Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/54faaa-37e6-4ad0-9ef5-6870684566e2/1/9fq3pR1J8rvsEbs7ipKxgnC2aQc.roa
File:                     9fq3pR1J8rvsEbs7ipKxgnC2aQc.roa (raw, json)
Hash identifier:          7vu6VSg/K7VkRaTvCkA4Kt99+BEQQNcJDAERroXTPy8=
Subject key identifier:   F5:FA:B7:A5:1D:49:F2:BB:EC:11:BB:3B:8A:92:B1:82:70:B6:69:07
Certificate issuer:       /CN=b8b8da567492dcbf59f98a6bf1d1974ab42bc7d0
Certificate serial:       018CC94E5F0228EA78BB70C219BF10398B0C
Authority key identifier: B8:B8:DA:56:74:92:DC:BF:59:F9:8A:6B:F1:D1:97:4A:B4:2B:C7:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uLjaVnSS3L9Z-Ypr8dGXSrQrx9A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/54faaa-37e6-4ad0-9ef5-6870684566e2/1/9fq3pR1J8rvsEbs7ipKxgnC2aQc.roa
Signing time:             Tue 02 Jan 2024 08:33:25 +0000
ROA not before:           Tue 02 Jan 2024 08:33:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13135
IP address blocks:        192.76.124.0/24 maxlen: 24
                          194.55.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/54faaa-37e6-4ad0-9ef5-6870684566e2/1/uLjaVnSS3L9Z-Ypr8dGXSrQrx9A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/54faaa-37e6-4ad0-9ef5-6870684566e2/1/uLjaVnSS3L9Z-Ypr8dGXSrQrx9A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uLjaVnSS3L9Z-Ypr8dGXSrQrx9A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:5f:02:28:ea:78:bb:70:c2:19:bf:10:39:8b:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8b8da567492dcbf59f98a6bf1d1974ab42bc7d0
        Validity
            Not Before: Jan  2 08:33:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5fab7a51d49f2bbec11bb3b8a92b18270b66907
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:49:5f:cb:40:e1:49:22:24:1d:6d:1f:f6:65:
                    25:eb:dd:a5:24:94:1d:76:c8:ec:38:7f:13:14:a1:
                    28:82:24:ba:b9:b4:6f:48:2e:66:77:67:57:d7:ca:
                    8f:95:ac:05:a0:b1:fb:ca:5c:22:60:ce:26:fe:fc:
                    1f:54:1d:03:7e:3e:67:8a:b1:ca:19:e6:3d:fd:d0:
                    78:cd:1d:5f:b5:a9:21:a9:48:14:4a:91:a2:05:1a:
                    ac:33:29:2b:de:e5:a1:26:88:fa:08:c6:35:a5:99:
                    c2:6c:a8:22:4b:03:6c:d7:03:d4:f6:79:a5:c0:a9:
                    fc:a9:48:16:94:36:11:8a:bb:29:51:65:25:23:41:
                    b9:6a:bd:cf:e4:a0:1b:f8:dc:c2:b4:04:8d:28:4d:
                    1a:c6:3b:34:09:9c:7a:a7:15:8a:9d:e9:1d:0e:0e:
                    8f:fe:47:e7:5d:19:b6:e4:0c:3b:34:84:81:3a:40:
                    45:85:65:49:40:9b:4c:b4:64:cd:5d:da:d2:b3:9a:
                    01:5f:5e:7a:f5:86:a6:f5:cc:bf:cb:8e:28:2a:6d:
                    2a:0b:12:81:38:30:e7:1f:fc:08:de:60:50:9d:e9:
                    66:8f:48:2d:a5:01:bf:7a:0c:f9:7a:fd:d5:27:ee:
                    50:c2:26:de:3f:90:35:82:65:d7:59:10:69:12:63:
                    3b:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:FA:B7:A5:1D:49:F2:BB:EC:11:BB:3B:8A:92:B1:82:70:B6:69:07
            X509v3 Authority Key Identifier:
                keyid:B8:B8:DA:56:74:92:DC:BF:59:F9:8A:6B:F1:D1:97:4A:B4:2B:C7:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uLjaVnSS3L9Z-Ypr8dGXSrQrx9A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/54faaa-37e6-4ad0-9ef5-6870684566e2/1/9fq3pR1J8rvsEbs7ipKxgnC2aQc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/54faaa-37e6-4ad0-9ef5-6870684566e2/1/uLjaVnSS3L9Z-Ypr8dGXSrQrx9A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.76.124.0/24
                  194.55.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:27:50:fd:ce:a5:d8:f5:2f:1f:c0:ed:37:a0:a1:3f:ab:9d:
         d8:18:de:59:5f:6b:f2:1c:98:6e:d9:3f:04:9d:2f:b6:47:8f:
         3d:7a:af:61:88:60:68:72:02:7e:43:0f:9a:42:c6:bc:b7:76:
         40:71:ba:97:d5:f0:19:95:be:ce:97:7e:14:2a:fc:4f:71:ef:
         f3:2a:d6:28:b9:da:3d:4e:e9:52:1b:17:c0:b7:8c:0e:8e:09:
         01:62:ad:44:54:5e:49:c7:41:dc:e3:a8:62:15:37:5b:fd:a0:
         99:b2:7a:e4:06:b6:26:11:d2:ba:43:a2:91:54:28:4b:57:35:
         5f:21:ac:ed:16:ef:2e:c3:00:5d:eb:ae:08:a7:9f:e8:e2:62:
         6c:9f:ff:b4:fe:49:64:4f:27:84:d1:7a:5f:9e:15:9a:5c:80:
         5f:3f:c3:00:a9:3b:1b:39:15:38:79:77:e4:17:81:23:17:95:
         bb:00:a8:2f:28:44:5b:0c:4d:69:33:29:e3:a4:af:a8:92:38:
         83:57:6c:17:0e:ca:18:c1:15:f1:06:ea:ff:f8:dc:01:7a:0d:
         d6:3c:14:70:39:6b:18:43:b4:34:4c:09:c6:89:78:ec:45:3f:
         25:4b:68:c2:dd:b5:ed:29:c8:34:61:03:38:98:c0:67:e9:77:
         85:24:d8:da
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTl8CKOp4u3DCGb8QOYsMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4YjhkYTU2NzQ5MmRjYmY1OWY5OGE2YmYxZDE5NzRhYjQy
YmM3ZDAwHhcNMjQwMTAyMDgzMzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWZhYjdhNTFkNDlmMmJiZWMxMWJiM2I4YTkyYjE4MjcwYjY2OTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApElfy0DhSSIkHW0f9mUl692lJJQd
dsjsOH8TFKEogiS6ubRvSC5md2dX18qPlawFoLH7ylwiYM4m/vwfVB0Dfj5nirHK
GeY9/dB4zR1ftakhqUgUSpGiBRqsMykr3uWhJoj6CMY1pZnCbKgiSwNs1wPU9nml
wKn8qUgWlDYRirspUWUlI0G5ar3P5KAb+NzCtASNKE0axjs0CZx6pxWKnekdDg6P
/kfnXRm25Aw7NISBOkBFhWVJQJtMtGTNXdrSs5oBX1569Yam9cy/y44oKm0qCxKB
ODDnH/wI3mBQnelmj0gtpQG/egz5ev3VJ+5QwibeP5A1gmXXWRBpEmM7SwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPX6t6UdSfK77BG7O4qSsYJwtmkHMB8GA1UdIwQY
MBaAFLi42lZ0kty/WfmKa/HRl0q0K8fQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUxqYVZuU1MzTDlaLVlwcjhkR1hTclFyeDlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC81NGZhYWEtMzdlNi00YWQwLTllZjUt
Njg3MDY4NDU2NmUyLzEvOWZxM3BSMUo4cnZzRWJzN2lwS3hnbkMyYVFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC81NGZhYWEtMzdlNi00YWQwLTllZjUtNjg3MDY4NDU2NmUy
LzEvdUxqYVZuU1MzTDlaLVlwcjhkR1hTclFyeDlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwEx8AwQA
wjecMA0GCSqGSIb3DQEBCwUAA4IBAQCMJ1D9zqXY9S8fwO03oKE/q53YGN5ZX2vy
HJhu2T8EnS+2R489eq9hiGBocgJ+Qw+aQsa8t3ZAcbqX1fAZlb7Ol34UKvxPce/z
KtYoudo9TulSGxfAt4wOjgkBYq1EVF5Jx0Hc46hiFTdb/aCZsnrkBrYmEdK6Q6KR
VChLVzVfIaztFu8uwwBd664Ip5/o4mJsn/+0/klkTyeE0XpfnhWaXIBfP8MAqTsb
ORU4eXfkF4EjF5W7AKgvKERbDE1pMynjpK+okjiDV2wXDsoYwRXxBur/+NwBeg3W
PBRwOWsYQ7Q0TAnGiXjsRT8lS2jC3bXtKcg0YQM4mMBn6XeFJNja
-----END CERTIFICATE-----