Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/h_mtEDbBn2E852vkt-m9XTDNSQw.roa
File:                     h_mtEDbBn2E852vkt-m9XTDNSQw.roa (raw, json)
Hash identifier:          bhJa7M/OGQdn4ICr0+P8hhRubKQd2u/10RjaPlDvnbs=
Subject key identifier:   87:F9:AD:10:36:C1:9F:61:3C:E7:6B:E4:B7:E9:BD:5D:30:CD:49:0C
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       018CC64ADC4BB2972AC4D1BEBBF1132F9F32
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/h_mtEDbBn2E852vkt-m9XTDNSQw.roa
Signing time:             Mon 01 Jan 2024 18:30:43 +0000
ROA not before:           Mon 01 Jan 2024 18:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206446
IP address blocks:        94.131.114.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:dc:4b:b2:97:2a:c4:d1:be:bb:f1:13:2f:9f:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Jan  1 18:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87f9ad1036c19f613ce76be4b7e9bd5d30cd490c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:4c:42:a3:48:bb:1c:ba:7e:b7:51:0d:b9:8a:
                    3d:ad:f8:4b:4c:10:45:0c:f4:5c:6f:0f:c0:d6:02:
                    70:56:52:5f:22:49:da:b0:d2:05:cc:22:26:63:81:
                    89:e6:bf:da:1b:e9:d3:26:9c:03:ee:ac:02:62:ca:
                    0e:46:da:35:f4:03:24:e2:dc:2b:ce:40:96:f4:8b:
                    a5:d7:81:27:94:50:f0:ed:07:dd:0d:e2:45:e8:65:
                    f2:4a:f0:43:5d:b1:ef:f3:36:d2:6e:80:0e:9b:ef:
                    ab:39:56:e6:b3:22:26:5a:d6:3d:7a:b1:7c:b1:fb:
                    3d:86:e5:3c:90:6c:86:82:1b:5b:f5:b8:05:06:aa:
                    5a:1f:54:c6:3b:37:2c:cb:5c:15:87:9d:e8:a4:e5:
                    bf:8b:74:86:2f:85:eb:39:ec:f4:b5:f1:6f:03:a3:
                    3d:a0:cd:24:68:7e:b9:fa:05:28:66:26:35:44:2b:
                    38:7a:c5:3f:dc:e1:9f:93:b7:0e:dd:73:1f:8e:13:
                    24:22:db:fa:22:ca:e4:89:0a:99:b4:21:09:68:d7:
                    d0:f4:6d:db:fd:c1:10:eb:65:93:14:61:57:76:0b:
                    84:ca:79:27:50:27:c3:8a:e9:78:9c:a5:40:bb:17:
                    4d:03:71:f1:d8:ba:bc:bb:ae:31:47:f6:b9:49:fa:
                    57:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:F9:AD:10:36:C1:9F:61:3C:E7:6B:E4:B7:E9:BD:5D:30:CD:49:0C
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/h_mtEDbBn2E852vkt-m9XTDNSQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:e4:3d:d2:87:36:ab:60:61:6e:a4:ed:ad:2d:16:43:0f:5d:
         29:da:3a:1e:7b:a8:2a:f5:93:f9:82:71:ba:df:0b:26:21:fd:
         96:e4:14:64:1f:9d:f8:5e:dd:c9:1b:18:3a:46:8f:69:ae:37:
         78:79:19:2e:a2:94:12:bd:58:2b:71:a7:58:c5:40:ca:4b:84:
         14:ef:94:a2:6c:07:c1:be:57:76:3b:0a:80:19:03:32:68:d3:
         d0:99:10:90:15:16:9c:13:49:31:c8:33:ef:dc:47:23:b7:28:
         8e:8d:a4:6d:c7:3e:3c:3c:4e:5e:dd:49:ce:46:88:d0:9f:05:
         b7:00:3b:3e:8f:19:b1:3d:75:17:80:5a:ad:3f:74:5e:d5:c9:
         9b:c3:02:05:11:ce:a4:41:3d:15:64:c2:5b:25:af:70:2e:b6:
         4f:cd:75:12:cc:61:d1:c2:af:74:76:84:6f:b0:07:ad:06:7f:
         48:65:0e:1f:73:14:ab:dd:9b:f6:d2:83:84:53:66:2f:61:86:
         0e:12:77:f3:64:60:9e:b0:0a:0a:7e:66:1e:5a:f9:58:14:45:
         64:16:92:2c:65:f8:4a:56:58:b4:f1:f5:59:eb:0b:a6:71:94:
         69:6c:41:49:6b:79:64:48:4b:55:de:b9:80:39:a6:cc:0f:6f:
         34:50:37:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGStxLspcqxNG+u/ETL58yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjQwMTAxMTgzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2Y5YWQxMDM2YzE5ZjYxM2NlNzZiZTRiN2U5YmQ1ZDMwY2Q0OTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmkxCo0i7HLp+t1ENuYo9rfhLTBBF
DPRcbw/A1gJwVlJfIknasNIFzCImY4GJ5r/aG+nTJpwD7qwCYsoORto19AMk4twr
zkCW9Iul14EnlFDw7QfdDeJF6GXySvBDXbHv8zbSboAOm++rOVbmsyImWtY9erF8
sfs9huU8kGyGghtb9bgFBqpaH1TGOzcsy1wVh53opOW/i3SGL4XrOez0tfFvA6M9
oM0kaH65+gUoZiY1RCs4esU/3OGfk7cO3XMfjhMkItv6IsrkiQqZtCEJaNfQ9G3b
/cEQ62WTFGFXdguEynknUCfDiul4nKVAuxdNA3Hx2Lq8u64xR/a5SfpX3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIf5rRA2wZ9hPOdr5LfpvV0wzUkMMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvaF9tdEVEYkJuMkU4NTJ2a3QtbTlYVEROU1F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXoNyMA0G
CSqGSIb3DQEBCwUAA4IBAQBQ5D3ShzarYGFupO2tLRZDD10p2joee6gq9ZP5gnG6
3wsmIf2W5BRkH534Xt3JGxg6Ro9prjd4eRkuopQSvVgrcadYxUDKS4QU75SibAfB
vld2OwqAGQMyaNPQmRCQFRacE0kxyDPv3EcjtyiOjaRtxz48PE5e3UnORojQnwW3
ADs+jxmxPXUXgFqtP3Re1cmbwwIFEc6kQT0VZMJbJa9wLrZPzXUSzGHRwq90doRv
sAetBn9IZQ4fcxSr3Zv20oOEU2YvYYYOEnfzZGCesAoKfmYeWvlYFEVkFpIsZfhK
Vli08fVZ6wumcZRpbEFJa3lkSEtV3rmAOabMD280UDcQ
-----END CERTIFICATE-----