Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/7ed7b1-b8f3-43f3-96e3-1dc54d1c03a3/1/WuQU05VSVwREBDRAls1A6Z8iFbI.roa
File:                     WuQU05VSVwREBDRAls1A6Z8iFbI.roa (raw, json)
Hash identifier:          uDeqyoujS7mcIA3i1oIEzkBWtNulqkWUdrVAOvov42s=
Subject key identifier:   5A:E4:14:D3:95:52:57:04:44:04:34:40:96:CD:40:E9:9F:22:15:B2
Certificate issuer:       /CN=4c3789ecf67e04298c5ee44c67d8fb7f5d6d95a1
Certificate serial:       018CC9BCF1EA1D598D0620E0006860A280BE
Authority key identifier: 4C:37:89:EC:F6:7E:04:29:8C:5E:E4:4C:67:D8:FB:7F:5D:6D:95:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TDeJ7PZ-BCmMXuRMZ9j7f11tlaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/7ed7b1-b8f3-43f3-96e3-1dc54d1c03a3/1/WuQU05VSVwREBDRAls1A6Z8iFbI.roa
Signing time:             Tue 02 Jan 2024 10:34:12 +0000
ROA not before:           Tue 02 Jan 2024 10:34:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48279
IP address blocks:        94.154.192.0/18 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/7ed7b1-b8f3-43f3-96e3-1dc54d1c03a3/1/TDeJ7PZ-BCmMXuRMZ9j7f11tlaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/7ed7b1-b8f3-43f3-96e3-1dc54d1c03a3/1/TDeJ7PZ-BCmMXuRMZ9j7f11tlaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TDeJ7PZ-BCmMXuRMZ9j7f11tlaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:f1:ea:1d:59:8d:06:20:e0:00:68:60:a2:80:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c3789ecf67e04298c5ee44c67d8fb7f5d6d95a1
        Validity
            Not Before: Jan  2 10:34:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ae414d3955257044404344096cd40e99f2215b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:0f:4c:61:d6:4d:9c:ce:17:b3:cd:a0:b3:fe:
                    65:7c:80:af:76:b3:39:e5:f7:4c:85:bb:23:f7:d2:
                    bf:f2:a2:4b:ab:2e:99:5e:6e:93:1f:f9:c0:2b:3a:
                    61:03:2d:e9:f9:e6:0c:db:e9:a6:54:3a:0f:46:92:
                    7a:59:a2:d4:64:b5:95:81:06:d3:06:69:75:f0:4e:
                    b0:f7:85:9f:96:fa:4c:7a:f4:5e:dc:e0:54:b7:b2:
                    06:0b:a3:a5:49:8e:57:eb:2d:5f:d6:d7:3f:ca:e9:
                    c4:24:1f:04:ee:21:ce:f1:71:74:d6:29:c1:c3:37:
                    05:f0:90:83:33:72:d8:4b:ea:f3:f7:cd:39:b4:ea:
                    c6:e1:89:50:d7:1b:a4:86:82:4a:72:f9:cd:60:9c:
                    13:bf:15:0e:ef:10:48:1b:ca:ca:ad:ba:d9:c9:b9:
                    a1:34:12:10:bc:b2:70:a9:80:8f:53:71:43:27:d7:
                    b6:8b:52:0e:3d:8a:14:09:54:65:10:3e:f8:74:58:
                    fc:b5:47:0c:3e:50:bc:c9:a2:38:a7:d7:2f:57:d9:
                    d3:bc:30:8b:03:8d:df:9b:ee:5a:8e:36:51:c5:31:
                    49:53:99:75:1b:1d:5a:e4:86:77:92:2f:e4:51:4a:
                    e6:3b:44:63:72:f6:0b:d1:77:c4:dc:4d:ae:5d:df:
                    b4:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:E4:14:D3:95:52:57:04:44:04:34:40:96:CD:40:E9:9F:22:15:B2
            X509v3 Authority Key Identifier:
                keyid:4C:37:89:EC:F6:7E:04:29:8C:5E:E4:4C:67:D8:FB:7F:5D:6D:95:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TDeJ7PZ-BCmMXuRMZ9j7f11tlaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/7ed7b1-b8f3-43f3-96e3-1dc54d1c03a3/1/WuQU05VSVwREBDRAls1A6Z8iFbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/7ed7b1-b8f3-43f3-96e3-1dc54d1c03a3/1/TDeJ7PZ-BCmMXuRMZ9j7f11tlaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         24:c3:fd:10:67:66:bd:f1:24:0e:6f:60:89:18:b1:a0:f0:a2:
         23:7d:eb:a8:94:64:93:f0:59:29:b7:44:03:cc:fe:06:0d:09:
         06:7f:a2:83:66:04:d7:d8:a0:fd:90:a3:21:9c:b1:84:91:f9:
         42:40:cc:b5:d6:b0:a3:bd:f2:ef:8f:b4:85:69:71:3c:69:b5:
         ad:7e:e4:64:2a:f2:7f:4e:b0:9e:64:47:ed:04:80:aa:0c:67:
         e9:2f:46:39:ec:f0:51:a6:6d:bc:af:ef:91:6a:4d:6f:d9:ba:
         47:bf:05:39:17:2f:90:b3:02:63:0b:f0:a6:a8:01:70:af:96:
         0b:32:5f:2c:01:b1:8e:a3:a8:70:58:88:4c:37:8c:34:66:cf:
         8b:a9:14:3f:18:10:5b:cc:ef:3b:0a:de:83:3b:cc:68:26:69:
         d6:bd:a7:0d:a4:66:9d:17:bd:25:95:ff:90:8c:06:c4:2c:63:
         a1:ee:ca:1c:c8:fe:89:85:9f:6c:1d:d8:2f:01:ed:f6:91:cc:
         c1:f5:d7:34:62:71:4a:ca:21:d4:e0:79:e6:f9:b2:2a:16:08:
         a2:d5:0a:52:bb:b5:31:5d:9e:fe:c1:6c:89:2d:4c:4f:a5:5a:
         09:dc:de:02:7d:a3:e2:88:c8:3a:fc:6a:a4:5f:f2:37:3f:ce:
         4e:78:a3:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvPHqHVmNBiDgAGhgooC+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMzc4OWVjZjY3ZTA0Mjk4YzVlZTQ0YzY3ZDhmYjdmNWQ2
ZDk1YTEwHhcNMjQwMTAyMTAzNDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWU0MTRkMzk1NTI1NzA0NDQwNDM0NDA5NmNkNDBlOTlmMjIxNWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjg9MYdZNnM4Xs82gs/5lfICvdrM5
5fdMhbsj99K/8qJLqy6ZXm6TH/nAKzphAy3p+eYM2+mmVDoPRpJ6WaLUZLWVgQbT
Bml18E6w94WflvpMevRe3OBUt7IGC6OlSY5X6y1f1tc/yunEJB8E7iHO8XF01inB
wzcF8JCDM3LYS+rz9805tOrG4YlQ1xukhoJKcvnNYJwTvxUO7xBIG8rKrbrZybmh
NBIQvLJwqYCPU3FDJ9e2i1IOPYoUCVRlED74dFj8tUcMPlC8yaI4p9cvV9nTvDCL
A43fm+5ajjZRxTFJU5l1Gx1a5IZ3ki/kUUrmO0RjcvYL0XfE3E2uXd+05QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFrkFNOVUlcERAQ0QJbNQOmfIhWyMB8GA1UdIwQY
MBaAFEw3iez2fgQpjF7kTGfY+39dbZWhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVERlSjdQWi1CQ21NWHVSTVo5ajdmMTF0bGFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC83ZWQ3YjEtYjhmMy00M2YzLTk2ZTMt
MWRjNTRkMWMwM2EzLzEvV3VRVTA1VlNWd1JFQkRSQWxzMUE2WjhpRmJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC83ZWQ3YjEtYjhmMy00M2YzLTk2ZTMtMWRjNTRkMWMwM2Ez
LzEvVERlSjdQWi1CQ21NWHVSTVo5ajdmMTF0bGFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQGXprAMA0G
CSqGSIb3DQEBCwUAA4IBAQAkw/0QZ2a98SQOb2CJGLGg8KIjfeuolGST8Fkpt0QD
zP4GDQkGf6KDZgTX2KD9kKMhnLGEkflCQMy11rCjvfLvj7SFaXE8abWtfuRkKvJ/
TrCeZEftBICqDGfpL0Y57PBRpm28r++Rak1v2bpHvwU5Fy+QswJjC/CmqAFwr5YL
Ml8sAbGOo6hwWIhMN4w0Zs+LqRQ/GBBbzO87Ct6DO8xoJmnWvacNpGadF70llf+Q
jAbELGOh7socyP6JhZ9sHdgvAe32kczB9dc0YnFKyiHU4Hnm+bIqFgii1QpSu7Ux
XZ7+wWyJLUxPpVoJ3N4CfaPiiMg6/GqkX/I3P85OeKME
-----END CERTIFICATE-----