Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/9e5259-3d31-402d-b390-4c8fae529936/1/8JMJv6V3KzA9fHhc3P5949EGqrc.roa
File:                     8JMJv6V3KzA9fHhc3P5949EGqrc.roa (raw, json)
Hash identifier:          yRdkXWZ6PXeM8AnRM3SseqGW1hi0ITi14dLzFhLOykw=
Subject key identifier:   F0:93:09:BF:A5:77:2B:30:3D:7C:78:5C:DC:FE:7D:E3:D1:06:AA:B7
Certificate issuer:       /CN=e89f228577fa91b2709e70b819ff469c4cc2ea91
Certificate serial:       018CC8DF3E4933E069E8AA1439024E145406
Authority key identifier: E8:9F:22:85:77:FA:91:B2:70:9E:70:B8:19:FF:46:9C:4C:C2:EA:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6J8ihXf6kbJwnnC4Gf9GnEzC6pE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/9e5259-3d31-402d-b390-4c8fae529936/1/8JMJv6V3KzA9fHhc3P5949EGqrc.roa
Signing time:             Tue 02 Jan 2024 06:32:02 +0000
ROA not before:           Tue 02 Jan 2024 06:32:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42321
IP address blocks:        194.0.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/9e5259-3d31-402d-b390-4c8fae529936/1/6J8ihXf6kbJwnnC4Gf9GnEzC6pE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/9e5259-3d31-402d-b390-4c8fae529936/1/6J8ihXf6kbJwnnC4Gf9GnEzC6pE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6J8ihXf6kbJwnnC4Gf9GnEzC6pE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:3e:49:33:e0:69:e8:aa:14:39:02:4e:14:54:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e89f228577fa91b2709e70b819ff469c4cc2ea91
        Validity
            Not Before: Jan  2 06:32:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f09309bfa5772b303d7c785cdcfe7de3d106aab7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:ef:c0:f6:d9:06:74:54:b9:e7:96:b2:ed:58:
                    2c:33:88:a3:be:62:fd:ac:b1:11:d9:43:37:87:d1:
                    19:a9:2f:19:2a:23:19:7e:23:31:13:38:3c:1e:4d:
                    75:ee:97:82:c1:ce:34:26:5b:0e:2e:7e:15:ef:b1:
                    fe:a5:49:4b:5c:00:0e:90:6a:3d:ac:45:a1:48:fd:
                    a2:35:63:5d:13:a8:3f:16:71:4a:2f:d0:eb:7c:7f:
                    fc:5e:30:c7:54:25:a9:be:59:4a:3a:02:8c:3e:36:
                    8e:ea:89:e5:92:56:0b:1a:d6:03:29:b6:84:b5:45:
                    e0:e9:16:76:41:db:51:a0:d5:d5:8c:4b:90:f0:4c:
                    25:d1:de:d6:61:83:ec:07:79:b6:7e:79:33:bc:4b:
                    2a:07:1b:e6:43:0c:58:e1:52:7f:7d:9a:37:fc:60:
                    15:e9:3f:77:d2:23:1d:54:bc:ba:2d:50:d4:7a:a8:
                    15:c3:65:6a:9e:7f:8b:fa:ca:02:d3:3c:91:a6:8f:
                    84:08:32:b7:53:97:d1:5b:1f:7c:b2:95:b3:d0:14:
                    22:b2:b3:87:1d:d8:20:60:77:64:7e:ce:4c:e1:4e:
                    6c:5f:65:de:0a:80:64:50:33:28:5c:fa:32:b5:18:
                    b5:bb:43:fd:f7:c5:73:aa:40:2b:54:d1:ce:b0:d6:
                    25:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:93:09:BF:A5:77:2B:30:3D:7C:78:5C:DC:FE:7D:E3:D1:06:AA:B7
            X509v3 Authority Key Identifier:
                keyid:E8:9F:22:85:77:FA:91:B2:70:9E:70:B8:19:FF:46:9C:4C:C2:EA:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6J8ihXf6kbJwnnC4Gf9GnEzC6pE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/9e5259-3d31-402d-b390-4c8fae529936/1/8JMJv6V3KzA9fHhc3P5949EGqrc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/9e5259-3d31-402d-b390-4c8fae529936/1/6J8ihXf6kbJwnnC4Gf9GnEzC6pE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:56:88:ec:1b:7f:c0:b7:70:58:12:00:7d:99:74:ca:61:5a:
         fc:6e:43:1c:b9:53:00:16:64:ca:68:72:75:c5:dd:8b:36:3d:
         a0:d3:f8:ae:13:d2:cb:5e:a7:53:7a:5b:8d:fb:42:cf:25:0d:
         3d:cc:f0:ba:93:f0:42:b7:5f:f2:f5:97:7b:02:f7:4d:f5:87:
         c7:41:58:72:f1:19:3e:21:58:f3:fe:79:b9:05:29:51:d4:b0:
         95:5c:d2:11:bf:ae:80:9b:7c:08:5b:2b:ae:6f:f9:01:2d:20:
         0d:76:01:63:a1:5a:fd:05:2c:a9:29:8f:ea:ca:de:ca:bc:a6:
         00:06:43:37:d5:47:1e:2f:3c:20:54:bd:97:92:16:96:25:ed:
         46:ba:2d:c7:f0:5c:1e:89:ad:b8:be:bd:8b:fa:5e:b6:11:5a:
         97:8b:fe:69:e7:25:63:88:88:29:61:6a:a5:2e:18:e9:d3:49:
         aa:dc:b4:4c:9c:7e:f6:74:da:26:c2:ae:ae:ff:2f:62:be:8a:
         25:ed:e4:04:d3:19:e0:4d:b0:d1:7c:2e:fc:0f:fc:f9:90:2a:
         16:21:99:93:f8:a7:0c:60:7f:a7:54:af:6d:00:dd:f4:2c:f8:
         31:7a:a0:12:db:83:ce:a5:4c:e5:cb:63:37:c1:90:0f:71:2f:
         ea:d3:96:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3z5JM+Bp6KoUOQJOFFQGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4OWYyMjg1NzdmYTkxYjI3MDllNzBiODE5ZmY0NjljNGNj
MmVhOTEwHhcNMjQwMTAyMDYzMjAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDkzMDliZmE1NzcyYjMwM2Q3Yzc4NWNkY2ZlN2RlM2QxMDZhYWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhO/A9tkGdFS555ay7VgsM4ijvmL9
rLER2UM3h9EZqS8ZKiMZfiMxEzg8Hk117peCwc40JlsOLn4V77H+pUlLXAAOkGo9
rEWhSP2iNWNdE6g/FnFKL9DrfH/8XjDHVCWpvllKOgKMPjaO6onlklYLGtYDKbaE
tUXg6RZ2QdtRoNXVjEuQ8Ewl0d7WYYPsB3m2fnkzvEsqBxvmQwxY4VJ/fZo3/GAV
6T930iMdVLy6LVDUeqgVw2Vqnn+L+soC0zyRpo+ECDK3U5fRWx98spWz0BQisrOH
HdggYHdkfs5M4U5sX2XeCoBkUDMoXPoytRi1u0P998VzqkArVNHOsNYl1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPCTCb+ldyswPXx4XNz+fePRBqq3MB8GA1UdIwQY
MBaAFOifIoV3+pGycJ5wuBn/RpxMwuqRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNko4aWhYZjZrYkp3bm5DNEdmOUduRXpDNnBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy85ZTUyNTktM2QzMS00MDJkLWIzOTAt
NGM4ZmFlNTI5OTM2LzEvOEpNSnY2VjNLekE5ZkhoYzNQNTk0OUVHcXJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy85ZTUyNTktM2QzMS00MDJkLWIzOTAtNGM4ZmFlNTI5OTM2
LzEvNko4aWhYZjZrYkp3bm5DNEdmOUduRXpDNnBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgDKMA0G
CSqGSIb3DQEBCwUAA4IBAQBoVojsG3/At3BYEgB9mXTKYVr8bkMcuVMAFmTKaHJ1
xd2LNj2g0/iuE9LLXqdTeluN+0LPJQ09zPC6k/BCt1/y9Zd7AvdN9YfHQVhy8Rk+
IVjz/nm5BSlR1LCVXNIRv66Am3wIWyuub/kBLSANdgFjoVr9BSypKY/qyt7KvKYA
BkM31UceLzwgVL2XkhaWJe1Gui3H8Fweia24vr2L+l62EVqXi/5p5yVjiIgpYWql
Lhjp00mq3LRMnH72dNomwq6u/y9ivool7eQE0xngTbDRfC78D/z5kCoWIZmT+KcM
YH+nVK9tAN30LPgxeqAS24POpUzly2M3wZAPcS/q05af
-----END CERTIFICATE-----