Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/oBUjn1vUx5QNyjAsP4tRvgfNqKA.roa
File:                     oBUjn1vUx5QNyjAsP4tRvgfNqKA.roa (raw, json)
Hash identifier:          Jk56SS51sp8zLVNOaNWyMezRik+fN8R7RJPCbSqTVh4=
Subject key identifier:   A0:15:23:9F:5B:D4:C7:94:0D:CA:30:2C:3F:8B:51:BE:07:CD:A8:A0
Certificate issuer:       /CN=8b82433ffe94bf3536fec327543d396158202072
Certificate serial:       018CC425542C3BB35E24CCBC0598B2E02C51
Authority key identifier: 8B:82:43:3F:FE:94:BF:35:36:FE:C3:27:54:3D:39:61:58:20:20:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i4JDP_6UvzU2_sMnVD05YVggIHI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/oBUjn1vUx5QNyjAsP4tRvgfNqKA.roa
Signing time:             Mon 01 Jan 2024 08:30:29 +0000
ROA not before:           Mon 01 Jan 2024 08:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57314
IP address blocks:        94.141.116.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/i4JDP_6UvzU2_sMnVD05YVggIHI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/i4JDP_6UvzU2_sMnVD05YVggIHI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i4JDP_6UvzU2_sMnVD05YVggIHI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:54:2c:3b:b3:5e:24:cc:bc:05:98:b2:e0:2c:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b82433ffe94bf3536fec327543d396158202072
        Validity
            Not Before: Jan  1 08:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a015239f5bd4c7940dca302c3f8b51be07cda8a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:c9:87:e5:ec:dd:8b:cd:68:39:9a:e0:de:dd:
                    27:ec:dc:f8:01:31:e4:3b:74:df:f4:53:30:21:d5:
                    dc:8c:f9:e9:6a:01:62:8c:d0:b8:a0:5b:03:88:cb:
                    49:ad:5f:90:24:75:1c:30:80:b8:8b:ae:8c:01:ae:
                    d4:cf:f4:20:5c:8e:32:51:e2:5e:3b:f8:8b:53:a9:
                    04:e3:0d:e1:58:94:e2:c0:47:e3:5e:13:ed:f2:09:
                    46:23:b1:9e:03:28:a6:09:1f:8e:96:86:c4:90:86:
                    c6:aa:11:05:49:2b:30:86:df:47:cd:00:4a:af:c1:
                    d3:3a:dd:e8:fd:2c:53:f2:25:af:ba:a1:84:0e:5c:
                    e7:d4:52:ec:20:df:be:47:f2:93:13:1b:ee:c2:0d:
                    ba:54:6b:20:eb:ef:3f:3b:86:d0:a5:4f:bd:d6:5f:
                    87:72:7e:4c:45:55:98:bb:1e:b9:f5:49:da:4d:d5:
                    91:69:28:fe:fe:90:c7:51:b4:61:2e:7e:b2:90:de:
                    49:da:e8:f7:01:35:15:96:ac:ea:f3:ed:02:63:4a:
                    92:7d:d6:ff:f8:39:92:ec:90:ce:ff:f1:d8:a8:0d:
                    c2:9e:bf:07:69:fe:7b:75:48:07:2a:3d:22:ef:59:
                    95:78:fe:8f:e3:68:9f:a5:bb:8b:a3:ac:68:ba:3b:
                    be:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:15:23:9F:5B:D4:C7:94:0D:CA:30:2C:3F:8B:51:BE:07:CD:A8:A0
            X509v3 Authority Key Identifier:
                keyid:8B:82:43:3F:FE:94:BF:35:36:FE:C3:27:54:3D:39:61:58:20:20:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i4JDP_6UvzU2_sMnVD05YVggIHI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/oBUjn1vUx5QNyjAsP4tRvgfNqKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/i4JDP_6UvzU2_sMnVD05YVggIHI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.141.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3c:bf:09:e2:39:99:b0:a9:ff:2c:3d:f4:54:7c:95:10:68:0b:
         ef:ac:7a:9b:86:40:86:d3:af:fb:54:f3:30:48:89:24:8d:69:
         12:98:e1:73:71:e3:ef:52:68:d0:1a:9a:a8:b9:f1:3b:db:2b:
         25:01:fe:ff:c9:30:6a:76:c7:f4:9a:04:60:99:3b:6f:3e:17:
         11:a3:2e:2f:4d:10:97:e3:74:be:2f:ab:71:42:8d:04:c2:29:
         2e:e1:3b:05:b6:85:3b:72:20:43:e4:d3:96:ec:0e:5a:0d:5f:
         52:82:21:bd:e8:31:31:16:44:b4:92:94:fd:34:15:79:00:07:
         70:32:c6:eb:b1:24:f9:cd:6f:bc:a7:f4:9e:fe:0e:2c:0c:0a:
         55:b0:10:5a:e3:e1:1f:99:1d:28:44:e4:3d:d8:9f:47:20:83:
         74:f5:9f:7a:da:69:64:52:ff:eb:a3:cd:36:4f:d2:17:98:37:
         e3:08:16:b9:f9:19:06:d1:a8:c8:e3:8a:01:28:7f:3a:2c:0c:
         81:33:29:00:33:4c:6d:ae:d6:f7:1c:69:69:45:fe:3f:d3:be:
         86:62:5a:72:a0:2b:a8:ad:ec:4c:ec:e4:68:ae:6c:cc:92:3b:
         af:db:5b:53:93:b8:67:65:61:93:26:92:19:48:3d:55:b3:11:
         2c:0f:05:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJVQsO7NeJMy8BZiy4CxRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiODI0MzNmZmU5NGJmMzUzNmZlYzMyNzU0M2QzOTYxNTgy
MDIwNzIwHhcNMjQwMTAxMDgzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDE1MjM5ZjViZDRjNzk0MGRjYTMwMmMzZjhiNTFiZTA3Y2RhOGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncmH5ezdi81oOZrg3t0n7Nz4ATHk
O3Tf9FMwIdXcjPnpagFijNC4oFsDiMtJrV+QJHUcMIC4i66MAa7Uz/QgXI4yUeJe
O/iLU6kE4w3hWJTiwEfjXhPt8glGI7GeAyimCR+OlobEkIbGqhEFSSswht9HzQBK
r8HTOt3o/SxT8iWvuqGEDlzn1FLsIN++R/KTExvuwg26VGsg6+8/O4bQpU+91l+H
cn5MRVWYux659UnaTdWRaSj+/pDHUbRhLn6ykN5J2uj3ATUVlqzq8+0CY0qSfdb/
+DmS7JDO//HYqA3Cnr8Haf57dUgHKj0i71mVeP6P42ifpbuLo6xouju+XwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKAVI59b1MeUDcowLD+LUb4HzaigMB8GA1UdIwQY
MBaAFIuCQz/+lL81Nv7DJ1Q9OWFYICByMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTRKRFBfNlV2elUyX3NNblZEMDVZVmdnSUhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9mNTU5M2QtNjg5Yy00ZGZlLThkOTYt
MmRkNzg5MGRjNjg5LzEvb0JVam4xdlV4NVFOeWpBc1A0dFJ2Z2ZOcUtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9mNTU5M2QtNjg5Yy00ZGZlLThkOTYtMmRkNzg5MGRjNjg5
LzEvaTRKRFBfNlV2elUyX3NNblZEMDVZVmdnSUhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXo10MA0G
CSqGSIb3DQEBCwUAA4IBAQA8vwniOZmwqf8sPfRUfJUQaAvvrHqbhkCG06/7VPMw
SIkkjWkSmOFzcePvUmjQGpqoufE72yslAf7/yTBqdsf0mgRgmTtvPhcRoy4vTRCX
43S+L6txQo0Ewiku4TsFtoU7ciBD5NOW7A5aDV9SgiG96DExFkS0kpT9NBV5AAdw
MsbrsST5zW+8p/Se/g4sDApVsBBa4+EfmR0oROQ92J9HIIN09Z962mlkUv/ro802
T9IXmDfjCBa5+RkG0ajI44oBKH86LAyBMykAM0xtrtb3HGlpRf4/076GYlpyoCuo
rexM7ORormzMkjuv21tTk7hnZWGTJpIZSD1VsxEsDwWN
-----END CERTIFICATE-----