Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/uO1pFwRy8AJGX4SwnDjfNrYIKos.roa
File:                     uO1pFwRy8AJGX4SwnDjfNrYIKos.roa (raw, json)
Hash identifier:          2ZU1WLrzVVRfNgET3SFbUEMACq2+Y8CsJcuFHw7Rrv0=
Subject key identifier:   B8:ED:69:17:04:72:F0:02:46:5F:84:B0:9C:38:DF:36:B6:08:2A:8B
Certificate issuer:       /CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
Certificate serial:       019425217787E6C8A73C76729B4CE275B808
Authority key identifier: 9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/uO1pFwRy8AJGX4SwnDjfNrYIKos.roa
Signing time:             Thu 02 Jan 2025 03:48:57 +0000
ROA not before:           Thu 02 Jan 2025 03:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39016
IP address blocks:        94.154.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 07:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:77:87:e6:c8:a7:3c:76:72:9b:4c:e2:75:b8:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
        Validity
            Not Before: Jan  2 03:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b8ed69170472f002465f84b09c38df36b6082a8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ca:9a:c0:17:23:f9:17:a2:de:b5:a5:cf:b6:
                    0b:0f:35:b0:40:b6:26:02:66:b7:67:af:d3:ee:c0:
                    b8:1b:51:a1:d4:c8:9d:cc:5e:7f:31:44:20:04:a8:
                    cd:7b:01:54:17:53:70:a5:ad:ed:df:84:2d:ff:c7:
                    36:50:23:11:eb:46:1e:da:5f:22:a8:f3:0a:fa:61:
                    0a:0c:2c:72:74:e3:3b:5a:c5:78:25:e3:21:4a:8b:
                    91:e7:07:f8:25:54:73:e3:61:5a:3f:72:9d:1f:5a:
                    4d:fc:bd:03:d4:6b:46:f9:8a:6e:f3:96:59:2f:0d:
                    43:e3:97:10:93:ef:12:44:55:05:34:fa:58:97:16:
                    e7:72:b7:6d:9a:61:73:3b:c3:7b:b2:a9:be:cf:5f:
                    1a:50:2b:0b:85:a7:8e:07:07:03:e3:a3:ba:d6:74:
                    64:1c:ee:ad:12:f9:0c:1a:02:2e:ca:72:92:70:56:
                    6d:3e:b2:1b:67:34:dd:32:1b:f2:ee:5d:1d:99:b0:
                    b3:a4:bb:4d:1f:3f:41:a4:2e:23:60:ab:fd:d1:ca:
                    b5:7c:e1:1a:0a:c9:4c:f3:b8:57:1c:69:2b:2f:94:
                    a7:f2:70:8f:b3:22:3a:f1:76:49:c1:dd:ee:3c:1c:
                    5d:f4:67:21:99:80:34:07:0f:a7:d4:76:f9:3f:db:
                    4e:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:ED:69:17:04:72:F0:02:46:5F:84:B0:9C:38:DF:36:B6:08:2A:8B
            X509v3 Authority Key Identifier:
                keyid:9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/uO1pFwRy8AJGX4SwnDjfNrYIKos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:ff:c4:32:56:67:26:f3:18:34:1b:f2:6e:32:f6:88:a1:dd:
         e9:a0:66:45:06:fb:33:12:f9:df:3e:60:89:f3:25:8c:cf:99:
         fc:7c:ec:40:cb:ee:58:b7:0c:70:8f:4d:75:b3:65:d4:16:93:
         9c:7c:a2:74:cc:fc:d2:dc:d2:b5:ba:3b:5a:df:f6:2d:0d:8c:
         b0:03:c9:4c:bd:25:00:0b:84:7e:88:31:e7:7b:d3:af:61:b6:
         cb:c2:3d:35:4b:69:73:dc:f4:30:cb:99:7f:84:6d:a4:91:bd:
         11:88:2e:9e:3e:d7:2b:16:77:ef:a3:13:e0:2f:e9:c8:b0:02:
         ce:15:73:c4:34:98:7f:92:3f:a5:fb:4e:30:1a:2e:11:03:f2:
         f3:30:f2:5d:6b:5f:6c:44:54:56:9f:18:dd:a4:08:cd:87:f6:
         86:72:5d:46:16:a2:b6:57:e7:c4:30:9f:c7:42:05:f6:2c:a7:
         d1:46:cc:33:8c:3c:96:b3:eb:f1:ed:9a:e3:35:8a:2e:0b:a9:
         23:e8:db:9c:c3:26:f0:b9:6f:db:e0:c7:04:7a:6f:cf:1d:8f:
         2f:b3:42:92:2b:61:94:31:7b:fe:c5:e6:65:70:a5:01:9f:c0:
         11:3d:91:42:fd:f0:37:47:5d:f4:8e:78:dc:6d:1c:a9:d5:fc:
         b4:4c:88:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIXeH5sinPHZym0zidbgIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNTQyZjVkZjNjMWFjYjg1N2ZkNTBlZWIwMTZlZWQwNzM4
NWZmOGMwHhcNMjUwMTAyMDM0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGVkNjkxNzA0NzJmMDAyNDY1Zjg0YjA5YzM4ZGYzNmI2MDgyYThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuMqawBcj+Rei3rWlz7YLDzWwQLYm
Ama3Z6/T7sC4G1Gh1MidzF5/MUQgBKjNewFUF1Nwpa3t34Qt/8c2UCMR60Ye2l8i
qPMK+mEKDCxydOM7WsV4JeMhSouR5wf4JVRz42FaP3KdH1pN/L0D1GtG+Ypu85ZZ
Lw1D45cQk+8SRFUFNPpYlxbncrdtmmFzO8N7sqm+z18aUCsLhaeOBwcD46O61nRk
HO6tEvkMGgIuynKScFZtPrIbZzTdMhvy7l0dmbCzpLtNHz9BpC4jYKv90cq1fOEa
CslM87hXHGkrL5Sn8nCPsyI68XZJwd3uPBxd9GchmYA0Bw+n1Hb5P9tOAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLjtaRcEcvACRl+EsJw43za2CCqLMB8GA1UdIwQY
MBaAFJxUL13zway4V/1Q7rAW7tBzhf+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUt
MjVkYmY0MzgwNGM1LzEvdU8xcEZ3Unk4QUpHWDRTd25EamZOcllJS29zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUtMjVkYmY0MzgwNGM1
LzEvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpp6MA0G
CSqGSIb3DQEBCwUAA4IBAQAS/8QyVmcm8xg0G/JuMvaIod3poGZFBvszEvnfPmCJ
8yWMz5n8fOxAy+5Ytwxwj011s2XUFpOcfKJ0zPzS3NK1ujta3/YtDYywA8lMvSUA
C4R+iDHne9OvYbbLwj01S2lz3PQwy5l/hG2kkb0RiC6ePtcrFnfvoxPgL+nIsALO
FXPENJh/kj+l+04wGi4RA/LzMPJda19sRFRWnxjdpAjNh/aGcl1GFqK2V+fEMJ/H
QgX2LKfRRswzjDyWs+vx7ZrjNYouC6kj6NucwybwuW/b4McEem/PHY8vs0KSK2GU
MXv+xeZlcKUBn8ARPZFC/fA3R130jnjcbRyp1fy0TIhJ
-----END CERTIFICATE-----