Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/e64398-9601-4b7c-b783-079ba0570f75/1/tAhei1lNnSawxUfIGPfg5t9ZoJo.roa
File:                     tAhei1lNnSawxUfIGPfg5t9ZoJo.roa (raw, json)
Hash identifier:          O+Qu+/kAocNJNdInlIhRFbL2rczZ6/H7Koguep//yLk=
Subject key identifier:   B4:08:5E:8B:59:4D:9D:26:B0:C5:47:C8:18:F7:E0:E6:DF:59:A0:9A
Certificate issuer:       /CN=a29d9751f3675f51332734da68ea960260045b12
Certificate serial:       018CC8DF75E98DCA7CC2960363CDED836E1A
Authority key identifier: A2:9D:97:51:F3:67:5F:51:33:27:34:DA:68:EA:96:02:60:04:5B:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/op2XUfNnX1EzJzTaaOqWAmAEWxI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/e64398-9601-4b7c-b783-079ba0570f75/1/tAhei1lNnSawxUfIGPfg5t9ZoJo.roa
Signing time:             Tue 02 Jan 2024 06:32:17 +0000
ROA not before:           Tue 02 Jan 2024 06:32:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        93.185.144.0/21 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/e64398-9601-4b7c-b783-079ba0570f75/1/op2XUfNnX1EzJzTaaOqWAmAEWxI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/e64398-9601-4b7c-b783-079ba0570f75/1/op2XUfNnX1EzJzTaaOqWAmAEWxI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/op2XUfNnX1EzJzTaaOqWAmAEWxI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 04:01:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:75:e9:8d:ca:7c:c2:96:03:63:cd:ed:83:6e:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a29d9751f3675f51332734da68ea960260045b12
        Validity
            Not Before: Jan  2 06:32:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4085e8b594d9d26b0c547c818f7e0e6df59a09a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:18:bb:75:8a:c0:78:0f:cb:6c:c4:5b:4b:81:
                    a0:54:38:27:54:5c:8e:76:d4:66:d9:f3:a5:47:ed:
                    23:f6:ce:ec:0b:44:35:33:79:84:cd:83:69:e3:60:
                    fe:a7:b7:21:83:c0:09:3f:96:9e:af:f0:19:a5:f1:
                    e3:06:8e:d2:a1:a3:6d:ed:7a:2f:8b:70:37:0e:88:
                    56:5f:1b:f1:99:db:d7:a9:9a:5d:8c:ab:10:21:0d:
                    f6:0b:57:5c:ef:42:6f:85:ce:5e:58:ae:70:0d:86:
                    3e:2f:6e:1b:70:0a:11:2a:cb:97:8c:f8:6b:d9:cc:
                    10:5b:51:35:3a:f5:c5:67:6a:41:4e:bb:cc:50:e6:
                    dd:65:6b:01:03:35:be:34:2b:eb:8d:ac:f9:b3:4a:
                    68:c1:7d:f6:f7:4c:bd:86:47:6f:c7:16:53:fa:8c:
                    20:1b:38:62:1f:3f:73:4b:ea:55:61:14:33:64:2e:
                    e2:8e:98:17:b9:da:b3:79:1a:cd:af:03:ea:3f:5b:
                    5d:7b:1a:44:91:9f:40:df:6d:cf:44:1a:b8:3a:59:
                    df:df:12:d0:cc:72:07:20:d8:da:1b:ec:29:5f:e0:
                    ad:6d:a7:54:01:6f:fa:2b:a2:3a:93:57:62:cb:d0:
                    07:79:83:a6:cd:f1:30:9f:52:9f:3a:d0:ab:77:fd:
                    a5:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:08:5E:8B:59:4D:9D:26:B0:C5:47:C8:18:F7:E0:E6:DF:59:A0:9A
            X509v3 Authority Key Identifier:
                keyid:A2:9D:97:51:F3:67:5F:51:33:27:34:DA:68:EA:96:02:60:04:5B:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/op2XUfNnX1EzJzTaaOqWAmAEWxI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/e64398-9601-4b7c-b783-079ba0570f75/1/tAhei1lNnSawxUfIGPfg5t9ZoJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/e64398-9601-4b7c-b783-079ba0570f75/1/op2XUfNnX1EzJzTaaOqWAmAEWxI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.185.144.0/21

    Signature Algorithm: sha256WithRSAEncryption
         20:b7:ba:0c:d0:4b:36:3d:63:05:c8:40:a0:3a:0c:1e:b4:e2:
         e0:d9:fb:20:18:21:45:01:59:3f:a5:44:d3:c7:ca:51:5f:e8:
         ca:5e:27:32:8b:cd:5b:b3:ac:ce:b3:af:7a:28:75:78:94:c6:
         e3:36:a8:40:99:fc:fb:69:c9:cf:84:b8:be:78:25:35:21:a4:
         f0:f4:39:2c:42:04:d0:84:1d:47:74:a9:53:f5:8f:7f:3e:f9:
         31:dd:77:01:83:16:0e:47:9c:23:52:eb:02:5c:46:2b:0d:fe:
         8e:3b:e9:5b:0a:36:35:28:ae:8b:d7:b4:f2:1b:e1:29:8c:c4:
         9f:b4:91:2e:3e:6c:ea:7f:6d:4e:1e:82:ca:15:ed:85:43:37:
         24:0f:2f:9c:4c:35:63:bc:28:34:4b:d2:55:84:22:d7:68:2a:
         26:81:ed:f8:57:9f:07:13:c0:b3:7c:57:18:bf:00:24:b9:be:
         80:bb:3d:88:5e:a5:61:c4:ca:c6:f1:8d:9f:14:4b:16:9a:33:
         74:7b:b4:3f:73:70:bd:db:57:88:0e:88:cc:f4:0d:2f:76:f8:
         8c:e8:4a:99:f0:3e:5d:cf:8b:2a:d7:54:63:f4:26:f4:98:5a:
         6f:f4:17:30:5e:06:1d:c8:d3:17:99:9c:55:59:33:06:c6:ff:
         ac:a9:95:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI33Xpjcp8wpYDY83tg24aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyOWQ5NzUxZjM2NzVmNTEzMzI3MzRkYTY4ZWE5NjAyNjAw
NDViMTIwHhcNMjQwMTAyMDYzMjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDA4NWU4YjU5NGQ5ZDI2YjBjNTQ3YzgxOGY3ZTBlNmRmNTlhMDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhxi7dYrAeA/LbMRbS4GgVDgnVFyO
dtRm2fOlR+0j9s7sC0Q1M3mEzYNp42D+p7chg8AJP5aer/AZpfHjBo7SoaNt7Xov
i3A3DohWXxvxmdvXqZpdjKsQIQ32C1dc70Jvhc5eWK5wDYY+L24bcAoRKsuXjPhr
2cwQW1E1OvXFZ2pBTrvMUObdZWsBAzW+NCvrjaz5s0powX3290y9hkdvxxZT+owg
GzhiHz9zS+pVYRQzZC7ijpgXudqzeRrNrwPqP1tdexpEkZ9A323PRBq4Olnf3xLQ
zHIHINjaG+wpX+CtbadUAW/6K6I6k1diy9AHeYOmzfEwn1KfOtCrd/2luwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLQIXotZTZ0msMVHyBj34ObfWaCaMB8GA1UdIwQY
MBaAFKKdl1HzZ19RMyc02mjqlgJgBFsSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3AyWFVmTm5YMUV6SnpUYWFPcVdBbUFFV3hJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9lNjQzOTgtOTYwMS00YjdjLWI3ODMt
MDc5YmEwNTcwZjc1LzEvdEFoZWkxbE5uU2F3eFVmSUdQZmc1dDlab0pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9lNjQzOTgtOTYwMS00YjdjLWI3ODMtMDc5YmEwNTcwZjc1
LzEvb3AyWFVmTm5YMUV6SnpUYWFPcVdBbUFFV3hJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDXbmQMA0G
CSqGSIb3DQEBCwUAA4IBAQAgt7oM0Es2PWMFyECgOgwetOLg2fsgGCFFAVk/pUTT
x8pRX+jKXicyi81bs6zOs696KHV4lMbjNqhAmfz7acnPhLi+eCU1IaTw9DksQgTQ
hB1HdKlT9Y9/Pvkx3XcBgxYOR5wjUusCXEYrDf6OO+lbCjY1KK6L17TyG+EpjMSf
tJEuPmzqf21OHoLKFe2FQzckDy+cTDVjvCg0S9JVhCLXaComge34V58HE8CzfFcY
vwAkub6Auz2IXqVhxMrG8Y2fFEsWmjN0e7Q/c3C921eIDojM9A0vdviM6EqZ8D5d
z4sq11Rj9Cb0mFpv9BcwXgYdyNMXmZxVWTMGxv+sqZXr
-----END CERTIFICATE-----