Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/00ddaf-3be5-420d-919f-3b4cb975a9bc/1/VFWgGeYepa6-s5pJkn7SMMPZ6dY.roa
File:                     VFWgGeYepa6-s5pJkn7SMMPZ6dY.roa (raw, json)
Hash identifier:          TAFXu4K6YzcSZaCHhj8Hw+qdRdidooRetwSdikCUTPA=
Subject key identifier:   54:55:A0:19:E6:1E:A5:AE:BE:B3:9A:49:92:7E:D2:30:C3:D9:E9:D6
Certificate issuer:       /CN=b9b87b3b09ccb69a6de20468e90ecbb18f5ecbb6
Certificate serial:       018CC8712196A982D5D6363A8A603829A7B3
Authority key identifier: B9:B8:7B:3B:09:CC:B6:9A:6D:E2:04:68:E9:0E:CB:B1:8F:5E:CB:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ubh7OwnMtppt4gRo6Q7LsY9ey7Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/00ddaf-3be5-420d-919f-3b4cb975a9bc/1/VFWgGeYepa6-s5pJkn7SMMPZ6dY.roa
Signing time:             Tue 02 Jan 2024 04:31:46 +0000
ROA not before:           Tue 02 Jan 2024 04:31:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201054
IP address blocks:        94.246.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/00ddaf-3be5-420d-919f-3b4cb975a9bc/1/ubh7OwnMtppt4gRo6Q7LsY9ey7Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/00ddaf-3be5-420d-919f-3b4cb975a9bc/1/ubh7OwnMtppt4gRo6Q7LsY9ey7Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ubh7OwnMtppt4gRo6Q7LsY9ey7Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:21:96:a9:82:d5:d6:36:3a:8a:60:38:29:a7:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9b87b3b09ccb69a6de20468e90ecbb18f5ecbb6
        Validity
            Not Before: Jan  2 04:31:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5455a019e61ea5aebeb39a49927ed230c3d9e9d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:05:21:4b:c1:33:4c:b3:0a:a7:21:73:64:c1:
                    42:b6:9d:22:70:27:00:c7:c1:a4:a6:34:ad:4f:93:
                    95:51:1d:10:e0:59:ba:db:f3:b0:fd:9a:82:39:fd:
                    46:13:28:e8:b6:de:c7:8b:90:5b:4d:f9:18:e1:54:
                    0c:79:09:de:e0:5e:42:24:6e:d3:07:78:85:e2:b0:
                    33:9f:f3:93:6c:88:6e:bb:b7:f7:15:b1:e3:d9:0b:
                    af:b1:98:3c:8d:cd:c2:82:2b:d5:3c:e7:ab:e2:4e:
                    6c:ae:ec:03:c4:18:90:fb:e9:7b:c2:0c:13:04:c5:
                    74:fd:a1:12:c3:5e:1e:04:b2:35:1d:35:df:ad:41:
                    8c:c5:45:c2:da:ce:4f:b9:7d:79:7c:aa:61:67:a7:
                    7c:90:ae:de:5c:15:61:b6:89:58:f6:4b:d6:52:fd:
                    0d:00:d9:a4:d9:7b:4a:2e:53:ee:f7:d6:b9:c6:d7:
                    a2:57:1d:dc:da:55:67:f9:62:64:84:c0:98:5c:2d:
                    11:05:8e:45:e9:9c:61:60:0c:22:7e:b5:17:79:8b:
                    da:c8:d3:a5:d1:8e:cf:c6:ff:b9:23:cb:f4:3b:96:
                    a6:e9:6c:de:b1:02:bc:a0:e9:c2:38:64:52:0d:20:
                    0a:5a:fa:08:6d:d8:77:d0:c6:84:70:87:7c:63:4b:
                    0b:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:55:A0:19:E6:1E:A5:AE:BE:B3:9A:49:92:7E:D2:30:C3:D9:E9:D6
            X509v3 Authority Key Identifier:
                keyid:B9:B8:7B:3B:09:CC:B6:9A:6D:E2:04:68:E9:0E:CB:B1:8F:5E:CB:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ubh7OwnMtppt4gRo6Q7LsY9ey7Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/00ddaf-3be5-420d-919f-3b4cb975a9bc/1/VFWgGeYepa6-s5pJkn7SMMPZ6dY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/00ddaf-3be5-420d-919f-3b4cb975a9bc/1/ubh7OwnMtppt4gRo6Q7LsY9ey7Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.246.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:5b:f9:64:21:a8:ed:e4:3d:40:91:9c:4c:3e:a8:f7:2f:40:
         46:9f:29:bd:e5:48:c0:ee:27:a7:4e:0b:24:a2:74:89:59:b0:
         5f:e3:0e:56:15:c6:1a:8b:f6:6c:bd:e9:4b:2b:9c:e0:f4:47:
         d9:4b:e2:80:74:63:f3:c6:23:e8:2a:c4:8a:40:6d:46:af:28:
         b8:37:58:6a:ae:df:b3:ec:41:66:cb:35:8f:c2:55:84:07:b2:
         cf:22:b4:23:d3:f4:e1:fc:8f:39:43:02:8b:06:7f:1f:1e:a2:
         fc:7e:49:85:98:66:39:f8:a8:2e:0c:62:06:05:d0:02:46:fb:
         38:93:d8:13:33:4a:df:20:6d:93:7a:dd:3f:24:05:11:cd:e4:
         c7:94:08:b0:5c:80:50:90:09:9a:a5:b1:8f:a0:95:f1:69:8f:
         bb:02:78:17:dd:f8:57:46:7e:0e:d3:fa:e0:fb:17:92:3a:56:
         c1:ed:2b:0d:38:3a:d9:43:10:e1:88:87:80:14:5f:c6:03:3d:
         33:0e:31:b6:b7:49:5f:5d:31:a5:12:c2:e4:1c:29:4e:63:5b:
         3d:f7:26:dd:18:73:5b:3a:47:ea:ec:51:3e:28:a3:0c:53:f0:
         a1:5b:86:08:93:de:05:50:d3:e8:df:10:74:a3:f5:51:36:90:
         8d:da:5e:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcSGWqYLV1jY6imA4KaezMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5Yjg3YjNiMDljY2I2OWE2ZGUyMDQ2OGU5MGVjYmIxOGY1
ZWNiYjYwHhcNMjQwMTAyMDQzMTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDU1YTAxOWU2MWVhNWFlYmViMzlhNDk5MjdlZDIzMGMzZDllOWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhAUhS8EzTLMKpyFzZMFCtp0icCcA
x8GkpjStT5OVUR0Q4Fm62/Ow/ZqCOf1GEyjott7Hi5BbTfkY4VQMeQne4F5CJG7T
B3iF4rAzn/OTbIhuu7f3FbHj2QuvsZg8jc3CgivVPOer4k5sruwDxBiQ++l7wgwT
BMV0/aESw14eBLI1HTXfrUGMxUXC2s5PuX15fKphZ6d8kK7eXBVhtolY9kvWUv0N
ANmk2XtKLlPu99a5xteiVx3c2lVn+WJkhMCYXC0RBY5F6ZxhYAwifrUXeYvayNOl
0Y7Pxv+5I8v0O5am6WzesQK8oOnCOGRSDSAKWvoIbdh30MaEcId8Y0sLZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFRVoBnmHqWuvrOaSZJ+0jDD2enWMB8GA1UdIwQY
MBaAFLm4ezsJzLaabeIEaOkOy7GPXsu2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWJoN093bk10cHB0NGdSbzZRN0xzWTlleTdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8wMGRkYWYtM2JlNS00MjBkLTkxOWYt
M2I0Y2I5NzVhOWJjLzEvVkZXZ0dlWWVwYTYtczVwSmtuN1NNTVBaNmRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8wMGRkYWYtM2JlNS00MjBkLTkxOWYtM2I0Y2I5NzVhOWJj
LzEvdWJoN093bk10cHB0NGdSbzZRN0xzWTlleTdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXva5MA0G
CSqGSIb3DQEBCwUAA4IBAQCiW/lkIajt5D1AkZxMPqj3L0BGnym95UjA7ienTgsk
onSJWbBf4w5WFcYai/ZsvelLK5zg9EfZS+KAdGPzxiPoKsSKQG1Gryi4N1hqrt+z
7EFmyzWPwlWEB7LPIrQj0/Th/I85QwKLBn8fHqL8fkmFmGY5+KguDGIGBdACRvs4
k9gTM0rfIG2Tet0/JAURzeTHlAiwXIBQkAmapbGPoJXxaY+7AngX3fhXRn4O0/rg
+xeSOlbB7SsNODrZQxDhiIeAFF/GAz0zDjG2t0lfXTGlEsLkHClOY1s99ybdGHNb
Okfq7FE+KKMMU/ChW4YIk94FUNPo3xB0o/VRNpCN2l5C
-----END CERTIFICATE-----