Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/70e678-8495-46ae-96d7-29c5176902c6/1/_1fKfa8fKrl7Lq7MQXrJmdWZ13Y.roa
File:                     _1fKfa8fKrl7Lq7MQXrJmdWZ13Y.roa (raw, json)
Hash identifier:          GtCIUsdgAoX7wYfrFDvHu5EFFO6qvW/Dh4HsQMgbr3s=
Subject key identifier:   FF:57:CA:7D:AF:1F:2A:B9:7B:2E:AE:CC:41:7A:C9:99:D5:99:D7:76
Certificate issuer:       /CN=8ae4b93feb71dde2823b70c7dbb79e0f99b56c1b
Certificate serial:       018E0845AFBA86987644445DCFDE196474C3
Authority key identifier: 8A:E4:B9:3F:EB:71:DD:E2:82:3B:70:C7:DB:B7:9E:0F:99:B5:6C:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iuS5P-tx3eKCO3DH27eeD5m1bBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/70e678-8495-46ae-96d7-29c5176902c6/1/_1fKfa8fKrl7Lq7MQXrJmdWZ13Y.roa
Signing time:             Mon 04 Mar 2024 07:02:48 +0000
ROA not before:           Mon 04 Mar 2024 07:02:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199162
IP address blocks:        194.180.6.0/23 maxlen: 23
                          194.180.6.0/24 maxlen: 24
                          194.180.7.0/24 maxlen: 24
                          2a13:da80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/70e678-8495-46ae-96d7-29c5176902c6/1/iuS5P-tx3eKCO3DH27eeD5m1bBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/70e678-8495-46ae-96d7-29c5176902c6/1/iuS5P-tx3eKCO3DH27eeD5m1bBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iuS5P-tx3eKCO3DH27eeD5m1bBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:08:45:af:ba:86:98:76:44:44:5d:cf:de:19:64:74:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ae4b93feb71dde2823b70c7dbb79e0f99b56c1b
        Validity
            Not Before: Mar  4 07:02:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff57ca7daf1f2ab97b2eaecc417ac999d599d776
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:8d:6e:0f:d0:54:6b:8f:2a:c8:b7:cc:f3:4e:
                    94:70:48:54:db:a0:be:26:18:7f:5a:34:6c:01:91:
                    5d:e7:d3:21:99:76:16:51:aa:ad:2e:9f:db:93:b9:
                    34:48:81:de:0f:5c:93:a4:9c:63:73:ae:ff:7c:ba:
                    bc:93:70:91:bd:f2:fc:75:f7:d1:c5:ff:50:1b:62:
                    85:24:70:55:c7:22:0e:f7:1c:7f:56:0b:24:64:96:
                    13:18:e5:31:93:c1:96:1b:d9:85:79:80:3a:45:02:
                    a2:21:75:fe:06:23:22:a5:3d:b7:45:30:19:10:81:
                    03:20:ab:2b:15:06:86:d0:b9:93:41:ce:91:55:a3:
                    3d:18:9e:83:63:ec:55:6b:1f:1c:f2:ba:d0:8b:4c:
                    f3:b7:d1:50:76:a1:b2:2b:39:75:48:8f:01:e5:c6:
                    e3:cc:d0:1a:eb:dd:e8:f9:93:4f:da:b3:99:b4:fb:
                    fd:db:ec:71:65:cf:8e:ae:fb:b0:76:bb:a2:b0:67:
                    e6:cf:9f:79:c4:54:e5:e3:6e:c6:5c:06:38:a9:85:
                    c4:d8:75:70:fd:44:8d:40:4f:94:75:29:20:e1:41:
                    2e:6a:4e:c9:c7:9f:5c:a5:ee:4c:11:68:3d:13:5f:
                    9a:99:25:9b:70:13:d6:40:52:36:b8:7a:23:30:12:
                    ca:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:57:CA:7D:AF:1F:2A:B9:7B:2E:AE:CC:41:7A:C9:99:D5:99:D7:76
            X509v3 Authority Key Identifier:
                keyid:8A:E4:B9:3F:EB:71:DD:E2:82:3B:70:C7:DB:B7:9E:0F:99:B5:6C:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iuS5P-tx3eKCO3DH27eeD5m1bBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/70e678-8495-46ae-96d7-29c5176902c6/1/_1fKfa8fKrl7Lq7MQXrJmdWZ13Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/70e678-8495-46ae-96d7-29c5176902c6/1/iuS5P-tx3eKCO3DH27eeD5m1bBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.180.6.0/23
                IPv6:
                  2a13:da80::/29

    Signature Algorithm: sha256WithRSAEncryption
         0e:90:08:0b:2c:7e:85:c1:47:33:cd:7e:54:c8:46:52:ae:0f:
         e2:22:e5:5d:37:27:25:88:ba:cf:15:0b:3a:d2:43:5b:01:e6:
         ac:91:a4:4f:da:10:9a:62:95:05:d2:3c:a1:c6:ad:a5:76:74:
         43:ed:46:5a:18:40:f8:3c:ec:10:4b:3b:9b:e1:93:f9:00:1e:
         9e:cb:0b:5d:65:90:15:f8:b0:6b:fc:52:05:cc:85:8a:e2:90:
         8a:f0:62:3d:dd:cb:20:1b:0a:0e:1d:31:db:c7:c9:52:41:2c:
         53:9d:f3:25:71:79:51:3d:75:5d:ce:24:cd:f9:79:82:5f:21:
         e2:99:f8:0f:08:fc:48:a0:31:e7:21:e4:49:e6:db:20:16:0b:
         e0:43:dd:31:33:4d:0c:f9:92:db:96:1d:86:6a:93:5f:3d:a0:
         2c:79:7a:56:7c:4e:5b:59:bc:f3:ad:2f:99:84:d3:1d:4e:16:
         9c:24:70:bc:d8:b7:11:99:a8:49:92:04:27:e0:f4:bd:39:e7:
         89:45:07:f9:45:78:c4:9d:58:09:d5:ce:e2:9f:20:55:b1:7b:
         48:7c:31:ca:d3:d4:30:2c:2a:28:3c:dd:df:7a:43:b0:e4:27:
         e6:b8:9e:d9:95:31:79:2b:9c:23:2f:a5:9b:f8:4e:19:e0:48:
         55:f8:94:12
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY4IRa+6hph2RERdz94ZZHTDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhZTRiOTNmZWI3MWRkZTI4MjNiNzBjN2RiYjc5ZTBmOTli
NTZjMWIwHhcNMjQwMzA0MDcwMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjU3Y2E3ZGFmMWYyYWI5N2IyZWFlY2M0MTdhYzk5OWQ1OTlkNzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Y1uD9BUa48qyLfM806UcEhU26C+
Jhh/WjRsAZFd59MhmXYWUaqtLp/bk7k0SIHeD1yTpJxjc67/fLq8k3CRvfL8dffR
xf9QG2KFJHBVxyIO9xx/VgskZJYTGOUxk8GWG9mFeYA6RQKiIXX+BiMipT23RTAZ
EIEDIKsrFQaG0LmTQc6RVaM9GJ6DY+xVax8c8rrQi0zzt9FQdqGyKzl1SI8B5cbj
zNAa693o+ZNP2rOZtPv92+xxZc+OrvuwdruisGfmz595xFTl427GXAY4qYXE2HVw
/USNQE+UdSkg4UEuak7Jx59cpe5MEWg9E1+amSWbcBPWQFI2uHojMBLKowIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFP9Xyn2vHyq5ey6uzEF6yZnVmdd2MB8GA1UdIwQY
MBaAFIrkuT/rcd3igjtwx9u3ng+ZtWwbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXVTNVAtdHgzZUtDTzNESDI3ZWVENW0xYkJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC83MGU2NzgtODQ5NS00NmFlLTk2ZDct
MjljNTE3NjkwMmM2LzEvXzFmS2ZhOGZLcmw3THE3TVFYckptZFdaMTNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC83MGU2NzgtODQ5NS00NmFlLTk2ZDctMjljNTE3NjkwMmM2
LzEvaXVTNVAtdHgzZUtDTzNESDI3ZWVENW0xYkJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBwrQGMA0E
AgACMAcDBQMqE9qAMA0GCSqGSIb3DQEBCwUAA4IBAQAOkAgLLH6FwUczzX5UyEZS
rg/iIuVdNycliLrPFQs60kNbAeaskaRP2hCaYpUF0jyhxq2ldnRD7UZaGED4POwQ
Szub4ZP5AB6eywtdZZAV+LBr/FIFzIWK4pCK8GI93csgGwoOHTHbx8lSQSxTnfMl
cXlRPXVdziTN+XmCXyHimfgPCPxIoDHnIeRJ5tsgFgvgQ90xM00M+ZLblh2GapNf
PaAseXpWfE5bWbzzrS+ZhNMdThacJHC82LcRmahJkgQn4PS9OeeJRQf5RXjEnVgJ
1c7inyBVsXtIfDHK09QwLCooPN3fekOw5CfmuJ7ZlTF5K5wjL6Wb+E4Z4EhV+JQS
-----END CERTIFICATE-----