Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/54e498-e629-41e8-8abc-df5f20dd76ad/1/jRXoSiXgOI35OnqA9v_llgX960k.roa
File:                     jRXoSiXgOI35OnqA9v_llgX960k.roa (raw, json)
Hash identifier:          M3S4qVjoA45FUhsiJp9orhJoLYUWM0BtSx1LgWYW7Iw=
Subject key identifier:   8D:15:E8:4A:25:E0:38:8D:F9:3A:7A:80:F6:FF:E5:96:05:FD:EB:49
Certificate issuer:       /CN=2a19939f218bb61315e9b3b37b3db85960975d14
Certificate serial:       018CC26D3139CB090F70D9BB0020087130CA
Authority key identifier: 2A:19:93:9F:21:8B:B6:13:15:E9:B3:B3:7B:3D:B8:59:60:97:5D:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KhmTnyGLthMV6bOzez24WWCXXRQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/54e498-e629-41e8-8abc-df5f20dd76ad/1/jRXoSiXgOI35OnqA9v_llgX960k.roa
Signing time:             Mon 01 Jan 2024 00:29:45 +0000
ROA not before:           Mon 01 Jan 2024 00:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34488
IP address blocks:        194.126.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/54e498-e629-41e8-8abc-df5f20dd76ad/1/KhmTnyGLthMV6bOzez24WWCXXRQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/54e498-e629-41e8-8abc-df5f20dd76ad/1/KhmTnyGLthMV6bOzez24WWCXXRQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KhmTnyGLthMV6bOzez24WWCXXRQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:31:39:cb:09:0f:70:d9:bb:00:20:08:71:30:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a19939f218bb61315e9b3b37b3db85960975d14
        Validity
            Not Before: Jan  1 00:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d15e84a25e0388df93a7a80f6ffe59605fdeb49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:3f:1b:13:a9:f4:12:a8:32:52:37:f0:8f:f1:
                    22:be:59:65:4f:ea:b0:cb:2f:9f:fc:86:2a:16:44:
                    10:71:54:f4:51:68:59:78:a7:f0:78:86:3e:23:33:
                    16:cf:d3:3f:ab:ac:62:14:6d:68:4e:47:de:7b:33:
                    cc:ea:f6:2c:41:26:f4:fe:be:19:14:01:06:f5:dd:
                    2e:99:84:85:92:f6:03:bd:9e:c4:95:a0:cb:64:1c:
                    65:b9:d6:80:01:31:e6:79:4f:70:cb:26:0a:a3:c8:
                    b4:ca:b6:42:3a:ac:a4:41:6d:c7:16:74:55:a7:1b:
                    04:02:65:ea:14:15:79:f8:86:d8:60:89:54:29:9c:
                    fd:ea:e3:d5:67:a3:b9:2b:90:17:d4:da:f3:5d:48:
                    4a:43:c8:9a:2c:2d:d4:de:11:02:f8:5b:51:fd:7e:
                    a8:05:c7:86:58:fa:50:b7:54:73:5f:46:2f:18:a2:
                    06:21:90:9c:75:41:f8:91:04:cc:5f:d2:23:5c:f1:
                    a9:e0:7c:0d:3d:52:3d:53:65:3e:8f:4f:26:52:fa:
                    2c:77:47:6f:4f:79:16:2b:f3:40:32:ba:a6:72:ae:
                    02:4f:a8:04:1c:7c:43:5b:ea:fb:4d:3b:db:2b:8c:
                    45:de:2b:fa:58:c6:ea:98:2a:08:94:96:03:94:dc:
                    56:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:15:E8:4A:25:E0:38:8D:F9:3A:7A:80:F6:FF:E5:96:05:FD:EB:49
            X509v3 Authority Key Identifier:
                keyid:2A:19:93:9F:21:8B:B6:13:15:E9:B3:B3:7B:3D:B8:59:60:97:5D:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KhmTnyGLthMV6bOzez24WWCXXRQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/54e498-e629-41e8-8abc-df5f20dd76ad/1/jRXoSiXgOI35OnqA9v_llgX960k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/54e498-e629-41e8-8abc-df5f20dd76ad/1/KhmTnyGLthMV6bOzez24WWCXXRQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.126.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:da:03:83:fd:05:35:59:df:0a:5d:1c:7b:56:37:ad:74:68:
         94:cd:86:54:73:7e:92:e7:6b:b7:01:58:ab:f0:3b:59:f4:62:
         b1:94:59:2e:9e:66:70:ae:9d:34:da:15:41:5c:09:fe:5c:6b:
         a4:ca:b4:d8:4e:43:b0:de:63:59:0e:3c:fe:ad:68:cf:07:b0:
         91:a0:80:2b:bd:51:a7:39:60:a1:fc:2e:b8:1d:97:32:09:07:
         2d:73:2c:25:d9:a6:77:f6:7a:2d:47:1a:3d:42:51:54:28:83:
         31:8a:c5:be:c0:b6:fd:d6:ba:ed:47:8a:00:d5:8d:4e:12:b2:
         a1:4c:37:f8:17:34:57:21:12:d8:e2:d9:2f:ef:09:67:49:50:
         46:78:fd:00:a3:59:cf:6b:a2:8c:8f:1e:f0:e5:71:5b:41:30:
         77:d0:a6:39:3d:79:39:a8:f4:72:ac:05:e5:09:bc:d4:2f:67:
         7d:19:60:08:b6:4c:40:83:3f:da:eb:dc:ee:6d:be:1a:94:db:
         0a:92:47:71:1e:1e:75:2c:8c:d2:cd:48:dc:18:77:98:26:db:
         ad:2c:ab:67:19:fa:71:7d:21:69:f2:0b:6f:2f:f4:6d:24:91:
         bf:12:f7:e2:82:51:49:0e:7e:df:5d:aa:83:89:00:05:e7:a2:
         23:25:d4:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbTE5ywkPcNm7ACAIcTDKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhMTk5MzlmMjE4YmI2MTMxNWU5YjNiMzdiM2RiODU5NjA5
NzVkMTQwHhcNMjQwMTAxMDAyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDE1ZTg0YTI1ZTAzODhkZjkzYTdhODBmNmZmZTU5NjA1ZmRlYjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApT8bE6n0EqgyUjfwj/EivlllT+qw
yy+f/IYqFkQQcVT0UWhZeKfweIY+IzMWz9M/q6xiFG1oTkfeezPM6vYsQSb0/r4Z
FAEG9d0umYSFkvYDvZ7ElaDLZBxludaAATHmeU9wyyYKo8i0yrZCOqykQW3HFnRV
pxsEAmXqFBV5+IbYYIlUKZz96uPVZ6O5K5AX1NrzXUhKQ8iaLC3U3hEC+FtR/X6o
BceGWPpQt1RzX0YvGKIGIZCcdUH4kQTMX9IjXPGp4HwNPVI9U2U+j08mUvosd0dv
T3kWK/NAMrqmcq4CT6gEHHxDW+r7TTvbK4xF3iv6WMbqmCoIlJYDlNxW3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI0V6Eol4DiN+Tp6gPb/5ZYF/etJMB8GA1UdIwQY
MBaAFCoZk58hi7YTFemzs3s9uFlgl10UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2htVG55R0x0aE1WNmJPemV6MjRXV0NYWFJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS81NGU0OTgtZTYyOS00MWU4LThhYmMt
ZGY1ZjIwZGQ3NmFkLzEvalJYb1NpWGdPSTM1T25xQTl2X2xsZ1g5NjBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS81NGU0OTgtZTYyOS00MWU4LThhYmMtZGY1ZjIwZGQ3NmFk
LzEvS2htVG55R0x0aE1WNmJPemV6MjRXV0NYWFJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn7FMA0G
CSqGSIb3DQEBCwUAA4IBAQAV2gOD/QU1Wd8KXRx7VjetdGiUzYZUc36S52u3AVir
8DtZ9GKxlFkunmZwrp002hVBXAn+XGukyrTYTkOw3mNZDjz+rWjPB7CRoIArvVGn
OWCh/C64HZcyCQctcywl2aZ39notRxo9QlFUKIMxisW+wLb91rrtR4oA1Y1OErKh
TDf4FzRXIRLY4tkv7wlnSVBGeP0Ao1nPa6KMjx7w5XFbQTB30KY5PXk5qPRyrAXl
CbzUL2d9GWAItkxAgz/a69zubb4alNsKkkdxHh51LIzSzUjcGHeYJtutLKtnGfpx
fSFp8gtvL/RtJJG/EvfiglFJDn7fXaqDiQAF56IjJdTZ
-----END CERTIFICATE-----