Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/1-JicHkla4fAqiiOwE3dWyC4Z3lk.roa
File:                     1-JicHkla4fAqiiOwE3dWyC4Z3lk.roa (raw, json)
Hash identifier:          KuHOhNHAr3dRLTs0tW3Ngx4aFNx/GlS23fHqNdyazuA=
Subject key identifier:   F8:98:9C:1E:49:5A:E1:F0:2A:8A:23:B0:13:77:56:C8:2E:19:DE:59
Certificate issuer:       /CN=57c670c8db32dd748df797c5c93013d8c91fa839
Certificate serial:       018F718CD384673313FC8B2A6BF65FA2948B
Authority key identifier: 57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/1-JicHkla4fAqiiOwE3dWyC4Z3lk.roa
Signing time:             Mon 13 May 2024 10:43:25 +0000
ROA not before:           Mon 13 May 2024 10:43:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214927
IP address blocks:        94.232.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:71:8c:d3:84:67:33:13:fc:8b:2a:6b:f6:5f:a2:94:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57c670c8db32dd748df797c5c93013d8c91fa839
        Validity
            Not Before: May 13 10:43:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f8989c1e495ae1f02a8a23b0137756c82e19de59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:33:d0:b9:5f:65:a4:cb:4e:a8:6c:05:22:f1:
                    38:6e:68:04:e4:e7:28:5e:0a:2f:ff:3b:81:24:ee:
                    d0:d2:4d:cd:bc:b2:3f:ec:53:86:59:5d:5a:4d:00:
                    0c:49:09:39:08:de:ae:66:db:fe:05:19:44:fb:94:
                    8a:c2:4b:ef:36:88:df:0f:1e:0f:9e:c0:dd:f0:4e:
                    69:41:dd:15:90:10:30:5f:75:ce:22:83:3d:7a:83:
                    f3:ef:de:d6:81:c0:5c:ef:af:55:7e:a9:16:12:8e:
                    5b:7a:30:a2:2d:73:b0:dd:84:a5:a1:c4:2b:93:57:
                    17:ab:44:5d:2a:59:21:e3:53:25:39:ee:ae:08:4e:
                    5d:c9:5c:9b:79:7a:df:72:49:84:d5:d8:ee:2e:74:
                    42:d3:14:e1:56:ff:18:ef:ba:1f:20:e6:0d:0e:d6:
                    68:8d:10:b8:85:52:56:59:8d:d2:e1:80:76:eb:7a:
                    db:42:47:43:ee:36:cc:80:bf:7a:75:f7:fb:5c:b3:
                    1a:4d:f9:e8:b1:5b:53:0a:17:04:d0:94:dc:6d:64:
                    90:a0:c4:d9:48:80:79:c8:0e:e1:2c:58:02:de:fe:
                    78:8a:27:31:c0:ea:4b:bc:1c:6a:17:78:80:08:1d:
                    2f:97:23:f1:34:3a:f7:3d:b6:eb:60:a9:d2:ca:3e:
                    ac:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:98:9C:1E:49:5A:E1:F0:2A:8A:23:B0:13:77:56:C8:2E:19:DE:59
            X509v3 Authority Key Identifier:
                keyid:57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/1-JicHkla4fAqiiOwE3dWyC4Z3lk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.232.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:e9:20:d5:0c:9f:c5:15:f8:f5:32:47:13:5f:50:8f:72:b0:
         c5:65:e0:58:26:06:a6:33:c0:ec:23:1e:96:37:6e:22:b4:df:
         1d:87:58:24:9c:b7:d9:40:95:0e:28:53:c3:43:d3:57:94:b9:
         b5:e0:d5:ba:c5:cd:79:df:c8:88:64:a0:d6:96:cc:26:ae:7b:
         25:94:63:65:24:11:60:11:8a:99:be:33:e4:e9:f6:fd:78:8e:
         0e:8b:fc:4c:cd:89:c6:ce:1f:21:17:12:3d:5c:f1:6d:e5:e3:
         ed:7f:86:05:57:d1:4a:d7:57:79:5a:9b:5c:53:de:b1:d5:e7:
         c6:75:d9:77:a3:7c:4c:c4:b7:86:18:9e:89:79:c6:fe:54:af:
         cb:e9:53:d5:01:51:78:ba:8a:39:a6:4a:d5:55:d8:29:3e:08:
         d9:c0:b1:99:77:83:86:78:fe:bf:ca:2b:d7:20:75:f6:0e:70:
         a4:1e:c2:b5:8f:fa:1d:dd:d0:93:57:7d:12:4b:e0:e0:ab:e2:
         24:6a:18:a0:81:a1:1f:75:9f:78:21:b6:6d:0c:8c:72:76:93:
         67:a2:88:d5:bc:da:4a:e8:be:c3:c5:88:8e:93:66:7d:3d:22:
         eb:3d:a4:5a:c1:7a:8b:77:aa:8f:f9:3a:4f:06:f5:e5:68:64:
         20:54:04:6e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY9xjNOEZzMT/Isqa/ZfopSLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzY3MGM4ZGIzMmRkNzQ4ZGY3OTdjNWM5MzAxM2Q4Yzkx
ZmE4MzkwHhcNMjQwNTEzMTA0MzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODk4OWMxZTQ5NWFlMWYwMmE4YTIzYjAxMzc3NTZjODJlMTlkZTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvDPQuV9lpMtOqGwFIvE4bmgE5Oco
Xgov/zuBJO7Q0k3NvLI/7FOGWV1aTQAMSQk5CN6uZtv+BRlE+5SKwkvvNojfDx4P
nsDd8E5pQd0VkBAwX3XOIoM9eoPz797WgcBc769VfqkWEo5bejCiLXOw3YSlocQr
k1cXq0RdKlkh41MlOe6uCE5dyVybeXrfckmE1djuLnRC0xThVv8Y77ofIOYNDtZo
jRC4hVJWWY3S4YB263rbQkdD7jbMgL96dff7XLMaTfnosVtTChcE0JTcbWSQoMTZ
SIB5yA7hLFgC3v54iicxwOpLvBxqF3iACB0vlyPxNDr3PbbrYKnSyj6stwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPiYnB5JWuHwKoojsBN3VsguGd5ZMB8GA1UdIwQY
MBaAFFfGcMjbMt10jfeXxckwE9jJH6g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQt
MzA0OTVmNDAzNzg0LzEvMS1KaWNIa2xhNGZBcWlpT3dFM2RXeUM0WjNsay5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTgvNWE2ZmRhLTc4OTYtNGM1MC1hZmZkLTMwNDk1ZjQwMzc4
NC8xL1Y4Wnd5TnN5M1hTTjk1ZkZ5VEFUMk1rZnFEay5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAF7o+TAN
BgkqhkiG9w0BAQsFAAOCAQEAdukg1QyfxRX49TJHE19Qj3KwxWXgWCYGpjPA7CMe
ljduIrTfHYdYJJy32UCVDihTw0PTV5S5teDVusXNed/IiGSg1pbMJq57JZRjZSQR
YBGKmb4z5On2/XiODov8TM2Jxs4fIRcSPVzxbeXj7X+GBVfRStdXeVqbXFPesdXn
xnXZd6N8TMS3hhieiXnG/lSvy+lT1QFReLqKOaZK1VXYKT4I2cCxmXeDhnj+v8or
1yB19g5wpB7CtY/6Hd3Qk1d9Ekvg4KviJGoYoIGhH3WfeCG2bQyMcnaTZ6KI1bza
Sui+w8WIjpNmfT0i6z2kWsF6i3eqj/k6Twb15WhkIFQEbg==
-----END CERTIFICATE-----