Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/66578f-e8bf-40e0-ab30-a4c128075862/1/hRniPKDMNH8bGieMKO10BwYZS3E.roa
File:                     hRniPKDMNH8bGieMKO10BwYZS3E.roa (raw, json)
Hash identifier:          NQH7zxziEjSw1+Bnv/+5p/BxYuRG0RhKVk6eFL3K7hE=
Subject key identifier:   85:19:E2:3C:A0:CC:34:7F:1B:1A:27:8C:28:ED:74:07:06:19:4B:71
Certificate issuer:       /CN=27391ae28a91d5991346aedaf17bf8605c8cf22e
Certificate serial:       018CC3495080501EAB81E3641786E3DD470F
Authority key identifier: 27:39:1A:E2:8A:91:D5:99:13:46:AE:DA:F1:7B:F8:60:5C:8C:F2:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jzka4oqR1ZkTRq7a8Xv4YFyM8i4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/66578f-e8bf-40e0-ab30-a4c128075862/1/hRniPKDMNH8bGieMKO10BwYZS3E.roa
Signing time:             Mon 01 Jan 2024 04:30:11 +0000
ROA not before:           Mon 01 Jan 2024 04:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50252
IP address blocks:        194.102.140.0/23 maxlen: 23
                          194.102.140.0/24 maxlen: 24
                          194.102.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/66578f-e8bf-40e0-ab30-a4c128075862/1/Jzka4oqR1ZkTRq7a8Xv4YFyM8i4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/66578f-e8bf-40e0-ab30-a4c128075862/1/Jzka4oqR1ZkTRq7a8Xv4YFyM8i4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jzka4oqR1ZkTRq7a8Xv4YFyM8i4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:50:80:50:1e:ab:81:e3:64:17:86:e3:dd:47:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27391ae28a91d5991346aedaf17bf8605c8cf22e
        Validity
            Not Before: Jan  1 04:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8519e23ca0cc347f1b1a278c28ed740706194b71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:18:af:26:59:82:97:d4:35:0c:aa:9e:2f:ad:
                    f6:27:19:3a:18:45:1b:a6:20:52:da:08:b4:96:82:
                    9d:37:a5:61:eb:e0:e5:1e:3e:76:66:e4:f6:93:17:
                    df:87:03:54:69:23:fb:b0:7f:63:70:ad:3c:5a:9c:
                    67:c9:e0:75:3d:8f:ba:16:ea:8b:95:2f:f4:20:cd:
                    2e:fb:49:3f:11:1d:15:2b:dd:c7:27:f1:27:71:34:
                    0d:62:67:2d:c2:94:d0:ea:4f:fe:78:4b:48:cf:55:
                    6f:7c:ba:8e:d3:53:67:3f:03:ae:e0:9b:ac:8d:23:
                    67:43:25:cb:b6:00:37:35:36:ec:7a:dd:5d:89:b6:
                    27:15:b7:83:06:f2:ff:4c:dd:50:8b:7f:d2:b3:5f:
                    6e:16:1d:3b:3d:33:6a:7f:8e:f9:4e:20:e9:5d:f6:
                    a6:ae:6a:33:81:bd:b8:6e:48:3d:0f:67:6e:d1:17:
                    8a:86:c3:ce:03:6f:ae:84:59:3a:58:e9:10:cd:aa:
                    e1:a6:dc:8e:9f:e0:bf:a5:81:66:83:cc:94:38:4f:
                    e6:48:18:b2:a4:0f:fb:82:ea:1a:f0:14:9a:b1:bf:
                    9b:16:33:d5:9c:8d:6d:c0:67:11:97:56:bc:66:8b:
                    b5:ca:51:f7:64:fc:da:87:03:d3:ba:e0:d1:e5:70:
                    f1:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:19:E2:3C:A0:CC:34:7F:1B:1A:27:8C:28:ED:74:07:06:19:4B:71
            X509v3 Authority Key Identifier:
                keyid:27:39:1A:E2:8A:91:D5:99:13:46:AE:DA:F1:7B:F8:60:5C:8C:F2:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jzka4oqR1ZkTRq7a8Xv4YFyM8i4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/66578f-e8bf-40e0-ab30-a4c128075862/1/hRniPKDMNH8bGieMKO10BwYZS3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/66578f-e8bf-40e0-ab30-a4c128075862/1/Jzka4oqR1ZkTRq7a8Xv4YFyM8i4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.102.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7e:d6:49:08:05:24:04:49:a3:3a:0f:35:74:71:44:6e:8e:a7:
         27:33:96:1b:13:ea:a4:f8:b0:38:d6:45:46:36:9f:f1:fa:ff:
         17:0d:4b:75:fe:32:42:b5:b7:58:43:aa:f1:56:77:1b:a1:f5:
         d1:49:71:31:9c:71:d1:4d:d2:8e:be:c5:c8:0c:d1:4c:89:b0:
         a9:4c:fb:ce:7d:76:b1:3d:9a:3b:95:79:20:48:4a:eb:86:1c:
         73:1b:73:d7:f2:5a:2b:86:f9:54:e3:f4:31:15:5e:01:29:8c:
         ff:14:21:86:79:96:00:16:a8:8a:6e:13:30:cc:90:64:2f:52:
         7e:e0:63:a0:59:81:03:07:b3:aa:80:6d:ac:18:71:fa:ce:48:
         0e:ff:84:cf:ea:53:58:95:bf:d7:17:f2:70:fa:1b:c1:ff:cc:
         b3:b0:5e:6a:4f:ae:48:a5:bd:bd:c5:dc:5c:5d:e2:0a:25:82:
         ad:b2:c1:41:e4:90:9d:da:f4:84:02:1f:5b:8c:55:3a:d1:f7:
         cf:37:09:1e:35:62:45:90:5f:c1:dc:cc:67:a6:c3:0b:d2:99:
         5a:0a:66:c1:01:c3:3c:62:4f:b8:4e:36:8f:b4:77:6a:fe:4f:
         c1:cd:b3:d7:19:9d:f1:56:5f:fc:5d:de:8a:8f:ff:26:e7:00:
         ef:02:c9:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSVCAUB6rgeNkF4bj3UcPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3MzkxYWUyOGE5MWQ1OTkxMzQ2YWVkYWYxN2JmODYwNWM4
Y2YyMmUwHhcNMjQwMTAxMDQzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTE5ZTIzY2EwY2MzNDdmMWIxYTI3OGMyOGVkNzQwNzA2MTk0YjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRivJlmCl9Q1DKqeL632Jxk6GEUb
piBS2gi0loKdN6Vh6+DlHj52ZuT2kxffhwNUaSP7sH9jcK08WpxnyeB1PY+6FuqL
lS/0IM0u+0k/ER0VK93HJ/EncTQNYmctwpTQ6k/+eEtIz1VvfLqO01NnPwOu4Jus
jSNnQyXLtgA3NTbset1dibYnFbeDBvL/TN1Qi3/Ss19uFh07PTNqf475TiDpXfam
rmozgb24bkg9D2du0ReKhsPOA2+uhFk6WOkQzarhptyOn+C/pYFmg8yUOE/mSBiy
pA/7guoa8BSasb+bFjPVnI1twGcRl1a8Zou1ylH3ZPzahwPTuuDR5XDxzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIUZ4jygzDR/GxonjCjtdAcGGUtxMB8GA1UdIwQY
MBaAFCc5GuKKkdWZE0au2vF7+GBcjPIuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnprYTRvcVIxWmtUUnE3YThYdjRZRnlNOGk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC82NjU3OGYtZThiZi00MGUwLWFiMzAt
YTRjMTI4MDc1ODYyLzEvaFJuaVBLRE1OSDhiR2llTUtPMTBCd1laUzNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC82NjU3OGYtZThiZi00MGUwLWFiMzAtYTRjMTI4MDc1ODYy
LzEvSnprYTRvcVIxWmtUUnE3YThYdjRZRnlNOGk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwmaMMA0G
CSqGSIb3DQEBCwUAA4IBAQB+1kkIBSQESaM6DzV0cURujqcnM5YbE+qk+LA41kVG
Np/x+v8XDUt1/jJCtbdYQ6rxVncbofXRSXExnHHRTdKOvsXIDNFMibCpTPvOfXax
PZo7lXkgSErrhhxzG3PX8lorhvlU4/QxFV4BKYz/FCGGeZYAFqiKbhMwzJBkL1J+
4GOgWYEDB7OqgG2sGHH6zkgO/4TP6lNYlb/XF/Jw+hvB/8yzsF5qT65Ipb29xdxc
XeIKJYKtssFB5JCd2vSEAh9bjFU60ffPNwkeNWJFkF/B3MxnpsML0plaCmbBAcM8
Yk+4TjaPtHdq/k/BzbPXGZ3xVl/8Xd6Kj/8m5wDvAskz
-----END CERTIFICATE-----