Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/4VC1NHlhgHd5DpZ2mSCEN3qz_1M.roa
File:                     4VC1NHlhgHd5DpZ2mSCEN3qz_1M.roa (raw, json)
Hash identifier:          odXzX8/rxsLm7SAqPx9ucfP+pMsvnN8sWTNTjlCoS+o=
Subject key identifier:   E1:50:B5:34:79:61:80:77:79:0E:96:76:99:20:84:37:7A:B3:FF:53
Certificate issuer:       /CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
Certificate serial:       018CC8DECC5335B2B7FC42F157C367823FF3
Authority key identifier: 9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/4VC1NHlhgHd5DpZ2mSCEN3qz_1M.roa
Signing time:             Tue 02 Jan 2024 06:31:33 +0000
ROA not before:           Tue 02 Jan 2024 06:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39016
IP address blocks:        94.154.122.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:cc:53:35:b2:b7:fc:42:f1:57:c3:67:82:3f:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
        Validity
            Not Before: Jan  2 06:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e150b53479618077790e9676992084377ab3ff53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:9b:ce:c1:af:3e:25:04:ad:26:41:43:e9:ec:
                    66:ed:5b:20:3b:3c:2b:1c:2b:af:5d:84:bb:82:97:
                    1d:a6:03:b4:e2:e6:b2:eb:4b:cd:e1:8d:05:05:88:
                    0b:34:73:46:33:bd:b5:e3:fb:58:eb:44:f0:9c:43:
                    c9:bd:96:ab:69:da:99:aa:fe:91:45:39:99:b6:1c:
                    d2:80:c9:b8:3b:4e:7c:60:b6:7f:aa:f9:ea:a9:4c:
                    01:1d:7c:e8:8b:11:43:be:10:9c:aa:52:c3:87:66:
                    54:50:5c:10:18:39:bc:12:6a:ef:5a:37:8d:44:5b:
                    d5:e2:b5:90:10:cc:4e:06:d7:fe:c7:d3:89:56:55:
                    cb:4f:72:ea:89:b8:4e:ad:c0:7c:55:3f:71:37:81:
                    b8:82:0d:c3:b1:7d:be:22:7e:14:3b:a0:4d:1a:d6:
                    0b:66:0c:e7:91:2b:d7:c3:97:fc:2f:48:26:ac:97:
                    fd:d0:a7:31:40:36:d2:1f:31:f9:0c:9f:1e:7b:af:
                    7b:5c:49:ae:06:54:b2:c2:ab:c9:c0:96:fa:49:34:
                    9b:50:d1:cd:43:84:65:8d:a2:f5:21:e6:28:73:5a:
                    4c:02:64:66:21:12:d9:3f:99:72:67:e5:8b:8f:5a:
                    41:48:6e:d9:bb:8f:29:50:b1:72:7c:81:29:ef:5d:
                    03:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:50:B5:34:79:61:80:77:79:0E:96:76:99:20:84:37:7A:B3:FF:53
            X509v3 Authority Key Identifier:
                keyid:9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/4VC1NHlhgHd5DpZ2mSCEN3qz_1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:88:35:aa:7e:d0:d5:d5:d3:aa:ed:97:65:06:e9:67:2c:4c:
         a6:fa:0e:a4:5d:6e:44:58:a9:4c:25:ec:2f:69:fc:70:78:86:
         de:4c:1e:07:88:b7:0b:bc:41:42:3a:75:1a:0b:be:61:00:dd:
         58:53:5c:e1:94:57:2e:4f:98:ae:e6:26:2c:7e:10:06:9e:ac:
         a6:94:1b:f7:43:c6:25:b7:35:61:b5:26:f9:5e:48:7a:a1:7e:
         f4:79:e8:28:51:e1:76:eb:e7:40:46:58:5f:a1:68:38:36:9b:
         32:5a:55:50:21:f6:46:ac:2c:63:23:d1:dc:34:03:2c:b0:1a:
         48:0a:8d:fd:11:ee:5d:b8:20:db:02:8f:0a:d5:93:0e:ac:78:
         35:c3:2a:19:18:a7:44:2e:c4:31:1b:1f:b6:01:f6:54:d1:3e:
         7d:68:ae:a5:4f:b5:7b:85:6f:bd:3e:c5:b0:03:e3:d0:08:08:
         91:b7:45:2e:4e:5b:8b:51:41:09:6f:05:d0:2a:dc:1a:8f:d6:
         48:0b:35:1d:52:ac:76:71:ac:dc:0c:f1:37:83:b1:f7:5d:c3:
         3d:9b:a9:db:ee:ec:87:13:aa:4d:57:35:8a:5c:c4:22:d4:e0:
         f4:b2:3f:73:9a:3e:5d:ed:2a:02:be:7f:56:9d:36:bf:18:e2:
         f7:00:b6:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3sxTNbK3/ELxV8Nngj/zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNTQyZjVkZjNjMWFjYjg1N2ZkNTBlZWIwMTZlZWQwNzM4
NWZmOGMwHhcNMjQwMTAyMDYzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTUwYjUzNDc5NjE4MDc3NzkwZTk2NzY5OTIwODQzNzdhYjNmZjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZvOwa8+JQStJkFD6exm7VsgOzwr
HCuvXYS7gpcdpgO04uay60vN4Y0FBYgLNHNGM7214/tY60TwnEPJvZaradqZqv6R
RTmZthzSgMm4O058YLZ/qvnqqUwBHXzoixFDvhCcqlLDh2ZUUFwQGDm8EmrvWjeN
RFvV4rWQEMxOBtf+x9OJVlXLT3LqibhOrcB8VT9xN4G4gg3DsX2+In4UO6BNGtYL
ZgznkSvXw5f8L0gmrJf90KcxQDbSHzH5DJ8ee697XEmuBlSywqvJwJb6STSbUNHN
Q4RljaL1IeYoc1pMAmRmIRLZP5lyZ+WLj1pBSG7Zu48pULFyfIEp710D8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOFQtTR5YYB3eQ6WdpkghDd6s/9TMB8GA1UdIwQY
MBaAFJxUL13zway4V/1Q7rAW7tBzhf+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUt
MjVkYmY0MzgwNGM1LzEvNFZDMU5IbGhnSGQ1RHBaMm1TQ0VOM3F6XzFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUtMjVkYmY0MzgwNGM1
LzEvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpp6MA0G
CSqGSIb3DQEBCwUAA4IBAQBeiDWqftDV1dOq7ZdlBulnLEym+g6kXW5EWKlMJewv
afxweIbeTB4HiLcLvEFCOnUaC75hAN1YU1zhlFcuT5iu5iYsfhAGnqymlBv3Q8Yl
tzVhtSb5Xkh6oX70eegoUeF26+dARlhfoWg4NpsyWlVQIfZGrCxjI9HcNAMssBpI
Co39Ee5duCDbAo8K1ZMOrHg1wyoZGKdELsQxGx+2AfZU0T59aK6lT7V7hW+9PsWw
A+PQCAiRt0UuTluLUUEJbwXQKtwaj9ZICzUdUqx2cazcDPE3g7H3XcM9m6nb7uyH
E6pNVzWKXMQi1OD0sj9zmj5d7SoCvn9WnTa/GOL3ALY2
-----END CERTIFICATE-----