Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/8894O_OWaV6vQvsmT198_EeBrtY.roa
File:                     8894O_OWaV6vQvsmT198_EeBrtY.roa (raw, json)
Hash identifier:          vEzq75FKdNnCXhG8I0yIF8T0My/p9rjyP25Nrcernc4=
Subject key identifier:   F3:CF:78:3B:F3:96:69:5E:AF:42:FB:26:4F:5F:7C:FC:47:81:AE:D6
Certificate issuer:       /CN=05e9fca0a8584feb1c12319071423061b08fe456
Certificate serial:       018CEE4757071FA5D49E9A60A4534AD721F7
Authority key identifier: 05:E9:FC:A0:A8:58:4F:EB:1C:12:31:90:71:42:30:61:B0:8F:E4:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/8894O_OWaV6vQvsmT198_EeBrtY.roa
Signing time:             Tue 09 Jan 2024 12:51:41 +0000
ROA not before:           Tue 09 Jan 2024 12:51:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213369
IP address blocks:        109.107.162.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 23:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ee:47:57:07:1f:a5:d4:9e:9a:60:a4:53:4a:d7:21:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05e9fca0a8584feb1c12319071423061b08fe456
        Validity
            Not Before: Jan  9 12:51:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3cf783bf396695eaf42fb264f5f7cfc4781aed6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:d1:15:e3:d3:d0:55:99:f9:f8:de:e3:1d:72:
                    ae:ca:15:6a:f8:53:17:a5:0d:b3:49:c5:16:80:e6:
                    c6:e2:b9:f8:db:46:ad:50:02:5a:37:96:58:65:12:
                    2f:47:f8:ef:33:02:36:cb:a1:e0:73:fa:52:83:21:
                    39:81:24:bc:50:7d:9c:a6:54:cd:4d:9e:5b:5c:9a:
                    02:23:9d:47:b0:51:d0:72:ac:35:9f:53:7e:61:9c:
                    0b:12:54:d9:c4:36:09:f8:32:6a:45:c4:f2:eb:5a:
                    b8:42:97:3d:92:65:0f:de:16:4d:73:e3:9f:b9:56:
                    dd:c3:2e:ea:f0:5f:07:ee:00:6d:5a:95:cd:ec:32:
                    2f:1a:2b:81:13:1c:50:0f:72:5a:1a:4a:e6:7c:c5:
                    b9:d9:83:5d:7e:2e:bd:e2:e3:38:a5:c6:a2:d1:ef:
                    1d:44:38:1d:05:2b:6e:eb:2e:88:25:a5:76:b3:cd:
                    32:82:39:04:25:76:79:ac:d3:c0:8c:67:6f:09:dd:
                    5b:e7:01:a4:b6:85:68:9f:38:4a:8e:73:fb:93:37:
                    c9:cc:93:ae:66:39:d1:01:64:ba:86:dd:9c:e5:48:
                    4e:32:44:6d:26:ed:cf:aa:54:1e:66:73:a6:3b:f8:
                    74:96:1a:8b:09:83:89:a1:cf:02:32:6e:bd:0d:1d:
                    f9:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:CF:78:3B:F3:96:69:5E:AF:42:FB:26:4F:5F:7C:FC:47:81:AE:D6
            X509v3 Authority Key Identifier:
                keyid:05:E9:FC:A0:A8:58:4F:EB:1C:12:31:90:71:42:30:61:B0:8F:E4:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/8894O_OWaV6vQvsmT198_EeBrtY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.107.162.0/23

    Signature Algorithm: sha256WithRSAEncryption
         87:ed:e0:5d:6e:1a:8e:0d:29:2d:96:59:74:df:0d:2e:01:49:
         0e:4a:5b:39:f0:29:85:8b:95:f0:fa:13:e6:7f:26:6b:56:54:
         1e:03:31:17:55:58:cb:1e:8d:67:9e:42:fe:c9:6a:f1:84:26:
         95:0f:c9:ab:86:bc:0d:01:3c:a3:e8:0e:77:06:93:35:a6:75:
         36:3c:d1:7b:7e:97:4f:38:d0:5f:6b:bd:ef:e8:92:c7:c5:6e:
         ec:1b:3a:9f:71:79:fc:df:db:6a:68:3b:1b:d1:88:08:3f:e0:
         6d:53:f5:4d:f0:7a:6b:a3:70:e4:00:c1:05:a0:a5:b3:84:39:
         b4:69:be:d7:11:77:5a:4f:e1:f0:81:e3:e5:d5:12:8a:f8:10:
         b1:3c:f6:54:1a:1b:73:76:6d:62:86:6b:36:d4:44:75:3c:e7:
         e6:2e:21:65:5a:66:f4:77:3e:f0:30:d1:99:45:37:15:ac:54:
         ea:d2:23:f9:fc:c9:5c:64:8f:5a:f9:20:bd:a2:96:cb:8c:a2:
         76:25:d0:b6:9e:e4:d7:1d:37:55:ae:1d:4b:2d:0c:cb:32:44:
         04:e2:11:10:fa:7a:36:0d:42:b7:12:53:a5:a1:99:29:5c:25:
         7c:34:7e:48:7e:49:24:85:fb:0a:96:83:ec:98:0b:e8:f8:bc:
         d0:1f:cf:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzuR1cHH6XUnppgpFNK1yH3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZTlmY2EwYTg1ODRmZWIxYzEyMzE5MDcxNDIzMDYxYjA4
ZmU0NTYwHhcNMjQwMTA5MTI1MTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2NmNzgzYmYzOTY2OTVlYWY0MmZiMjY0ZjVmN2NmYzQ3ODFhZWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAptEV49PQVZn5+N7jHXKuyhVq+FMX
pQ2zScUWgObG4rn420atUAJaN5ZYZRIvR/jvMwI2y6Hgc/pSgyE5gSS8UH2cplTN
TZ5bXJoCI51HsFHQcqw1n1N+YZwLElTZxDYJ+DJqRcTy61q4Qpc9kmUP3hZNc+Of
uVbdwy7q8F8H7gBtWpXN7DIvGiuBExxQD3JaGkrmfMW52YNdfi694uM4pcai0e8d
RDgdBStu6y6IJaV2s80ygjkEJXZ5rNPAjGdvCd1b5wGktoVonzhKjnP7kzfJzJOu
ZjnRAWS6ht2c5UhOMkRtJu3PqlQeZnOmO/h0lhqLCYOJoc8CMm69DR35qQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPPPeDvzlmler0L7Jk9ffPxHga7WMB8GA1UdIwQY
MBaAFAXp/KCoWE/rHBIxkHFCMGGwj+RWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmVuOG9LaFlULXNjRWpHUWNVSXdZYkNQNUZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jN2VlOWUtYjViZi00YzJkLWE5ODMt
ZGVlM2VkNDk3YWVlLzEvODg5NE9fT1dhVjZ2UXZzbVQxOThfRWVCcnRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jN2VlOWUtYjViZi00YzJkLWE5ODMtZGVlM2VkNDk3YWVl
LzEvQmVuOG9LaFlULXNjRWpHUWNVSXdZYkNQNUZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBbWuiMA0G
CSqGSIb3DQEBCwUAA4IBAQCH7eBdbhqODSktlll03w0uAUkOSls58CmFi5Xw+hPm
fyZrVlQeAzEXVVjLHo1nnkL+yWrxhCaVD8mrhrwNATyj6A53BpM1pnU2PNF7fpdP
ONBfa73v6JLHxW7sGzqfcXn839tqaDsb0YgIP+BtU/VN8Hpro3DkAMEFoKWzhDm0
ab7XEXdaT+HwgePl1RKK+BCxPPZUGhtzdm1ihms21ER1POfmLiFlWmb0dz7wMNGZ
RTcVrFTq0iP5/MlcZI9a+SC9opbLjKJ2JdC2nuTXHTdVrh1LLQzLMkQE4hEQ+no2
DUK3ElOloZkpXCV8NH5IfkkkhfsKloPsmAvo+LzQH888
-----END CERTIFICATE-----