Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/075377-e426-492f-a59c-ae4c95c94005/1/_jssjDMfaq7YPxhmzpvDAwE3Zn8.roa
File:                     _jssjDMfaq7YPxhmzpvDAwE3Zn8.roa (raw, json)
Hash identifier:          dn3/ss/qHAL5rJigm6003vxBIglkWiU/h1lwjaLpW6k=
Subject key identifier:   FE:3B:2C:8C:33:1F:6A:AE:D8:3F:18:66:CE:9B:C3:03:01:37:66:7F
Certificate issuer:       /CN=dc1fd007dffa508f30063fbe4d53a2b2e1e8c4de
Certificate serial:       018CC26CFD01F257C096ADCE45EDCBE4C151
Authority key identifier: DC:1F:D0:07:DF:FA:50:8F:30:06:3F:BE:4D:53:A2:B2:E1:E8:C4:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3B_QB9_6UI8wBj--TVOisuHoxN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/075377-e426-492f-a59c-ae4c95c94005/1/_jssjDMfaq7YPxhmzpvDAwE3Zn8.roa
Signing time:             Mon 01 Jan 2024 00:29:31 +0000
ROA not before:           Mon 01 Jan 2024 00:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206394
IP address blocks:        94.176.147.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/075377-e426-492f-a59c-ae4c95c94005/1/3B_QB9_6UI8wBj--TVOisuHoxN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/075377-e426-492f-a59c-ae4c95c94005/1/3B_QB9_6UI8wBj--TVOisuHoxN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3B_QB9_6UI8wBj--TVOisuHoxN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 07:03:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:fd:01:f2:57:c0:96:ad:ce:45:ed:cb:e4:c1:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc1fd007dffa508f30063fbe4d53a2b2e1e8c4de
        Validity
            Not Before: Jan  1 00:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fe3b2c8c331f6aaed83f1866ce9bc3030137667f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:60:0f:ec:ad:b8:2b:fe:ed:6b:68:4f:24:2a:
                    ad:a9:2d:16:79:4d:7c:65:e7:d0:ea:11:bd:a4:bd:
                    9d:d4:0a:b5:eb:b2:95:64:1a:80:a6:ad:2f:e0:9c:
                    1b:01:c5:88:3c:42:32:68:72:d0:dd:b4:e4:fe:52:
                    e1:65:2f:ba:52:2c:d0:af:81:f7:27:11:98:36:30:
                    3b:de:4d:4b:26:be:d1:a2:02:cd:e1:f6:ff:4d:27:
                    3d:fe:c6:5a:eb:27:04:59:64:4f:41:51:54:16:91:
                    d4:24:6e:18:82:9b:42:5a:22:0b:6d:32:a7:67:8e:
                    24:04:08:7d:50:a8:fb:1b:11:31:5e:7b:5d:73:e0:
                    4d:01:02:fd:83:eb:fd:4d:56:c9:6f:9e:86:6a:41:
                    cd:d9:cb:36:a1:7a:27:da:12:4c:bd:8f:4b:95:01:
                    55:86:7a:f1:f7:1a:b3:73:42:ea:d8:fc:e8:df:ce:
                    f9:d1:22:48:20:49:7d:9a:2b:8f:21:f8:4a:5e:68:
                    75:1b:81:14:d7:6c:4d:56:7f:ae:b0:c3:01:4a:47:
                    0f:9c:c2:1d:a7:6f:58:62:98:d7:35:c8:d9:89:6a:
                    c2:85:54:71:a2:78:9d:39:e7:01:1e:c7:43:52:b8:
                    54:4c:8c:43:9f:6b:b4:a6:69:27:5e:25:60:94:a1:
                    7b:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:3B:2C:8C:33:1F:6A:AE:D8:3F:18:66:CE:9B:C3:03:01:37:66:7F
            X509v3 Authority Key Identifier:
                keyid:DC:1F:D0:07:DF:FA:50:8F:30:06:3F:BE:4D:53:A2:B2:E1:E8:C4:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3B_QB9_6UI8wBj--TVOisuHoxN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/075377-e426-492f-a59c-ae4c95c94005/1/_jssjDMfaq7YPxhmzpvDAwE3Zn8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/075377-e426-492f-a59c-ae4c95c94005/1/3B_QB9_6UI8wBj--TVOisuHoxN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.176.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:8d:b5:32:fa:d7:f3:e6:32:16:ec:9a:ff:7c:e1:52:40:35:
         91:f5:2f:b9:5f:33:db:4d:c1:00:8c:01:e9:03:f7:06:54:d6:
         3f:68:a8:d2:05:0f:5c:6c:69:2b:64:30:83:64:a2:b5:da:38:
         1f:02:54:1b:e2:b7:73:6d:f4:d1:11:be:2d:a3:0d:63:7c:f9:
         bc:8c:ca:87:19:50:ba:59:52:c4:32:f4:35:45:42:a3:cb:3a:
         00:1c:54:56:27:92:10:e9:dc:8f:e9:92:5b:55:e4:07:c0:9e:
         43:1c:4e:21:df:0c:59:b7:1d:47:77:40:96:4c:a3:4b:60:e9:
         58:da:9b:fb:19:d6:4b:71:8d:95:38:eb:86:02:45:d1:0c:cc:
         96:23:b1:b1:ee:90:4d:d4:a2:cb:a5:29:d3:ff:13:fb:a9:a5:
         c4:b8:42:ba:ee:16:05:04:92:16:30:8d:aa:f0:1f:03:f1:b8:
         26:3e:6a:ee:a2:54:86:e6:f9:e7:d7:58:8c:fc:06:76:af:73:
         58:e5:2a:ef:5b:12:6c:47:2c:67:33:42:83:dd:8a:48:c1:ca:
         eb:27:1e:8c:ad:e8:f5:5d:df:94:81:00:40:16:87:25:0a:cf:
         bd:0e:26:91:c8:ea:e7:7d:2e:2b:17:95:cf:62:13:2e:d8:f2:
         7d:7b:25:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbP0B8lfAlq3ORe3L5MFRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMWZkMDA3ZGZmYTUwOGYzMDA2M2ZiZTRkNTNhMmIyZTFl
OGM0ZGUwHhcNMjQwMTAxMDAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTNiMmM4YzMzMWY2YWFlZDgzZjE4NjZjZTliYzMwMzAxMzc2NjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlmAP7K24K/7ta2hPJCqtqS0WeU18
ZefQ6hG9pL2d1Aq167KVZBqApq0v4JwbAcWIPEIyaHLQ3bTk/lLhZS+6UizQr4H3
JxGYNjA73k1LJr7RogLN4fb/TSc9/sZa6ycEWWRPQVFUFpHUJG4YgptCWiILbTKn
Z44kBAh9UKj7GxExXntdc+BNAQL9g+v9TVbJb56GakHN2cs2oXon2hJMvY9LlQFV
hnrx9xqzc0Lq2Pzo38750SJIIEl9miuPIfhKXmh1G4EU12xNVn+usMMBSkcPnMId
p29YYpjXNcjZiWrChVRxonidOecBHsdDUrhUTIxDn2u0pmknXiVglKF70QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP47LIwzH2qu2D8YZs6bwwMBN2Z/MB8GA1UdIwQY
MBaAFNwf0Aff+lCPMAY/vk1TorLh6MTeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0JfUUI5XzZVSTh3QmotLVRWT2lzdUhveE40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8wNzUzNzctZTQyNi00OTJmLWE1OWMt
YWU0Yzk1Yzk0MDA1LzEvX2pzc2pETWZhcTdZUHhobXpwdkRBd0UzWm44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8wNzUzNzctZTQyNi00OTJmLWE1OWMtYWU0Yzk1Yzk0MDA1
LzEvM0JfUUI5XzZVSTh3QmotLVRWT2lzdUhveE40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXrCTMA0G
CSqGSIb3DQEBCwUAA4IBAQC0jbUy+tfz5jIW7Jr/fOFSQDWR9S+5XzPbTcEAjAHp
A/cGVNY/aKjSBQ9cbGkrZDCDZKK12jgfAlQb4rdzbfTREb4tow1jfPm8jMqHGVC6
WVLEMvQ1RUKjyzoAHFRWJ5IQ6dyP6ZJbVeQHwJ5DHE4h3wxZtx1Hd0CWTKNLYOlY
2pv7GdZLcY2VOOuGAkXRDMyWI7Gx7pBN1KLLpSnT/xP7qaXEuEK67hYFBJIWMI2q
8B8D8bgmPmruolSG5vnn11iM/AZ2r3NY5SrvWxJsRyxnM0KD3YpIwcrrJx6Mrej1
Xd+UgQBAFoclCs+9DiaRyOrnfS4rF5XPYhMu2PJ9eyUR
-----END CERTIFICATE-----