Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/c316b6-72e3-4bce-bbe2-1b432872bcff/1/8_Z8tkWP9SntxJIAMd9xzKjzBDc.roa
File:                     8_Z8tkWP9SntxJIAMd9xzKjzBDc.roa (raw, json)
Hash identifier:          Y1ZYLyOua621FDCIXKzGaXSk/2wp1n2lJPS02ALz0YY=
Subject key identifier:   F3:F6:7C:B6:45:8F:F5:29:ED:C4:92:00:31:DF:71:CC:A8:F3:04:37
Certificate issuer:       /CN=e54ab89d33bd8aa9438a1dd0b4c59edbeb0c64ee
Certificate serial:       018CD9538861AEC66F2CED16E86BDAFCB85B
Authority key identifier: E5:4A:B8:9D:33:BD:8A:A9:43:8A:1D:D0:B4:C5:9E:DB:EB:0C:64:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5Uq4nTO9iqlDih3QtMWe2-sMZO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/c316b6-72e3-4bce-bbe2-1b432872bcff/1/8_Z8tkWP9SntxJIAMd9xzKjzBDc.roa
Signing time:             Fri 05 Jan 2024 11:12:59 +0000
ROA not before:           Fri 05 Jan 2024 11:12:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200001
IP address blocks:        194.42.110.0/23 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/c316b6-72e3-4bce-bbe2-1b432872bcff/1/5Uq4nTO9iqlDih3QtMWe2-sMZO4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/c316b6-72e3-4bce-bbe2-1b432872bcff/1/5Uq4nTO9iqlDih3QtMWe2-sMZO4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5Uq4nTO9iqlDih3QtMWe2-sMZO4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d9:53:88:61:ae:c6:6f:2c:ed:16:e8:6b:da:fc:b8:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e54ab89d33bd8aa9438a1dd0b4c59edbeb0c64ee
        Validity
            Not Before: Jan  5 11:12:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3f67cb6458ff529edc4920031df71cca8f30437
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:af:aa:bf:32:43:47:5f:32:d8:00:2c:bd:6d:
                    5c:0a:76:54:cc:51:5a:74:45:c9:25:54:bb:65:60:
                    a7:2a:23:55:a0:5b:fe:82:ed:cd:05:b8:62:cf:19:
                    5e:6f:6e:5d:cc:f3:ee:10:ec:6c:33:ad:07:17:37:
                    30:26:72:6f:1d:f4:6f:f0:bc:2e:ec:e3:47:94:05:
                    d6:a5:77:17:11:ec:c3:e7:ee:85:7b:6a:a3:99:81:
                    53:d4:57:43:b1:24:a1:9b:8b:fb:fd:c6:49:41:6b:
                    21:01:ad:f6:d7:37:32:a3:39:73:8d:d9:d7:9f:7f:
                    d0:ee:95:de:75:53:05:2f:07:d6:77:c3:eb:34:bd:
                    26:e5:00:06:71:79:9d:a5:10:02:a1:9b:30:27:c6:
                    98:df:f8:61:d0:5b:ed:60:51:e8:e4:f8:fa:43:51:
                    ed:5e:f0:7b:f3:c4:fa:a2:b5:9e:d5:78:95:ca:e5:
                    f3:c0:b9:15:53:fe:7e:37:24:d3:1e:92:14:d7:3c:
                    7a:85:78:03:cc:7a:c9:a4:fe:cf:a2:13:f9:da:09:
                    c8:df:86:a0:06:a4:fc:46:81:00:10:2d:aa:69:89:
                    e4:db:04:52:a7:fa:db:64:c9:17:96:37:87:6c:13:
                    ae:55:f0:b6:f6:fd:8a:87:e2:39:01:d7:aa:55:2d:
                    c4:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:F6:7C:B6:45:8F:F5:29:ED:C4:92:00:31:DF:71:CC:A8:F3:04:37
            X509v3 Authority Key Identifier:
                keyid:E5:4A:B8:9D:33:BD:8A:A9:43:8A:1D:D0:B4:C5:9E:DB:EB:0C:64:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5Uq4nTO9iqlDih3QtMWe2-sMZO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/c316b6-72e3-4bce-bbe2-1b432872bcff/1/8_Z8tkWP9SntxJIAMd9xzKjzBDc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/c316b6-72e3-4bce-bbe2-1b432872bcff/1/5Uq4nTO9iqlDih3QtMWe2-sMZO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.42.110.0/23

    Signature Algorithm: sha256WithRSAEncryption
         27:a2:d6:b2:8f:93:9c:09:ab:51:86:1b:3c:93:ee:a0:fa:d1:
         d5:da:08:3a:1a:ab:f2:84:7b:e4:04:9f:a9:41:c9:27:90:e3:
         86:80:c7:08:4a:7e:99:1d:58:28:45:64:ac:15:dc:54:b7:fd:
         b5:40:db:a5:06:93:f8:1f:c9:79:ba:a9:7b:be:b4:76:b7:4d:
         63:29:e4:41:7a:e8:69:35:83:91:04:0f:08:c9:f7:1f:65:e4:
         79:04:d8:81:58:f6:53:f0:92:6c:a9:ae:5c:61:e9:35:87:a8:
         a5:11:8a:42:9b:e7:80:be:76:2e:d3:62:e8:2c:73:c8:53:b4:
         da:da:84:6b:96:ab:28:bd:b1:a3:8d:c8:ee:ae:9a:63:90:0a:
         aa:4b:e1:35:36:fc:e6:80:c7:21:78:84:6f:e2:06:46:5f:e1:
         59:15:0a:81:7f:69:40:20:82:67:d0:7e:7a:d7:a4:96:58:73:
         be:0c:1e:f6:2e:03:dd:9e:c4:77:b5:87:05:0c:04:17:7f:9f:
         3e:b2:ad:fd:ad:28:bf:3d:49:c5:2e:bd:4e:8b:44:ec:b5:4b:
         a0:21:f8:95:4c:da:56:17:a9:31:9c:e1:22:5c:cb:86:e8:16:
         59:92:dc:ef:ec:2d:3b:39:3d:fb:52:59:f3:7c:86:dd:14:7c:
         1d:0e:9a:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzZU4hhrsZvLO0W6Gva/LhbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1NGFiODlkMzNiZDhhYTk0MzhhMWRkMGI0YzU5ZWRiZWIw
YzY0ZWUwHhcNMjQwMTA1MTExMjU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2Y2N2NiNjQ1OGZmNTI5ZWRjNDkyMDAzMWRmNzFjY2E4ZjMwNDM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsa+qvzJDR18y2AAsvW1cCnZUzFFa
dEXJJVS7ZWCnKiNVoFv+gu3NBbhizxleb25dzPPuEOxsM60HFzcwJnJvHfRv8Lwu
7ONHlAXWpXcXEezD5+6Fe2qjmYFT1FdDsSShm4v7/cZJQWshAa321zcyozlzjdnX
n3/Q7pXedVMFLwfWd8PrNL0m5QAGcXmdpRACoZswJ8aY3/hh0FvtYFHo5Pj6Q1Ht
XvB788T6orWe1XiVyuXzwLkVU/5+NyTTHpIU1zx6hXgDzHrJpP7PohP52gnI34ag
BqT8RoEAEC2qaYnk2wRSp/rbZMkXljeHbBOuVfC29v2Kh+I5AdeqVS3EQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPP2fLZFj/Up7cSSADHfccyo8wQ3MB8GA1UdIwQY
MBaAFOVKuJ0zvYqpQ4od0LTFntvrDGTuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVVxNG5UTzlpcWxEaWgzUXRNV2UyLXNNWk80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9jMzE2YjYtNzJlMy00YmNlLWJiZTIt
MWI0MzI4NzJiY2ZmLzEvOF9aOHRrV1A5U250eEpJQU1kOXh6S2p6QkRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9jMzE2YjYtNzJlMy00YmNlLWJiZTItMWI0MzI4NzJiY2Zm
LzEvNVVxNG5UTzlpcWxEaWgzUXRNV2UyLXNNWk80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwipuMA0G
CSqGSIb3DQEBCwUAA4IBAQAnotayj5OcCatRhhs8k+6g+tHV2gg6GqvyhHvkBJ+p
QcknkOOGgMcISn6ZHVgoRWSsFdxUt/21QNulBpP4H8l5uql7vrR2t01jKeRBeuhp
NYORBA8IyfcfZeR5BNiBWPZT8JJsqa5cYek1h6ilEYpCm+eAvnYu02LoLHPIU7Ta
2oRrlqsovbGjjcjurppjkAqqS+E1NvzmgMcheIRv4gZGX+FZFQqBf2lAIIJn0H56
16SWWHO+DB72LgPdnsR3tYcFDAQXf58+sq39rSi/PUnFLr1Oi0TstUugIfiVTNpW
F6kxnOEiXMuG6BZZktzv7C07OT37UlnzfIbdFHwdDppv
-----END CERTIFICATE-----