Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Pk6Hh4afgTPGiGA6ndLjmUgb0sU.roa
File:                     Pk6Hh4afgTPGiGA6ndLjmUgb0sU.roa (raw, json)
Hash identifier:          58w7w4KKMAPmudfT2VtnojCcGnmXFK7FpDfAiV/VrKY=
Subject key identifier:   3E:4E:87:87:86:9F:81:33:C6:88:60:3A:9D:D2:E3:99:48:1B:D2:C5
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018EA28ABE16D3A948EF58BBF427F2AD9694
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Pk6Hh4afgTPGiGA6ndLjmUgb0sU.roa
Signing time:             Wed 03 Apr 2024 05:59:45 +0000
ROA not before:           Wed 03 Apr 2024 05:59:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211895
IP address blocks:        94.156.117.0/24 maxlen: 24
                          94.156.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a2:8a:be:16:d3:a9:48:ef:58:bb:f4:27:f2:ad:96:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr  3 05:59:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e4e8787869f8133c688603a9dd2e399481bd2c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:4f:9b:b2:36:43:06:90:96:c4:99:d4:8a:de:
                    a3:72:b7:dd:55:f6:d7:79:5c:88:8f:12:18:06:60:
                    d7:8d:f2:8b:e2:0b:1c:2c:10:30:75:35:11:6a:ef:
                    0c:9b:d8:5c:69:49:00:0c:91:d9:49:3a:94:d1:84:
                    6b:b0:12:06:a1:56:5f:b9:06:48:f2:1d:c8:c7:f2:
                    fb:11:94:b9:78:82:40:97:87:7b:9b:56:42:04:d4:
                    da:6c:18:5e:b2:04:57:8a:e0:7c:1b:c7:44:5c:ff:
                    a2:b0:99:68:6d:d3:e0:10:07:8b:0f:da:3c:e8:49:
                    21:2e:d3:b1:b7:48:3e:b4:2b:ab:3e:78:6b:3a:5e:
                    17:19:8f:43:dc:53:e6:1e:12:2b:bc:00:98:1a:95:
                    a7:1b:e1:3c:99:ab:3d:5a:59:d7:cd:76:a4:29:c1:
                    54:bd:92:ac:78:3a:76:e5:d9:6a:42:a7:0c:d3:9d:
                    52:91:6d:00:cf:c1:3e:e3:cd:97:d5:49:3b:59:b2:
                    48:3c:37:7c:76:83:fd:2e:84:15:19:e2:96:40:d1:
                    4a:c3:4c:aa:28:80:b7:c0:c1:2f:a6:ea:44:c1:58:
                    67:70:b3:45:58:05:81:79:05:74:07:fb:53:5e:7c:
                    9e:72:d4:92:5c:4d:8a:1a:80:00:82:03:5e:cd:a4:
                    15:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:4E:87:87:86:9F:81:33:C6:88:60:3A:9D:D2:E3:99:48:1B:D2:C5
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Pk6Hh4afgTPGiGA6ndLjmUgb0sU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.156.117.0/24
                  94.156.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:19:ff:6b:81:2d:1f:da:4f:e4:8f:37:76:6e:8b:25:ed:8f:
         48:6c:05:86:9c:e7:e6:10:b7:a8:a5:39:b5:de:18:ae:28:14:
         fb:38:04:aa:10:40:02:2d:10:33:0a:e5:95:a1:f2:51:c4:b6:
         ee:54:09:e4:59:12:7d:eb:a0:29:b9:82:21:27:96:c4:d3:0f:
         e7:fb:17:5b:dc:d0:bb:44:c5:5f:ac:59:4e:85:61:d8:33:a2:
         cb:a0:a3:cb:0b:68:7f:1a:95:c4:85:97:77:31:da:cf:cb:37:
         b5:63:81:6c:33:ad:16:68:5f:a0:3d:6f:e5:f8:0d:13:97:30:
         3d:a9:99:6a:31:bf:c3:ff:62:07:cc:ac:16:49:4b:77:11:8b:
         3b:a7:76:ac:13:e5:69:2f:40:40:09:82:6d:6e:36:c3:d2:14:
         04:a4:7d:13:96:f5:38:1f:bd:84:2b:e2:17:05:a3:86:a0:17:
         a4:9a:3f:59:99:9b:32:f6:4a:89:72:5e:f7:99:38:a9:45:89:
         f0:1a:7a:30:39:ba:49:b2:d1:3d:f1:ad:35:cd:7a:fa:a2:6f:
         fd:9c:df:94:11:f5:8d:85:91:20:0c:0a:70:a7:78:d6:61:dd:
         b0:d3:1d:08:4e:8c:4f:75:7c:6d:de:3c:f4:60:ff:05:35:2b:
         ef:d5:2e:e1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6iir4W06lI71i79CfyrZaUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwNDAzMDU1OTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTRlODc4Nzg2OWY4MTMzYzY4ODYwM2E5ZGQyZTM5OTQ4MWJkMmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7E+bsjZDBpCWxJnUit6jcrfdVfbX
eVyIjxIYBmDXjfKL4gscLBAwdTURau8Mm9hcaUkADJHZSTqU0YRrsBIGoVZfuQZI
8h3Ix/L7EZS5eIJAl4d7m1ZCBNTabBhesgRXiuB8G8dEXP+isJlobdPgEAeLD9o8
6EkhLtOxt0g+tCurPnhrOl4XGY9D3FPmHhIrvACYGpWnG+E8mas9WlnXzXakKcFU
vZKseDp25dlqQqcM051SkW0Az8E+482X1Uk7WbJIPDd8doP9LoQVGeKWQNFKw0yq
KIC3wMEvpupEwVhncLNFWAWBeQV0B/tTXnyectSSXE2KGoAAggNezaQVEwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD5Oh4eGn4EzxohgOp3S45lIG9LFMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvUGs2SGg0YWZnVFBHaUdBNm5kTGptVWdiMHNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXpx1AwQA
Xpx3MA0GCSqGSIb3DQEBCwUAA4IBAQCdGf9rgS0f2k/kjzd2bosl7Y9IbAWGnOfm
ELeopTm13hiuKBT7OASqEEACLRAzCuWVofJRxLbuVAnkWRJ966ApuYIhJ5bE0w/n
+xdb3NC7RMVfrFlOhWHYM6LLoKPLC2h/GpXEhZd3MdrPyze1Y4FsM60WaF+gPW/l
+A0TlzA9qZlqMb/D/2IHzKwWSUt3EYs7p3asE+VpL0BACYJtbjbD0hQEpH0TlvU4
H72EK+IXBaOGoBekmj9ZmZsy9kqJcl73mTipRYnwGnowObpJstE98a01zXr6om/9
nN+UEfWNhZEgDApwp3jWYd2w0x0IToxPdXxt3jz0YP8FNSvv1S7h
-----END CERTIFICATE-----