Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/aoHkmf6CHfVZofp0by5kS4rWllo.roa
File:                     aoHkmf6CHfVZofp0by5kS4rWllo.roa (raw, json)
Hash identifier:          kNBDTNKH32uB3Nna/bMA8mpal5ygZkYDGGEhoypACOE=
Subject key identifier:   6A:81:E4:99:FE:82:1D:F5:59:A1:FA:74:6F:2E:64:4B:8A:D6:96:5A
Certificate issuer:       /CN=dc11daefaff81c7e501278d87d9bc2b204d71155
Certificate serial:       018F1123C7A8E74EB8175506E3F4B76E9B57
Authority key identifier: DC:11:DA:EF:AF:F8:1C:7E:50:12:78:D8:7D:9B:C2:B2:04:D7:11:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/aoHkmf6CHfVZofp0by5kS4rWllo.roa
Signing time:             Wed 24 Apr 2024 17:25:08 +0000
ROA not before:           Wed 24 Apr 2024 17:25:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        94.154.41.0/24 maxlen: 24
                          94.154.44.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:11:23:c7:a8:e7:4e:b8:17:55:06:e3:f4:b7:6e:9b:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc11daefaff81c7e501278d87d9bc2b204d71155
        Validity
            Not Before: Apr 24 17:25:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a81e499fe821df559a1fa746f2e644b8ad6965a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:2b:b2:4a:2e:35:ad:e3:d6:4a:32:e6:69:2b:
                    1a:bb:c8:27:9c:c0:85:39:3f:6a:ae:c4:d2:b0:9a:
                    50:2f:b4:b7:51:5e:a0:13:cf:61:74:86:b7:bb:31:
                    3e:80:8a:69:0c:c7:75:2d:65:6b:98:37:c0:d0:ee:
                    3d:b7:f3:46:96:8c:1d:de:3b:eb:4a:5e:5f:13:69:
                    1e:2b:5f:cb:e3:88:65:de:cd:72:d6:da:52:a6:e5:
                    f4:a4:ac:2e:10:6d:f2:23:d7:91:31:bf:46:53:e2:
                    6e:12:cf:f1:1d:36:a2:67:d8:24:1d:6f:a3:e0:16:
                    70:c3:5d:44:f8:53:64:f4:43:aa:94:f2:3b:b1:18:
                    24:7c:0e:73:8f:e8:9c:30:66:f6:d6:d2:6b:54:86:
                    9a:18:bc:fb:23:32:a2:61:a4:cf:92:7e:e4:18:0b:
                    e0:46:f8:fb:1c:88:89:3f:b9:72:ad:08:4b:c4:56:
                    d2:92:0d:9a:e7:49:61:df:26:a6:d1:27:22:0b:a3:
                    e7:da:bf:14:e5:20:08:40:fe:86:6e:ea:d1:b9:b2:
                    71:28:f1:62:38:75:64:74:da:c5:b8:5d:b6:43:79:
                    f6:41:5f:83:ab:68:03:fb:a3:b7:1d:4a:b1:ee:f6:
                    49:21:9f:61:3f:67:71:e9:a7:5e:e3:65:b6:bd:1a:
                    f2:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:81:E4:99:FE:82:1D:F5:59:A1:FA:74:6F:2E:64:4B:8A:D6:96:5A
            X509v3 Authority Key Identifier:
                keyid:DC:11:DA:EF:AF:F8:1C:7E:50:12:78:D8:7D:9B:C2:B2:04:D7:11:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/aoHkmf6CHfVZofp0by5kS4rWllo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.41.0/24
                  94.154.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5b:da:aa:4c:b5:ab:79:cc:27:4c:3a:1b:52:8f:72:4f:6b:dd:
         70:c2:50:4e:51:74:32:5e:1b:44:ab:09:b6:ac:8d:21:22:8a:
         bd:d7:0c:4f:c0:57:e1:61:bc:ba:77:3f:d1:cf:1c:91:50:06:
         d7:05:aa:6f:f0:87:fd:f8:09:73:54:50:3a:d2:b8:73:38:ed:
         54:7b:da:39:c6:20:69:70:c9:d2:88:b5:db:49:53:71:ef:54:
         2e:f0:75:bb:44:f4:0a:71:63:fa:8e:99:73:71:5f:b9:0e:6a:
         8a:af:54:ae:04:89:5a:db:fa:29:fa:e3:6b:fd:fc:e1:fe:77:
         c1:ee:2e:6a:9b:a2:ee:ee:a3:63:f3:1b:db:28:f3:41:fb:80:
         32:68:ef:59:c6:a5:5f:e8:12:f6:c8:6e:7d:e2:33:fd:a9:dd:
         ee:20:50:65:2e:ac:e2:04:aa:87:bf:6a:05:14:a5:4f:ff:58:
         07:fd:3a:d4:9c:19:1e:b0:2f:75:4e:03:99:7b:b3:ca:19:ff:
         74:e1:91:a2:f0:5e:c8:a4:10:1f:dd:43:61:b1:2e:50:f2:69:
         4c:ec:3e:28:1b:db:41:84:e8:84:fb:f4:65:bf:a5:27:a4:83:
         9f:db:c1:59:cb:f1:7f:08:f0:bf:da:f9:73:6a:a1:dd:45:8a:
         6f:b9:a0:29
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY8RI8eo5064F1UG4/S3bptXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMTFkYWVmYWZmODFjN2U1MDEyNzhkODdkOWJjMmIyMDRk
NzExNTUwHhcNMjQwNDI0MTcyNTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTgxZTQ5OWZlODIxZGY1NTlhMWZhNzQ2ZjJlNjQ0YjhhZDY5NjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjiuySi41rePWSjLmaSsau8gnnMCF
OT9qrsTSsJpQL7S3UV6gE89hdIa3uzE+gIppDMd1LWVrmDfA0O49t/NGlowd3jvr
Sl5fE2keK1/L44hl3s1y1tpSpuX0pKwuEG3yI9eRMb9GU+JuEs/xHTaiZ9gkHW+j
4BZww11E+FNk9EOqlPI7sRgkfA5zj+icMGb21tJrVIaaGLz7IzKiYaTPkn7kGAvg
Rvj7HIiJP7lyrQhLxFbSkg2a50lh3yam0SciC6Pn2r8U5SAIQP6GburRubJxKPFi
OHVkdNrFuF22Q3n2QV+Dq2gD+6O3HUqx7vZJIZ9hP2dx6ade42W2vRryWQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGqB5Jn+gh31WaH6dG8uZEuK1pZaMB8GA1UdIwQY
MBaAFNwR2u+v+Bx+UBJ42H2bwrIE1xFVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0JIYTc2XzRISDVRRW5qWWZadkNzZ1RYRVZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9iMjI2MDMtOTBhYi00M2FkLWFiMTYt
NjUyNDljYmM1NzNjLzEvYW9Ia21mNkNIZlZab2ZwMGJ5NWtTNHJXbGxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9iMjI2MDMtOTBhYi00M2FkLWFiMTYtNjUyNDljYmM1NzNj
LzEvM0JIYTc2XzRISDVRRW5qWWZadkNzZ1RYRVZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXpopAwQB
XposMA0GCSqGSIb3DQEBCwUAA4IBAQBb2qpMtat5zCdMOhtSj3JPa91wwlBOUXQy
XhtEqwm2rI0hIoq91wxPwFfhYby6dz/RzxyRUAbXBapv8If9+AlzVFA60rhzOO1U
e9o5xiBpcMnSiLXbSVNx71Qu8HW7RPQKcWP6jplzcV+5DmqKr1SuBIla2/op+uNr
/fzh/nfB7i5qm6Lu7qNj8xvbKPNB+4AyaO9ZxqVf6BL2yG594jP9qd3uIFBlLqzi
BKqHv2oFFKVP/1gH/TrUnBkesC91TgOZe7PKGf904ZGi8F7IpBAf3UNhsS5Q8mlM
7D4oG9tBhOiE+/Rlv6UnpIOf28FZy/F/CPC/2vlzaqHdRYpvuaAp
-----END CERTIFICATE-----