Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/157ba9-5ae7-4460-887b-782b82ebcaae/1/CyGeMoZciLKlkc2HNPKyQGNU1ns.roa
File:                     CyGeMoZciLKlkc2HNPKyQGNU1ns.roa (raw, json)
Hash identifier:          wBL6J4wUTEIkc06sqP4Z1SjSZ1bsxRh1idJaUOO5VFQ=
Subject key identifier:   0B:21:9E:32:86:5C:88:B2:A5:91:CD:87:34:F2:B2:40:63:54:D6:7B
Certificate issuer:       /CN=83e5d90301d3cf67b88fee42dd545afcf14ea561
Certificate serial:       018CC64B6C6250370C48A42F38445B1FB689
Authority key identifier: 83:E5:D9:03:01:D3:CF:67:B8:8F:EE:42:DD:54:5A:FC:F1:4E:A5:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g-XZAwHTz2e4j-5C3VRa_PFOpWE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/157ba9-5ae7-4460-887b-782b82ebcaae/1/CyGeMoZciLKlkc2HNPKyQGNU1ns.roa
Signing time:             Mon 01 Jan 2024 18:31:20 +0000
ROA not before:           Mon 01 Jan 2024 18:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        194.29.54.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/157ba9-5ae7-4460-887b-782b82ebcaae/1/g-XZAwHTz2e4j-5C3VRa_PFOpWE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/157ba9-5ae7-4460-887b-782b82ebcaae/1/g-XZAwHTz2e4j-5C3VRa_PFOpWE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g-XZAwHTz2e4j-5C3VRa_PFOpWE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:03:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:6c:62:50:37:0c:48:a4:2f:38:44:5b:1f:b6:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83e5d90301d3cf67b88fee42dd545afcf14ea561
        Validity
            Not Before: Jan  1 18:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b219e32865c88b2a591cd8734f2b2406354d67b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:d1:9e:ef:7d:12:48:df:dc:36:9d:c7:6b:2e:
                    78:6a:47:fd:23:6d:18:30:d5:a5:48:5e:91:9b:67:
                    43:a6:d4:14:37:b4:2c:34:e9:05:5e:46:13:b3:b0:
                    b9:8a:02:f1:1d:2e:17:e5:0e:0d:00:3b:cc:61:32:
                    d5:b0:8d:66:7c:1d:fe:20:5a:34:f2:ff:68:49:c9:
                    66:a3:33:89:bb:33:3f:41:60:58:f5:14:f9:e4:d3:
                    a3:6d:47:76:03:be:16:f2:09:ad:5f:26:56:49:36:
                    08:81:f4:a3:6b:b6:0f:30:7b:c1:61:65:6d:b3:6d:
                    d0:cf:8f:29:35:9a:ee:5f:41:b5:9c:2a:68:b1:bc:
                    88:b1:09:6f:51:6a:46:a2:05:ab:a4:78:84:1a:6b:
                    56:68:83:c0:55:57:eb:62:d5:7a:21:dd:98:2c:89:
                    d3:56:1d:46:65:34:16:ab:df:83:e0:0f:c8:9c:d8:
                    79:e7:8f:2f:86:db:87:1e:d6:fb:c3:50:33:22:be:
                    8e:15:42:1b:30:1e:7c:39:e5:4b:c6:dc:fe:24:47:
                    7b:90:0b:7d:1f:c4:58:57:88:70:8d:51:71:77:06:
                    a4:ea:fc:1f:cd:03:53:30:22:f2:8b:47:54:83:81:
                    54:ab:bc:c2:26:84:79:00:58:d6:22:a8:a9:55:0f:
                    1b:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:21:9E:32:86:5C:88:B2:A5:91:CD:87:34:F2:B2:40:63:54:D6:7B
            X509v3 Authority Key Identifier:
                keyid:83:E5:D9:03:01:D3:CF:67:B8:8F:EE:42:DD:54:5A:FC:F1:4E:A5:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g-XZAwHTz2e4j-5C3VRa_PFOpWE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/157ba9-5ae7-4460-887b-782b82ebcaae/1/CyGeMoZciLKlkc2HNPKyQGNU1ns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/157ba9-5ae7-4460-887b-782b82ebcaae/1/g-XZAwHTz2e4j-5C3VRa_PFOpWE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.29.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:61:f4:39:0b:66:11:73:13:3b:16:cd:54:d5:3a:f6:7c:12:
         b1:ed:fc:e2:8a:95:e6:ea:ba:70:d7:ff:6c:b9:51:8d:c6:fa:
         36:43:f5:ba:1e:44:a7:ff:81:b9:b1:43:15:18:63:2b:5f:7e:
         f0:6a:a1:b7:cb:81:7f:75:d7:31:fb:1c:f7:aa:8a:c2:29:20:
         dc:fd:f5:a0:78:d9:f8:fb:69:cd:55:b4:38:7d:77:11:e8:7a:
         68:a7:7c:9d:21:4a:6f:89:6e:98:ee:e6:de:38:d4:73:1d:2f:
         69:67:90:37:e9:79:9c:2e:23:8b:47:24:10:b6:0c:69:3a:41:
         40:6b:e0:6c:bd:b8:f4:f2:91:97:80:fe:3b:1c:3e:de:82:c8:
         d2:eb:12:13:29:f5:55:25:8a:17:20:9d:46:f6:44:20:88:bc:
         09:1c:ef:87:5e:25:1a:36:51:34:db:32:a1:85:f9:4e:71:c5:
         b5:d0:10:3d:99:9e:33:da:d8:66:e1:6c:be:d3:f5:51:50:72:
         ef:b0:1f:94:b2:a2:c7:32:a2:d8:f6:bf:f1:83:37:bf:fe:73:
         29:02:68:f6:95:d2:08:21:fc:b9:bc:76:95:e3:63:cd:55:96:
         4f:43:4c:36:24:d0:75:de:3b:c9:31:8c:c2:e6:df:0a:89:5e:
         35:31:9c:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS2xiUDcMSKQvOERbH7aJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzZTVkOTAzMDFkM2NmNjdiODhmZWU0MmRkNTQ1YWZjZjE0
ZWE1NjEwHhcNMjQwMTAxMTgzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjIxOWUzMjg2NWM4OGIyYTU5MWNkODczNGYyYjI0MDYzNTRkNjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAldGe730SSN/cNp3Hay54akf9I20Y
MNWlSF6Rm2dDptQUN7QsNOkFXkYTs7C5igLxHS4X5Q4NADvMYTLVsI1mfB3+IFo0
8v9oSclmozOJuzM/QWBY9RT55NOjbUd2A74W8gmtXyZWSTYIgfSja7YPMHvBYWVt
s23Qz48pNZruX0G1nCposbyIsQlvUWpGogWrpHiEGmtWaIPAVVfrYtV6Id2YLInT
Vh1GZTQWq9+D4A/InNh5548vhtuHHtb7w1AzIr6OFUIbMB58OeVLxtz+JEd7kAt9
H8RYV4hwjVFxdwak6vwfzQNTMCLyi0dUg4FUq7zCJoR5AFjWIqipVQ8bmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAshnjKGXIiypZHNhzTyskBjVNZ7MB8GA1UdIwQY
MBaAFIPl2QMB089nuI/uQt1UWvzxTqVhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZy1YWkF3SFR6MmU0ai01QzNWUmFfUEZPcFdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC8xNTdiYTktNWFlNy00NDYwLTg4N2It
NzgyYjgyZWJjYWFlLzEvQ3lHZU1vWmNpTEtsa2MySE5QS3lRR05VMW5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC8xNTdiYTktNWFlNy00NDYwLTg4N2ItNzgyYjgyZWJjYWFl
LzEvZy1YWkF3SFR6MmU0ai01QzNWUmFfUEZPcFdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwh02MA0G
CSqGSIb3DQEBCwUAA4IBAQBJYfQ5C2YRcxM7Fs1U1Tr2fBKx7fziipXm6rpw1/9s
uVGNxvo2Q/W6HkSn/4G5sUMVGGMrX37waqG3y4F/ddcx+xz3qorCKSDc/fWgeNn4
+2nNVbQ4fXcR6Hpop3ydIUpviW6Y7ubeONRzHS9pZ5A36XmcLiOLRyQQtgxpOkFA
a+Bsvbj08pGXgP47HD7egsjS6xITKfVVJYoXIJ1G9kQgiLwJHO+HXiUaNlE02zKh
hflOccW10BA9mZ4z2thm4Wy+0/VRUHLvsB+UsqLHMqLY9r/xgze//nMpAmj2ldII
Ify5vHaV42PNVZZPQ0w2JNB13jvJMYzC5t8KiV41MZyL
-----END CERTIFICATE-----