Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/be10af-d67c-47e9-938a-4af1fa36cdb9/1/lpCeyP0b1SZnvza4DIOxu_Ymu1U.roa
File:                     lpCeyP0b1SZnvza4DIOxu_Ymu1U.roa (raw, json)
Hash identifier:          pV9sb6nYPcj/K4xUu4d0tNk7+kgSgxoW30SJl1yP5WM=
Subject key identifier:   96:90:9E:C8:FD:1B:D5:26:67:BF:36:B8:0C:83:B1:BB:F6:26:BB:55
Certificate issuer:       /CN=08cb89a11114efbe0e1e2550ecda336fd792ec5f
Certificate serial:       018CC5DC6A694BFE0E69825BDA534950638B
Authority key identifier: 08:CB:89:A1:11:14:EF:BE:0E:1E:25:50:EC:DA:33:6F:D7:92:EC:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CMuJoREU774OHiVQ7Nozb9eS7F8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/be10af-d67c-47e9-938a-4af1fa36cdb9/1/lpCeyP0b1SZnvza4DIOxu_Ymu1U.roa
Signing time:             Mon 01 Jan 2024 16:30:05 +0000
ROA not before:           Mon 01 Jan 2024 16:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8220
IP address blocks:        194.127.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/be10af-d67c-47e9-938a-4af1fa36cdb9/1/CMuJoREU774OHiVQ7Nozb9eS7F8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/be10af-d67c-47e9-938a-4af1fa36cdb9/1/CMuJoREU774OHiVQ7Nozb9eS7F8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CMuJoREU774OHiVQ7Nozb9eS7F8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:6a:69:4b:fe:0e:69:82:5b:da:53:49:50:63:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08cb89a11114efbe0e1e2550ecda336fd792ec5f
        Validity
            Not Before: Jan  1 16:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96909ec8fd1bd52667bf36b80c83b1bbf626bb55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:0e:13:32:93:fb:7e:f6:e9:ba:3f:5e:59:6b:
                    3a:ae:f4:a2:ce:b1:bb:cc:f6:2f:40:9b:22:7c:c3:
                    3e:72:4c:cf:e5:7d:55:f5:16:ca:a8:48:0a:f3:e3:
                    6f:d1:21:8b:dd:90:54:10:53:73:be:29:8c:d6:ce:
                    6f:f2:3b:73:9e:79:26:7a:0f:b4:a8:10:16:1c:59:
                    03:a8:e9:c5:57:d8:dc:53:57:8a:e6:d3:3b:28:b8:
                    03:7f:a5:f0:4b:9a:66:e8:20:81:41:de:75:78:24:
                    c9:ac:9c:af:51:93:8b:14:00:f4:b9:bd:4e:e6:8f:
                    f4:e8:cd:53:3c:db:57:95:04:93:18:51:b1:4e:88:
                    8f:49:79:98:fd:2b:d6:f3:6f:4f:03:44:35:89:9b:
                    27:1f:91:d6:bb:89:78:4f:1e:f9:dc:b5:5c:34:98:
                    72:7e:a6:33:d8:7a:6e:52:e4:98:83:74:3c:b3:fa:
                    96:6b:e7:0b:9a:65:c4:09:59:84:2d:7b:4f:cf:3e:
                    37:70:d0:47:d0:b5:65:ee:4c:c4:45:bd:1b:c3:e5:
                    8b:7c:44:5c:67:c1:94:33:6e:45:0e:51:c9:41:da:
                    f6:70:0c:57:34:10:49:98:07:b4:55:56:ec:ec:01:
                    60:35:21:e9:f6:c6:d5:76:42:11:12:db:d9:26:c4:
                    9a:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:90:9E:C8:FD:1B:D5:26:67:BF:36:B8:0C:83:B1:BB:F6:26:BB:55
            X509v3 Authority Key Identifier:
                keyid:08:CB:89:A1:11:14:EF:BE:0E:1E:25:50:EC:DA:33:6F:D7:92:EC:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CMuJoREU774OHiVQ7Nozb9eS7F8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/be10af-d67c-47e9-938a-4af1fa36cdb9/1/lpCeyP0b1SZnvza4DIOxu_Ymu1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/be10af-d67c-47e9-938a-4af1fa36cdb9/1/CMuJoREU774OHiVQ7Nozb9eS7F8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:8f:7d:71:32:95:32:02:1d:5d:f0:f1:08:e6:3f:f3:ef:b7:
         b8:7c:8f:47:92:51:bb:4a:87:e2:66:80:26:c8:d4:72:6c:36:
         fd:be:18:47:31:8a:41:60:86:6c:cd:23:f2:c0:fd:45:6e:f0:
         ca:c8:f5:4b:ce:e0:75:1e:0b:b0:8e:51:c5:c3:e4:f5:16:9e:
         5c:bb:5a:df:74:63:0e:21:47:ec:73:fc:3f:53:b2:e2:db:30:
         a7:8e:c5:f6:37:78:53:24:bf:5e:05:0d:0a:d9:79:55:b9:4e:
         a2:71:b3:84:53:14:ae:a5:0e:fc:fe:aa:2c:24:c0:73:30:31:
         2a:6a:80:5f:1c:64:5b:d0:03:f3:b0:30:3b:a2:dd:fa:6d:1a:
         7f:38:e0:37:c0:3d:e7:02:cc:c4:53:64:f7:8a:f1:0b:e0:21:
         10:48:50:d5:f0:ed:d5:5f:b4:4a:88:96:ed:69:12:c6:ac:68:
         04:b0:42:e1:00:c3:c7:e6:d7:a1:41:49:88:cd:a2:2a:09:e0:
         f7:db:9e:2d:e7:86:9b:fd:b3:4a:b5:bf:88:3e:85:77:4b:94:
         68:9c:39:1e:c7:0a:b7:58:59:b7:8d:03:ca:82:da:8a:f1:16:
         a4:3c:23:c8:5e:9c:c4:3e:ad:f8:4e:8b:a8:81:d4:77:c0:77:
         76:80:3f:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3GppS/4OaYJb2lNJUGOLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4Y2I4OWExMTExNGVmYmUwZTFlMjU1MGVjZGEzMzZmZDc5
MmVjNWYwHhcNMjQwMTAxMTYzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjkwOWVjOGZkMWJkNTI2NjdiZjM2YjgwYzgzYjFiYmY2MjZiYjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhQ4TMpP7fvbpuj9eWWs6rvSizrG7
zPYvQJsifMM+ckzP5X1V9RbKqEgK8+Nv0SGL3ZBUEFNzvimM1s5v8jtznnkmeg+0
qBAWHFkDqOnFV9jcU1eK5tM7KLgDf6XwS5pm6CCBQd51eCTJrJyvUZOLFAD0ub1O
5o/06M1TPNtXlQSTGFGxToiPSXmY/SvW829PA0Q1iZsnH5HWu4l4Tx753LVcNJhy
fqYz2HpuUuSYg3Q8s/qWa+cLmmXECVmELXtPzz43cNBH0LVl7kzERb0bw+WLfERc
Z8GUM25FDlHJQdr2cAxXNBBJmAe0VVbs7AFgNSHp9sbVdkIREtvZJsSavwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJaQnsj9G9UmZ782uAyDsbv2JrtVMB8GA1UdIwQY
MBaAFAjLiaERFO++Dh4lUOzaM2/XkuxfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ011Sm9SRVU3NzRPSGlWUTdOb3piOWVTN0Y4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9iZTEwYWYtZDY3Yy00N2U5LTkzOGEt
NGFmMWZhMzZjZGI5LzEvbHBDZXlQMGIxU1pudnphNERJT3h1X1ltdTFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9iZTEwYWYtZDY3Yy00N2U5LTkzOGEtNGFmMWZhMzZjZGI5
LzEvQ011Sm9SRVU3NzRPSGlWUTdOb3piOWVTN0Y4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn/kMA0G
CSqGSIb3DQEBCwUAA4IBAQAHj31xMpUyAh1d8PEI5j/z77e4fI9HklG7SofiZoAm
yNRybDb9vhhHMYpBYIZszSPywP1FbvDKyPVLzuB1HguwjlHFw+T1Fp5cu1rfdGMO
IUfsc/w/U7Li2zCnjsX2N3hTJL9eBQ0K2XlVuU6icbOEUxSupQ78/qosJMBzMDEq
aoBfHGRb0APzsDA7ot36bRp/OOA3wD3nAszEU2T3ivEL4CEQSFDV8O3VX7RKiJbt
aRLGrGgEsELhAMPH5tehQUmIzaIqCeD3254t54ab/bNKtb+IPoV3S5RonDkexwq3
WFm3jQPKgtqK8RakPCPIXpzEPq34TouogdR3wHd2gD/B
-----END CERTIFICATE-----