Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/0338f3-0802-4e5b-9241-60bf71937104/1/_NqM0pjBxVYLkxbuvCn3DcM_4LI.roa
File:                     _NqM0pjBxVYLkxbuvCn3DcM_4LI.roa (raw, json)
Hash identifier:          AhlEnyu8JfXpiYUQHd/gEUrkjk473YZJ+FpcyU8gBds=
Subject key identifier:   FC:DA:8C:D2:98:C1:C5:56:0B:93:16:EE:BC:29:F7:0D:C3:3F:E0:B2
Certificate issuer:       /CN=e0a008a80d8ff262625e65fe258769158b2998f0
Certificate serial:       018CC2DB1F4F7D030FE022EC8CAC9CD3B92E
Authority key identifier: E0:A0:08:A8:0D:8F:F2:62:62:5E:65:FE:25:87:69:15:8B:29:98:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4KAIqA2P8mJiXmX-JYdpFYspmPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/0338f3-0802-4e5b-9241-60bf71937104/1/_NqM0pjBxVYLkxbuvCn3DcM_4LI.roa
Signing time:             Mon 01 Jan 2024 02:29:49 +0000
ROA not before:           Mon 01 Jan 2024 02:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47767
IP address blocks:        94.124.184.0/21 maxlen: 24
                          2a03:9780::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/0338f3-0802-4e5b-9241-60bf71937104/1/4KAIqA2P8mJiXmX-JYdpFYspmPA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/0338f3-0802-4e5b-9241-60bf71937104/1/4KAIqA2P8mJiXmX-JYdpFYspmPA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4KAIqA2P8mJiXmX-JYdpFYspmPA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 01:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:1f:4f:7d:03:0f:e0:22:ec:8c:ac:9c:d3:b9:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0a008a80d8ff262625e65fe258769158b2998f0
        Validity
            Not Before: Jan  1 02:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fcda8cd298c1c5560b9316eebc29f70dc33fe0b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:2a:74:20:68:dd:8e:26:d9:ba:c5:17:0a:76:
                    ba:15:18:e6:99:38:0d:b2:5b:f8:fa:38:a0:db:d5:
                    d6:7d:eb:dc:20:cf:cc:40:c5:00:34:eb:64:51:a6:
                    41:a5:6b:ad:ec:78:d6:f7:19:82:c1:9f:b4:a1:4a:
                    fd:e7:7e:c8:7c:97:8f:2e:b6:73:d0:c5:ab:8b:ad:
                    8c:2d:a7:dd:58:36:a7:d0:63:e1:ff:6a:67:cb:78:
                    a2:d6:83:32:53:c5:81:63:da:05:43:1b:04:23:78:
                    37:c9:48:ed:38:5d:eb:d5:62:8c:84:42:c8:67:9b:
                    c0:3b:72:a9:16:0a:ae:ed:0a:89:d1:12:46:68:5b:
                    14:7f:f4:03:d3:bc:22:68:33:ba:ad:3f:8f:97:58:
                    a8:ee:d3:39:dd:7f:70:e0:a0:c4:a0:52:5a:d0:f3:
                    c7:72:45:73:10:d4:54:6a:ed:57:f3:48:24:3e:4e:
                    a7:6c:8e:e1:07:ac:77:3b:66:fa:15:c9:22:5e:1b:
                    d6:eb:62:3e:7d:c1:77:25:50:bb:f1:32:12:92:a7:
                    30:ea:d3:85:34:5d:fb:6a:35:b2:fe:4d:2a:05:7b:
                    32:d6:53:54:b0:67:d4:05:e2:9d:86:b4:22:b6:e6:
                    35:a4:81:00:b4:f2:53:89:67:2d:0f:d1:75:a2:06:
                    22:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:DA:8C:D2:98:C1:C5:56:0B:93:16:EE:BC:29:F7:0D:C3:3F:E0:B2
            X509v3 Authority Key Identifier:
                keyid:E0:A0:08:A8:0D:8F:F2:62:62:5E:65:FE:25:87:69:15:8B:29:98:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4KAIqA2P8mJiXmX-JYdpFYspmPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/0338f3-0802-4e5b-9241-60bf71937104/1/_NqM0pjBxVYLkxbuvCn3DcM_4LI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/0338f3-0802-4e5b-9241-60bf71937104/1/4KAIqA2P8mJiXmX-JYdpFYspmPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.124.184.0/21
                IPv6:
                  2a03:9780::/32

    Signature Algorithm: sha256WithRSAEncryption
         47:4d:87:07:c3:0b:58:c5:ef:a5:24:96:0e:b2:e9:db:9e:f6:
         7f:ea:b8:8d:6c:9d:05:af:99:2c:f1:53:2c:9c:08:52:7e:7b:
         68:70:8d:78:e9:05:ed:13:98:97:5a:9c:6f:ad:d1:53:88:db:
         0c:46:50:8e:88:13:e3:f8:65:43:f7:eb:ee:cb:ce:ad:54:6a:
         cb:3b:dc:73:ef:15:04:8e:76:bd:46:d9:69:f5:83:66:88:e8:
         12:03:a4:b2:f4:84:d2:80:da:0c:16:ac:31:d1:45:07:d2:1d:
         cf:eb:ba:65:e8:5f:be:b4:10:32:56:ae:67:b8:4a:55:72:bd:
         25:8f:ae:f9:01:d9:91:96:e1:4f:46:14:9c:94:b9:a2:98:cd:
         d9:ab:d5:05:d0:96:cc:9f:4f:ad:96:82:9c:7d:1d:05:80:2e:
         5d:d1:ca:17:f1:0b:00:31:05:0d:54:24:a8:07:9b:d1:ec:f1:
         3f:35:e5:34:25:0c:51:38:84:b6:7e:dd:d3:c4:7f:36:26:6a:
         b1:e6:54:e1:6b:49:b1:a0:9c:80:89:d0:4e:44:11:bb:a9:13:
         4f:74:6c:c7:68:38:60:d2:76:a2:fc:37:60:b9:f5:56:39:f3:
         1d:5b:4f:3a:33:fc:91:38:82:79:5a:95:85:6e:ff:a1:2f:29:
         56:b6:13:90
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2x9PfQMP4CLsjKyc07kuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwYTAwOGE4MGQ4ZmYyNjI2MjVlNjVmZTI1ODc2OTE1OGIy
OTk4ZjAwHhcNMjQwMTAxMDIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2RhOGNkMjk4YzFjNTU2MGI5MzE2ZWViYzI5ZjcwZGMzM2ZlMGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoyp0IGjdjibZusUXCna6FRjmmTgN
slv4+jig29XWfevcIM/MQMUANOtkUaZBpWut7HjW9xmCwZ+0oUr9537IfJePLrZz
0MWri62MLafdWDan0GPh/2pny3ii1oMyU8WBY9oFQxsEI3g3yUjtOF3r1WKMhELI
Z5vAO3KpFgqu7QqJ0RJGaFsUf/QD07wiaDO6rT+Pl1io7tM53X9w4KDEoFJa0PPH
ckVzENRUau1X80gkPk6nbI7hB6x3O2b6FckiXhvW62I+fcF3JVC78TISkqcw6tOF
NF37ajWy/k0qBXsy1lNUsGfUBeKdhrQituY1pIEAtPJTiWctD9F1ogYiJwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPzajNKYwcVWC5MW7rwp9w3DP+CyMB8GA1UdIwQY
MBaAFOCgCKgNj/JiYl5l/iWHaRWLKZjwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEtBSXFBMlA4bUppWG1YLUpZZHBGWXNwbVBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy8wMzM4ZjMtMDgwMi00ZTViLTkyNDEt
NjBiZjcxOTM3MTA0LzEvX05xTTBwakJ4VllMa3hidXZDbjNEY01fNExJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy8wMzM4ZjMtMDgwMi00ZTViLTkyNDEtNjBiZjcxOTM3MTA0
LzEvNEtBSXFBMlA4bUppWG1YLUpZZHBGWXNwbVBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDXny4MA0E
AgACMAcDBQAqA5eAMA0GCSqGSIb3DQEBCwUAA4IBAQBHTYcHwwtYxe+lJJYOsunb
nvZ/6riNbJ0Fr5ks8VMsnAhSfntocI146QXtE5iXWpxvrdFTiNsMRlCOiBPj+GVD
9+vuy86tVGrLO9xz7xUEjna9Rtlp9YNmiOgSA6Sy9ITSgNoMFqwx0UUH0h3P67pl
6F++tBAyVq5nuEpVcr0lj675AdmRluFPRhSclLmimM3Zq9UF0JbMn0+tloKcfR0F
gC5d0coX8QsAMQUNVCSoB5vR7PE/NeU0JQxROIS2ft3TxH82Jmqx5lTha0mxoJyA
idBORBG7qRNPdGzHaDhg0nai/DdgufVWOfMdW086M/yROIJ5WpWFbv+hLylWthOQ
-----END CERTIFICATE-----