Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/A6Ec2aiE2Ns5EJIeIVgW1BfOS7A.roa
File:                     A6Ec2aiE2Ns5EJIeIVgW1BfOS7A.roa (raw, json)
Hash identifier:          6vk7SpK+Q/yki/5RLgKqFRH4D1AOTDrPbd5Xd2Uyaww=
Subject key identifier:   03:A1:1C:D9:A8:84:D8:DB:39:10:92:1E:21:58:16:D4:17:CE:4B:B0
Certificate issuer:       /CN=d07d7573aacae821c87d6d36431cfe4b2801ab41
Certificate serial:       018CC94DEA54786834905BC7BAD736D36746
Authority key identifier: D0:7D:75:73:AA:CA:E8:21:C8:7D:6D:36:43:1C:FE:4B:28:01:AB:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0H11c6rK6CHIfW02Qxz-SygBq0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/A6Ec2aiE2Ns5EJIeIVgW1BfOS7A.roa
Signing time:             Tue 02 Jan 2024 08:32:55 +0000
ROA not before:           Tue 02 Jan 2024 08:32:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49226
IP address blocks:        89.25.95.0/24 maxlen: 24
                          94.155.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/0H11c6rK6CHIfW02Qxz-SygBq0E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/0H11c6rK6CHIfW02Qxz-SygBq0E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0H11c6rK6CHIfW02Qxz-SygBq0E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 30 Jun 2024 20:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:ea:54:78:68:34:90:5b:c7:ba:d7:36:d3:67:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d07d7573aacae821c87d6d36431cfe4b2801ab41
        Validity
            Not Before: Jan  2 08:32:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03a11cd9a884d8db3910921e215816d417ce4bb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a7:73:32:f2:65:29:3a:b8:b9:28:79:78:70:
                    6b:58:b4:04:31:36:d3:68:3f:ac:ee:2f:b1:73:0d:
                    38:e3:bb:94:9f:7c:37:9b:1c:30:c0:cb:6d:9e:c4:
                    61:aa:f3:5a:52:42:68:0c:a4:02:0e:c1:bf:3b:8e:
                    59:5e:c4:af:e8:33:4a:dc:e0:2d:27:fc:fb:bc:a0:
                    3f:ad:2e:92:de:7d:4b:84:79:88:47:01:a4:75:8f:
                    61:2d:48:2f:2a:fc:f0:d9:0c:5f:31:3b:88:44:0c:
                    e8:c5:8d:93:44:c0:cb:98:5a:7b:4c:b3:f1:43:c8:
                    d1:0e:bc:c1:f7:e2:42:3f:5b:69:1b:62:54:96:5a:
                    5b:8d:a3:87:a1:6f:45:53:6a:63:f0:02:a8:59:a4:
                    7e:23:df:55:16:10:90:04:64:03:ae:f7:a1:02:06:
                    ca:91:53:cb:e3:71:4e:29:8d:99:2f:c9:28:74:b5:
                    fa:d9:26:d5:42:ab:24:06:23:46:95:e2:ee:3c:9c:
                    dc:35:c1:a9:6e:eb:a8:84:50:cf:e7:68:f5:96:c9:
                    19:25:e0:a2:b2:16:3b:c9:97:7f:26:29:4b:27:c7:
                    8e:39:f8:cf:b8:86:7f:58:57:38:cc:5a:d3:6a:5c:
                    fb:8d:a5:e1:a4:8f:79:18:7e:01:da:df:de:68:d4:
                    21:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:A1:1C:D9:A8:84:D8:DB:39:10:92:1E:21:58:16:D4:17:CE:4B:B0
            X509v3 Authority Key Identifier:
                keyid:D0:7D:75:73:AA:CA:E8:21:C8:7D:6D:36:43:1C:FE:4B:28:01:AB:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0H11c6rK6CHIfW02Qxz-SygBq0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/A6Ec2aiE2Ns5EJIeIVgW1BfOS7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/0H11c6rK6CHIfW02Qxz-SygBq0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.25.95.0/24
                  94.155.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:3b:44:e6:91:57:6f:32:d8:1b:2a:c5:4e:64:ce:d7:b0:37:
         f3:03:1d:f4:62:6b:a1:25:42:56:26:84:27:e6:79:e0:b2:69:
         7e:96:34:4c:d5:ee:5c:05:21:38:12:2d:c9:dd:37:ac:ec:20:
         a3:06:02:dc:2d:39:ee:4d:28:c4:5a:77:42:40:a8:89:17:30:
         b8:b8:f1:0e:65:65:7f:4d:8b:1c:15:39:14:d8:6d:bd:72:6e:
         e1:52:b6:93:a3:11:cd:47:61:b4:44:90:2b:9b:52:53:34:ba:
         c1:95:8c:69:ef:b0:e7:f1:50:d7:71:d0:99:7b:82:9e:da:d7:
         1d:a7:91:70:8d:0e:72:3d:c3:64:cb:4a:ba:c4:b3:64:65:19:
         bc:5a:e1:69:7f:35:e6:92:b4:57:b9:63:2f:8c:0c:83:ef:f3:
         4e:6b:7d:78:5e:ee:01:80:88:83:37:ff:5f:a6:2d:bb:72:2f:
         42:1a:b2:12:78:6d:77:7c:28:98:12:4e:ba:6a:38:84:7e:93:
         91:f8:22:6c:39:a5:99:0f:9c:5e:b7:6c:cb:eb:e4:cc:f0:6b:
         c5:2d:f7:62:a4:8d:e8:a6:36:a6:c6:92:00:6b:27:db:bf:50:
         3c:ac:f8:e0:48:87:dc:9d:ab:48:bd:5a:9e:e6:13:72:24:29:
         c6:9f:47:29
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTepUeGg0kFvHutc202dGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwN2Q3NTczYWFjYWU4MjFjODdkNmQzNjQzMWNmZTRiMjgw
MWFiNDEwHhcNMjQwMTAyMDgzMjU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2ExMWNkOWE4ODRkOGRiMzkxMDkyMWUyMTU4MTZkNDE3Y2U0YmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnadzMvJlKTq4uSh5eHBrWLQEMTbT
aD+s7i+xcw0447uUn3w3mxwwwMttnsRhqvNaUkJoDKQCDsG/O45ZXsSv6DNK3OAt
J/z7vKA/rS6S3n1LhHmIRwGkdY9hLUgvKvzw2QxfMTuIRAzoxY2TRMDLmFp7TLPx
Q8jRDrzB9+JCP1tpG2JUllpbjaOHoW9FU2pj8AKoWaR+I99VFhCQBGQDrvehAgbK
kVPL43FOKY2ZL8kodLX62SbVQqskBiNGleLuPJzcNcGpbuuohFDP52j1lskZJeCi
shY7yZd/JilLJ8eOOfjPuIZ/WFc4zFrTalz7jaXhpI95GH4B2t/eaNQhhQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAOhHNmohNjbORCSHiFYFtQXzkuwMB8GA1UdIwQY
MBaAFNB9dXOqyughyH1tNkMc/ksoAatBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEgxMWM2cks2Q0hJZlcwMlF4ei1TeWdCcTBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi81NzI1Y2MtYWQ3MC00NmY4LWJiNjIt
Y2Y5ZGM1YmFhYTc5LzEvQTZFYzJhaUUyTnM1RUpJZUlWZ1cxQmZPUzdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi81NzI1Y2MtYWQ3MC00NmY4LWJiNjItY2Y5ZGM1YmFhYTc5
LzEvMEgxMWM2cks2Q0hJZlcwMlF4ei1TeWdCcTBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWRlfAwQA
XpsPMA0GCSqGSIb3DQEBCwUAA4IBAQAhO0TmkVdvMtgbKsVOZM7XsDfzAx30Ymuh
JUJWJoQn5nngsml+ljRM1e5cBSE4Ei3J3Tes7CCjBgLcLTnuTSjEWndCQKiJFzC4
uPEOZWV/TYscFTkU2G29cm7hUraToxHNR2G0RJArm1JTNLrBlYxp77Dn8VDXcdCZ
e4Ke2tcdp5FwjQ5yPcNky0q6xLNkZRm8WuFpfzXmkrRXuWMvjAyD7/NOa314Xu4B
gIiDN/9fpi27ci9CGrISeG13fCiYEk66ajiEfpOR+CJsOaWZD5xet2zL6+TM8GvF
LfdipI3opjamxpIAayfbv1A8rPjgSIfcnatIvVqe5hNyJCnGn0cp
-----END CERTIFICATE-----