Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/4808d7-8efb-4219-8fe3-ea945d604b0e/1/8wkc_4PlFpbsASFyLAclvba4EMo.roa
File:                     8wkc_4PlFpbsASFyLAclvba4EMo.roa (raw, json)
Hash identifier:          NEGVHuS/n5Tg+4OjQN+ExwlcW7lMMgRYIx20aU1ZwF0=
Subject key identifier:   F3:09:1C:FF:83:E5:16:96:EC:01:21:72:2C:07:25:BD:B6:B8:10:CA
Certificate issuer:       /CN=49429adac440c063732045daebcc3d9152e35cbb
Certificate serial:       018E5CADE933330DE978E48947999DEC9EE7
Authority key identifier: 49:42:9A:DA:C4:40:C0:63:73:20:45:DA:EB:CC:3D:91:52:E3:5C:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SUKa2sRAwGNzIEXa68w9kVLjXLs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/4808d7-8efb-4219-8fe3-ea945d604b0e/1/8wkc_4PlFpbsASFyLAclvba4EMo.roa
Signing time:             Wed 20 Mar 2024 16:24:45 +0000
ROA not before:           Wed 20 Mar 2024 16:24:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20751
IP address blocks:        195.62.26.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/4808d7-8efb-4219-8fe3-ea945d604b0e/1/SUKa2sRAwGNzIEXa68w9kVLjXLs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/4808d7-8efb-4219-8fe3-ea945d604b0e/1/SUKa2sRAwGNzIEXa68w9kVLjXLs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SUKa2sRAwGNzIEXa68w9kVLjXLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:5c:ad:e9:33:33:0d:e9:78:e4:89:47:99:9d:ec:9e:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49429adac440c063732045daebcc3d9152e35cbb
        Validity
            Not Before: Mar 20 16:24:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3091cff83e51696ec0121722c0725bdb6b810ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:97:29:9d:fb:fa:d5:2e:eb:6c:a0:a3:66:e3:
                    a7:c8:f0:dd:ac:da:91:33:44:ed:6a:5d:ce:b6:89:
                    3a:1e:6d:7e:78:48:bb:88:57:cb:ad:14:52:d4:5b:
                    05:1d:c8:78:46:89:5b:e6:14:8f:32:4f:08:7f:3f:
                    40:46:29:9d:8d:6e:bf:54:12:7e:d2:3f:ce:b5:36:
                    c2:9f:21:7d:dd:b3:6a:7f:c2:0f:f2:82:0d:e4:36:
                    83:3c:4d:6f:c1:f4:95:bd:e5:13:ba:76:e1:08:be:
                    24:98:6c:a1:f7:23:4e:e5:81:1a:fb:48:b4:08:fb:
                    3b:80:07:2a:78:4c:a8:73:58:a1:7d:49:b9:30:b3:
                    03:7a:0b:9b:37:8a:8f:90:4c:81:94:21:98:00:f8:
                    8d:8c:f2:8d:94:67:7d:c2:e5:e6:bc:3d:a1:a5:dc:
                    ec:64:52:94:18:1c:4e:96:04:68:72:8c:3c:a3:5f:
                    3f:ab:06:0a:d0:ab:56:fd:e5:c4:b7:83:e0:e4:a4:
                    b6:16:23:61:4a:43:d5:cc:9f:66:68:24:3c:26:2a:
                    ed:8a:63:9c:46:10:1f:4e:d4:0e:d0:10:a2:8b:c8:
                    d3:64:8b:2a:e8:48:e6:3d:34:b3:84:f5:f9:e3:51:
                    e1:af:63:7a:45:b4:96:19:91:a2:92:80:28:94:c4:
                    24:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:09:1C:FF:83:E5:16:96:EC:01:21:72:2C:07:25:BD:B6:B8:10:CA
            X509v3 Authority Key Identifier:
                keyid:49:42:9A:DA:C4:40:C0:63:73:20:45:DA:EB:CC:3D:91:52:E3:5C:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SUKa2sRAwGNzIEXa68w9kVLjXLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/4808d7-8efb-4219-8fe3-ea945d604b0e/1/8wkc_4PlFpbsASFyLAclvba4EMo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/4808d7-8efb-4219-8fe3-ea945d604b0e/1/SUKa2sRAwGNzIEXa68w9kVLjXLs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.62.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0f:b2:f6:b7:ee:4e:5f:e1:44:ae:6a:f7:32:15:a0:69:b7:ae:
         29:b8:46:fa:1b:2c:e5:7d:35:ff:ec:83:da:18:d0:41:fa:c0:
         a4:7d:b9:3f:b5:eb:bb:e3:09:84:0f:9a:f2:ca:2f:8a:c1:b8:
         f2:91:a7:49:f5:65:14:5f:b1:a0:24:ea:5a:46:54:ff:b2:99:
         0e:56:06:40:f8:b0:ce:25:10:61:11:08:4f:ed:81:0f:c1:05:
         90:b4:da:cb:da:c9:02:98:ec:cf:7b:28:e8:86:df:78:ee:b0:
         5c:83:0f:73:8e:63:75:c2:9a:00:ff:7a:e5:30:62:9e:28:c8:
         41:7b:8f:aa:74:b0:a8:28:2a:eb:d3:b9:58:9d:c7:90:a7:69:
         81:cf:9c:29:68:26:04:e1:3e:81:b3:1c:5e:d5:65:4a:9d:7f:
         0c:df:52:5a:61:e4:17:cb:ce:af:aa:fa:10:0d:b8:31:f7:ba:
         94:69:66:68:d8:a4:2f:bd:41:28:08:df:33:85:c5:0b:9a:ff:
         f5:17:ed:50:8f:41:9c:b0:d4:50:4e:88:78:08:51:9c:4c:e7:
         46:c6:e8:b2:e0:c0:d0:42:c4:f7:27:95:c9:be:1c:d9:8d:28:
         92:0c:9e:6f:b1:1b:4b:d1:70:6e:62:97:a1:68:b4:cd:78:4e:
         3a:99:8b:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5crekzMw3peOSJR5md7J7nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5NDI5YWRhYzQ0MGMwNjM3MzIwNDVkYWViY2MzZDkxNTJl
MzVjYmIwHhcNMjQwMzIwMTYyNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzA5MWNmZjgzZTUxNjk2ZWMwMTIxNzIyYzA3MjViZGI2YjgxMGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJcpnfv61S7rbKCjZuOnyPDdrNqR
M0Ttal3Otok6Hm1+eEi7iFfLrRRS1FsFHch4Rolb5hSPMk8Ifz9ARimdjW6/VBJ+
0j/OtTbCnyF93bNqf8IP8oIN5DaDPE1vwfSVveUTunbhCL4kmGyh9yNO5YEa+0i0
CPs7gAcqeEyoc1ihfUm5MLMDegubN4qPkEyBlCGYAPiNjPKNlGd9wuXmvD2hpdzs
ZFKUGBxOlgRocow8o18/qwYK0KtW/eXEt4Pg5KS2FiNhSkPVzJ9maCQ8JirtimOc
RhAfTtQO0BCii8jTZIsq6EjmPTSzhPX541Hhr2N6RbSWGZGikoAolMQkqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPMJHP+D5RaW7AEhciwHJb22uBDKMB8GA1UdIwQY
MBaAFElCmtrEQMBjcyBF2uvMPZFS41y7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1VLYTJzUkF3R056SUVYYTY4dzlrVkxqWExzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS80ODA4ZDctOGVmYi00MjE5LThmZTMt
ZWE5NDVkNjA0YjBlLzEvOHdrY180UGxGcGJzQVNGeUxBY2x2YmE0RU1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS80ODA4ZDctOGVmYi00MjE5LThmZTMtZWE5NDVkNjA0YjBl
LzEvU1VLYTJzUkF3R056SUVYYTY4dzlrVkxqWExzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwz4aMA0G
CSqGSIb3DQEBCwUAA4IBAQAPsva37k5f4USuavcyFaBpt64puEb6GyzlfTX/7IPa
GNBB+sCkfbk/teu74wmED5ryyi+KwbjykadJ9WUUX7GgJOpaRlT/spkOVgZA+LDO
JRBhEQhP7YEPwQWQtNrL2skCmOzPeyjoht947rBcgw9zjmN1wpoA/3rlMGKeKMhB
e4+qdLCoKCrr07lYnceQp2mBz5wpaCYE4T6Bsxxe1WVKnX8M31JaYeQXy86vqvoQ
Dbgx97qUaWZo2KQvvUEoCN8zhcULmv/1F+1Qj0GcsNRQToh4CFGcTOdGxuiy4MDQ
QsT3J5XJvhzZjSiSDJ5vsRtL0XBuYpehaLTNeE46mYtF
-----END CERTIFICATE-----