Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/3be7b4-7f42-4217-819b-2476291d70ee/1/eJRari3L5w1GuCVYubcXvpahaxQ.roa
File:                     eJRari3L5w1GuCVYubcXvpahaxQ.roa (raw, json)
Hash identifier:          SUZk8/qJb+NOK8nJy2dKNvZ4ng2ypNiZT1Jny6yQ8xE=
Subject key identifier:   78:94:5A:AE:2D:CB:E7:0D:46:B8:25:58:B9:B7:17:BE:96:A1:6B:14
Certificate issuer:       /CN=a08e0aef1cd1e9d32a616adf58245a3ab88a554b
Certificate serial:       018CC64B6DFE674D7A16809D823E4D80A6E9
Authority key identifier: A0:8E:0A:EF:1C:D1:E9:D3:2A:61:6A:DF:58:24:5A:3A:B8:8A:55:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oI4K7xzR6dMqYWrfWCRaOriKVUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/3be7b4-7f42-4217-819b-2476291d70ee/1/eJRari3L5w1GuCVYubcXvpahaxQ.roa
Signing time:             Mon 01 Jan 2024 18:31:21 +0000
ROA not before:           Mon 01 Jan 2024 18:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15576
IP address blocks:        194.153.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/3be7b4-7f42-4217-819b-2476291d70ee/1/oI4K7xzR6dMqYWrfWCRaOriKVUs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/3be7b4-7f42-4217-819b-2476291d70ee/1/oI4K7xzR6dMqYWrfWCRaOriKVUs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oI4K7xzR6dMqYWrfWCRaOriKVUs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 23:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:6d:fe:67:4d:7a:16:80:9d:82:3e:4d:80:a6:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a08e0aef1cd1e9d32a616adf58245a3ab88a554b
        Validity
            Not Before: Jan  1 18:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=78945aae2dcbe70d46b82558b9b717be96a16b14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:77:a0:0e:9b:2f:d7:9d:62:22:82:24:bf:59:
                    25:d2:4b:e6:52:3f:55:ad:4d:5b:70:4e:f8:ee:bb:
                    cc:d6:36:6f:dd:11:dc:5b:ac:14:45:0a:80:bc:97:
                    37:56:b5:be:3d:61:f2:02:99:16:f6:a2:82:12:9f:
                    6c:d2:09:1e:52:a0:14:0b:f9:a2:ad:4f:79:46:66:
                    4f:79:31:c4:81:8e:58:e9:24:44:98:72:c3:77:a5:
                    c8:42:d0:30:42:b9:4e:a0:45:42:cf:77:c2:32:d7:
                    0c:65:61:6d:77:52:7e:b7:85:32:c4:46:5f:1d:aa:
                    39:b3:df:b7:c7:1d:b4:f7:8f:3f:ff:4b:48:e2:62:
                    9e:ed:b1:06:15:74:34:e7:37:25:33:93:b8:95:69:
                    a0:b2:98:ee:12:e9:af:06:a7:23:fd:42:62:fd:e4:
                    d4:e9:c5:5a:e5:75:40:ca:09:f0:b6:83:2b:27:d4:
                    e1:e7:f8:a8:a7:dc:c1:80:90:e9:7d:93:53:4b:a0:
                    1e:ef:d0:fb:66:22:48:23:2e:3b:be:fb:cc:0e:f6:
                    cc:54:31:c1:17:cf:26:c5:26:f5:a1:b3:6e:47:8d:
                    a8:5a:20:c1:1a:53:7b:36:d9:29:22:16:e7:24:fb:
                    ac:60:88:1b:6e:b8:d9:37:2f:d0:02:57:60:38:18:
                    d9:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:94:5A:AE:2D:CB:E7:0D:46:B8:25:58:B9:B7:17:BE:96:A1:6B:14
            X509v3 Authority Key Identifier:
                keyid:A0:8E:0A:EF:1C:D1:E9:D3:2A:61:6A:DF:58:24:5A:3A:B8:8A:55:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oI4K7xzR6dMqYWrfWCRaOriKVUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/3be7b4-7f42-4217-819b-2476291d70ee/1/eJRari3L5w1GuCVYubcXvpahaxQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/3be7b4-7f42-4217-819b-2476291d70ee/1/oI4K7xzR6dMqYWrfWCRaOriKVUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.153.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:15:83:3b:09:f0:99:d2:ce:4e:7c:31:38:83:ad:89:cc:07:
         76:41:b3:95:bb:00:5b:5f:17:3c:85:b0:1c:d4:a4:fa:f6:5c:
         f0:fd:29:04:b7:ea:6a:93:cf:50:69:b4:10:d7:ad:b6:75:3f:
         07:74:7a:a7:46:0d:bc:0b:e9:af:6b:a0:45:5c:7c:65:d0:e7:
         36:08:e3:21:6f:1e:ba:2f:54:99:d6:a0:d0:4b:ba:46:30:9b:
         02:80:8e:bb:0d:b5:c4:45:98:a4:bb:ce:52:7b:5d:74:11:25:
         57:a5:b1:14:ff:05:43:38:ad:8d:43:63:b7:28:f9:fd:67:6b:
         f9:27:9f:d4:a2:e9:71:3e:5e:24:a4:83:7e:e6:76:3a:74:df:
         9e:b6:01:81:8e:23:15:83:9d:43:95:49:3b:52:b2:ea:b9:09:
         99:2b:f3:4f:07:34:f3:f6:77:a8:b9:7c:2e:ec:68:71:90:e3:
         54:ac:c8:ec:bc:83:a4:e1:1d:be:3f:b9:9a:b6:3f:08:49:c5:
         cd:3c:39:52:ad:2b:3b:ea:b1:9e:a6:87:a3:3d:95:a9:f2:47:
         2b:a7:74:66:89:ac:49:da:6c:5e:a1:48:cf:00:8a:c8:e8:d8:
         29:38:ee:42:65:23:03:22:47:c9:8c:d7:7c:fa:c2:9e:ab:bf:
         4f:cf:53:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS23+Z016FoCdgj5NgKbpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwOGUwYWVmMWNkMWU5ZDMyYTYxNmFkZjU4MjQ1YTNhYjg4
YTU1NGIwHhcNMjQwMTAxMTgzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODk0NWFhZTJkY2JlNzBkNDZiODI1NThiOWI3MTdiZTk2YTE2YjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsnegDpsv151iIoIkv1kl0kvmUj9V
rU1bcE747rvM1jZv3RHcW6wURQqAvJc3VrW+PWHyApkW9qKCEp9s0gkeUqAUC/mi
rU95RmZPeTHEgY5Y6SREmHLDd6XIQtAwQrlOoEVCz3fCMtcMZWFtd1J+t4UyxEZf
Hao5s9+3xx20948//0tI4mKe7bEGFXQ05zclM5O4lWmgspjuEumvBqcj/UJi/eTU
6cVa5XVAygnwtoMrJ9Th5/iop9zBgJDpfZNTS6Ae79D7ZiJIIy47vvvMDvbMVDHB
F88mxSb1obNuR42oWiDBGlN7NtkpIhbnJPusYIgbbrjZNy/QAldgOBjZ6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHiUWq4ty+cNRrglWLm3F76WoWsUMB8GA1UdIwQY
MBaAFKCOCu8c0enTKmFq31gkWjq4ilVLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0k0Szd4elI2ZE1xWVdyZldDUmFPcmlLVlVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS8zYmU3YjQtN2Y0Mi00MjE3LTgxOWIt
MjQ3NjI5MWQ3MGVlLzEvZUpSYXJpM0w1dzFHdUNWWXViY1h2cGFoYXhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS8zYmU3YjQtN2Y0Mi00MjE3LTgxOWItMjQ3NjI5MWQ3MGVl
LzEvb0k0Szd4elI2ZE1xWVdyZldDUmFPcmlLVlVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpleMA0G
CSqGSIb3DQEBCwUAA4IBAQCDFYM7CfCZ0s5OfDE4g62JzAd2QbOVuwBbXxc8hbAc
1KT69lzw/SkEt+pqk89QabQQ1622dT8HdHqnRg28C+mva6BFXHxl0Oc2COMhbx66
L1SZ1qDQS7pGMJsCgI67DbXERZiku85Se110ESVXpbEU/wVDOK2NQ2O3KPn9Z2v5
J5/UoulxPl4kpIN+5nY6dN+etgGBjiMVg51DlUk7UrLquQmZK/NPBzTz9neouXwu
7GhxkONUrMjsvIOk4R2+P7matj8IScXNPDlSrSs76rGepoejPZWp8kcrp3RmiaxJ
2mxeoUjPAIrI6NgpOO5CZSMDIkfJjNd8+sKeq79Pz1MQ
-----END CERTIFICATE-----