Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/d809b1-faf7-40c2-94ba-f1815a41a033/1/U8u9wC94rUlOkgrzM74UjKdJyZo.roa
File:                     U8u9wC94rUlOkgrzM74UjKdJyZo.roa (raw, json)
Hash identifier:          JF9xqjVHmrm9XilKBx+FFBS7ElKnlTrvbYkFgPuk2wA=
Subject key identifier:   53:CB:BD:C0:2F:78:AD:49:4E:92:0A:F3:33:BE:14:8C:A7:49:C9:9A
Certificate issuer:       /CN=80a921408433b66ea50a4000aace10d2add06a85
Certificate serial:       01914624D01D8C6253FCD173A8D0CC7BB3D1
Authority key identifier: 80:A9:21:40:84:33:B6:6E:A5:0A:40:00:AA:CE:10:D2:AD:D0:6A:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gKkhQIQztm6lCkAAqs4Q0q3QaoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/d809b1-faf7-40c2-94ba-f1815a41a033/1/U8u9wC94rUlOkgrzM74UjKdJyZo.roa
Signing time:             Mon 12 Aug 2024 10:31:43 +0000
ROA not before:           Mon 12 Aug 2024 10:31:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6730
IP address blocks:        194.124.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/d809b1-faf7-40c2-94ba-f1815a41a033/1/gKkhQIQztm6lCkAAqs4Q0q3QaoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/d809b1-faf7-40c2-94ba-f1815a41a033/1/gKkhQIQztm6lCkAAqs4Q0q3QaoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gKkhQIQztm6lCkAAqs4Q0q3QaoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:19:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:46:24:d0:1d:8c:62:53:fc:d1:73:a8:d0:cc:7b:b3:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80a921408433b66ea50a4000aace10d2add06a85
        Validity
            Not Before: Aug 12 10:31:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53cbbdc02f78ad494e920af333be148ca749c99a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:cc:6f:41:da:ac:58:e1:44:f3:a3:a2:d5:72:
                    53:ab:4f:0c:3b:1b:3c:aa:ad:89:2b:b8:c1:24:34:
                    42:60:f9:fe:46:ec:e0:f2:0d:69:1d:8b:0f:45:06:
                    63:99:ab:56:45:1a:e1:dc:e4:17:78:42:16:51:cc:
                    5e:36:ef:67:d1:84:f8:b0:49:f5:9b:c1:03:d6:c3:
                    03:42:7f:18:07:4d:c7:b8:ae:df:07:41:5f:91:2d:
                    64:a0:89:0e:66:b8:1e:6b:73:33:d9:75:ee:f0:26:
                    b4:6e:eb:94:a3:88:e0:d2:09:1e:33:5f:e5:89:d4:
                    86:75:aa:cc:d2:8e:51:82:40:20:14:af:ac:59:20:
                    04:cd:c8:99:c8:a1:96:38:15:f0:a5:d5:e0:2f:73:
                    e2:d1:34:56:56:8c:96:b6:72:a8:24:6e:1c:14:de:
                    47:33:10:2d:8a:99:bb:3a:f2:a4:7b:09:3f:2a:4f:
                    9a:39:67:4b:5d:bf:d7:cf:eb:63:03:75:d7:c7:72:
                    fd:94:a7:b0:cd:0d:9e:ec:c4:ae:bc:b6:37:72:6a:
                    47:64:64:8c:b5:c7:d7:c8:64:90:dc:e3:7a:8e:27:
                    1c:3d:2d:f3:36:da:b9:22:fd:d7:2b:4b:32:ac:bd:
                    39:5e:b2:25:dc:28:0d:04:cc:24:1b:9f:a8:30:1a:
                    ff:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:CB:BD:C0:2F:78:AD:49:4E:92:0A:F3:33:BE:14:8C:A7:49:C9:9A
            X509v3 Authority Key Identifier:
                keyid:80:A9:21:40:84:33:B6:6E:A5:0A:40:00:AA:CE:10:D2:AD:D0:6A:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gKkhQIQztm6lCkAAqs4Q0q3QaoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/d809b1-faf7-40c2-94ba-f1815a41a033/1/U8u9wC94rUlOkgrzM74UjKdJyZo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/d809b1-faf7-40c2-94ba-f1815a41a033/1/gKkhQIQztm6lCkAAqs4Q0q3QaoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.124.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:ed:fe:e6:db:7b:28:4b:ed:a1:36:06:50:9a:97:83:47:42:
         89:24:d4:cc:85:91:4d:40:68:57:a9:a4:4a:73:b3:f8:ba:6e:
         18:05:5a:ae:30:a4:db:13:8f:e9:76:2b:5b:21:b9:70:dc:64:
         32:58:d0:2f:32:c3:ac:bf:5f:3b:c7:04:d7:01:61:02:01:bc:
         d4:5d:6c:fc:5c:16:4b:35:1f:7a:b4:7d:e1:07:92:5d:85:4f:
         25:67:af:e9:c5:15:53:93:2c:8b:08:0e:71:60:39:8e:21:ef:
         46:0e:d3:f7:75:07:1e:c3:ed:32:db:03:2e:2e:23:7b:dd:ee:
         67:47:7b:19:98:d0:9c:2c:c6:90:28:a0:64:76:81:4d:54:d6:
         ad:de:83:cf:3f:93:70:00:31:18:31:63:8c:21:88:68:e4:fe:
         7a:ac:35:26:64:f0:6c:8c:de:c0:0e:cd:de:78:d3:ce:e5:c8:
         83:a5:b2:74:35:1a:ae:fc:3e:d0:89:c1:23:d6:98:77:4c:8c:
         7c:f3:77:4a:c7:c3:f7:45:e3:d2:9b:4f:5a:fa:6c:4d:84:ae:
         8d:5c:f9:43:5a:f6:16:a4:95:45:ba:22:62:ba:26:61:c4:c5:
         47:24:51:00:9c:87:96:ff:43:74:ac:31:07:23:25:5c:bb:4f:
         df:16:60:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFGJNAdjGJT/NFzqNDMe7PRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwYTkyMTQwODQzM2I2NmVhNTBhNDAwMGFhY2UxMGQyYWRk
MDZhODUwHhcNMjQwODEyMTAzMTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2NiYmRjMDJmNzhhZDQ5NGU5MjBhZjMzM2JlMTQ4Y2E3NDljOTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3sxvQdqsWOFE86Oi1XJTq08MOxs8
qq2JK7jBJDRCYPn+Ruzg8g1pHYsPRQZjmatWRRrh3OQXeEIWUcxeNu9n0YT4sEn1
m8ED1sMDQn8YB03HuK7fB0FfkS1koIkOZrgea3Mz2XXu8Ca0buuUo4jg0gkeM1/l
idSGdarM0o5RgkAgFK+sWSAEzciZyKGWOBXwpdXgL3Pi0TRWVoyWtnKoJG4cFN5H
MxAtipm7OvKkewk/Kk+aOWdLXb/Xz+tjA3XXx3L9lKewzQ2e7MSuvLY3cmpHZGSM
tcfXyGSQ3ON6jiccPS3zNtq5Iv3XK0syrL05XrIl3CgNBMwkG5+oMBr/fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFPLvcAveK1JTpIK8zO+FIynScmaMB8GA1UdIwQY
MBaAFICpIUCEM7ZupQpAAKrOENKt0GqFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0traFFJUXp0bTZsQ2tBQXFzNFEwcTNRYW9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9kODA5YjEtZmFmNy00MGMyLTk0YmEt
ZjE4MTVhNDFhMDMzLzEvVTh1OXdDOTRyVWxPa2dyek03NFVqS2RKeVpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9kODA5YjEtZmFmNy00MGMyLTk0YmEtZjE4MTVhNDFhMDMz
LzEvZ0traFFJUXp0bTZsQ2tBQXFzNFEwcTNRYW9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwny7MA0G
CSqGSIb3DQEBCwUAA4IBAQAx7f7m23soS+2hNgZQmpeDR0KJJNTMhZFNQGhXqaRK
c7P4um4YBVquMKTbE4/pditbIblw3GQyWNAvMsOsv187xwTXAWECAbzUXWz8XBZL
NR96tH3hB5JdhU8lZ6/pxRVTkyyLCA5xYDmOIe9GDtP3dQcew+0y2wMuLiN73e5n
R3sZmNCcLMaQKKBkdoFNVNat3oPPP5NwADEYMWOMIYho5P56rDUmZPBsjN7ADs3e
eNPO5ciDpbJ0NRqu/D7QicEj1ph3TIx883dKx8P3RePSm09a+mxNhK6NXPlDWvYW
pJVFuiJiuiZhxMVHJFEAnIeW/0N0rDEHIyVcu0/fFmD9
-----END CERTIFICATE-----