Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/37eab0-7f53-4b62-b5d4-78006e078171/1/vAx1Y2zp2xK4qNSuXhLkogIUjsA.roa
File:                     vAx1Y2zp2xK4qNSuXhLkogIUjsA.roa (raw, json)
Hash identifier:          N+A9wp7ZGC/ucSXUi016cu8BLViFZeKttGiLttedTSA=
Subject key identifier:   BC:0C:75:63:6C:E9:DB:12:B8:A8:D4:AE:5E:12:E4:A2:02:14:8E:C0
Certificate issuer:       /CN=e69f2b69f4a95a521e18fb33e6793f467e031bc1
Certificate serial:       018CC86EF2BD183F4137989D474C0C82F7E9
Authority key identifier: E6:9F:2B:69:F4:A9:5A:52:1E:18:FB:33:E6:79:3F:46:7E:03:1B:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5p8rafSpWlIeGPsz5nk_Rn4DG8E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/37eab0-7f53-4b62-b5d4-78006e078171/1/vAx1Y2zp2xK4qNSuXhLkogIUjsA.roa
Signing time:             Tue 02 Jan 2024 04:29:23 +0000
ROA not before:           Tue 02 Jan 2024 04:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205090
IP address blocks:        94.142.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/37eab0-7f53-4b62-b5d4-78006e078171/1/5p8rafSpWlIeGPsz5nk_Rn4DG8E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/37eab0-7f53-4b62-b5d4-78006e078171/1/5p8rafSpWlIeGPsz5nk_Rn4DG8E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5p8rafSpWlIeGPsz5nk_Rn4DG8E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 04:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:f2:bd:18:3f:41:37:98:9d:47:4c:0c:82:f7:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e69f2b69f4a95a521e18fb33e6793f467e031bc1
        Validity
            Not Before: Jan  2 04:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc0c75636ce9db12b8a8d4ae5e12e4a202148ec0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:9c:bb:84:8f:5e:e8:d7:16:12:c8:b5:0a:35:
                    ae:1b:90:18:2f:1a:dd:d8:a8:47:a3:09:ee:c4:0a:
                    21:0d:66:a4:35:70:e4:23:a4:0c:ee:54:23:f1:25:
                    86:87:ef:b5:80:74:9c:e4:18:89:83:51:c3:e9:a1:
                    0d:f3:90:16:bb:0a:cd:b5:75:d3:e1:c0:3b:ad:57:
                    76:c2:c0:1b:d8:f0:89:b2:63:25:94:e0:76:dd:77:
                    91:62:86:42:91:df:0a:b9:4c:b7:2c:0b:be:94:92:
                    2f:f3:ea:de:0c:d2:28:91:e2:60:8b:11:b2:5a:64:
                    2e:0a:74:4c:bf:b3:65:36:ff:ae:10:fe:f9:72:6b:
                    ef:15:79:b8:52:7e:2d:b4:e1:20:b4:17:17:5a:ac:
                    89:07:34:56:05:e2:de:d0:c6:de:8d:d1:b3:b3:f1:
                    5c:cb:8e:07:21:27:58:eb:59:93:59:e5:47:56:16:
                    bf:b0:b2:61:b2:cd:89:96:94:17:ad:23:08:1d:74:
                    4e:df:70:dc:49:d4:23:40:8d:93:a1:50:8d:94:64:
                    11:96:25:4d:bb:63:9f:e3:8b:34:33:cd:69:ed:a8:
                    4a:87:2f:6d:36:de:bf:d9:bc:47:a1:43:e1:44:6b:
                    5f:12:a6:0a:de:9b:36:41:c7:4f:1a:da:99:87:cb:
                    fb:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:0C:75:63:6C:E9:DB:12:B8:A8:D4:AE:5E:12:E4:A2:02:14:8E:C0
            X509v3 Authority Key Identifier:
                keyid:E6:9F:2B:69:F4:A9:5A:52:1E:18:FB:33:E6:79:3F:46:7E:03:1B:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5p8rafSpWlIeGPsz5nk_Rn4DG8E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/37eab0-7f53-4b62-b5d4-78006e078171/1/vAx1Y2zp2xK4qNSuXhLkogIUjsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/37eab0-7f53-4b62-b5d4-78006e078171/1/5p8rafSpWlIeGPsz5nk_Rn4DG8E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.142.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:85:34:02:71:3e:2d:63:ff:18:98:c8:d9:9d:c1:27:99:09:
         75:38:99:d3:27:7e:ae:2a:87:ea:df:7d:bd:0a:56:a3:2e:96:
         06:43:cc:6e:54:c6:93:7b:a1:e5:24:17:a4:8f:ae:6d:e5:e9:
         f6:b6:13:a6:24:90:c3:63:97:29:f8:84:3b:4f:c3:56:fd:7c:
         37:ca:8c:6a:65:a6:a2:3a:f1:44:3e:2b:19:5a:3a:de:e7:8d:
         a6:b7:4e:9b:7c:2c:35:81:6a:5a:6b:bc:33:44:44:e0:d2:ad:
         01:dc:1c:99:bc:cc:6b:73:66:b5:ff:34:4a:ff:dc:f1:89:11:
         28:72:3c:6b:cb:cf:11:bd:25:81:55:dc:84:55:31:d0:6e:ca:
         b4:42:d0:53:fb:87:46:ee:2b:28:33:74:75:ae:ec:34:a5:ec:
         0a:f8:0e:75:e6:0f:9c:fe:31:b8:bc:35:38:ec:70:86:b7:fe:
         d6:76:3c:01:5a:11:16:b5:38:10:13:19:83:92:0e:f1:c7:46:
         a4:51:8b:c3:fa:f5:95:b3:e0:8c:a3:e5:bd:e0:ca:d2:94:4e:
         48:ab:81:66:f8:5d:d6:2c:58:b2:81:2c:a3:f9:86:51:af:94:
         f6:8a:21:4d:61:57:c9:5f:6f:04:20:2e:ee:1e:99:50:5b:04:
         6c:79:0c:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbvK9GD9BN5idR0wMgvfpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2OWYyYjY5ZjRhOTVhNTIxZTE4ZmIzM2U2NzkzZjQ2N2Uw
MzFiYzEwHhcNMjQwMTAyMDQyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzBjNzU2MzZjZTlkYjEyYjhhOGQ0YWU1ZTEyZTRhMjAyMTQ4ZWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgpy7hI9e6NcWEsi1CjWuG5AYLxrd
2KhHownuxAohDWakNXDkI6QM7lQj8SWGh++1gHSc5BiJg1HD6aEN85AWuwrNtXXT
4cA7rVd2wsAb2PCJsmMllOB23XeRYoZCkd8KuUy3LAu+lJIv8+reDNIokeJgixGy
WmQuCnRMv7NlNv+uEP75cmvvFXm4Un4ttOEgtBcXWqyJBzRWBeLe0MbejdGzs/Fc
y44HISdY61mTWeVHVha/sLJhss2JlpQXrSMIHXRO33DcSdQjQI2ToVCNlGQRliVN
u2Of44s0M81p7ahKhy9tNt6/2bxHoUPhRGtfEqYK3ps2QcdPGtqZh8v7VwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLwMdWNs6dsSuKjUrl4S5KICFI7AMB8GA1UdIwQY
MBaAFOafK2n0qVpSHhj7M+Z5P0Z+AxvBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXA4cmFmU3BXbEllR1BzejVua19SbjRERzhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8zN2VhYjAtN2Y1My00YjYyLWI1ZDQt
NzgwMDZlMDc4MTcxLzEvdkF4MVkyenAyeEs0cU5TdVhoTGtvZ0lVanNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8zN2VhYjAtN2Y1My00YjYyLWI1ZDQtNzgwMDZlMDc4MTcx
LzEvNXA4cmFmU3BXbEllR1BzejVua19SbjRERzhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXo76MA0G
CSqGSIb3DQEBCwUAA4IBAQAMhTQCcT4tY/8YmMjZncEnmQl1OJnTJ36uKofq3329
ClajLpYGQ8xuVMaTe6HlJBekj65t5en2thOmJJDDY5cp+IQ7T8NW/Xw3yoxqZaai
OvFEPisZWjre542mt06bfCw1gWpaa7wzRETg0q0B3ByZvMxrc2a1/zRK/9zxiREo
cjxry88RvSWBVdyEVTHQbsq0QtBT+4dG7isoM3R1ruw0pewK+A515g+c/jG4vDU4
7HCGt/7WdjwBWhEWtTgQExmDkg7xx0akUYvD+vWVs+CMo+W94MrSlE5Iq4Fm+F3W
LFiygSyj+YZRr5T2iiFNYVfJX28EIC7uHplQWwRseQzx
-----END CERTIFICATE-----