Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/28d600-a869-4ab1-9b2e-446019966a19/1/uPvADUpEkoFl52hjqF1we5KfLO8.roa
File:                     uPvADUpEkoFl52hjqF1we5KfLO8.roa (raw, json)
Hash identifier:          +WVB7DWV0MgkJPXrxWOjyZ1lcSw33nc5QJlQntTofSc=
Subject key identifier:   B8:FB:C0:0D:4A:44:92:81:65:E7:68:63:A8:5D:70:7B:92:9F:2C:EF
Certificate issuer:       /CN=e0574c2878d6b536139b895f08c9c6db18e12a9b
Certificate serial:       018CC64B705542E2090CF60179A3453FFEED
Authority key identifier: E0:57:4C:28:78:D6:B5:36:13:9B:89:5F:08:C9:C6:DB:18:E1:2A:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4FdMKHjWtTYTm4lfCMnG2xjhKps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/28d600-a869-4ab1-9b2e-446019966a19/1/uPvADUpEkoFl52hjqF1we5KfLO8.roa
Signing time:             Mon 01 Jan 2024 18:31:21 +0000
ROA not before:           Mon 01 Jan 2024 18:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212846
IP address blocks:        94.124.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/28d600-a869-4ab1-9b2e-446019966a19/1/4FdMKHjWtTYTm4lfCMnG2xjhKps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/28d600-a869-4ab1-9b2e-446019966a19/1/4FdMKHjWtTYTm4lfCMnG2xjhKps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4FdMKHjWtTYTm4lfCMnG2xjhKps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 11:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:70:55:42:e2:09:0c:f6:01:79:a3:45:3f:fe:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0574c2878d6b536139b895f08c9c6db18e12a9b
        Validity
            Not Before: Jan  1 18:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b8fbc00d4a44928165e76863a85d707b929f2cef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:dd:92:9c:78:c0:2d:b1:6a:24:7d:8b:dd:df:
                    c1:7d:ec:d9:31:ba:68:69:71:08:0d:96:c5:b2:eb:
                    3a:cf:be:18:cf:69:35:cd:ed:65:3c:cf:2f:68:d7:
                    8a:97:fa:b8:05:b9:a8:18:ec:b9:03:62:1a:d6:1b:
                    fc:58:a0:70:83:4e:65:7c:5f:1a:49:dd:57:28:22:
                    99:65:19:f5:4e:2e:ff:03:4e:af:cd:7d:f3:27:65:
                    e2:2d:8b:28:ce:6f:9c:00:5b:29:bc:74:02:2d:2f:
                    1c:6c:56:7a:c6:da:46:0f:01:04:7d:40:f8:31:48:
                    56:1e:a3:15:7f:0d:37:3e:4d:13:ff:1f:d4:71:ba:
                    a9:58:45:39:87:00:eb:aa:7f:91:d1:1c:0f:ec:a2:
                    b9:96:4f:3a:c3:f1:fa:59:2d:30:bf:8c:b3:c8:08:
                    b4:af:3c:15:80:33:3e:a3:9a:61:86:a9:46:b6:62:
                    31:07:8e:d6:a2:0d:c2:f7:45:9f:72:c5:81:7a:e1:
                    5a:27:9a:02:cd:db:1d:b1:5f:70:83:07:9d:ed:10:
                    78:ca:00:49:f5:f8:5a:95:af:6f:85:4a:b3:59:41:
                    cf:c3:24:ed:70:5b:ad:5a:9e:e1:d3:b0:82:a6:d2:
                    20:23:9b:a2:12:89:a5:bd:c8:5e:78:6d:e5:0e:67:
                    9a:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:FB:C0:0D:4A:44:92:81:65:E7:68:63:A8:5D:70:7B:92:9F:2C:EF
            X509v3 Authority Key Identifier:
                keyid:E0:57:4C:28:78:D6:B5:36:13:9B:89:5F:08:C9:C6:DB:18:E1:2A:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4FdMKHjWtTYTm4lfCMnG2xjhKps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/28d600-a869-4ab1-9b2e-446019966a19/1/uPvADUpEkoFl52hjqF1we5KfLO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/28d600-a869-4ab1-9b2e-446019966a19/1/4FdMKHjWtTYTm4lfCMnG2xjhKps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.124.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:4c:28:1f:56:52:3c:d7:f1:1d:ca:84:0a:4b:1a:54:a0:7b:
         2b:1e:ce:19:f8:45:23:2e:02:be:ec:8d:bd:5b:17:14:bc:db:
         2b:f4:b8:52:04:9f:9d:dd:e5:39:41:f7:ae:ef:d5:82:5a:ea:
         d7:d4:f0:e6:c6:d1:da:a0:43:d4:04:e7:85:fc:75:1e:13:d1:
         0e:3f:84:11:39:2b:57:60:15:50:cc:99:db:90:75:2f:c9:11:
         08:21:34:76:ef:92:55:5a:68:d6:38:9a:ea:14:f8:5e:4d:b9:
         49:dc:0a:65:76:b8:82:9b:95:b6:f8:22:e5:69:99:70:ae:86:
         57:d4:3e:c0:fa:79:cb:a5:50:09:b4:48:8b:a7:73:e1:e1:c4:
         53:1d:14:fe:be:d3:09:d4:45:64:c2:a6:e9:e6:b8:93:e4:c5:
         5e:03:a4:f2:9f:86:a1:e8:e8:f0:b2:ca:8b:c3:27:8a:1e:f6:
         f1:8e:fa:fb:2f:c3:cc:ed:b2:75:d2:5f:be:06:98:ec:e3:f9:
         7e:49:e1:3f:9e:60:7e:02:a8:77:60:a3:56:c5:2a:f9:d0:af:
         47:89:2a:af:1c:4b:52:13:70:3c:20:7d:37:60:d8:48:34:b4:
         df:bf:4a:68:11:c4:b4:35:2b:9a:06:40:ef:6f:87:99:39:2a:
         95:1e:79:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS3BVQuIJDPYBeaNFP/7tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNTc0YzI4NzhkNmI1MzYxMzliODk1ZjA4YzljNmRiMThl
MTJhOWIwHhcNMjQwMTAxMTgzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGZiYzAwZDRhNDQ5MjgxNjVlNzY4NjNhODVkNzA3YjkyOWYyY2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvt2SnHjALbFqJH2L3d/BfezZMbpo
aXEIDZbFsus6z74Yz2k1ze1lPM8vaNeKl/q4BbmoGOy5A2Ia1hv8WKBwg05lfF8a
Sd1XKCKZZRn1Ti7/A06vzX3zJ2XiLYsozm+cAFspvHQCLS8cbFZ6xtpGDwEEfUD4
MUhWHqMVfw03Pk0T/x/UcbqpWEU5hwDrqn+R0RwP7KK5lk86w/H6WS0wv4yzyAi0
rzwVgDM+o5phhqlGtmIxB47Wog3C90WfcsWBeuFaJ5oCzdsdsV9wgwed7RB4ygBJ
9fhala9vhUqzWUHPwyTtcFutWp7h07CCptIgI5uiEomlvcheeG3lDmeaaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLj7wA1KRJKBZedoY6hdcHuSnyzvMB8GA1UdIwQY
MBaAFOBXTCh41rU2E5uJXwjJxtsY4SqbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEZkTUtIald0VFlUbTRsZkNNbkcyeGpoS3BzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8yOGQ2MDAtYTg2OS00YWIxLTliMmUt
NDQ2MDE5OTY2YTE5LzEvdVB2QURVcEVrb0ZsNTJoanFGMXdlNUtmTE84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8yOGQ2MDAtYTg2OS00YWIxLTliMmUtNDQ2MDE5OTY2YTE5
LzEvNEZkTUtIald0VFlUbTRsZkNNbkcyeGpoS3BzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXnykMA0G
CSqGSIb3DQEBCwUAA4IBAQBUTCgfVlI81/EdyoQKSxpUoHsrHs4Z+EUjLgK+7I29
WxcUvNsr9LhSBJ+d3eU5Qfeu79WCWurX1PDmxtHaoEPUBOeF/HUeE9EOP4QROStX
YBVQzJnbkHUvyREIITR275JVWmjWOJrqFPheTblJ3ApldriCm5W2+CLlaZlwroZX
1D7A+nnLpVAJtEiLp3Ph4cRTHRT+vtMJ1EVkwqbp5riT5MVeA6Tyn4ah6OjwssqL
wyeKHvbxjvr7L8PM7bJ10l++Bpjs4/l+SeE/nmB+Aqh3YKNWxSr50K9HiSqvHEtS
E3A8IH03YNhINLTfv0poEcS0NSuaBkDvb4eZOSqVHnn2
-----END CERTIFICATE-----