Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/f0805f-334e-4704-8b28-5adfe30ffda5/1/wVhQ5LKv3gfwowC82xOTSZC2D04.roa
File:                     wVhQ5LKv3gfwowC82xOTSZC2D04.roa (raw, json)
Hash identifier:          gbpjrYYlO7qP4VXjWdYa64Q74tDubeVBdaDijku6HD4=
Subject key identifier:   C1:58:50:E4:B2:AF:DE:07:F0:A3:00:BC:DB:13:93:49:90:B6:0F:4E
Certificate issuer:       /CN=8ac4731a3ee3942d258d0663570b894e8e1a9233
Certificate serial:       018CC500FBC692AC1D2AA0BCEFD5EC4F6D39
Authority key identifier: 8A:C4:73:1A:3E:E3:94:2D:25:8D:06:63:57:0B:89:4E:8E:1A:92:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/isRzGj7jlC0ljQZjVwuJTo4akjM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/f0805f-334e-4704-8b28-5adfe30ffda5/1/wVhQ5LKv3gfwowC82xOTSZC2D04.roa
Signing time:             Mon 01 Jan 2024 12:30:25 +0000
ROA not before:           Mon 01 Jan 2024 12:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30781
IP address blocks:        194.242.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/f0805f-334e-4704-8b28-5adfe30ffda5/1/isRzGj7jlC0ljQZjVwuJTo4akjM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/f0805f-334e-4704-8b28-5adfe30ffda5/1/isRzGj7jlC0ljQZjVwuJTo4akjM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/isRzGj7jlC0ljQZjVwuJTo4akjM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:fb:c6:92:ac:1d:2a:a0:bc:ef:d5:ec:4f:6d:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ac4731a3ee3942d258d0663570b894e8e1a9233
        Validity
            Not Before: Jan  1 12:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c15850e4b2afde07f0a300bcdb13934990b60f4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:30:d4:9d:9a:0f:74:3f:9d:ae:90:08:7b:2d:
                    e5:ce:70:54:ac:c1:7e:bb:bf:0a:ba:ae:07:a6:96:
                    7c:14:54:e5:9e:8d:96:72:b8:71:e1:5e:16:b4:cd:
                    8b:6d:18:d7:5e:7f:aa:e0:ee:b5:2e:07:ad:b6:fd:
                    10:44:56:cd:da:d1:19:2b:12:64:b4:2e:f8:eb:71:
                    aa:a7:78:7d:f0:0b:7b:6c:8f:b9:62:9a:dc:d5:81:
                    de:f9:7a:fb:2b:94:ec:de:09:6a:15:9b:40:2e:60:
                    2e:ec:3e:75:f8:05:5c:84:c8:3f:b4:18:d2:60:19:
                    b5:4e:6c:73:ae:26:b9:f1:34:90:a8:aa:bb:cd:7c:
                    54:1b:a7:93:c9:a0:cd:a4:e5:47:9e:bf:0d:df:6e:
                    e8:ff:c8:4c:e6:98:1f:a6:f1:5f:c3:92:1c:41:94:
                    ad:ef:d3:26:cd:ff:5a:d4:ff:de:62:53:13:fc:02:
                    e0:f9:94:cd:57:50:74:99:ed:fd:47:23:f8:47:f9:
                    1d:0d:9a:e5:4f:dc:46:31:28:eb:a2:3e:7f:5d:55:
                    80:0c:d2:07:c3:b8:97:5e:35:ea:59:2d:3d:09:d0:
                    e9:2c:3c:71:28:7e:1d:12:da:3a:d5:ed:4d:e5:ba:
                    6f:68:87:93:16:38:f8:82:a3:e6:1f:9e:16:45:60:
                    fb:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:58:50:E4:B2:AF:DE:07:F0:A3:00:BC:DB:13:93:49:90:B6:0F:4E
            X509v3 Authority Key Identifier:
                keyid:8A:C4:73:1A:3E:E3:94:2D:25:8D:06:63:57:0B:89:4E:8E:1A:92:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/isRzGj7jlC0ljQZjVwuJTo4akjM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/f0805f-334e-4704-8b28-5adfe30ffda5/1/wVhQ5LKv3gfwowC82xOTSZC2D04.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/f0805f-334e-4704-8b28-5adfe30ffda5/1/isRzGj7jlC0ljQZjVwuJTo4akjM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.242.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:51:9e:92:b1:1b:5b:69:1b:43:ac:2d:76:9c:b5:c8:e1:9b:
         80:f8:a4:58:7e:41:0d:34:ad:83:91:f1:0c:cb:2b:69:43:8d:
         59:17:29:e8:26:7c:13:07:91:b4:26:89:be:fc:45:d3:de:23:
         68:ec:05:6d:11:6c:98:50:f1:30:45:f8:e8:e6:82:e0:ba:e4:
         3a:af:e2:c0:0d:56:ae:53:2a:cc:1c:21:3a:13:aa:bb:b0:e8:
         97:32:e0:8c:aa:cf:b1:df:4a:a1:77:49:37:b9:9d:b2:8e:c1:
         fa:c0:c7:a6:fd:1e:5e:d5:6a:ff:1f:f2:80:48:42:2d:72:7f:
         89:18:2e:30:c0:38:aa:79:1e:94:0b:f6:64:40:89:0e:04:de:
         5a:11:b5:c4:da:ca:41:2f:b8:e7:d2:b0:02:6c:cd:7f:07:38:
         25:ce:4a:9a:41:8f:0f:67:b5:8c:1a:f5:20:e6:c3:7b:5f:fa:
         6b:13:2f:b5:c9:7f:f6:48:e9:41:a9:6c:8f:c2:cd:06:24:42:
         02:2c:ff:b8:6c:e9:55:7a:14:91:48:27:40:da:17:32:46:72:
         cb:05:3a:5f:4d:15:fe:2f:bd:62:8f:11:fa:fd:a9:e6:35:cf:
         68:9f:9e:ba:a8:b6:46:c3:0c:6b:62:56:42:00:c5:b4:34:85:
         67:df:bc:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAPvGkqwdKqC879XsT205MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhYzQ3MzFhM2VlMzk0MmQyNThkMDY2MzU3MGI4OTRlOGUx
YTkyMzMwHhcNMjQwMTAxMTIzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTU4NTBlNGIyYWZkZTA3ZjBhMzAwYmNkYjEzOTM0OTkwYjYwZjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqDDUnZoPdD+drpAIey3lznBUrMF+
u78Kuq4HppZ8FFTlno2Wcrhx4V4WtM2LbRjXXn+q4O61Lgettv0QRFbN2tEZKxJk
tC7463Gqp3h98At7bI+5Yprc1YHe+Xr7K5Ts3glqFZtALmAu7D51+AVchMg/tBjS
YBm1Tmxzria58TSQqKq7zXxUG6eTyaDNpOVHnr8N327o/8hM5pgfpvFfw5IcQZSt
79Mmzf9a1P/eYlMT/ALg+ZTNV1B0me39RyP4R/kdDZrlT9xGMSjroj5/XVWADNIH
w7iXXjXqWS09CdDpLDxxKH4dEto61e1N5bpvaIeTFjj4gqPmH54WRWD7JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMFYUOSyr94H8KMAvNsTk0mQtg9OMB8GA1UdIwQY
MBaAFIrEcxo+45QtJY0GY1cLiU6OGpIzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXNSekdqN2psQzBsalFaalZ3dUpUbzRha2pNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9mMDgwNWYtMzM0ZS00NzA0LThiMjgt
NWFkZmUzMGZmZGE1LzEvd1ZoUTVMS3YzZ2Z3b3dDODJ4T1RTWkMyRDA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9mMDgwNWYtMzM0ZS00NzA0LThiMjgtNWFkZmUzMGZmZGE1
LzEvaXNSekdqN2psQzBsalFaalZ3dUpUbzRha2pNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwvIsMA0G
CSqGSIb3DQEBCwUAA4IBAQAvUZ6SsRtbaRtDrC12nLXI4ZuA+KRYfkENNK2DkfEM
yytpQ41ZFynoJnwTB5G0Jom+/EXT3iNo7AVtEWyYUPEwRfjo5oLguuQ6r+LADVau
UyrMHCE6E6q7sOiXMuCMqs+x30qhd0k3uZ2yjsH6wMem/R5e1Wr/H/KASEItcn+J
GC4wwDiqeR6UC/ZkQIkOBN5aEbXE2spBL7jn0rACbM1/BzglzkqaQY8PZ7WMGvUg
5sN7X/prEy+1yX/2SOlBqWyPws0GJEICLP+4bOlVehSRSCdA2hcyRnLLBTpfTRX+
L71ijxH6/anmNc9on566qLZGwwxrYlZCAMW0NIVn37yT
-----END CERTIFICATE-----