Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/9453a0-e655-480e-b6a9-e39524e7a6ed/1/SEMfo8pmPasRIV9i7AIMqc7yIB0.roa
File:                     SEMfo8pmPasRIV9i7AIMqc7yIB0.roa (raw, json)
Hash identifier:          ge9DTmWYEPm+XqJexW7lp+kpY0BBOQbD7bv1X/ipcWI=
Subject key identifier:   48:43:1F:A3:CA:66:3D:AB:11:21:5F:62:EC:02:0C:A9:CE:F2:20:1D
Certificate issuer:       /CN=9955c5a7137eb5d47ea24e17d27fa92d0b42fbd8
Certificate serial:       018CC727188DFB6B4FC78962AFC1BB586293
Authority key identifier: 99:55:C5:A7:13:7E:B5:D4:7E:A2:4E:17:D2:7F:A9:2D:0B:42:FB:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mVXFpxN-tdR-ok4X0n-pLQtC-9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/9453a0-e655-480e-b6a9-e39524e7a6ed/1/SEMfo8pmPasRIV9i7AIMqc7yIB0.roa
Signing time:             Mon 01 Jan 2024 22:31:17 +0000
ROA not before:           Mon 01 Jan 2024 22:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29241
IP address blocks:        194.30.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/9453a0-e655-480e-b6a9-e39524e7a6ed/1/mVXFpxN-tdR-ok4X0n-pLQtC-9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/9453a0-e655-480e-b6a9-e39524e7a6ed/1/mVXFpxN-tdR-ok4X0n-pLQtC-9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mVXFpxN-tdR-ok4X0n-pLQtC-9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:18:8d:fb:6b:4f:c7:89:62:af:c1:bb:58:62:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9955c5a7137eb5d47ea24e17d27fa92d0b42fbd8
        Validity
            Not Before: Jan  1 22:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=48431fa3ca663dab11215f62ec020ca9cef2201d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:a6:01:93:68:11:75:80:90:eb:54:2a:62:eb:
                    13:bc:69:ed:04:0b:50:dd:30:a4:20:f1:3e:92:3e:
                    3b:3b:dc:7b:f8:0a:b2:b3:c8:c2:35:39:f5:26:0e:
                    37:db:71:ea:ba:d2:6c:b4:47:47:f5:33:d0:53:00:
                    2c:da:2c:4f:67:49:13:6f:26:d5:d3:76:c1:26:fd:
                    c5:be:a9:42:32:d2:7a:a3:8e:a6:90:be:b5:2d:3f:
                    51:54:65:ee:1e:9f:b4:bd:8b:10:44:3a:be:79:39:
                    40:50:98:55:70:21:0e:1f:43:6c:ca:a8:1b:f4:cc:
                    bd:83:12:d1:e0:ea:b1:80:8b:e9:34:b0:a8:a1:68:
                    ab:ac:1d:56:ef:64:ac:c4:9d:04:d7:19:54:99:8e:
                    d4:8e:7f:4e:57:ca:50:1c:ce:f4:a7:02:a2:97:41:
                    9a:62:1c:ad:ae:e1:22:a8:60:5d:a0:12:4c:6b:35:
                    47:11:d3:5b:dd:5d:06:4a:be:58:b3:c7:70:e4:c2:
                    0e:cd:2d:c5:81:7b:9e:40:df:2b:9b:40:12:3a:28:
                    a3:b8:c9:7c:ac:52:50:6c:ad:fd:4a:0a:d5:47:5a:
                    26:69:8d:1c:89:68:fc:36:8c:21:f8:59:d8:c1:eb:
                    93:56:d6:38:eb:a7:10:dd:ef:5d:51:bc:f9:63:6b:
                    df:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:43:1F:A3:CA:66:3D:AB:11:21:5F:62:EC:02:0C:A9:CE:F2:20:1D
            X509v3 Authority Key Identifier:
                keyid:99:55:C5:A7:13:7E:B5:D4:7E:A2:4E:17:D2:7F:A9:2D:0B:42:FB:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mVXFpxN-tdR-ok4X0n-pLQtC-9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/9453a0-e655-480e-b6a9-e39524e7a6ed/1/SEMfo8pmPasRIV9i7AIMqc7yIB0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/9453a0-e655-480e-b6a9-e39524e7a6ed/1/mVXFpxN-tdR-ok4X0n-pLQtC-9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.30.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:e7:39:e1:12:79:53:ab:b8:bc:36:10:75:28:5d:00:85:5e:
         a6:a9:c3:3a:f0:03:b4:89:88:ad:83:c3:c8:0c:1d:d7:da:99:
         48:8b:68:e2:6b:bf:df:73:8c:2b:05:66:5e:c2:b6:db:e8:93:
         98:49:39:84:03:96:73:90:ab:84:1d:b4:42:69:10:e3:5f:b5:
         75:ab:62:8a:58:5c:73:02:96:33:c1:76:2c:f1:eb:b9:40:36:
         55:30:50:ca:33:eb:a8:06:29:47:ab:2d:79:39:84:70:87:41:
         18:35:7f:a2:3f:16:f0:27:d2:cd:29:35:7f:dd:6f:f3:c9:26:
         0a:e2:9c:60:5b:3c:9c:b7:98:0c:87:3c:5c:b7:6a:36:49:3a:
         4c:0a:ec:3c:5a:b5:27:1d:ac:3c:66:90:22:e1:82:05:90:2f:
         1b:91:7e:86:18:c8:1e:aa:13:80:79:18:c8:b6:98:a8:85:7c:
         55:6f:a2:3f:8f:3f:cd:a4:7a:19:4d:47:f5:03:31:a4:cc:dc:
         cc:18:b4:d1:d2:f0:5d:63:74:2e:1d:e6:9e:3e:ec:d5:5e:b7:
         b6:b2:2c:98:66:74:55:25:10:b0:4a:0a:c5:81:26:35:9c:86:
         f8:61:5d:6b:fd:7b:08:eb:85:9d:94:10:92:f8:3b:bc:29:eb:
         8f:ba:7d:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJxiN+2tPx4lir8G7WGKTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5NTVjNWE3MTM3ZWI1ZDQ3ZWEyNGUxN2QyN2ZhOTJkMGI0
MmZiZDgwHhcNMjQwMTAxMjIzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODQzMWZhM2NhNjYzZGFiMTEyMTVmNjJlYzAyMGNhOWNlZjIyMDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqYBk2gRdYCQ61QqYusTvGntBAtQ
3TCkIPE+kj47O9x7+Aqys8jCNTn1Jg4323HqutJstEdH9TPQUwAs2ixPZ0kTbybV
03bBJv3FvqlCMtJ6o46mkL61LT9RVGXuHp+0vYsQRDq+eTlAUJhVcCEOH0Nsyqgb
9My9gxLR4OqxgIvpNLCooWirrB1W72SsxJ0E1xlUmY7Ujn9OV8pQHM70pwKil0Ga
YhytruEiqGBdoBJMazVHEdNb3V0GSr5Ys8dw5MIOzS3FgXueQN8rm0ASOiijuMl8
rFJQbK39SgrVR1omaY0ciWj8Nowh+FnYweuTVtY466cQ3e9dUbz5Y2vfGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEhDH6PKZj2rESFfYuwCDKnO8iAdMB8GA1UdIwQY
MBaAFJlVxacTfrXUfqJOF9J/qS0LQvvYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVZYRnB4Ti10ZFItb2s0WDBuLXBMUXRDLTlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy85NDUzYTAtZTY1NS00ODBlLWI2YTkt
ZTM5NTI0ZTdhNmVkLzEvU0VNZm84cG1QYXNSSVY5aTdBSU1xYzd5SUIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy85NDUzYTAtZTY1NS00ODBlLWI2YTktZTM5NTI0ZTdhNmVk
LzEvbVZYRnB4Ti10ZFItb2s0WDBuLXBMUXRDLTlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwh7gMA0G
CSqGSIb3DQEBCwUAA4IBAQBB5znhEnlTq7i8NhB1KF0AhV6mqcM68AO0iYitg8PI
DB3X2plIi2jia7/fc4wrBWZewrbb6JOYSTmEA5ZzkKuEHbRCaRDjX7V1q2KKWFxz
ApYzwXYs8eu5QDZVMFDKM+uoBilHqy15OYRwh0EYNX+iPxbwJ9LNKTV/3W/zySYK
4pxgWzyct5gMhzxct2o2STpMCuw8WrUnHaw8ZpAi4YIFkC8bkX6GGMgeqhOAeRjI
tpiohXxVb6I/jz/NpHoZTUf1AzGkzNzMGLTR0vBdY3QuHeaePuzVXre2siyYZnRV
JRCwSgrFgSY1nIb4YV1r/XsI64WdlBCS+Du8KeuPun0+
-----END CERTIFICATE-----