Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/333034-e737-436d-b149-3119d3332282/1/ZQuc3eiJ_pjnCfm4KPAujnCUyPY.roa
File:                     ZQuc3eiJ_pjnCfm4KPAujnCUyPY.roa (raw, json)
Hash identifier:          AxM2gnlWDlR2cqh64pu8Bmxv3mingG1abjHAS+j2Q/s=
Subject key identifier:   65:0B:9C:DD:E8:89:FE:98:E7:09:F9:B8:28:F0:2E:8E:70:94:C8:F6
Certificate issuer:       /CN=9e343f04c27d15455aaa5cdaa4569d37a88950d7
Certificate serial:       018CC5013E1BE3660B883A30B5C1D5D32A7F
Authority key identifier: 9E:34:3F:04:C2:7D:15:45:5A:AA:5C:DA:A4:56:9D:37:A8:89:50:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/njQ_BMJ9FUVaqlzapFadN6iJUNc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/333034-e737-436d-b149-3119d3332282/1/ZQuc3eiJ_pjnCfm4KPAujnCUyPY.roa
Signing time:             Mon 01 Jan 2024 12:30:42 +0000
ROA not before:           Mon 01 Jan 2024 12:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197892
IP address blocks:        94.154.96.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/333034-e737-436d-b149-3119d3332282/1/njQ_BMJ9FUVaqlzapFadN6iJUNc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/333034-e737-436d-b149-3119d3332282/1/njQ_BMJ9FUVaqlzapFadN6iJUNc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/njQ_BMJ9FUVaqlzapFadN6iJUNc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:3e:1b:e3:66:0b:88:3a:30:b5:c1:d5:d3:2a:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e343f04c27d15455aaa5cdaa4569d37a88950d7
        Validity
            Not Before: Jan  1 12:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=650b9cdde889fe98e709f9b828f02e8e7094c8f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:da:f4:7b:9f:b6:65:16:64:77:94:ba:07:05:
                    4e:74:11:40:13:a2:9e:5e:f3:19:ee:21:de:74:0d:
                    89:68:01:6f:e4:34:20:a7:27:62:89:d2:7a:64:d7:
                    e3:b6:8a:55:c8:48:f1:cb:c9:2b:09:39:bf:2f:8f:
                    6e:98:22:54:83:43:d4:4f:fc:5f:3d:0a:95:92:5d:
                    6b:57:18:2b:43:b3:19:f7:4e:31:3d:eb:42:29:67:
                    85:2c:de:88:38:f2:21:41:de:9f:a8:45:33:ce:8a:
                    86:00:bb:21:e8:3c:99:e7:e2:54:8d:97:4d:d7:12:
                    38:74:9d:80:3c:0a:01:cb:86:d2:15:38:c0:19:6d:
                    43:05:7f:2c:a9:32:b4:fa:fe:e3:79:b9:d5:53:f1:
                    a0:b5:82:dd:c1:72:22:38:ef:17:61:a4:f9:b9:17:
                    15:4f:e1:8b:2c:fd:44:f6:42:2d:2c:29:6f:67:95:
                    16:2c:9f:9f:c7:93:c2:db:d7:77:4f:2c:00:b2:ed:
                    0e:b5:f9:e3:ab:12:91:ad:df:93:72:cf:94:2e:59:
                    85:2a:7d:e1:48:c3:2c:fd:e8:ce:73:39:5c:8a:ef:
                    1a:0d:8a:e3:6d:49:6d:b6:e8:83:3f:e0:34:9e:fb:
                    66:46:02:4b:71:62:9c:d0:a7:04:fa:c4:fa:80:07:
                    78:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:0B:9C:DD:E8:89:FE:98:E7:09:F9:B8:28:F0:2E:8E:70:94:C8:F6
            X509v3 Authority Key Identifier:
                keyid:9E:34:3F:04:C2:7D:15:45:5A:AA:5C:DA:A4:56:9D:37:A8:89:50:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/njQ_BMJ9FUVaqlzapFadN6iJUNc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/333034-e737-436d-b149-3119d3332282/1/ZQuc3eiJ_pjnCfm4KPAujnCUyPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/333034-e737-436d-b149-3119d3332282/1/njQ_BMJ9FUVaqlzapFadN6iJUNc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         a7:4f:27:87:ad:47:13:a3:0d:a0:02:14:af:aa:ef:4d:df:87:
         f7:05:f1:5d:06:a6:04:e4:18:8f:c1:11:d7:75:09:fe:70:d9:
         b0:ce:8d:91:17:58:f3:52:03:7b:69:b1:14:ee:4c:0d:22:d8:
         be:b2:d8:ca:ef:50:8f:5a:d8:c7:54:1e:7a:ec:3f:6e:19:c0:
         67:11:4a:d0:cb:db:aa:a8:9c:e4:d5:26:f3:14:ca:24:7d:e9:
         39:7f:2b:4a:00:62:df:45:e0:0b:a0:8b:c6:bb:81:96:fc:26:
         1b:0b:ac:55:56:42:e5:2f:ca:bb:51:4e:cf:f7:6b:43:2e:f3:
         04:5a:68:8f:c2:97:8d:2e:9f:63:b2:46:e9:e7:aa:af:01:2b:
         19:1e:b6:3c:8e:69:dc:a4:ef:37:c6:b3:09:62:3f:37:7c:e1:
         cc:1a:97:23:12:7c:6a:9c:6a:bd:f0:54:d2:d6:e1:0f:d9:a5:
         54:8d:87:77:50:6c:f9:9c:96:e0:30:43:fd:ce:5f:b7:b6:70:
         d9:3b:3b:22:5d:9d:55:2a:7d:82:94:2c:a5:24:8b:6b:cf:cc:
         06:53:ec:7e:55:09:8c:d0:c8:9f:45:fc:88:88:e2:82:ca:c0:
         04:a5:41:27:8b:81:75:ff:82:ac:0b:1d:8e:fe:7d:58:c8:b7:
         00:07:73:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAT4b42YLiDowtcHV0yp/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMzQzZjA0YzI3ZDE1NDU1YWFhNWNkYWE0NTY5ZDM3YTg4
OTUwZDcwHhcNMjQwMTAxMTIzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTBiOWNkZGU4ODlmZTk4ZTcwOWY5YjgyOGYwMmU4ZTcwOTRjOGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgdr0e5+2ZRZkd5S6BwVOdBFAE6Ke
XvMZ7iHedA2JaAFv5DQgpydiidJ6ZNfjtopVyEjxy8krCTm/L49umCJUg0PUT/xf
PQqVkl1rVxgrQ7MZ904xPetCKWeFLN6IOPIhQd6fqEUzzoqGALsh6DyZ5+JUjZdN
1xI4dJ2APAoBy4bSFTjAGW1DBX8sqTK0+v7jebnVU/GgtYLdwXIiOO8XYaT5uRcV
T+GLLP1E9kItLClvZ5UWLJ+fx5PC29d3TywAsu0OtfnjqxKRrd+Tcs+ULlmFKn3h
SMMs/ejOczlciu8aDYrjbUlttuiDP+A0nvtmRgJLcWKc0KcE+sT6gAd4pQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGULnN3oif6Y5wn5uCjwLo5wlMj2MB8GA1UdIwQY
MBaAFJ40PwTCfRVFWqpc2qRWnTeoiVDXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmpRX0JNSjlGVVZhcWx6YXBGYWRONmlKVU5jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8zMzMwMzQtZTczNy00MzZkLWIxNDkt
MzExOWQzMzMyMjgyLzEvWlF1YzNlaUpfcGpuQ2ZtNEtQQXVqbkNVeVBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8zMzMwMzQtZTczNy00MzZkLWIxNDktMzExOWQzMzMyMjgy
LzEvbmpRX0JNSjlGVVZhcWx6YXBGYWRONmlKVU5jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDXppgMA0G
CSqGSIb3DQEBCwUAA4IBAQCnTyeHrUcTow2gAhSvqu9N34f3BfFdBqYE5BiPwRHX
dQn+cNmwzo2RF1jzUgN7abEU7kwNIti+stjK71CPWtjHVB567D9uGcBnEUrQy9uq
qJzk1SbzFMokfek5fytKAGLfReALoIvGu4GW/CYbC6xVVkLlL8q7UU7P92tDLvME
WmiPwpeNLp9jskbp56qvASsZHrY8jmncpO83xrMJYj83fOHMGpcjEnxqnGq98FTS
1uEP2aVUjYd3UGz5nJbgMEP9zl+3tnDZOzsiXZ1VKn2ClCylJItrz8wGU+x+VQmM
0MifRfyIiOKCysAEpUEni4F1/4KsCx2O/n1YyLcAB3My
-----END CERTIFICATE-----