Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/liO4BaJv3-26Vw8wRvtPeDImRng.roa
File:                     liO4BaJv3-26Vw8wRvtPeDImRng.roa (raw, json)
Hash identifier:          EhN2eFqyplInLKqtvtjLB83H3TjV94TaHGYpotPQU6s=
Subject key identifier:   96:23:B8:05:A2:6F:DF:ED:BA:57:0F:30:46:FB:4F:78:32:26:46:78
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       018E39DA81A31C164B3651E26E1409536498
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/liO4BaJv3-26Vw8wRvtPeDImRng.roa
Signing time:             Wed 13 Mar 2024 22:06:45 +0000
ROA not before:           Wed 13 Mar 2024 22:06:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397423
IP address blocks:        94.241.164.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:39:da:81:a3:1c:16:4b:36:51:e2:6e:14:09:53:64:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Mar 13 22:06:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9623b805a26fdfedba570f3046fb4f7832264678
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:a3:1f:53:05:30:20:44:b7:34:c1:8a:6c:67:
                    cd:bb:a6:9a:0f:94:83:cd:94:3d:1d:ab:30:cb:4c:
                    f4:8b:00:dd:fe:83:5e:e7:9b:eb:d8:5b:23:a0:05:
                    65:ef:72:19:f6:46:ab:e6:dd:c6:9a:7b:06:02:ac:
                    89:0e:1a:c4:0b:ec:02:c2:4c:2b:7d:c2:21:cf:f1:
                    8d:d3:e1:72:21:a6:82:53:23:60:56:74:26:02:b5:
                    cd:74:d6:7e:14:a2:24:67:cb:5e:b7:f2:dd:89:fd:
                    7a:31:d4:93:16:09:92:bf:3c:65:ba:a1:a5:38:d9:
                    09:e0:b7:f5:a1:18:08:90:33:fc:51:b7:b0:28:62:
                    1e:9f:36:1a:06:2a:8f:89:73:22:0b:96:54:01:2f:
                    d2:6e:ae:ce:76:3d:cc:32:e0:73:ed:f6:9b:cd:8d:
                    c1:64:74:2f:a9:43:53:84:c1:2d:72:37:88:7b:c9:
                    cd:e6:0e:7d:a9:d9:0d:46:95:a2:29:27:2c:15:34:
                    7c:86:82:9d:09:d3:88:80:c9:17:5d:3c:2a:3c:42:
                    7c:c5:fd:37:f8:27:b8:b1:12:db:68:36:5c:98:db:
                    ab:a6:64:ca:8f:96:02:55:8c:9e:65:10:b4:8e:4a:
                    32:bb:9e:ea:03:95:5a:d9:46:ae:2a:5a:b0:9f:4b:
                    c6:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:23:B8:05:A2:6F:DF:ED:BA:57:0F:30:46:FB:4F:78:32:26:46:78
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/liO4BaJv3-26Vw8wRvtPeDImRng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.241.164.0/23

    Signature Algorithm: sha256WithRSAEncryption
         45:41:bb:09:3f:1a:ae:21:0e:72:9a:88:2d:d8:26:9c:48:95:
         0e:93:80:3e:17:6c:4e:b1:50:5e:2d:eb:70:79:ed:b6:2e:df:
         40:8c:bf:7d:a3:25:3a:6b:db:57:1d:c0:6c:7e:11:89:16:ba:
         c5:aa:09:5d:74:96:de:61:25:40:a4:cf:db:3c:a2:e3:28:00:
         e8:fb:75:5c:78:b5:11:b8:33:62:c3:61:79:f5:bf:6c:78:da:
         98:db:53:7d:f4:a1:85:d1:ef:ff:57:58:a0:67:8f:be:cc:25:
         94:79:ee:84:10:c7:19:14:fe:21:25:61:20:2d:82:92:59:5c:
         86:5c:10:a2:0e:86:6d:8b:38:5b:2f:41:b7:ee:1e:28:ed:93:
         c3:49:5f:7b:4f:c4:ea:88:dc:bc:ff:c8:d7:29:ff:e6:cc:fa:
         01:47:e5:26:c9:f5:af:cd:0a:cb:87:32:10:60:a9:fc:4e:a2:
         26:cb:8c:98:37:47:3b:41:9f:ae:9e:ef:a5:b9:c1:b2:1d:4a:
         f6:30:e0:83:9a:f2:12:af:a1:44:44:2d:c3:75:2c:69:1b:99:
         dd:68:ba:c2:7a:50:09:95:06:16:97:8c:50:45:be:b5:8d:c8:
         2f:ac:55:06:f7:a6:79:45:f6:00:37:e7:7e:56:19:aa:45:51:
         6d:09:0e:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY452oGjHBZLNlHibhQJU2SYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQwMzEzMjIwNjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjIzYjgwNWEyNmZkZmVkYmE1NzBmMzA0NmZiNGY3ODMyMjY0Njc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkaMfUwUwIES3NMGKbGfNu6aaD5SD
zZQ9Haswy0z0iwDd/oNe55vr2FsjoAVl73IZ9kar5t3GmnsGAqyJDhrEC+wCwkwr
fcIhz/GN0+FyIaaCUyNgVnQmArXNdNZ+FKIkZ8tet/Ldif16MdSTFgmSvzxluqGl
ONkJ4Lf1oRgIkDP8UbewKGIenzYaBiqPiXMiC5ZUAS/Sbq7Odj3MMuBz7fabzY3B
ZHQvqUNThMEtcjeIe8nN5g59qdkNRpWiKScsFTR8hoKdCdOIgMkXXTwqPEJ8xf03
+Ce4sRLbaDZcmNurpmTKj5YCVYyeZRC0jkoyu57qA5Va2UauKlqwn0vGNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJYjuAWib9/tulcPMEb7T3gyJkZ4MB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvbGlPNEJhSnYzLTI2Vnc4d1J2dFBlREltUm5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXvGkMA0G
CSqGSIb3DQEBCwUAA4IBAQBFQbsJPxquIQ5ymogt2CacSJUOk4A+F2xOsVBeLetw
ee22Lt9AjL99oyU6a9tXHcBsfhGJFrrFqglddJbeYSVApM/bPKLjKADo+3VceLUR
uDNiw2F59b9seNqY21N99KGF0e//V1igZ4++zCWUee6EEMcZFP4hJWEgLYKSWVyG
XBCiDoZtizhbL0G37h4o7ZPDSV97T8TqiNy8/8jXKf/mzPoBR+UmyfWvzQrLhzIQ
YKn8TqImy4yYN0c7QZ+unu+lucGyHUr2MOCDmvISr6FERC3DdSxpG5ndaLrCelAJ
lQYWl4xQRb61jcgvrFUG96Z5RfYAN+d+VhmqRVFtCQ5f
-----END CERTIFICATE-----