY0YmZmOWE2YTliMGY5MjQ4MjZkZmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhMK3ge+LNijUv3CIN+u61OUYXo9p
Of6kvJgwE6uKpD0zj9bQhs3teR7EDGkAfsaYQCTWojMBSCOlxyQ9C1N/wjnCfuz8
trYsludkE9vLQ1FgRceYGG1iEp6OmeebQJQAQfcjyAtzl1vHgJnnxpRAto0tiCNG
KX+S3i9toUsi22v5FHk45ZXLUS9Kg+A2bfNbQVeFvJfnJO4Pq82iHgPVt4M1Rugg
a7G8dx6hndZRAeasAhTdwQTBUtgI8yAn+p6lONC6gPTambXAhwajaqfOeAOA5/fA
FFgNZMY7P/MFQAexoa4nCk8ilRB+tML2wFFgfR1fUcCyUoJ4cwMXbz2aWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP/DKs1KVxxbb0v/mmqbD5JIJt/fMB8GA1UdIwQY
MBaAFBRLMVrg8kyJH8oYRWxmkXeSrxZeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkVzeFd1RHlUSWtmeWhoRmJHYVJkNUt2Rmw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC82MTE4ZjQtY2ExMS00NThkLWJjNjAt
MTE4MjhlMGU0MjdiLzEvXzhNcXpVcFhIRnR2U18tYWFwc1Bra2dtMzk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC82MTE4ZjQtY2ExMS00NThkLWJjNjAtMTE4MjhlMGU0Mjdi
LzEvRkVzeFd1RHlUSWtmeWhoRmJHYVJkNUt2Rmw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnGaMA0G
CSqGSIb3DQEBCwUAA4IBAQAV97NlJQ/bEdnk6RvvySK6cz+zPCjp9t+QHD/0Tfd7
/Ku+h3wIYfV/b20mvrs67Il7HL/fuJxp7tWABU58N/3pCXAUnX9id0U1aW/Uwqs6
eKx+ZYGTVxcHv/P89dNYCIbSX3VQWYQwDXSwvB1eUuBF9HSftbGm1Wb5A1i6ltaY
R3E+llzpY6amQGHWy2MvR4pAPZLoI6Kl3PrQ37QM5YoWTEqQHWCFq3kwSeLkEk6Y
DJYqS9fbnfBnaAvVnP9UtPbM5gSz7jelMF+cRcY/ANTlQm/cgQU48XQDBDcFq9w5
r7v1T96V3GEh7rzGHsrhD5przr59iQ01ncBztUpJecrU
-----END CERTIFICATE-----