Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/8f5119-6dcc-43a2-8daf-f3211d91520d/1/XHXvdoWL7LeaIBpdMjUMlqbbL2Y.roa
File:                     XHXvdoWL7LeaIBpdMjUMlqbbL2Y.roa (raw, json)
Hash identifier:          DgbXCcXyL5VzhTEZeOruKYr5QlILU6JQntaLXAiwlS8=
Subject key identifier:   5C:75:EF:76:85:8B:EC:B7:9A:20:1A:5D:32:35:0C:96:A6:DB:2F:66
Certificate issuer:       /CN=6baa05c6f8f9bfd70e3d41fe05bafc50d1253bf5
Certificate serial:       018CC56EA95EEA53B5414F0595E01BF290A5
Authority key identifier: 6B:AA:05:C6:F8:F9:BF:D7:0E:3D:41:FE:05:BA:FC:50:D1:25:3B:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a6oFxvj5v9cOPUH-Bbr8UNElO_U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/8f5119-6dcc-43a2-8daf-f3211d91520d/1/XHXvdoWL7LeaIBpdMjUMlqbbL2Y.roa
Signing time:             Mon 01 Jan 2024 14:30:13 +0000
ROA not before:           Mon 01 Jan 2024 14:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58061
IP address blocks:        94.103.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/8f5119-6dcc-43a2-8daf-f3211d91520d/1/a6oFxvj5v9cOPUH-Bbr8UNElO_U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/8f5119-6dcc-43a2-8daf-f3211d91520d/1/a6oFxvj5v9cOPUH-Bbr8UNElO_U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a6oFxvj5v9cOPUH-Bbr8UNElO_U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 18:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:a9:5e:ea:53:b5:41:4f:05:95:e0:1b:f2:90:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6baa05c6f8f9bfd70e3d41fe05bafc50d1253bf5
        Validity
            Not Before: Jan  1 14:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c75ef76858becb79a201a5d32350c96a6db2f66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:45:f0:a5:81:c6:60:11:da:f1:1d:d5:fa:a2:
                    e3:e3:dd:a7:51:70:fe:8a:2c:ee:3b:7d:67:5a:b3:
                    b9:68:5a:4c:d1:f1:57:8c:7b:fb:c5:de:d2:40:69:
                    d0:4d:69:1d:98:6b:80:95:59:55:42:09:e7:a7:2a:
                    7b:39:9a:1e:af:6c:a0:45:68:93:ab:18:52:79:66:
                    dc:d3:7e:70:8c:25:91:d6:4e:bb:2c:93:5d:d5:eb:
                    c0:34:0b:50:19:f9:95:a1:04:7b:31:33:39:5f:74:
                    39:e5:25:96:c2:ad:f9:ca:0c:fc:ef:a9:3c:b3:d8:
                    bc:9d:87:24:cf:ec:ed:06:c8:48:45:12:4b:f5:0f:
                    20:c0:a7:ae:55:32:9b:a6:f3:60:fb:af:7d:7f:f1:
                    2a:86:14:00:cc:d5:db:b2:dd:b8:7b:94:14:5a:a6:
                    02:5a:83:df:75:e9:1b:91:13:df:ca:ac:df:22:67:
                    1d:fa:59:d6:16:06:da:5a:c8:51:78:66:1f:eb:f8:
                    d1:26:43:ed:b3:07:f1:43:0d:f6:72:4f:8c:ba:55:
                    2d:f7:11:a1:0f:42:09:80:95:c0:ac:a4:c3:1a:4c:
                    ba:83:8d:ed:f2:5a:62:4c:eb:24:c1:ff:42:18:6f:
                    94:27:cd:d9:46:70:68:e8:e9:31:ea:b6:58:d9:93:
                    a0:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:75:EF:76:85:8B:EC:B7:9A:20:1A:5D:32:35:0C:96:A6:DB:2F:66
            X509v3 Authority Key Identifier:
                keyid:6B:AA:05:C6:F8:F9:BF:D7:0E:3D:41:FE:05:BA:FC:50:D1:25:3B:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6oFxvj5v9cOPUH-Bbr8UNElO_U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8f5119-6dcc-43a2-8daf-f3211d91520d/1/XHXvdoWL7LeaIBpdMjUMlqbbL2Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8f5119-6dcc-43a2-8daf-f3211d91520d/1/a6oFxvj5v9cOPUH-Bbr8UNElO_U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.103.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:e7:c7:97:4f:a5:e0:00:30:8f:2d:a7:15:3e:56:39:48:f9:
         ad:59:72:e1:53:20:41:b5:f7:67:c8:7a:0b:03:2f:c8:74:f1:
         d2:49:52:db:b2:c1:57:21:a4:78:fe:9a:d2:3e:47:2b:97:ae:
         09:49:fc:32:98:45:c7:f7:a6:a0:b7:be:35:7f:21:89:ef:18:
         8b:39:75:b7:38:e6:20:a7:50:5c:c6:15:6a:c4:75:b5:0a:87:
         c6:8e:c2:75:87:c8:5b:ad:f4:c1:82:06:fa:98:12:61:7b:d1:
         02:19:90:ed:35:3e:d8:4f:a2:c7:c6:b6:8a:52:db:5b:f9:50:
         bb:4f:e2:b4:8b:0c:a4:a0:ae:24:bb:f1:e5:7f:9e:b4:66:39:
         7c:ee:19:4e:ae:86:67:d5:f1:25:e6:58:c5:4f:44:72:97:5e:
         0b:f8:82:8a:a6:85:38:b0:8a:e2:b3:b5:86:ac:e5:82:34:5f:
         fe:e3:2f:93:cb:66:b1:6f:89:2a:d7:09:58:95:be:e5:e7:4d:
         f8:75:6b:32:fb:e8:70:16:78:0c:b4:b4:0b:d4:0b:59:b0:b1:
         00:db:6a:e2:49:19:f0:3c:62:00:f4:0a:56:e7:7a:aa:f0:ee:
         f8:69:8b:2a:b1:99:7d:bd:16:d2:26:3d:71:5b:ec:24:56:04:
         69:07:72:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbqle6lO1QU8FleAb8pClMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYWEwNWM2ZjhmOWJmZDcwZTNkNDFmZTA1YmFmYzUwZDEy
NTNiZjUwHhcNMjQwMTAxMTQzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Yzc1ZWY3Njg1OGJlY2I3OWEyMDFhNWQzMjM1MGM5NmE2ZGIyZjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmUXwpYHGYBHa8R3V+qLj492nUXD+
iizuO31nWrO5aFpM0fFXjHv7xd7SQGnQTWkdmGuAlVlVQgnnpyp7OZoer2ygRWiT
qxhSeWbc035wjCWR1k67LJNd1evANAtQGfmVoQR7MTM5X3Q55SWWwq35ygz876k8
s9i8nYckz+ztBshIRRJL9Q8gwKeuVTKbpvNg+699f/EqhhQAzNXbst24e5QUWqYC
WoPfdekbkRPfyqzfImcd+lnWFgbaWshReGYf6/jRJkPtswfxQw32ck+MulUt9xGh
D0IJgJXArKTDGky6g43t8lpiTOskwf9CGG+UJ83ZRnBo6Okx6rZY2ZOgEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFx173aFi+y3miAaXTI1DJam2y9mMB8GA1UdIwQY
MBaAFGuqBcb4+b/XDj1B/gW6/FDRJTv1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTZvRnh2ajV2OWNPUFVILUJicjhVTkVsT19VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC84ZjUxMTktNmRjYy00M2EyLThkYWYt
ZjMyMTFkOTE1MjBkLzEvWEhYdmRvV0w3TGVhSUJwZE1qVU1scWJiTDJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC84ZjUxMTktNmRjYy00M2EyLThkYWYtZjMyMTFkOTE1MjBk
LzEvYTZvRnh2ajV2OWNPUFVILUJicjhVTkVsT19VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXme6MA0G
CSqGSIb3DQEBCwUAA4IBAQCq58eXT6XgADCPLacVPlY5SPmtWXLhUyBBtfdnyHoL
Ay/IdPHSSVLbssFXIaR4/prSPkcrl64JSfwymEXH96agt741fyGJ7xiLOXW3OOYg
p1BcxhVqxHW1CofGjsJ1h8hbrfTBggb6mBJhe9ECGZDtNT7YT6LHxraKUttb+VC7
T+K0iwykoK4ku/Hlf560Zjl87hlOroZn1fEl5ljFT0Ryl14L+IKKpoU4sIris7WG
rOWCNF/+4y+Ty2axb4kq1wlYlb7l5034dWsy++hwFngMtLQL1AtZsLEA22riSRnw
PGIA9ApW53qq8O74aYsqsZl9vRbSJj1xW+wkVgRpB3KA
-----END CERTIFICATE-----