Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/081e96-10e1-4c97-b932-1daf80c519d0/1/j4GCoGR2ifS4g3vRyBFVOZyKhQY.roa
File:                     j4GCoGR2ifS4g3vRyBFVOZyKhQY.roa (raw, json)
Hash identifier:          waY3m/0AGdDp0LpEKELDEkJIuzP3S6IrvmOeMlAEtOw=
Subject key identifier:   8F:81:82:A0:64:76:89:F4:B8:83:7B:D1:C8:11:55:39:9C:8A:85:06
Certificate issuer:       /CN=743d850cd12a363ddcdb0dc273e1dfc863b705f7
Certificate serial:       018CC2DAB1B96FC5562C5D5D61FB705E92B5
Authority key identifier: 74:3D:85:0C:D1:2A:36:3D:DC:DB:0D:C2:73:E1:DF:C8:63:B7:05:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dD2FDNEqNj3c2w3Cc-HfyGO3Bfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/081e96-10e1-4c97-b932-1daf80c519d0/1/j4GCoGR2ifS4g3vRyBFVOZyKhQY.roa
Signing time:             Mon 01 Jan 2024 02:29:21 +0000
ROA not before:           Mon 01 Jan 2024 02:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42415
IP address blocks:        194.6.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/081e96-10e1-4c97-b932-1daf80c519d0/1/dD2FDNEqNj3c2w3Cc-HfyGO3Bfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/081e96-10e1-4c97-b932-1daf80c519d0/1/dD2FDNEqNj3c2w3Cc-HfyGO3Bfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dD2FDNEqNj3c2w3Cc-HfyGO3Bfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 19:01:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:b1:b9:6f:c5:56:2c:5d:5d:61:fb:70:5e:92:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=743d850cd12a363ddcdb0dc273e1dfc863b705f7
        Validity
            Not Before: Jan  1 02:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f8182a0647689f4b8837bd1c81155399c8a8506
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:04:1a:f2:10:92:45:91:28:d9:28:55:56:e2:
                    d4:68:0c:e3:91:c5:aa:51:d1:aa:b7:3f:3f:68:43:
                    77:8b:6d:b3:7a:97:8d:42:a8:c2:85:74:4a:55:86:
                    08:9b:86:98:91:38:19:d1:13:95:f6:dd:6a:3c:cf:
                    c5:e1:07:e6:ac:1e:c2:d4:fd:b3:97:99:2a:89:fb:
                    db:21:e7:42:dc:94:39:3a:0e:06:eb:fb:a2:89:cf:
                    22:fd:49:5e:72:cf:3a:55:15:4d:3e:e1:b8:ad:dc:
                    c4:66:8e:e1:c7:f7:6e:6c:f1:a4:ec:cb:0f:6d:f8:
                    48:23:f4:f3:ea:22:70:a8:5f:65:67:24:0c:14:b8:
                    c2:e4:1d:79:df:ab:8d:f1:a2:8b:6a:25:b9:36:ac:
                    12:d1:56:0b:26:05:23:f8:4f:39:7a:32:cc:d4:65:
                    88:f6:a7:ff:6b:2a:8c:a0:55:2d:9c:1b:70:7f:1c:
                    88:8f:b0:35:28:13:54:86:79:ae:b7:da:d9:a2:72:
                    01:61:50:d8:eb:99:4b:cc:1d:95:bb:84:86:00:e9:
                    03:53:bb:0a:72:54:87:12:7f:c1:c5:62:7b:f4:d6:
                    12:3e:b2:ea:8e:24:5c:e2:f1:47:81:8d:c1:f2:4d:
                    24:f4:6b:8b:77:bb:05:86:dd:54:3a:2e:89:cf:88:
                    e5:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:81:82:A0:64:76:89:F4:B8:83:7B:D1:C8:11:55:39:9C:8A:85:06
            X509v3 Authority Key Identifier:
                keyid:74:3D:85:0C:D1:2A:36:3D:DC:DB:0D:C2:73:E1:DF:C8:63:B7:05:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD2FDNEqNj3c2w3Cc-HfyGO3Bfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/081e96-10e1-4c97-b932-1daf80c519d0/1/j4GCoGR2ifS4g3vRyBFVOZyKhQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/081e96-10e1-4c97-b932-1daf80c519d0/1/dD2FDNEqNj3c2w3Cc-HfyGO3Bfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.6.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:6f:ca:01:8b:af:3d:22:ba:6d:3e:6b:4f:5e:74:25:9e:79:
         e9:e9:36:85:cb:51:c3:7c:3e:5f:a1:7b:51:0e:5f:be:0c:44:
         14:ee:b5:cb:07:e3:86:8a:49:cd:e0:fe:5a:9b:48:d8:8a:4f:
         37:76:c4:40:f0:80:d7:27:ab:d3:5c:2b:2a:06:13:4e:d5:36:
         6e:84:68:ab:c8:41:67:ce:ed:62:8e:1d:bf:6d:cb:da:a4:b3:
         07:47:3d:fd:b4:0b:46:f6:9f:c1:4d:13:6b:2a:8f:89:69:22:
         83:62:be:db:a9:a8:b2:3c:3e:4f:3e:cd:78:89:77:6e:6a:c1:
         1d:23:de:3f:fb:90:cd:d9:a1:82:2a:38:46:7f:83:f6:ef:22:
         bd:31:ec:94:5c:92:d0:62:f1:27:b8:43:4b:60:c5:7a:7e:97:
         0d:87:43:4e:74:24:b2:8b:71:64:dd:89:e2:97:d0:78:61:0d:
         af:17:9f:05:af:df:93:f6:86:c8:9c:1e:9a:98:d8:a0:56:15:
         43:f6:9d:5b:94:4b:31:be:2b:09:f7:83:29:5f:e9:12:03:27:
         6d:5d:cd:10:0e:53:d8:bc:25:91:7a:02:36:99:d4:55:87:86:
         28:3c:bf:a3:80:63:88:7c:fe:9a:58:66:31:8a:e7:01:79:07:
         b0:d2:74:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2rG5b8VWLF1dYftwXpK1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2Q4NTBjZDEyYTM2M2RkY2RiMGRjMjczZTFkZmM4NjNi
NzA1ZjcwHhcNMjQwMTAxMDIyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjgxODJhMDY0NzY4OWY0Yjg4MzdiZDFjODExNTUzOTljOGE4NTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQQa8hCSRZEo2ShVVuLUaAzjkcWq
UdGqtz8/aEN3i22zepeNQqjChXRKVYYIm4aYkTgZ0ROV9t1qPM/F4QfmrB7C1P2z
l5kqifvbIedC3JQ5Og4G6/uiic8i/Ulecs86VRVNPuG4rdzEZo7hx/dubPGk7MsP
bfhII/Tz6iJwqF9lZyQMFLjC5B1536uN8aKLaiW5NqwS0VYLJgUj+E85ejLM1GWI
9qf/ayqMoFUtnBtwfxyIj7A1KBNUhnmut9rZonIBYVDY65lLzB2Vu4SGAOkDU7sK
clSHEn/BxWJ79NYSPrLqjiRc4vFHgY3B8k0k9GuLd7sFht1UOi6Jz4jlTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI+BgqBkdon0uIN70cgRVTmcioUGMB8GA1UdIwQY
MBaAFHQ9hQzRKjY93NsNwnPh38hjtwX3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQyRkRORXFOajNjMnczQ2MtSGZ5R08zQmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8wODFlOTYtMTBlMS00Yzk3LWI5MzIt
MWRhZjgwYzUxOWQwLzEvajRHQ29HUjJpZlM0ZzN2UnlCRlZPWnlLaFFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8wODFlOTYtMTBlMS00Yzk3LWI5MzItMWRhZjgwYzUxOWQw
LzEvZEQyRkRORXFOajNjMnczQ2MtSGZ5R08zQmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgb/MA0G
CSqGSIb3DQEBCwUAA4IBAQBdb8oBi689IrptPmtPXnQlnnnp6TaFy1HDfD5foXtR
Dl++DEQU7rXLB+OGiknN4P5am0jYik83dsRA8IDXJ6vTXCsqBhNO1TZuhGiryEFn
zu1ijh2/bcvapLMHRz39tAtG9p/BTRNrKo+JaSKDYr7bqaiyPD5PPs14iXduasEd
I94/+5DN2aGCKjhGf4P27yK9MeyUXJLQYvEnuENLYMV6fpcNh0NOdCSyi3Fk3Yni
l9B4YQ2vF58Fr9+T9obInB6amNigVhVD9p1blEsxvisJ94MpX+kSAydtXc0QDlPY
vCWRegI2mdRVh4YoPL+jgGOIfP6aWGYxiucBeQew0nS8
-----END CERTIFICATE-----