Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/ec401c-44e4-4fcc-b037-3bc44101ec00/1/8-7sE5-EGby_JCv8zT7Ro0CqoGI.roa
File:                     8-7sE5-EGby_JCv8zT7Ro0CqoGI.roa (raw, json)
Hash identifier:          Q4IzRr4d1KUT+ZgtKGipn8tUo4gJOZ5fkVf+fYmoyjs=
Subject key identifier:   F3:EE:EC:13:9F:84:19:BC:BF:24:2B:FC:CD:3E:D1:A3:40:AA:A0:62
Certificate issuer:       /CN=98fb582c1cd1881f2d46d0a70382cab69225f1a9
Certificate serial:       01919E1BBA328BA02D743CBC139826715D5C
Authority key identifier: 98:FB:58:2C:1C:D1:88:1F:2D:46:D0:A7:03:82:CA:B6:92:25:F1:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mPtYLBzRiB8tRtCnA4LKtpIl8ak.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/ec401c-44e4-4fcc-b037-3bc44101ec00/1/8-7sE5-EGby_JCv8zT7Ro0CqoGI.roa
Signing time:             Thu 29 Aug 2024 12:28:22 +0000
ROA not before:           Thu 29 Aug 2024 12:28:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        194.1.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/ec401c-44e4-4fcc-b037-3bc44101ec00/1/mPtYLBzRiB8tRtCnA4LKtpIl8ak.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/ec401c-44e4-4fcc-b037-3bc44101ec00/1/mPtYLBzRiB8tRtCnA4LKtpIl8ak.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mPtYLBzRiB8tRtCnA4LKtpIl8ak.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 12:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:9e:1b:ba:32:8b:a0:2d:74:3c:bc:13:98:26:71:5d:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98fb582c1cd1881f2d46d0a70382cab69225f1a9
        Validity
            Not Before: Aug 29 12:28:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3eeec139f8419bcbf242bfccd3ed1a340aaa062
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:6a:26:07:5f:4c:17:ee:ac:65:c1:50:23:ae:
                    b7:e8:dc:28:11:51:96:aa:c6:e1:5c:b6:29:ae:eb:
                    89:30:61:5f:6e:a0:16:3b:32:60:2a:22:32:80:66:
                    50:ed:c4:a1:19:e2:40:18:04:ef:74:77:1a:19:0d:
                    3d:0b:01:0b:8b:1b:ba:af:19:02:c6:b3:d7:9b:15:
                    13:56:29:fe:ca:55:68:2f:38:fb:06:92:72:75:96:
                    67:34:9f:03:5c:34:f2:90:dd:43:9a:8c:8b:21:44:
                    d9:57:75:2d:18:19:70:c2:f3:9b:0c:1c:0c:2b:77:
                    44:6f:a8:c0:ae:39:e5:91:9a:76:df:28:fa:f0:6f:
                    b3:f6:8b:27:13:61:4d:a9:bc:87:97:89:46:fe:94:
                    92:84:0a:13:99:c6:d6:3d:40:57:f1:aa:88:ff:ec:
                    38:a5:db:13:83:d6:c4:a5:38:4e:d7:5a:e1:5f:81:
                    b2:1b:09:7a:2d:e5:a4:41:d2:51:89:be:29:4f:9d:
                    8a:d1:6e:14:fc:37:94:c7:16:f6:21:46:40:94:01:
                    67:ed:34:36:fb:6a:de:0a:70:d6:54:f0:83:b3:91:
                    e9:51:29:88:00:bc:fd:a9:01:70:76:a8:b9:6e:db:
                    11:f2:d2:1a:44:be:b7:81:49:ee:c6:2c:65:1e:42:
                    8c:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:EE:EC:13:9F:84:19:BC:BF:24:2B:FC:CD:3E:D1:A3:40:AA:A0:62
            X509v3 Authority Key Identifier:
                keyid:98:FB:58:2C:1C:D1:88:1F:2D:46:D0:A7:03:82:CA:B6:92:25:F1:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mPtYLBzRiB8tRtCnA4LKtpIl8ak.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/ec401c-44e4-4fcc-b037-3bc44101ec00/1/8-7sE5-EGby_JCv8zT7Ro0CqoGI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/ec401c-44e4-4fcc-b037-3bc44101ec00/1/mPtYLBzRiB8tRtCnA4LKtpIl8ak.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.1.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:08:a4:90:f8:8c:d3:ed:ff:e0:3e:54:b9:31:89:42:1c:08:
         52:b7:45:de:88:d9:d0:b0:94:48:68:aa:7e:08:99:a8:4e:64:
         f9:aa:20:0d:52:ea:f3:50:86:4b:ca:f2:2a:3e:85:9a:db:23:
         5f:09:ea:5f:d2:a6:1a:c4:3b:d8:84:ca:e7:a4:9c:b1:bc:55:
         bb:77:ff:c2:45:e3:a8:48:5b:11:96:89:0a:91:79:bf:d7:73:
         05:42:74:1a:e9:3a:50:3f:ec:c7:79:70:9c:34:df:cc:53:96:
         15:02:a7:87:3f:1b:f2:6c:e5:02:45:2a:4e:e4:4c:aa:18:0e:
         cb:40:5c:45:f3:81:e7:0e:fa:62:74:fb:b9:d3:5e:c2:b1:99:
         74:e8:75:97:e5:bf:f4:cf:cc:a9:2d:71:3b:bf:a2:ea:39:ab:
         d1:2b:b4:04:f6:8e:3f:5e:ed:8c:ff:58:95:a3:85:73:dc:25:
         04:a0:72:c8:a4:4e:c4:9c:89:5d:7b:b9:c9:67:25:d4:1e:21:
         cf:36:43:27:4c:5b:c7:48:e1:88:34:be:98:a6:fa:f6:aa:a8:
         99:43:51:28:20:57:19:8d:2c:81:cb:15:f1:a6:6b:83:ca:e2:
         d3:e1:65:97:79:bf:f6:a9:e4:a5:de:1d:f3:4a:51:a2:64:60:
         95:a6:3e:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGeG7oyi6AtdDy8E5gmcV1cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4ZmI1ODJjMWNkMTg4MWYyZDQ2ZDBhNzAzODJjYWI2OTIy
NWYxYTkwHhcNMjQwODI5MTIyODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2VlZWMxMzlmODQxOWJjYmYyNDJiZmNjZDNlZDFhMzQwYWFhMDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqWomB19MF+6sZcFQI6636NwoEVGW
qsbhXLYpruuJMGFfbqAWOzJgKiIygGZQ7cShGeJAGATvdHcaGQ09CwELixu6rxkC
xrPXmxUTVin+ylVoLzj7BpJydZZnNJ8DXDTykN1DmoyLIUTZV3UtGBlwwvObDBwM
K3dEb6jArjnlkZp23yj68G+z9osnE2FNqbyHl4lG/pSShAoTmcbWPUBX8aqI/+w4
pdsTg9bEpThO11rhX4GyGwl6LeWkQdJRib4pT52K0W4U/DeUxxb2IUZAlAFn7TQ2
+2reCnDWVPCDs5HpUSmIALz9qQFwdqi5btsR8tIaRL63gUnuxixlHkKM8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPPu7BOfhBm8vyQr/M0+0aNAqqBiMB8GA1UdIwQY
MBaAFJj7WCwc0YgfLUbQpwOCyraSJfGpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVB0WUxCelJpQjh0UnRDbkE0TEt0cElsOGFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9lYzQwMWMtNDRlNC00ZmNjLWIwMzct
M2JjNDQxMDFlYzAwLzEvOC03c0U1LUVHYnlfSkN2OHpUN1JvMENxb0dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9lYzQwMWMtNDRlNC00ZmNjLWIwMzctM2JjNDQxMDFlYzAw
LzEvbVB0WUxCelJpQjh0UnRDbkE0TEt0cElsOGFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgGeMA0G
CSqGSIb3DQEBCwUAA4IBAQCVCKSQ+IzT7f/gPlS5MYlCHAhSt0XeiNnQsJRIaKp+
CJmoTmT5qiANUurzUIZLyvIqPoWa2yNfCepf0qYaxDvYhMrnpJyxvFW7d//CReOo
SFsRlokKkXm/13MFQnQa6TpQP+zHeXCcNN/MU5YVAqeHPxvybOUCRSpO5EyqGA7L
QFxF84HnDvpidPu5017CsZl06HWX5b/0z8ypLXE7v6LqOavRK7QE9o4/Xu2M/1iV
o4Vz3CUEoHLIpE7EnIlde7nJZyXUHiHPNkMnTFvHSOGINL6Ypvr2qqiZQ1EoIFcZ
jSyByxXxpmuDyuLT4WWXeb/2qeSl3h3zSlGiZGCVpj5F
-----END CERTIFICATE-----