Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/iJAVfM9liiLGFYO5rTbVxZa33Rs.roa
File:                     iJAVfM9liiLGFYO5rTbVxZa33Rs.roa (raw, json)
Hash identifier:          bbP5xERLNTXOQlMa5XRaiwoFe4nuWVl5rhAIkO5HSMk=
Subject key identifier:   88:90:15:7C:CF:65:8A:22:C6:15:83:B9:AD:36:D5:C5:96:B7:DD:1B
Certificate issuer:       /CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
Certificate serial:       018EE1849834B41075209B98DA7F7678AF72
Authority key identifier: 2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/iJAVfM9liiLGFYO5rTbVxZa33Rs.roa
Signing time:             Mon 15 Apr 2024 11:29:06 +0000
ROA not before:           Mon 15 Apr 2024 11:29:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199218
IP address blocks:        94.190.195.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 20:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e1:84:98:34:b4:10:75:20:9b:98:da:7f:76:78:af:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
        Validity
            Not Before: Apr 15 11:29:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8890157ccf658a22c61583b9ad36d5c596b7dd1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:05:11:fa:0b:1e:49:79:a5:9b:8c:b4:53:d4:
                    fa:5b:05:4c:b6:5a:3b:05:36:de:57:5c:f7:22:5a:
                    f3:b0:44:41:25:db:6c:40:a7:a6:ad:9d:7e:0c:c0:
                    eb:0d:a4:80:0c:3f:33:18:d5:89:1f:16:02:2a:c5:
                    c3:6f:e5:22:1c:41:25:d7:9e:a1:92:3e:95:fd:0f:
                    d4:f1:9b:2e:b4:9e:5d:7c:5d:30:71:03:44:f1:6e:
                    fd:a0:62:9f:bc:de:03:5d:46:32:f3:9b:58:46:90:
                    29:f1:dd:29:0c:16:fe:76:9b:53:22:3e:fe:d9:db:
                    74:60:54:05:49:5c:ec:f4:a2:e4:37:c6:87:dc:6f:
                    dc:24:e8:82:64:32:44:f8:af:7e:8a:5b:9e:e7:02:
                    84:8e:eb:05:30:11:c4:dc:d6:63:45:de:2c:64:c4:
                    1a:c9:18:9b:cf:ee:c6:d7:db:70:ba:9c:0e:68:84:
                    c3:ca:3a:8d:da:22:6f:fb:fe:36:ad:d5:bc:96:59:
                    60:6d:f4:cf:2f:83:55:98:6b:7f:93:00:c3:d5:87:
                    f4:c2:ab:16:44:30:92:7e:82:b1:f6:72:68:13:ea:
                    ec:90:25:5a:2d:40:f3:a3:05:2c:ff:96:f1:7b:4d:
                    7c:2a:9d:ed:b0:16:29:3c:c9:f7:63:ed:88:cb:88:
                    5b:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:90:15:7C:CF:65:8A:22:C6:15:83:B9:AD:36:D5:C5:96:B7:DD:1B
            X509v3 Authority Key Identifier:
                keyid:2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/iJAVfM9liiLGFYO5rTbVxZa33Rs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.190.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:2a:ee:0b:46:84:2f:58:86:b3:eb:93:db:4b:67:eb:25:88:
         5a:3d:13:76:2c:83:c1:39:6b:7e:8e:2d:3a:e6:1a:bf:25:47:
         d5:1e:83:61:96:e8:a2:c4:11:d6:d8:6c:c6:33:79:02:b5:5b:
         5e:4e:c5:94:61:a4:d8:80:cf:e2:03:c0:7b:fc:40:76:86:93:
         39:4d:f5:fc:ac:20:64:59:ab:7a:31:7c:ed:d2:4e:a6:0a:94:
         02:92:34:40:eb:23:87:1e:a6:ae:4a:30:43:99:cb:64:3e:0c:
         b4:15:61:ed:2e:df:8a:a3:b9:7f:0f:df:ef:34:b4:b7:f1:08:
         2d:ce:46:47:3b:8b:3b:96:e5:47:fa:ae:5b:3b:29:2c:24:6b:
         49:85:c9:7a:6c:d4:5d:77:82:4d:84:96:e5:f8:6f:19:04:bd:
         cb:b5:ba:64:a5:f5:04:c9:2f:08:b4:f7:58:c5:4b:ef:7d:ad:
         0b:01:5e:c8:8c:72:a6:60:25:7c:21:ef:e4:4d:47:bf:8c:90:
         f8:51:28:ec:90:09:02:2b:fe:6d:92:72:7d:c7:2a:c7:01:82:
         4a:e2:cc:41:09:72:58:3d:3b:44:00:72:b6:13:26:52:8f:5b:
         47:38:aa:16:03:3e:54:87:af:7f:85:8e:92:a8:2c:81:b1:6e:
         4f:ec:6f:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7hhJg0tBB1IJuY2n92eK9yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMWNhYTY5MzU4ZjhjOThmN2E3MTlmMjU5N2Q1ZGFkZGJk
MDAxOGMwHhcNMjQwNDE1MTEyOTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODkwMTU3Y2NmNjU4YTIyYzYxNTgzYjlhZDM2ZDVjNTk2YjdkZDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlQUR+gseSXmlm4y0U9T6WwVMtlo7
BTbeV1z3IlrzsERBJdtsQKemrZ1+DMDrDaSADD8zGNWJHxYCKsXDb+UiHEEl156h
kj6V/Q/U8ZsutJ5dfF0wcQNE8W79oGKfvN4DXUYy85tYRpAp8d0pDBb+dptTIj7+
2dt0YFQFSVzs9KLkN8aH3G/cJOiCZDJE+K9+ilue5wKEjusFMBHE3NZjRd4sZMQa
yRibz+7G19twupwOaITDyjqN2iJv+/42rdW8lllgbfTPL4NVmGt/kwDD1Yf0wqsW
RDCSfoKx9nJoE+rskCVaLUDzowUs/5bxe018Kp3tsBYpPMn3Y+2Iy4hb/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIiQFXzPZYoixhWDua021cWWt90bMB8GA1UdIwQY
MBaAFC0cqmk1j4yY96cZ8ll9Xa3b0AGMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2Yjct
MjliMDg1ZGQyM2FkLzEvaUpBVmZNOWxpaUxHRllPNXJUYlZ4WmEzM1JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2YjctMjliMDg1ZGQyM2Fk
LzEvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXr7DMA0G
CSqGSIb3DQEBCwUAA4IBAQBOKu4LRoQvWIaz65PbS2frJYhaPRN2LIPBOWt+ji06
5hq/JUfVHoNhluiixBHW2GzGM3kCtVteTsWUYaTYgM/iA8B7/EB2hpM5TfX8rCBk
Wat6MXzt0k6mCpQCkjRA6yOHHqauSjBDmctkPgy0FWHtLt+Ko7l/D9/vNLS38Qgt
zkZHO4s7luVH+q5bOyksJGtJhcl6bNRdd4JNhJbl+G8ZBL3LtbpkpfUEyS8ItPdY
xUvvfa0LAV7IjHKmYCV8Ie/kTUe/jJD4USjskAkCK/5tknJ9xyrHAYJK4sxBCXJY
PTtEAHK2EyZSj1tHOKoWAz5Uh69/hY6SqCyBsW5P7G+p
-----END CERTIFICATE-----