Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/aca912-9e8d-4749-95e0-fea0aff359f5/1/7V80gchO40kHwSQtmzPVEfGWdH0.roa
File:                     7V80gchO40kHwSQtmzPVEfGWdH0.roa (raw, json)
Hash identifier:          2dMoKXafSLaFQZtT94v5PGoqwyf8oxnEBdbP1HzBgHc=
Subject key identifier:   ED:5F:34:81:C8:4E:E3:49:07:C1:24:2D:9B:33:D5:11:F1:96:74:7D
Certificate issuer:       /CN=643e1ba91c569a8b21a6d2d67f5dbbd6c04e43ea
Certificate serial:       018CC86F7F2E7F6A55B9A1A7AA8F04703ECD
Authority key identifier: 64:3E:1B:A9:1C:56:9A:8B:21:A6:D2:D6:7F:5D:BB:D6:C0:4E:43:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZD4bqRxWmoshptLWf1271sBOQ-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/aca912-9e8d-4749-95e0-fea0aff359f5/1/7V80gchO40kHwSQtmzPVEfGWdH0.roa
Signing time:             Tue 02 Jan 2024 04:29:59 +0000
ROA not before:           Tue 02 Jan 2024 04:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39912
IP address blocks:        194.34.226.0/24 maxlen: 24
                          2a0d:f9c2::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/aca912-9e8d-4749-95e0-fea0aff359f5/1/ZD4bqRxWmoshptLWf1271sBOQ-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/aca912-9e8d-4749-95e0-fea0aff359f5/1/ZD4bqRxWmoshptLWf1271sBOQ-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZD4bqRxWmoshptLWf1271sBOQ-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:7f:2e:7f:6a:55:b9:a1:a7:aa:8f:04:70:3e:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=643e1ba91c569a8b21a6d2d67f5dbbd6c04e43ea
        Validity
            Not Before: Jan  2 04:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed5f3481c84ee34907c1242d9b33d511f196747d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:9c:1d:86:03:90:04:0a:42:5b:0b:69:08:f4:
                    c0:80:d0:70:9d:9b:90:14:79:c4:ff:15:30:3d:01:
                    ea:e8:5e:f7:b5:42:0a:dd:c4:d9:9b:a7:1b:42:3a:
                    de:00:4f:22:86:c5:f7:b2:2f:00:76:fa:2c:ac:f6:
                    b4:76:72:77:0b:8f:98:34:f2:ef:2c:c9:34:f3:2c:
                    85:42:44:ac:62:82:00:9a:04:bb:9a:1a:89:8e:6b:
                    c2:c8:f8:1e:d6:42:28:b7:c8:7d:47:7a:09:fd:05:
                    82:92:43:25:f3:54:3a:f2:81:dc:08:0c:c0:75:2b:
                    97:73:81:ab:73:19:d4:9a:a0:82:aa:9c:71:30:80:
                    5c:43:f2:a1:a9:7e:2c:00:e4:19:63:e1:9d:a7:00:
                    93:a9:0b:1a:fa:9d:f6:db:b2:4a:5d:43:5d:1a:d2:
                    14:12:eb:a9:46:a6:15:6a:f4:69:c4:d8:1e:cf:a8:
                    5b:42:7f:0c:03:28:7d:bb:ef:a0:53:4a:76:4f:00:
                    74:ee:60:78:ff:df:12:9e:32:f6:3b:cc:a1:50:81:
                    af:66:d9:10:5c:8f:31:17:c1:19:96:2c:51:ac:91:
                    ae:3c:4f:3f:b9:d5:96:6e:54:9d:c5:8c:d7:1a:a7:
                    08:bc:33:91:8d:cb:d0:c6:78:6e:b5:e1:ce:2a:18:
                    6c:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:5F:34:81:C8:4E:E3:49:07:C1:24:2D:9B:33:D5:11:F1:96:74:7D
            X509v3 Authority Key Identifier:
                keyid:64:3E:1B:A9:1C:56:9A:8B:21:A6:D2:D6:7F:5D:BB:D6:C0:4E:43:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZD4bqRxWmoshptLWf1271sBOQ-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/aca912-9e8d-4749-95e0-fea0aff359f5/1/7V80gchO40kHwSQtmzPVEfGWdH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/aca912-9e8d-4749-95e0-fea0aff359f5/1/ZD4bqRxWmoshptLWf1271sBOQ-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.34.226.0/24
                IPv6:
                  2a0d:f9c2::/32

    Signature Algorithm: sha256WithRSAEncryption
         10:a3:90:f7:ed:5c:c6:9f:1a:7e:7b:60:d7:5b:54:ba:d9:9f:
         ea:19:45:71:e1:68:74:64:4b:60:dc:1d:f4:a5:12:20:1b:1a:
         4f:c4:76:4b:da:d1:34:ed:d9:a5:0e:b0:a4:9e:0c:6a:24:47:
         23:66:53:ae:60:07:f9:12:2a:44:9f:47:56:a2:1d:79:4d:f4:
         1a:89:d6:ab:9d:8b:5d:6e:46:17:35:0d:29:2e:d3:a5:43:1a:
         8d:fd:ed:0a:45:26:91:0b:dc:5b:98:28:b3:d1:53:b7:6b:aa:
         ce:7c:3f:bb:02:b4:c0:74:ea:29:3b:d8:11:31:b9:ce:37:c1:
         c0:6b:1d:b7:51:94:a6:26:fb:26:9b:f2:6c:58:ea:44:f2:79:
         df:06:dc:54:eb:1f:a3:62:78:28:71:54:51:8c:9f:95:39:1c:
         98:ca:0b:a4:2e:7a:fc:4b:50:c2:00:6c:a3:a3:fd:4a:8b:1a:
         08:24:41:b2:8e:92:2e:5e:ad:da:7a:18:53:a4:6e:e2:48:c2:
         b0:dc:ec:6f:68:32:63:05:af:e8:b0:f6:8d:5b:00:5a:b2:56:
         6a:68:59:5b:f6:6f:3a:67:e1:db:63:e8:99:45:77:a2:e6:48:
         f4:ed:77:09:2e:da:f1:cd:1c:ce:dc:b3:a5:55:1e:1a:61:5a:
         84:09:7b:26
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIb38uf2pVuaGnqo8EcD7NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0M2UxYmE5MWM1NjlhOGIyMWE2ZDJkNjdmNWRiYmQ2YzA0
ZTQzZWEwHhcNMjQwMTAyMDQyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDVmMzQ4MWM4NGVlMzQ5MDdjMTI0MmQ5YjMzZDUxMWYxOTY3NDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhJwdhgOQBApCWwtpCPTAgNBwnZuQ
FHnE/xUwPQHq6F73tUIK3cTZm6cbQjreAE8ihsX3si8AdvosrPa0dnJ3C4+YNPLv
LMk08yyFQkSsYoIAmgS7mhqJjmvCyPge1kIot8h9R3oJ/QWCkkMl81Q68oHcCAzA
dSuXc4GrcxnUmqCCqpxxMIBcQ/KhqX4sAOQZY+GdpwCTqQsa+p3227JKXUNdGtIU
EuupRqYVavRpxNgez6hbQn8MAyh9u++gU0p2TwB07mB4/98SnjL2O8yhUIGvZtkQ
XI8xF8EZlixRrJGuPE8/udWWblSdxYzXGqcIvDORjcvQxnhuteHOKhhsTwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFO1fNIHITuNJB8EkLZsz1RHxlnR9MB8GA1UdIwQY
MBaAFGQ+G6kcVpqLIabS1n9du9bATkPqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkQ0YnFSeFdtb3NocHRMV2YxMjcxc0JPUS1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My9hY2E5MTItOWU4ZC00NzQ5LTk1ZTAt
ZmVhMGFmZjM1OWY1LzEvN1Y4MGdjaE80MGtId1NRdG16UFZFZkdXZEgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My9hY2E5MTItOWU4ZC00NzQ5LTk1ZTAtZmVhMGFmZjM1OWY1
LzEvWkQ0YnFSeFdtb3NocHRMV2YxMjcxc0JPUS1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwiLiMA0E
AgACMAcDBQAqDfnCMA0GCSqGSIb3DQEBCwUAA4IBAQAQo5D37VzGnxp+e2DXW1S6
2Z/qGUVx4Wh0ZEtg3B30pRIgGxpPxHZL2tE07dmlDrCkngxqJEcjZlOuYAf5EipE
n0dWoh15TfQaidarnYtdbkYXNQ0pLtOlQxqN/e0KRSaRC9xbmCiz0VO3a6rOfD+7
ArTAdOopO9gRMbnON8HAax23UZSmJvsmm/JsWOpE8nnfBtxU6x+jYngocVRRjJ+V
ORyYygukLnr8S1DCAGyjo/1KixoIJEGyjpIuXq3aehhTpG7iSMKw3OxvaDJjBa/o
sPaNWwBaslZqaFlb9m86Z+HbY+iZRXei5kj07XcJLtrxzRzO3LOlVR4aYVqECXsm
-----END CERTIFICATE-----