Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/L8UaWFb5vqdkpKCuJLcHMb6Jihw.roa
File:                     L8UaWFb5vqdkpKCuJLcHMb6Jihw.roa (raw, json)
Hash identifier:          LC3f9iOfOEspraN/khVI/sHblDlqbrMu1tqz7y7WjiU=
Subject key identifier:   2F:C5:1A:58:56:F9:BE:A7:64:A4:A0:AE:24:B7:07:31:BE:89:8A:1C
Certificate issuer:       /CN=583d76051017d0afa915fcfb790a00f4667b0a88
Certificate serial:       018CCA2B7C9CE578CEFFE8D51A71D692A86C
Authority key identifier: 58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/L8UaWFb5vqdkpKCuJLcHMb6Jihw.roa
Signing time:             Tue 02 Jan 2024 12:34:56 +0000
ROA not before:           Tue 02 Jan 2024 12:34:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5542
IP address blocks:        194.225.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:7c:9c:e5:78:ce:ff:e8:d5:1a:71:d6:92:a8:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=583d76051017d0afa915fcfb790a00f4667b0a88
        Validity
            Not Before: Jan  2 12:34:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2fc51a5856f9bea764a4a0ae24b70731be898a1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:f1:fb:44:97:e1:6f:9c:73:3c:a1:9c:78:7f:
                    3e:b9:5f:1e:3a:4d:1c:38:3b:4e:6e:c4:45:c7:f5:
                    63:27:0b:98:2b:08:16:1c:f3:f7:cf:93:0c:0f:3d:
                    17:4f:33:e3:80:7d:f7:3a:30:bf:8a:94:af:b9:c7:
                    56:b6:98:8b:b3:e0:a0:de:af:5d:c5:f4:3e:c5:4f:
                    f1:cb:1b:0f:7c:65:56:c7:47:8e:e0:78:14:5b:50:
                    8c:de:ca:cd:88:d1:a6:e9:31:2f:ca:d1:78:0d:df:
                    24:b5:3f:10:5d:75:a9:46:15:98:85:a0:23:e1:41:
                    4e:20:17:c5:c4:93:c6:8b:7d:c8:34:a6:1c:80:4a:
                    7b:e5:35:81:80:f0:a7:d6:f2:c0:ad:27:7b:ee:a6:
                    57:46:cb:46:89:de:28:d6:77:ad:3d:d3:cf:4a:48:
                    a3:83:e8:b1:67:bf:6a:9b:0e:bf:87:e8:70:6a:dc:
                    81:16:95:aa:19:4f:7e:18:05:b9:79:89:3f:27:e1:
                    82:5c:9a:4d:63:5a:1b:2d:71:80:23:6a:25:37:34:
                    bd:a0:70:23:00:eb:b6:8a:e2:fd:e6:e0:fe:51:42:
                    c7:9a:48:ca:b1:48:14:a6:7c:0c:e6:ef:70:aa:51:
                    18:95:6d:21:97:83:eb:6a:a8:83:bb:dc:c9:10:c7:
                    53:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:C5:1A:58:56:F9:BE:A7:64:A4:A0:AE:24:B7:07:31:BE:89:8A:1C
            X509v3 Authority Key Identifier:
                keyid:58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/L8UaWFb5vqdkpKCuJLcHMb6Jihw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.225.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:18:34:2f:2c:84:ce:1a:62:84:2a:00:1e:6b:37:40:f7:18:
         64:ea:85:84:98:56:9e:2e:a4:fa:9e:58:22:5b:47:db:b5:92:
         bd:bc:b7:b1:e1:87:30:18:fd:c5:53:8a:6a:13:80:11:a4:22:
         ed:0d:dd:bf:6a:d3:ea:a9:32:18:b9:c6:77:2c:83:e2:13:03:
         ca:48:a3:27:e7:09:78:65:ca:13:15:8c:62:13:15:6b:17:aa:
         f5:ad:16:81:bd:f4:00:66:7d:99:90:4b:b4:4e:b2:89:f4:18:
         39:77:c0:ec:ac:51:b5:c2:02:dc:d1:ed:29:25:e0:29:ea:ef:
         31:a3:76:14:4b:99:80:12:31:2a:bb:6d:0b:2e:f2:e2:d3:2d:
         fc:24:64:fb:48:6d:ae:96:d2:c5:a3:ef:32:83:ac:9e:68:d9:
         11:c3:0c:b9:b7:73:d3:75:d4:ea:c8:6c:c5:a2:62:6e:36:8f:
         d3:06:73:ca:f8:a9:a0:3a:67:a3:ff:30:2d:76:12:6d:ae:21:
         12:6e:8b:9e:97:d6:62:96:8d:ea:0b:b1:ab:e4:2a:47:20:66:
         f8:93:27:95:ad:1d:4f:5a:32:12:be:5e:3b:7a:e5:60:5a:a6:
         a1:32:d0:9a:18:1b:9e:b8:22:86:54:16:d9:d7:de:b8:c6:90:
         73:6d:ea:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK3yc5XjO/+jVGnHWkqhsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4M2Q3NjA1MTAxN2QwYWZhOTE1ZmNmYjc5MGEwMGY0NjY3
YjBhODgwHhcNMjQwMTAyMTIzNDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmM1MWE1ODU2ZjliZWE3NjRhNGEwYWUyNGI3MDczMWJlODk4YTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPH7RJfhb5xzPKGceH8+uV8eOk0c
ODtObsRFx/VjJwuYKwgWHPP3z5MMDz0XTzPjgH33OjC/ipSvucdWtpiLs+Cg3q9d
xfQ+xU/xyxsPfGVWx0eO4HgUW1CM3srNiNGm6TEvytF4Dd8ktT8QXXWpRhWYhaAj
4UFOIBfFxJPGi33INKYcgEp75TWBgPCn1vLArSd77qZXRstGid4o1netPdPPSkij
g+ixZ79qmw6/h+hwatyBFpWqGU9+GAW5eYk/J+GCXJpNY1obLXGAI2olNzS9oHAj
AOu2iuL95uD+UULHmkjKsUgUpnwM5u9wqlEYlW0hl4PraqiDu9zJEMdTrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC/FGlhW+b6nZKSgriS3BzG+iYocMB8GA1UdIwQY
MBaAFFg9dgUQF9CvqRX8+3kKAPRmewqIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGIt
ZGE2MTUzODg1ZjNiLzEvTDhVYVdGYjV2cWRrcEtDdUpMY0hNYjZKaWh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGItZGE2MTUzODg1ZjNi
LzEvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwuFNMA0G
CSqGSIb3DQEBCwUAA4IBAQBBGDQvLITOGmKEKgAeazdA9xhk6oWEmFaeLqT6nlgi
W0fbtZK9vLex4YcwGP3FU4pqE4ARpCLtDd2/atPqqTIYucZ3LIPiEwPKSKMn5wl4
ZcoTFYxiExVrF6r1rRaBvfQAZn2ZkEu0TrKJ9Bg5d8DsrFG1wgLc0e0pJeAp6u8x
o3YUS5mAEjEqu20LLvLi0y38JGT7SG2ultLFo+8yg6yeaNkRwwy5t3PTddTqyGzF
omJuNo/TBnPK+KmgOmej/zAtdhJtriESbouel9Zilo3qC7Gr5CpHIGb4kyeVrR1P
WjISvl47euVgWqahMtCaGBueuCKGVBbZ1964xpBzbeqw
-----END CERTIFICATE-----