Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/rF74LDahcWlgYvlh8ttQT03Un_Q.roa
File:                     rF74LDahcWlgYvlh8ttQT03Un_Q.roa (raw, json)
Hash identifier:          n6P+uJyCEghFQWVj8NtzFj8f2IQRJ9QgkQp4jsSmwdY=
Subject key identifier:   AC:5E:F8:2C:36:A1:71:69:60:62:F9:61:F2:DB:50:4F:4D:D4:9F:F4
Certificate issuer:       /CN=44e888a76e99851b01fb86cec537d4d8e610de16
Certificate serial:       018CC5012416B8B9BCEEA5E1D8301827FF09
Authority key identifier: 44:E8:88:A7:6E:99:85:1B:01:FB:86:CE:C5:37:D4:D8:E6:10:DE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/rF74LDahcWlgYvlh8ttQT03Un_Q.roa
Signing time:             Mon 01 Jan 2024 12:30:35 +0000
ROA not before:           Mon 01 Jan 2024 12:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60026
IP address blocks:        194.61.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:24:16:b8:b9:bc:ee:a5:e1:d8:30:18:27:ff:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44e888a76e99851b01fb86cec537d4d8e610de16
        Validity
            Not Before: Jan  1 12:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac5ef82c36a171696062f961f2db504f4dd49ff4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:c3:98:3f:b9:ca:63:63:bc:36:54:c0:91:ee:
                    bb:d9:fc:1e:7e:10:1f:66:63:c7:d5:b1:21:c1:12:
                    d9:9a:f1:6f:8e:37:38:50:a8:1f:e0:90:a1:fc:d0:
                    2e:b2:70:31:b7:c0:80:06:4c:c6:57:3c:bd:c4:c8:
                    b7:79:83:73:88:d6:f5:d1:72:ac:eb:58:1d:d3:1c:
                    da:3e:69:5f:87:d7:71:28:49:0e:d1:5f:f3:8b:9e:
                    b0:04:e3:f0:b0:de:12:0d:15:01:e9:d6:37:4f:76:
                    04:51:16:3c:31:2a:c7:6f:45:60:1d:cb:3b:5e:6f:
                    a7:77:35:08:cd:bc:77:82:61:7c:c7:9b:81:cd:f0:
                    0b:ad:80:d2:b4:fe:f8:6d:d3:b7:54:e5:83:b2:f7:
                    5b:78:2b:f8:4d:9c:c7:0e:7b:a6:ae:68:d4:85:e2:
                    c4:08:f6:62:49:9f:94:20:80:6a:b6:df:f4:e1:37:
                    86:bb:5f:1c:46:44:a8:9a:ac:a9:0f:f3:ef:bc:06:
                    dd:00:a5:a5:ad:8d:08:d7:d9:bf:4f:23:2b:8c:f0:
                    bb:30:55:13:f1:ec:c8:7e:9a:eb:d7:cd:65:f1:f2:
                    00:68:20:54:09:90:12:f3:de:e1:b0:00:0a:df:f3:
                    2a:a8:89:fc:3d:b7:c7:58:f9:cb:ff:61:ef:b1:8d:
                    39:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:5E:F8:2C:36:A1:71:69:60:62:F9:61:F2:DB:50:4F:4D:D4:9F:F4
            X509v3 Authority Key Identifier:
                keyid:44:E8:88:A7:6E:99:85:1B:01:FB:86:CE:C5:37:D4:D8:E6:10:DE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/rF74LDahcWlgYvlh8ttQT03Un_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.61.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:c1:71:9f:48:e1:7d:c7:54:02:ee:c5:3c:70:20:1f:42:d6:
         69:91:bd:11:e6:c3:2f:d8:d5:b1:20:cf:fa:26:44:19:df:b3:
         5e:ed:df:c2:28:20:ea:8b:14:6b:7c:7b:c5:fe:c0:d1:16:84:
         1c:f4:6f:c2:5f:56:9b:a2:bd:35:ec:49:af:4d:2a:74:69:83:
         44:af:fb:06:f4:59:ca:31:45:6e:6f:ef:7b:a8:5e:ee:d8:95:
         03:6d:d3:2c:9b:1b:3a:7b:c3:99:5e:57:b1:e6:e0:b5:be:f8:
         87:d2:83:5b:97:9a:70:f6:b8:52:14:d7:7e:81:a5:33:e3:6b:
         c4:79:71:ad:fd:c3:1f:86:2e:4a:2d:17:29:f6:72:0e:80:6a:
         c6:d2:96:e0:0a:3c:99:78:8a:bf:24:de:5f:4f:61:8f:42:0c:
         d0:95:8e:e1:c6:a4:a5:a6:7f:a7:91:81:c5:04:ec:80:c2:f2:
         77:c8:05:2a:66:1c:2f:1a:f2:ed:6d:20:41:ab:8c:86:8a:72:
         f0:7b:d0:3c:79:7c:5b:cf:39:20:d5:bc:f4:5e:e5:7d:29:2d:
         75:f2:ce:c5:e8:8b:cc:d5:a4:e4:28:0a:ba:ba:40:ad:0c:29:
         e8:50:20:35:da:ea:42:5f:65:d6:19:5f:51:6c:3f:98:83:93:
         ee:a3:0e:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFASQWuLm87qXh2DAYJ/8JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0ZTg4OGE3NmU5OTg1MWIwMWZiODZjZWM1MzdkNGQ4ZTYx
MGRlMTYwHhcNMjQwMTAxMTIzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzVlZjgyYzM2YTE3MTY5NjA2MmY5NjFmMmRiNTA0ZjRkZDQ5ZmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwcOYP7nKY2O8NlTAke672fwefhAf
ZmPH1bEhwRLZmvFvjjc4UKgf4JCh/NAusnAxt8CABkzGVzy9xMi3eYNziNb10XKs
61gd0xzaPmlfh9dxKEkO0V/zi56wBOPwsN4SDRUB6dY3T3YEURY8MSrHb0VgHcs7
Xm+ndzUIzbx3gmF8x5uBzfALrYDStP74bdO3VOWDsvdbeCv4TZzHDnumrmjUheLE
CPZiSZ+UIIBqtt/04TeGu18cRkSomqypD/PvvAbdAKWlrY0I19m/TyMrjPC7MFUT
8ezIfprr181l8fIAaCBUCZAS897hsAAK3/MqqIn8PbfHWPnL/2HvsY059wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKxe+Cw2oXFpYGL5YfLbUE9N1J/0MB8GA1UdIwQY
MBaAFEToiKdumYUbAfuGzsU31NjmEN4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUk9pSXAyNlpoUnNCLTRiT3hUZlUyT1lRM2hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS84MmUyYmEtNDQyYy00MmIwLTkzMTUt
YmMwZGJhOTMyYjM1LzEvckY3NExEYWhjV2xnWXZsaDh0dFFUMDNVbl9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS84MmUyYmEtNDQyYy00MmIwLTkzMTUtYmMwZGJhOTMyYjM1
LzEvUk9pSXAyNlpoUnNCLTRiT3hUZlUyT1lRM2hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwj1QMA0G
CSqGSIb3DQEBCwUAA4IBAQBbwXGfSOF9x1QC7sU8cCAfQtZpkb0R5sMv2NWxIM/6
JkQZ37Ne7d/CKCDqixRrfHvF/sDRFoQc9G/CX1abor017EmvTSp0aYNEr/sG9FnK
MUVub+97qF7u2JUDbdMsmxs6e8OZXlex5uC1vviH0oNbl5pw9rhSFNd+gaUz42vE
eXGt/cMfhi5KLRcp9nIOgGrG0pbgCjyZeIq/JN5fT2GPQgzQlY7hxqSlpn+nkYHF
BOyAwvJ3yAUqZhwvGvLtbSBBq4yGinLwe9A8eXxbzzkg1bz0XuV9KS118s7F6IvM
1aTkKAq6ukCtDCnoUCA12upCX2XWGV9RbD+Yg5Puow4t
-----END CERTIFICATE-----