Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/eaf2e2-1817-40a8-9be8-2507db32c1c4/1/R9SHoybjRZLiS3RciqmBp2hyyxg.roa
File:                     R9SHoybjRZLiS3RciqmBp2hyyxg.roa (raw, json)
Hash identifier:          49KPRI7lXrR/YoufrUp3Ace99OEdjaygDG1i/DtQ+fM=
Subject key identifier:   47:D4:87:A3:26:E3:45:92:E2:4B:74:5C:8A:A9:81:A7:68:72:CB:18
Certificate issuer:       /CN=88ff4ee623d8fab73c901d0cbdc93a321e9ccfb7
Certificate serial:       018CC348C5AE87423AA6B902CE80A7E7A9F3
Authority key identifier: 88:FF:4E:E6:23:D8:FA:B7:3C:90:1D:0C:BD:C9:3A:32:1E:9C:CF:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iP9O5iPY-rc8kB0Mvck6Mh6cz7c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/eaf2e2-1817-40a8-9be8-2507db32c1c4/1/R9SHoybjRZLiS3RciqmBp2hyyxg.roa
Signing time:             Mon 01 Jan 2024 04:29:35 +0000
ROA not before:           Mon 01 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41509
IP address blocks:        194.145.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/eaf2e2-1817-40a8-9be8-2507db32c1c4/1/iP9O5iPY-rc8kB0Mvck6Mh6cz7c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/eaf2e2-1817-40a8-9be8-2507db32c1c4/1/iP9O5iPY-rc8kB0Mvck6Mh6cz7c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iP9O5iPY-rc8kB0Mvck6Mh6cz7c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c5:ae:87:42:3a:a6:b9:02:ce:80:a7:e7:a9:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88ff4ee623d8fab73c901d0cbdc93a321e9ccfb7
        Validity
            Not Before: Jan  1 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47d487a326e34592e24b745c8aa981a76872cb18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:7a:5f:9b:1a:29:ca:7d:35:48:f4:37:82:70:
                    d6:b6:05:22:d8:a9:c5:b2:0e:cd:71:ac:4f:28:3f:
                    05:cd:d1:5d:68:ae:8d:7d:22:a3:19:a4:04:0e:c0:
                    07:07:46:55:53:9f:ac:b3:2d:1b:7f:f7:9b:96:fb:
                    95:42:32:38:e3:60:c3:e3:41:8e:2a:86:82:a0:3a:
                    fc:16:ff:c9:e3:90:65:cf:65:61:84:01:4e:8d:02:
                    ab:87:0b:aa:78:be:03:95:bb:5d:54:a3:b7:fa:4c:
                    80:a1:54:2e:52:cc:0a:f8:f8:62:39:49:75:2e:24:
                    42:58:27:97:a4:2b:d1:1a:f8:0f:d6:be:09:6c:57:
                    d5:e7:ba:38:e1:97:46:78:07:2d:46:08:a8:d9:6c:
                    19:57:6d:32:b0:f1:50:f9:5f:c6:39:5d:d7:e0:8c:
                    2d:5a:83:40:b6:f7:63:e8:b8:08:9f:37:0c:14:21:
                    b4:36:70:0f:ef:2e:d9:ec:d5:07:6e:3c:0a:4d:79:
                    de:2b:4c:a7:25:f5:68:87:aa:f0:9a:c5:bc:df:a2:
                    7c:b2:c7:65:36:99:ae:8c:85:01:be:18:5a:c6:3f:
                    3d:a4:3a:63:f1:5e:04:ad:da:4c:22:03:f2:80:7d:
                    ff:18:1d:29:98:8b:3a:0b:f2:1a:dd:bd:de:35:30:
                    c3:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:D4:87:A3:26:E3:45:92:E2:4B:74:5C:8A:A9:81:A7:68:72:CB:18
            X509v3 Authority Key Identifier:
                keyid:88:FF:4E:E6:23:D8:FA:B7:3C:90:1D:0C:BD:C9:3A:32:1E:9C:CF:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iP9O5iPY-rc8kB0Mvck6Mh6cz7c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/eaf2e2-1817-40a8-9be8-2507db32c1c4/1/R9SHoybjRZLiS3RciqmBp2hyyxg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/eaf2e2-1817-40a8-9be8-2507db32c1c4/1/iP9O5iPY-rc8kB0Mvck6Mh6cz7c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.145.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:1a:a6:47:8d:c2:f3:91:a3:3f:88:8f:ab:de:38:fc:27:c9:
         d7:2d:8b:92:9e:b7:93:83:56:6b:5c:88:05:62:0a:32:f2:bf:
         e6:3a:e5:9b:e8:ef:0b:04:f4:bc:ae:eb:f3:e2:4c:23:e3:46:
         32:e2:d5:23:89:5c:80:cd:d9:9f:72:19:43:e5:6f:4f:dd:35:
         15:7b:e8:5c:26:28:fd:0e:c9:62:13:b8:85:02:35:78:a0:39:
         33:1d:79:b0:00:ab:3b:a6:be:08:84:8e:c1:ec:d8:b0:50:97:
         74:51:3d:45:ff:9b:fc:50:a2:5e:ba:a6:c0:7d:3b:c5:9a:28:
         b9:09:39:8a:60:86:a9:c4:cd:c9:46:d8:ee:7b:be:10:0a:99:
         90:e0:f4:d8:14:7d:de:29:4e:74:7f:bb:1f:06:1d:65:6e:68:
         6b:75:df:09:22:9e:28:24:f3:ef:d6:9c:28:be:e7:5c:59:26:
         15:8f:bc:15:56:91:1f:5e:d8:f9:a9:53:75:68:0f:4d:1f:6b:
         ee:4e:d8:9c:5a:b9:8b:22:a1:91:13:5d:6d:41:b4:74:5b:bd:
         fd:d1:3c:49:ee:bb:37:57:7e:61:1f:b2:dc:44:e9:6c:d9:dd:
         75:b1:7f:fc:43:1a:20:59:bb:ae:f3:6b:5f:de:73:30:b9:12:
         52:ff:e4:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSMWuh0I6prkCzoCn56nzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4ZmY0ZWU2MjNkOGZhYjczYzkwMWQwY2JkYzkzYTMyMWU5
Y2NmYjcwHhcNMjQwMTAxMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2Q0ODdhMzI2ZTM0NTkyZTI0Yjc0NWM4YWE5ODFhNzY4NzJjYjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3pfmxopyn01SPQ3gnDWtgUi2KnF
sg7NcaxPKD8FzdFdaK6NfSKjGaQEDsAHB0ZVU5+ssy0bf/eblvuVQjI442DD40GO
KoaCoDr8Fv/J45Blz2VhhAFOjQKrhwuqeL4DlbtdVKO3+kyAoVQuUswK+PhiOUl1
LiRCWCeXpCvRGvgP1r4JbFfV57o44ZdGeActRgio2WwZV20ysPFQ+V/GOV3X4Iwt
WoNAtvdj6LgInzcMFCG0NnAP7y7Z7NUHbjwKTXneK0ynJfVoh6rwmsW836J8ssdl
NpmujIUBvhhaxj89pDpj8V4ErdpMIgPygH3/GB0pmIs6C/Ia3b3eNTDDDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEfUh6Mm40WS4kt0XIqpgadocssYMB8GA1UdIwQY
MBaAFIj/TuYj2Pq3PJAdDL3JOjIenM+3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVA5TzVpUFktcmM4a0IwTXZjazZNaDZjejdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lYWYyZTItMTgxNy00MGE4LTliZTgt
MjUwN2RiMzJjMWM0LzEvUjlTSG95YmpSWkxpUzNSY2lxbUJwMmh5eXhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lYWYyZTItMTgxNy00MGE4LTliZTgtMjUwN2RiMzJjMWM0
LzEvaVA5TzVpUFktcmM4a0IwTXZjazZNaDZjejdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpGcMA0G
CSqGSIb3DQEBCwUAA4IBAQCnGqZHjcLzkaM/iI+r3jj8J8nXLYuSnreTg1ZrXIgF
Ygoy8r/mOuWb6O8LBPS8ruvz4kwj40Yy4tUjiVyAzdmfchlD5W9P3TUVe+hcJij9
DsliE7iFAjV4oDkzHXmwAKs7pr4IhI7B7NiwUJd0UT1F/5v8UKJeuqbAfTvFmii5
CTmKYIapxM3JRtjue74QCpmQ4PTYFH3eKU50f7sfBh1lbmhrdd8JIp4oJPPv1pwo
vudcWSYVj7wVVpEfXtj5qVN1aA9NH2vuTticWrmLIqGRE11tQbR0W7390TxJ7rs3
V35hH7LcROls2d11sX/8QxogWbuu82tf3nMwuRJS/+TV
-----END CERTIFICATE-----