Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/08aba8-b756-4492-a7ed-6320c460a3f8/1/7ZSOeFM8XcVfVl1R1R2r2tr6no8.roa
File:                     7ZSOeFM8XcVfVl1R1R2r2tr6no8.roa (raw, json)
Hash identifier:          926EsQrKqFUvrO7BI1R+yos8YDi9Aw3qH/qWaRduyC0=
Subject key identifier:   ED:94:8E:78:53:3C:5D:C5:5F:56:5D:51:D5:1D:AB:DA:DA:FA:9E:8F
Certificate issuer:       /CN=e1cc45e84b078d458adf8d867445c46f8c8d0fae
Certificate serial:       018CC86F611242527A97F97FF515AB8E3FD8
Authority key identifier: E1:CC:45:E8:4B:07:8D:45:8A:DF:8D:86:74:45:C4:6F:8C:8D:0F:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4cxF6EsHjUWK342GdEXEb4yND64.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/08aba8-b756-4492-a7ed-6320c460a3f8/1/7ZSOeFM8XcVfVl1R1R2r2tr6no8.roa
Signing time:             Tue 02 Jan 2024 04:29:51 +0000
ROA not before:           Tue 02 Jan 2024 04:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12297
IP address blocks:        194.1.152.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/08aba8-b756-4492-a7ed-6320c460a3f8/1/4cxF6EsHjUWK342GdEXEb4yND64.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/08aba8-b756-4492-a7ed-6320c460a3f8/1/4cxF6EsHjUWK342GdEXEb4yND64.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4cxF6EsHjUWK342GdEXEb4yND64.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:61:12:42:52:7a:97:f9:7f:f5:15:ab:8e:3f:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1cc45e84b078d458adf8d867445c46f8c8d0fae
        Validity
            Not Before: Jan  2 04:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed948e78533c5dc55f565d51d51dabdadafa9e8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:cd:64:fa:f6:b3:4d:1d:25:43:27:7e:91:9d:
                    3a:40:1e:b5:ea:d4:77:e9:fb:12:cb:c7:d2:eb:ee:
                    6c:a2:21:6d:db:a0:93:9b:43:2b:12:da:c5:a2:46:
                    c8:84:6b:d4:60:c5:88:fe:16:34:f4:cb:3a:6b:77:
                    5e:bc:59:73:47:fe:b3:a8:d0:69:5f:7a:fa:20:1d:
                    22:3d:40:1e:96:4d:22:92:ef:8f:0f:05:6d:85:f9:
                    b3:af:23:d7:c1:d7:f2:d2:1f:71:5c:b5:89:ce:e7:
                    cc:3b:25:84:02:65:ab:99:78:fb:78:60:e1:a1:1e:
                    ea:d0:a8:8c:fe:1d:a1:67:c9:ea:13:83:94:20:4d:
                    c6:29:43:44:df:0c:9e:3a:f4:30:df:ca:3f:b2:34:
                    7a:be:87:d6:38:9f:72:90:52:f0:35:d8:49:8b:f9:
                    d5:24:38:88:21:de:93:f3:70:be:ae:86:82:dc:d4:
                    d3:84:db:3c:8e:15:fa:b8:fc:ae:42:90:cf:1d:73:
                    d6:9e:65:af:84:d4:53:6e:64:87:ef:47:bb:ec:96:
                    2f:08:96:1a:f4:c7:7b:0a:14:d0:7b:11:d1:48:39:
                    8a:be:da:7a:b3:0a:6a:42:d8:82:c2:af:48:b4:77:
                    5a:4e:86:c1:de:5d:98:9a:6d:66:62:79:11:04:f2:
                    f0:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:94:8E:78:53:3C:5D:C5:5F:56:5D:51:D5:1D:AB:DA:DA:FA:9E:8F
            X509v3 Authority Key Identifier:
                keyid:E1:CC:45:E8:4B:07:8D:45:8A:DF:8D:86:74:45:C4:6F:8C:8D:0F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4cxF6EsHjUWK342GdEXEb4yND64.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/08aba8-b756-4492-a7ed-6320c460a3f8/1/7ZSOeFM8XcVfVl1R1R2r2tr6no8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/08aba8-b756-4492-a7ed-6320c460a3f8/1/4cxF6EsHjUWK342GdEXEb4yND64.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.1.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:55:d4:23:95:f6:9e:bb:ee:57:f6:ce:09:9a:59:cc:e5:cf:
         af:87:e3:3f:2f:a7:04:bc:a9:4c:61:9b:f0:f4:2f:a5:2b:d9:
         5a:e8:c1:f1:a7:94:cb:3a:20:28:43:08:90:8a:27:a1:a1:df:
         2a:78:bd:5e:4e:b0:d5:fa:39:cb:67:6d:e8:1b:30:f2:72:5b:
         9c:8b:94:e5:fc:da:a4:6c:cc:16:34:ba:a9:bc:b1:6f:bc:93:
         db:2f:0c:d3:ed:85:85:c7:ef:2b:63:37:1c:d7:2e:2f:9d:08:
         d9:fd:ad:97:a1:8d:da:7e:9a:33:c2:9d:7d:04:cb:82:d3:c4:
         49:6c:ad:22:d9:7e:6a:ea:36:62:d1:8a:6c:d0:60:f6:7f:b2:
         2e:0c:94:a6:10:28:e9:61:7d:76:90:55:f7:e0:84:dc:c0:de:
         e5:fa:be:bb:6a:f5:e2:29:4a:08:77:3a:5a:62:26:1b:7a:88:
         e3:9b:48:89:45:49:49:10:d7:64:b0:98:55:66:ac:e9:94:07:
         90:69:4b:af:41:23:40:6f:7d:2b:9e:44:8b:11:c4:d8:45:76:
         83:8a:f4:f6:a4:0f:4b:c1:04:b6:d9:47:eb:db:f1:8c:65:b1:
         57:93:a7:25:b5:df:52:73:4f:b9:40:5b:72:c5:a3:0c:25:90:
         71:2a:60:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb2ESQlJ6l/l/9RWrjj/YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxY2M0NWU4NGIwNzhkNDU4YWRmOGQ4Njc0NDVjNDZmOGM4
ZDBmYWUwHhcNMjQwMTAyMDQyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDk0OGU3ODUzM2M1ZGM1NWY1NjVkNTFkNTFkYWJkYWRhZmE5ZThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkM1k+vazTR0lQyd+kZ06QB616tR3
6fsSy8fS6+5soiFt26CTm0MrEtrFokbIhGvUYMWI/hY09Ms6a3devFlzR/6zqNBp
X3r6IB0iPUAelk0iku+PDwVthfmzryPXwdfy0h9xXLWJzufMOyWEAmWrmXj7eGDh
oR7q0KiM/h2hZ8nqE4OUIE3GKUNE3wyeOvQw38o/sjR6vofWOJ9ykFLwNdhJi/nV
JDiIId6T83C+roaC3NTThNs8jhX6uPyuQpDPHXPWnmWvhNRTbmSH70e77JYvCJYa
9Md7ChTQexHRSDmKvtp6swpqQtiCwq9ItHdaTobB3l2Ymm1mYnkRBPLwJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO2UjnhTPF3FX1ZdUdUdq9ra+p6PMB8GA1UdIwQY
MBaAFOHMRehLB41Fit+NhnRFxG+MjQ+uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGN4RjZFc0hqVVdLMzQyR2RFWEViNHlORDY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy8wOGFiYTgtYjc1Ni00NDkyLWE3ZWQt
NjMyMGM0NjBhM2Y4LzEvN1pTT2VGTThYY1ZmVmwxUjFSMnIydHI2bm84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy8wOGFiYTgtYjc1Ni00NDkyLWE3ZWQtNjMyMGM0NjBhM2Y4
LzEvNGN4RjZFc0hqVVdLMzQyR2RFWEViNHlORDY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgGYMA0G
CSqGSIb3DQEBCwUAA4IBAQBuVdQjlfaeu+5X9s4JmlnM5c+vh+M/L6cEvKlMYZvw
9C+lK9la6MHxp5TLOiAoQwiQiiehod8qeL1eTrDV+jnLZ23oGzDycluci5Tl/Nqk
bMwWNLqpvLFvvJPbLwzT7YWFx+8rYzcc1y4vnQjZ/a2XoY3afpozwp19BMuC08RJ
bK0i2X5q6jZi0Yps0GD2f7IuDJSmECjpYX12kFX34ITcwN7l+r67avXiKUoIdzpa
YiYbeojjm0iJRUlJENdksJhVZqzplAeQaUuvQSNAb30rnkSLEcTYRXaDivT2pA9L
wQS22Ufr2/GMZbFXk6cltd9Sc0+5QFtyxaMMJZBxKmA5
-----END CERTIFICATE-----