Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/bec19c-5b94-401f-b138-fc421621fe08/1/4T8pObs8xlqpUKENu42zo3FxG3g.roa
File:                     4T8pObs8xlqpUKENu42zo3FxG3g.roa (raw, json)
Hash identifier:          HC3TetsSVNRErkJiC9eRfek7OzMUF3Kn6NYAUoOIL8c=
Subject key identifier:   E1:3F:29:39:BB:3C:C6:5A:A9:50:A1:0D:BB:8D:B3:A3:71:71:1B:78
Certificate issuer:       /CN=d28c3886c6ef5227c246224cc894a84a53bcf51a
Certificate serial:       018E3D9EC0B15776A254DE9E7313F9BAC7D6
Authority key identifier: D2:8C:38:86:C6:EF:52:27:C2:46:22:4C:C8:94:A8:4A:53:BC:F5:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0ow4hsbvUifCRiJMyJSoSlO89Ro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/bec19c-5b94-401f-b138-fc421621fe08/1/4T8pObs8xlqpUKENu42zo3FxG3g.roa
Signing time:             Thu 14 Mar 2024 15:39:57 +0000
ROA not before:           Thu 14 Mar 2024 15:39:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1299
IP address blocks:        194.143.156.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/bec19c-5b94-401f-b138-fc421621fe08/1/0ow4hsbvUifCRiJMyJSoSlO89Ro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/bec19c-5b94-401f-b138-fc421621fe08/1/0ow4hsbvUifCRiJMyJSoSlO89Ro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0ow4hsbvUifCRiJMyJSoSlO89Ro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:3d:9e:c0:b1:57:76:a2:54:de:9e:73:13:f9:ba:c7:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d28c3886c6ef5227c246224cc894a84a53bcf51a
        Validity
            Not Before: Mar 14 15:39:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e13f2939bb3cc65aa950a10dbb8db3a371711b78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f2:fc:05:d4:2d:00:75:1c:17:cc:f0:c3:3f:
                    97:e9:30:eb:d9:a0:10:71:12:99:a0:c3:fc:f6:15:
                    2c:55:aa:55:ca:75:ea:fe:78:6d:93:c7:98:6d:f9:
                    84:8f:c9:62:0e:56:37:2d:f3:c3:27:d9:b9:7a:e6:
                    2a:7f:37:ed:a1:c7:8d:a3:a7:12:7c:d8:ea:d6:0c:
                    ce:4b:fa:5d:fe:11:5f:36:d2:7f:d7:3b:0e:95:21:
                    89:c7:2c:d7:bd:10:48:53:5f:32:6b:23:c7:cd:60:
                    b2:86:7d:55:e7:3c:d5:fc:f0:f9:66:96:52:4a:af:
                    e9:91:ba:38:04:a2:07:0d:2d:91:cd:8b:8c:ed:95:
                    dd:79:51:d6:1f:34:b9:21:6f:7d:7c:98:ca:3f:00:
                    86:4a:15:3e:89:63:4b:73:24:86:50:74:c7:b9:71:
                    64:a8:4c:c1:f7:64:6e:8b:cd:7f:2b:bf:9e:32:4d:
                    b3:d0:5f:97:4c:38:c7:dd:f4:f0:e0:6f:ad:51:d7:
                    9b:db:2d:54:54:33:a1:21:be:88:c7:0f:73:c1:97:
                    b9:5e:ef:64:e2:18:2b:17:fd:3a:dc:e3:9b:28:bb:
                    f8:eb:b4:db:79:2d:d1:92:f9:c5:b0:58:36:aa:0f:
                    25:1f:0e:a3:12:00:07:8b:b7:fc:89:87:4e:0a:13:
                    d4:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:3F:29:39:BB:3C:C6:5A:A9:50:A1:0D:BB:8D:B3:A3:71:71:1B:78
            X509v3 Authority Key Identifier:
                keyid:D2:8C:38:86:C6:EF:52:27:C2:46:22:4C:C8:94:A8:4A:53:BC:F5:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0ow4hsbvUifCRiJMyJSoSlO89Ro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/bec19c-5b94-401f-b138-fc421621fe08/1/4T8pObs8xlqpUKENu42zo3FxG3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/bec19c-5b94-401f-b138-fc421621fe08/1/0ow4hsbvUifCRiJMyJSoSlO89Ro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.143.156.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0c:57:db:e1:3f:19:27:45:f4:42:e0:db:48:77:88:a8:c4:6c:
         0a:96:4a:b6:aa:bc:50:bb:66:51:d9:58:67:8e:55:05:37:81:
         a4:77:88:6c:88:66:cd:c8:a8:e2:3e:0c:ba:78:4b:2b:ce:75:
         6a:d7:e3:78:25:21:6f:30:ca:60:98:b2:7d:3c:c2:e6:68:35:
         cd:49:fb:da:b5:8f:f9:de:c8:a9:f7:51:6c:d5:a3:34:9f:3d:
         57:51:e5:ce:33:52:9f:3b:ee:11:fa:06:d1:8e:3e:3e:c7:1e:
         1e:c3:2e:e6:4c:a1:47:08:d2:ac:d2:4d:92:fa:78:32:46:ec:
         2c:00:f9:52:94:1a:cf:a3:0d:1b:d4:aa:b9:51:ad:c2:73:cd:
         d0:34:a7:3e:8d:e0:dd:be:6e:a4:cb:75:ea:59:b7:39:fd:2d:
         91:34:bd:0b:16:f1:b0:89:53:27:f5:6b:4c:c1:d0:4e:9b:31:
         86:8b:dc:39:ef:3b:03:c1:57:41:76:94:42:75:26:5f:73:d8:
         77:f6:5c:14:e3:50:8c:c0:17:50:c9:f1:76:04:34:c8:0e:eb:
         89:c1:97:c5:95:30:72:76:1b:db:db:61:2f:a6:d2:2b:59:e1:
         17:02:90:7c:bb:81:b9:9f:a0:1f:d5:7e:20:c4:a7:52:84:52:
         51:5a:d0:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY49nsCxV3aiVN6ecxP5usfWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyOGMzODg2YzZlZjUyMjdjMjQ2MjI0Y2M4OTRhODRhNTNi
Y2Y1MWEwHhcNMjQwMzE0MTUzOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTNmMjkzOWJiM2NjNjVhYTk1MGExMGRiYjhkYjNhMzcxNzExYjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvL8BdQtAHUcF8zwwz+X6TDr2aAQ
cRKZoMP89hUsVapVynXq/nhtk8eYbfmEj8liDlY3LfPDJ9m5euYqfzftoceNo6cS
fNjq1gzOS/pd/hFfNtJ/1zsOlSGJxyzXvRBIU18yayPHzWCyhn1V5zzV/PD5ZpZS
Sq/pkbo4BKIHDS2RzYuM7ZXdeVHWHzS5IW99fJjKPwCGShU+iWNLcySGUHTHuXFk
qEzB92Rui81/K7+eMk2z0F+XTDjH3fTw4G+tUdeb2y1UVDOhIb6Ixw9zwZe5Xu9k
4hgrF/063OObKLv467TbeS3RkvnFsFg2qg8lHw6jEgAHi7f8iYdOChPU3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOE/KTm7PMZaqVChDbuNs6NxcRt4MB8GA1UdIwQY
MBaAFNKMOIbG71InwkYiTMiUqEpTvPUaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMG93NGhzYnZVaWZDUmlKTXlKU29TbE84OVJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC9iZWMxOWMtNWI5NC00MDFmLWIxMzgt
ZmM0MjE2MjFmZTA4LzEvNFQ4cE9iczh4bHFwVUtFTnU0MnpvM0Z4RzNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC9iZWMxOWMtNWI5NC00MDFmLWIxMzgtZmM0MjE2MjFmZTA4
LzEvMG93NGhzYnZVaWZDUmlKTXlKU29TbE84OVJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwo+cMA0G
CSqGSIb3DQEBCwUAA4IBAQAMV9vhPxknRfRC4NtId4ioxGwKlkq2qrxQu2ZR2Vhn
jlUFN4Gkd4hsiGbNyKjiPgy6eEsrznVq1+N4JSFvMMpgmLJ9PMLmaDXNSfvatY/5
3sip91Fs1aM0nz1XUeXOM1KfO+4R+gbRjj4+xx4ewy7mTKFHCNKs0k2S+ngyRuws
APlSlBrPow0b1Kq5Ua3Cc83QNKc+jeDdvm6ky3XqWbc5/S2RNL0LFvGwiVMn9WtM
wdBOmzGGi9w57zsDwVdBdpRCdSZfc9h39lwU41CMwBdQyfF2BDTIDuuJwZfFlTBy
dhvb22EvptIrWeEXApB8u4G5n6Af1X4gxKdShFJRWtAz
-----END CERTIFICATE-----