Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/1a4cc0-da92-4596-b123-561ced5bbf92/1/hCEv9ESqkbRhrgdVpgUe_lf-_Nc.roa
File:                     hCEv9ESqkbRhrgdVpgUe_lf-_Nc.roa (raw, json)
Hash identifier:          mrw90M1o8JeNnKijzHuwau8lQ37cnE+8yKZqEJThYRE=
Subject key identifier:   84:21:2F:F4:44:AA:91:B4:61:AE:07:55:A6:05:1E:FE:57:FE:FC:D7
Certificate issuer:       /CN=2e2f6dd9799fa4ea084fd549d710c6896dfae291
Certificate serial:       018CC349025DC8795DF89F538C20449E2DDC
Authority key identifier: 2E:2F:6D:D9:79:9F:A4:EA:08:4F:D5:49:D7:10:C6:89:6D:FA:E2:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Li9t2XmfpOoIT9VJ1xDGiW364pE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/1a4cc0-da92-4596-b123-561ced5bbf92/1/hCEv9ESqkbRhrgdVpgUe_lf-_Nc.roa
Signing time:             Mon 01 Jan 2024 04:29:51 +0000
ROA not before:           Mon 01 Jan 2024 04:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58212
IP address blocks:        194.9.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/1a4cc0-da92-4596-b123-561ced5bbf92/1/Li9t2XmfpOoIT9VJ1xDGiW364pE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/1a4cc0-da92-4596-b123-561ced5bbf92/1/Li9t2XmfpOoIT9VJ1xDGiW364pE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Li9t2XmfpOoIT9VJ1xDGiW364pE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:02:5d:c8:79:5d:f8:9f:53:8c:20:44:9e:2d:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e2f6dd9799fa4ea084fd549d710c6896dfae291
        Validity
            Not Before: Jan  1 04:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84212ff444aa91b461ae0755a6051efe57fefcd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:09:50:dc:bc:09:ff:96:71:22:cd:c6:48:32:
                    ce:80:c9:7e:ba:0f:b6:3b:cb:68:6b:d1:8f:ff:29:
                    e8:26:af:40:db:a9:dd:25:81:aa:d2:10:bf:c5:f8:
                    ab:7f:b3:43:91:a8:cf:d5:35:e3:97:e8:ca:8e:9c:
                    71:b7:bf:72:2f:8b:b0:b3:83:d3:fc:62:dc:bf:86:
                    ef:e7:b6:dc:82:64:e1:36:c8:d0:d4:02:e5:c5:ab:
                    84:78:eb:33:d8:b6:60:75:48:61:f3:e0:ad:e7:b0:
                    2e:b5:c3:ae:22:62:fe:2a:b0:a8:e4:95:1c:5a:cf:
                    3a:07:b2:6b:3d:98:e5:ad:f3:ce:64:1b:50:d4:3f:
                    fd:1b:09:6e:2e:73:a6:04:cd:bb:06:68:2a:66:a6:
                    ef:ef:9a:b2:e5:fa:b7:a2:6f:e9:6a:1f:e5:4f:e5:
                    95:58:c5:48:e8:80:94:41:e1:ca:01:21:13:c0:64:
                    db:6b:78:c2:bb:11:35:74:f8:43:e5:85:1a:3f:52:
                    51:af:1a:92:8d:3f:dc:fd:5d:6d:e6:64:a5:2e:47:
                    7f:e3:61:65:6c:af:5e:ea:f2:03:61:5b:41:ba:6e:
                    76:7a:37:35:47:ed:0e:d9:ef:58:a3:1d:72:d1:43:
                    b4:58:a5:f8:fb:63:f3:15:6b:b8:23:ac:d8:25:12:
                    29:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:21:2F:F4:44:AA:91:B4:61:AE:07:55:A6:05:1E:FE:57:FE:FC:D7
            X509v3 Authority Key Identifier:
                keyid:2E:2F:6D:D9:79:9F:A4:EA:08:4F:D5:49:D7:10:C6:89:6D:FA:E2:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Li9t2XmfpOoIT9VJ1xDGiW364pE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/1a4cc0-da92-4596-b123-561ced5bbf92/1/hCEv9ESqkbRhrgdVpgUe_lf-_Nc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/1a4cc0-da92-4596-b123-561ced5bbf92/1/Li9t2XmfpOoIT9VJ1xDGiW364pE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.9.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:10:b3:5b:96:79:56:c2:e3:ca:d1:9e:d4:d0:e8:4e:7d:53:
         6d:57:33:ef:c0:f5:d3:96:50:31:fa:b9:c8:6e:04:13:4b:86:
         aa:18:5c:f9:80:ba:20:f3:c1:fb:ae:d0:88:c7:a7:27:8d:c1:
         c4:bf:fe:0f:93:df:e3:00:a3:52:80:c2:81:8e:29:41:db:fc:
         c7:5a:0a:38:7a:ec:a8:a0:ca:47:bb:5a:8c:96:f6:e5:6f:35:
         a2:35:f3:e3:0f:8e:88:e6:bd:9c:de:19:b2:4f:a3:c1:c4:a0:
         bc:cc:68:7b:ec:59:27:fe:36:98:ee:f8:fe:9e:c0:78:ba:7c:
         d9:20:e7:d4:63:2c:1e:f7:a5:2e:ee:d2:c9:c8:78:be:d3:0e:
         cb:d6:9a:34:6d:0a:f7:11:dd:87:85:57:c2:5d:0e:4b:12:62:
         46:10:b1:ee:ba:f3:56:d6:68:7c:c9:95:8d:43:8e:50:37:83:
         7b:2a:fb:b9:19:76:51:c8:49:5e:43:bc:bb:c0:f9:dd:33:11:
         28:24:1d:52:49:09:f5:3c:c7:de:76:f9:f3:6e:4a:e9:ea:84:
         61:72:ad:65:e6:f7:e9:f2:1d:33:0f:e9:d7:67:89:78:55:fd:
         a4:17:72:26:30:54:89:16:ad:45:e8:8b:65:7d:a7:ca:be:77:
         50:c2:af:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSQJdyHld+J9TjCBEni3cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMmY2ZGQ5Nzk5ZmE0ZWEwODRmZDU0OWQ3MTBjNjg5NmRm
YWUyOTEwHhcNMjQwMTAxMDQyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDIxMmZmNDQ0YWE5MWI0NjFhZTA3NTVhNjA1MWVmZTU3ZmVmY2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwlQ3LwJ/5ZxIs3GSDLOgMl+ug+2
O8toa9GP/ynoJq9A26ndJYGq0hC/xfirf7NDkajP1TXjl+jKjpxxt79yL4uws4PT
/GLcv4bv57bcgmThNsjQ1ALlxauEeOsz2LZgdUhh8+Ct57AutcOuImL+KrCo5JUc
Ws86B7JrPZjlrfPOZBtQ1D/9GwluLnOmBM27BmgqZqbv75qy5fq3om/pah/lT+WV
WMVI6ICUQeHKASETwGTba3jCuxE1dPhD5YUaP1JRrxqSjT/c/V1t5mSlLkd/42Fl
bK9e6vIDYVtBum52ejc1R+0O2e9Yox1y0UO0WKX4+2PzFWu4I6zYJRIp1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIQhL/REqpG0Ya4HVaYFHv5X/vzXMB8GA1UdIwQY
MBaAFC4vbdl5n6TqCE/VSdcQxolt+uKRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGk5dDJYbWZwT29JVDlWSjF4REdpVzM2NHBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy8xYTRjYzAtZGE5Mi00NTk2LWIxMjMt
NTYxY2VkNWJiZjkyLzEvaENFdjlFU3FrYlJocmdkVnBnVWVfbGYtX05jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy8xYTRjYzAtZGE5Mi00NTk2LWIxMjMtNTYxY2VkNWJiZjky
LzEvTGk5dDJYbWZwT29JVDlWSjF4REdpVzM2NHBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgkGMA0G
CSqGSIb3DQEBCwUAA4IBAQCHELNblnlWwuPK0Z7U0OhOfVNtVzPvwPXTllAx+rnI
bgQTS4aqGFz5gLog88H7rtCIx6cnjcHEv/4Pk9/jAKNSgMKBjilB2/zHWgo4euyo
oMpHu1qMlvblbzWiNfPjD46I5r2c3hmyT6PBxKC8zGh77Fkn/jaY7vj+nsB4unzZ
IOfUYywe96Uu7tLJyHi+0w7L1po0bQr3Ed2HhVfCXQ5LEmJGELHuuvNW1mh8yZWN
Q45QN4N7Kvu5GXZRyEleQ7y7wPndMxEoJB1SSQn1PMfedvnzbkrp6oRhcq1l5vfp
8h0zD+nXZ4l4Vf2kF3ImMFSJFq1F6ItlfafKvndQwq8g
-----END CERTIFICATE-----