Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/4615be-e566-4253-83ef-f6626b63383e/1/VwUk7y0zO5Mx4dqI1nqU1mCPomA.roa
File:                     VwUk7y0zO5Mx4dqI1nqU1mCPomA.roa (raw, json)
Hash identifier:          3ETxsuTriFcqg8JNihvATf+SJzxphG0A2lHFWKrQspQ=
Subject key identifier:   57:05:24:EF:2D:33:3B:93:31:E1:DA:88:D6:7A:94:D6:60:8F:A2:60
Certificate issuer:       /CN=ad109dee6fbdc256df911460ccc915d066a8ff8b
Certificate serial:       0194236A05E536AE6DEA4F1CD8D9FBEB1DBD
Authority key identifier: AD:10:9D:EE:6F:BD:C2:56:DF:91:14:60:CC:C9:15:D0:66:A8:FF:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rRCd7m-9wlbfkRRgzMkV0Gao_4s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/4615be-e566-4253-83ef-f6626b63383e/1/VwUk7y0zO5Mx4dqI1nqU1mCPomA.roa
Signing time:             Wed 01 Jan 2025 19:48:58 +0000
ROA not before:           Wed 01 Jan 2025 19:48:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216280
IP address blocks:        84.20.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/4615be-e566-4253-83ef-f6626b63383e/1/rRCd7m-9wlbfkRRgzMkV0Gao_4s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/4615be-e566-4253-83ef-f6626b63383e/1/rRCd7m-9wlbfkRRgzMkV0Gao_4s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rRCd7m-9wlbfkRRgzMkV0Gao_4s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 10:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:05:e5:36:ae:6d:ea:4f:1c:d8:d9:fb:eb:1d:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad109dee6fbdc256df911460ccc915d066a8ff8b
        Validity
            Not Before: Jan  1 19:48:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=570524ef2d333b9331e1da88d67a94d6608fa260
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:61:97:33:e7:1d:be:87:8c:a3:bf:2c:c4:c6:
                    c2:ce:63:28:71:0e:88:62:3b:f2:b4:a0:e3:45:93:
                    dd:d9:d7:62:85:f5:e4:88:3b:ae:84:52:46:d0:72:
                    e7:2b:ef:59:8d:e9:ea:be:82:4a:fd:53:b2:b3:8f:
                    e4:7a:88:32:b0:c5:5b:71:41:a0:17:a5:50:33:91:
                    02:68:25:a6:c6:98:2e:7a:b7:e9:e6:b3:97:a9:2b:
                    43:d3:d5:34:76:32:cf:9e:8f:78:a0:3f:fb:0a:f8:
                    e6:42:f4:e3:e0:3a:e1:8e:1e:44:2e:bb:82:b4:eb:
                    49:8a:28:da:ce:89:d9:f4:8a:78:9e:f9:db:ea:42:
                    65:b7:f5:4e:9a:c3:da:2e:f2:31:be:3a:54:56:2f:
                    c0:65:1d:96:1f:10:2a:9d:4c:41:38:e1:c9:8b:b0:
                    98:a4:ea:4a:d1:4a:2b:3c:1d:88:44:45:37:63:0a:
                    36:52:00:b6:3b:c4:f8:2e:ca:c8:f6:af:d5:e2:c6:
                    91:16:3c:03:fb:e2:9c:21:51:7c:46:1b:d3:f1:6d:
                    e5:ab:80:8a:94:d1:63:3f:76:16:f4:32:b2:34:02:
                    ea:97:7d:9e:80:69:f6:57:31:2f:6a:2a:e8:a4:8d:
                    82:37:6a:fb:78:33:42:ba:b9:cb:bc:f2:76:df:3b:
                    32:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:05:24:EF:2D:33:3B:93:31:E1:DA:88:D6:7A:94:D6:60:8F:A2:60
            X509v3 Authority Key Identifier:
                keyid:AD:10:9D:EE:6F:BD:C2:56:DF:91:14:60:CC:C9:15:D0:66:A8:FF:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rRCd7m-9wlbfkRRgzMkV0Gao_4s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/4615be-e566-4253-83ef-f6626b63383e/1/VwUk7y0zO5Mx4dqI1nqU1mCPomA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/4615be-e566-4253-83ef-f6626b63383e/1/rRCd7m-9wlbfkRRgzMkV0Gao_4s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.20.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:1d:b5:2c:8f:2b:cf:bb:4d:93:1c:62:0e:33:cb:7e:01:33:
         7a:a4:a5:e6:29:b3:b9:63:3b:71:97:6b:5a:2b:ea:ae:8a:ac:
         20:20:bb:e8:75:d9:52:50:61:a2:f2:5d:d2:85:d6:2e:49:ea:
         0a:18:48:1a:78:a6:b4:cf:bd:02:ef:24:c4:7e:be:9a:7d:34:
         fe:3f:8f:8b:b0:3c:01:e1:5b:71:22:f1:be:24:04:c3:43:da:
         01:48:6f:e8:b2:07:b2:51:38:21:93:a1:af:cb:24:c4:49:5a:
         37:a2:a5:c8:1b:c9:4e:a6:56:5d:43:e7:c0:35:ce:75:e8:54:
         6f:25:73:ef:53:3a:39:ce:8d:e7:ce:7d:b1:5a:20:50:62:33:
         c9:fd:ab:df:aa:99:4d:0c:6d:cf:ee:da:a1:7e:17:e4:ed:8e:
         74:69:6e:1b:83:ba:09:28:ff:01:fc:35:4c:12:92:6c:d3:35:
         fd:70:96:94:70:58:b7:a8:64:f4:ea:82:99:1f:d7:72:4f:5e:
         78:e3:2b:b2:89:6f:2b:ca:2a:a8:e5:06:81:11:bb:7b:67:49:
         b5:e8:81:3a:45:8d:06:11:b1:b8:df:d9:94:12:1a:83:26:6c:
         7c:e9:c3:88:33:56:e7:ff:4a:2d:81:cb:e6:b6:1e:1c:e8:70:
         01:14:f6:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjagXlNq5t6k8c2Nn76x29MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMTA5ZGVlNmZiZGMyNTZkZjkxMTQ2MGNjYzkxNWQwNjZh
OGZmOGIwHhcNMjUwMTAxMTk0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzA1MjRlZjJkMzMzYjkzMzFlMWRhODhkNjdhOTRkNjYwOGZhMjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumGXM+cdvoeMo78sxMbCzmMocQ6I
YjvytKDjRZPd2ddihfXkiDuuhFJG0HLnK+9ZjenqvoJK/VOys4/keogysMVbcUGg
F6VQM5ECaCWmxpguerfp5rOXqStD09U0djLPno94oD/7CvjmQvTj4Drhjh5ELruC
tOtJiijazonZ9Ip4nvnb6kJlt/VOmsPaLvIxvjpUVi/AZR2WHxAqnUxBOOHJi7CY
pOpK0UorPB2IREU3Ywo2UgC2O8T4LsrI9q/V4saRFjwD++KcIVF8RhvT8W3lq4CK
lNFjP3YW9DKyNALql32egGn2VzEvairopI2CN2r7eDNCurnLvPJ23zsyAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFcFJO8tMzuTMeHaiNZ6lNZgj6JgMB8GA1UdIwQY
MBaAFK0Qne5vvcJW35EUYMzJFdBmqP+LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclJDZDdtLTl3bGJma1JSZ3pNa1YwR2FvXzRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi80NjE1YmUtZTU2Ni00MjUzLTgzZWYt
ZjY2MjZiNjMzODNlLzEvVndVazd5MHpPNU14NGRxSTFucVUxbUNQb21BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi80NjE1YmUtZTU2Ni00MjUzLTgzZWYtZjY2MjZiNjMzODNl
LzEvclJDZDdtLTl3bGJma1JSZ3pNa1YwR2FvXzRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVBReMA0G
CSqGSIb3DQEBCwUAA4IBAQCKHbUsjyvPu02THGIOM8t+ATN6pKXmKbO5Yztxl2ta
K+quiqwgILvoddlSUGGi8l3ShdYuSeoKGEgaeKa0z70C7yTEfr6afTT+P4+LsDwB
4VtxIvG+JATDQ9oBSG/osgeyUTghk6GvyyTESVo3oqXIG8lOplZdQ+fANc516FRv
JXPvUzo5zo3nzn2xWiBQYjPJ/avfqplNDG3P7tqhfhfk7Y50aW4bg7oJKP8B/DVM
EpJs0zX9cJaUcFi3qGT06oKZH9dyT1544yuyiW8ryiqo5QaBEbt7Z0m16IE6RY0G
EbG439mUEhqDJmx86cOIM1bn/0otgcvmth4c6HABFPa0
-----END CERTIFICATE-----