Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/5f69da-4f26-47df-a9a9-6bee97ffd968/1/8_4ohfHRhTwytokN0xhWdexs43o.roa
File:                     8_4ohfHRhTwytokN0xhWdexs43o.roa (raw, json)
Hash identifier:          1PDBmnpXm1joKxmp5d4BV+hXWDcBKMBdbJc190MMojc=
Subject key identifier:   F3:FE:28:85:F1:D1:85:3C:32:B6:89:0D:D3:18:56:75:EC:6C:E3:7A
Certificate issuer:       /CN=14d01cae1ddfd4d437e7b7feea5ea46e30405090
Certificate serial:       018CC64B4607561FA3C349C7CC3C995E4F8B
Authority key identifier: 14:D0:1C:AE:1D:DF:D4:D4:37:E7:B7:FE:EA:5E:A4:6E:30:40:50:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FNAcrh3f1NQ357f-6l6kbjBAUJA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/5f69da-4f26-47df-a9a9-6bee97ffd968/1/8_4ohfHRhTwytokN0xhWdexs43o.roa
Signing time:             Mon 01 Jan 2024 18:31:11 +0000
ROA not before:           Mon 01 Jan 2024 18:31:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198193
IP address blocks:        176.101.16.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/5f69da-4f26-47df-a9a9-6bee97ffd968/1/FNAcrh3f1NQ357f-6l6kbjBAUJA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/5f69da-4f26-47df-a9a9-6bee97ffd968/1/FNAcrh3f1NQ357f-6l6kbjBAUJA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FNAcrh3f1NQ357f-6l6kbjBAUJA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 10:02:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:46:07:56:1f:a3:c3:49:c7:cc:3c:99:5e:4f:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=14d01cae1ddfd4d437e7b7feea5ea46e30405090
        Validity
            Not Before: Jan  1 18:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3fe2885f1d1853c32b6890dd3185675ec6ce37a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:c5:76:9a:30:d5:b5:7d:90:81:98:48:1e:d9:
                    f3:f3:d0:77:4a:c6:35:52:65:ca:9f:ac:58:98:ed:
                    8f:a9:a5:91:18:4d:8e:42:86:0c:be:06:c5:e6:4a:
                    39:67:9b:51:d1:26:d1:a3:2e:89:b8:10:07:bd:10:
                    81:d5:fd:3a:ce:67:8b:88:a0:eb:4d:cc:9e:ab:c1:
                    64:1e:cd:34:1a:53:8f:6b:01:b6:53:63:76:3a:17:
                    61:b3:cd:63:38:e5:fc:c4:2b:ab:8b:f0:78:54:6d:
                    03:50:3f:53:6e:f8:87:28:d9:07:a2:46:f5:5d:5b:
                    0c:76:a1:9e:13:50:23:8f:38:a1:96:b8:10:e2:e6:
                    d5:ed:07:6d:1c:27:4e:92:92:c9:c3:86:f6:29:99:
                    e1:3a:20:e7:a6:e7:78:25:16:30:1a:8e:43:83:24:
                    cb:7c:c2:7e:57:18:71:e3:af:0a:d0:f1:ac:bb:a8:
                    0f:9b:ce:3e:cd:73:ff:d9:a3:54:fb:a5:c4:eb:18:
                    c3:7b:80:02:31:44:74:33:18:86:78:ec:02:72:d6:
                    b1:b0:e8:e1:91:3a:ac:df:68:7a:97:ee:3a:06:84:
                    64:11:b2:04:7b:11:43:89:9f:dd:28:15:73:f2:38:
                    0c:a7:f8:cc:0f:b3:58:13:05:80:77:a3:70:0b:f1:
                    2d:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:FE:28:85:F1:D1:85:3C:32:B6:89:0D:D3:18:56:75:EC:6C:E3:7A
            X509v3 Authority Key Identifier:
                keyid:14:D0:1C:AE:1D:DF:D4:D4:37:E7:B7:FE:EA:5E:A4:6E:30:40:50:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FNAcrh3f1NQ357f-6l6kbjBAUJA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/5f69da-4f26-47df-a9a9-6bee97ffd968/1/8_4ohfHRhTwytokN0xhWdexs43o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/5f69da-4f26-47df-a9a9-6bee97ffd968/1/FNAcrh3f1NQ357f-6l6kbjBAUJA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.101.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         96:1c:b9:cc:3c:3d:b1:cf:6b:8b:20:99:f4:cf:6f:b6:eb:70:
         d0:59:e5:18:29:26:67:fb:91:f1:d2:9c:7d:5e:3d:18:a6:95:
         aa:3a:21:21:10:fc:af:ed:c4:10:2b:af:97:ff:28:a2:70:f0:
         6f:46:55:2e:19:4a:e8:8b:1d:d4:fb:97:10:34:92:f7:62:20:
         c4:9a:fb:88:10:18:c3:0d:de:12:74:e0:0d:ff:0b:f3:19:43:
         d0:a2:40:32:32:e0:9d:a6:05:91:b3:14:10:87:cc:cf:c2:4f:
         97:6e:54:02:f3:63:c6:90:9c:70:2d:8d:93:7f:6b:ae:56:25:
         4a:2c:85:26:8b:df:f7:b4:80:99:b8:06:9f:d2:ee:95:3f:64:
         a0:6a:16:1a:14:41:d3:1c:57:ad:ef:4c:b3:9c:65:1d:93:09:
         e7:e9:dd:b8:10:bf:09:c3:67:3f:f7:91:cf:40:ee:c3:fc:78:
         9a:c9:0d:52:ac:9a:da:04:a6:8e:23:ad:27:6c:0a:0d:12:37:
         d1:27:df:19:d5:dc:3a:27:f4:3e:08:48:5e:2e:76:cc:ab:59:
         b2:a3:bf:71:13:29:10:ad:95:a5:14:c2:62:b7:31:00:9f:a8:
         15:60:0f:62:75:76:36:99:12:c6:fe:8b:2e:55:72:24:36:6b:
         d0:07:4d:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS0YHVh+jw0nHzDyZXk+LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0ZDAxY2FlMWRkZmQ0ZDQzN2U3YjdmZWVhNWVhNDZlMzA0
MDUwOTAwHhcNMjQwMTAxMTgzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2ZlMjg4NWYxZDE4NTNjMzJiNjg5MGRkMzE4NTY3NWVjNmNlMzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1sV2mjDVtX2QgZhIHtnz89B3SsY1
UmXKn6xYmO2PqaWRGE2OQoYMvgbF5ko5Z5tR0SbRoy6JuBAHvRCB1f06zmeLiKDr
Tcyeq8FkHs00GlOPawG2U2N2Ohdhs81jOOX8xCuri/B4VG0DUD9TbviHKNkHokb1
XVsMdqGeE1AjjzihlrgQ4ubV7QdtHCdOkpLJw4b2KZnhOiDnpud4JRYwGo5DgyTL
fMJ+Vxhx468K0PGsu6gPm84+zXP/2aNU+6XE6xjDe4ACMUR0MxiGeOwCctaxsOjh
kTqs32h6l+46BoRkEbIEexFDiZ/dKBVz8jgMp/jMD7NYEwWAd6NwC/Et2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPP+KIXx0YU8MraJDdMYVnXsbON6MB8GA1UdIwQY
MBaAFBTQHK4d39TUN+e3/upepG4wQFCQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRk5BY3JoM2YxTlEzNTdmLTZsNmtiakJBVUpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS81ZjY5ZGEtNGYyNi00N2RmLWE5YTkt
NmJlZTk3ZmZkOTY4LzEvOF80b2hmSFJoVHd5dG9rTjB4aFdkZXhzNDNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS81ZjY5ZGEtNGYyNi00N2RmLWE5YTktNmJlZTk3ZmZkOTY4
LzEvRk5BY3JoM2YxTlEzNTdmLTZsNmtiakJBVUpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEsGUQMA0G
CSqGSIb3DQEBCwUAA4IBAQCWHLnMPD2xz2uLIJn0z2+263DQWeUYKSZn+5Hx0px9
Xj0YppWqOiEhEPyv7cQQK6+X/yiicPBvRlUuGUroix3U+5cQNJL3YiDEmvuIEBjD
Dd4SdOAN/wvzGUPQokAyMuCdpgWRsxQQh8zPwk+XblQC82PGkJxwLY2Tf2uuViVK
LIUmi9/3tICZuAaf0u6VP2SgahYaFEHTHFet70yznGUdkwnn6d24EL8Jw2c/95HP
QO7D/HiayQ1SrJraBKaOI60nbAoNEjfRJ98Z1dw6J/Q+CEheLnbMq1myo79xEykQ
rZWlFMJitzEAn6gVYA9idXY2mRLG/osuVXIkNmvQB00U
-----END CERTIFICATE-----