Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/1_PDee4wFs-yRl8LJhTYnKxoGXU.roa
File:                     1_PDee4wFs-yRl8LJhTYnKxoGXU.roa (raw, json)
Hash identifier:          shnb45E6VLdlmPbpDvMp7nFmvyY0hDuyWlY2RohIuqw=
Subject key identifier:   D7:F3:C3:79:EE:30:16:CF:B2:46:5F:0B:26:14:D8:9C:AC:68:19:75
Certificate issuer:       /CN=3545a7200164912041bb931efb1feac123b43a18
Certificate serial:       018CC9BB93128DB32BE98794AD91406E0DE0
Authority key identifier: 35:45:A7:20:01:64:91:20:41:BB:93:1E:FB:1F:EA:C1:23:B4:3A:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/1_PDee4wFs-yRl8LJhTYnKxoGXU.roa
Signing time:             Tue 02 Jan 2024 10:32:42 +0000
ROA not before:           Tue 02 Jan 2024 10:32:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213277
IP address blocks:        94.46.24.0/24 maxlen: 24
                          2a00:1651::/33 maxlen: 33

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 04:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:93:12:8d:b3:2b:e9:87:94:ad:91:40:6e:0d:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3545a7200164912041bb931efb1feac123b43a18
        Validity
            Not Before: Jan  2 10:32:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7f3c379ee3016cfb2465f0b2614d89cac681975
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:a6:c8:42:41:cb:54:12:16:3a:6b:48:5e:2b:
                    85:2b:cc:9b:db:ba:62:c3:ad:46:3d:87:c6:7a:37:
                    f9:df:e1:c1:5d:59:12:16:d2:79:bd:fe:7c:4e:b4:
                    00:c0:e2:f6:c0:5b:76:ff:aa:75:d3:ab:11:7d:0f:
                    ab:b0:57:bc:ea:bf:90:2c:ba:54:ae:e8:09:ad:8a:
                    b1:22:aa:8c:7a:e0:bd:9b:56:25:62:1e:91:62:69:
                    20:29:01:42:14:cd:86:4e:b3:d2:b6:c1:5e:1d:73:
                    e7:41:9f:6d:d1:44:15:2c:bc:67:9f:6c:aa:8a:30:
                    23:ad:d6:08:ff:85:99:4a:93:51:15:52:97:cd:52:
                    ff:06:c2:12:a3:32:ba:e5:6b:7f:f8:75:03:a5:dd:
                    20:c1:2e:ea:21:6c:c7:00:46:d8:14:d9:61:fe:9a:
                    de:26:04:b0:4b:d0:ad:0f:5e:f3:a5:e1:e1:1f:63:
                    35:d7:ac:61:fb:9e:f7:eb:19:fd:5b:dc:1c:3c:f2:
                    05:b9:86:b7:7d:d2:70:e5:0f:a2:0e:09:6d:0a:e2:
                    26:c0:81:e6:0b:20:7f:58:8a:15:ba:53:c7:76:12:
                    6c:6e:32:15:6e:ec:96:72:79:3c:a2:8e:3e:6e:6f:
                    b0:66:7d:50:f0:29:5f:cc:6f:fc:70:a4:e4:f6:b6:
                    98:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:F3:C3:79:EE:30:16:CF:B2:46:5F:0B:26:14:D8:9C:AC:68:19:75
            X509v3 Authority Key Identifier:
                keyid:35:45:A7:20:01:64:91:20:41:BB:93:1E:FB:1F:EA:C1:23:B4:3A:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/1_PDee4wFs-yRl8LJhTYnKxoGXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.46.24.0/24
                IPv6:
                  2a00:1651::/33

    Signature Algorithm: sha256WithRSAEncryption
         ab:83:f8:bd:88:06:ae:16:b5:bc:bb:f5:1d:a7:7c:f6:f9:c3:
         69:39:59:37:02:bd:56:01:5f:dc:4f:0f:86:ff:10:8e:9a:96:
         01:f8:a1:87:44:68:1b:a8:6a:07:83:3c:59:f9:0f:8f:82:bf:
         50:d1:53:89:2b:37:9f:32:ec:91:6b:49:5f:20:68:d0:cb:33:
         fe:60:17:2c:5d:1f:3f:eb:47:61:2f:ec:e9:01:54:b9:19:05:
         fa:36:ca:cd:e9:56:29:30:0a:54:f3:3f:a4:4f:50:61:0e:a6:
         73:e2:8a:af:a0:47:b5:11:52:46:64:7c:4a:87:42:01:1d:10:
         a2:73:86:30:8a:f7:99:b7:3b:e8:80:6b:3e:c0:09:5c:41:a9:
         39:a1:bc:ed:08:d0:97:cc:ab:eb:1d:75:14:bd:42:0a:3c:3d:
         15:1b:c7:d4:17:32:49:5d:4e:e2:d1:97:a0:be:33:0d:23:99:
         77:4f:1f:3d:d4:6b:20:8a:07:a6:1c:a4:1c:e4:2e:10:33:fc:
         51:da:67:61:9a:81:f1:d8:4f:8e:b1:2d:db:74:b2:97:39:98:
         5c:03:e4:7f:2f:a9:67:19:b3:5e:a3:9e:a5:91:5d:dd:fa:07:
         6f:c6:c6:42:b9:cd:01:23:7c:54:16:8c:7f:d9:28:7f:cf:19:
         04:d2:6c:ad
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzJu5MSjbMr6YeUrZFAbg3gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NDVhNzIwMDE2NDkxMjA0MWJiOTMxZWZiMWZlYWMxMjNi
NDNhMTgwHhcNMjQwMTAyMTAzMjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2YzYzM3OWVlMzAxNmNmYjI0NjVmMGIyNjE0ZDg5Y2FjNjgxOTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtKbIQkHLVBIWOmtIXiuFK8yb27pi
w61GPYfGejf53+HBXVkSFtJ5vf58TrQAwOL2wFt2/6p106sRfQ+rsFe86r+QLLpU
rugJrYqxIqqMeuC9m1YlYh6RYmkgKQFCFM2GTrPStsFeHXPnQZ9t0UQVLLxnn2yq
ijAjrdYI/4WZSpNRFVKXzVL/BsISozK65Wt/+HUDpd0gwS7qIWzHAEbYFNlh/pre
JgSwS9CtD17zpeHhH2M116xh+5736xn9W9wcPPIFuYa3fdJw5Q+iDgltCuImwIHm
CyB/WIoVulPHdhJsbjIVbuyWcnk8oo4+bm+wZn1Q8ClfzG/8cKTk9raYowIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFNfzw3nuMBbPskZfCyYU2JysaBl1MB8GA1UdIwQY
MBaAFDVFpyABZJEgQbuTHvsf6sEjtDoYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlVXbklBRmtrU0JCdTVNZS14X3F3U08wT2hnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy81OWM0YjgtODdmNC00ZjJmLWE0NDkt
YWFiYjA2MmU0MGRiLzEvMV9QRGVlNHdGcy15Umw4TEpoVFluS3hvR1hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy81OWM0YjgtODdmNC00ZjJmLWE0NDktYWFiYjA2MmU0MGRi
LzEvTlVXbklBRmtrU0JCdTVNZS14X3F3U08wT2hnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAXi4YMA4E
AgACMAgDBgcqABZRADANBgkqhkiG9w0BAQsFAAOCAQEAq4P4vYgGrha1vLv1Had8
9vnDaTlZNwK9VgFf3E8Phv8QjpqWAfihh0RoG6hqB4M8WfkPj4K/UNFTiSs3nzLs
kWtJXyBo0Msz/mAXLF0fP+tHYS/s6QFUuRkF+jbKzelWKTAKVPM/pE9QYQ6mc+KK
r6BHtRFSRmR8SodCAR0QonOGMIr3mbc76IBrPsAJXEGpOaG87QjQl8yr6x11FL1C
Cjw9FRvH1BcySV1O4tGXoL4zDSOZd08fPdRrIIoHphykHOQuEDP8UdpnYZqB8dhP
jrEt23SylzmYXAPkfy+pZxmzXqOepZFd3foHb8bGQrnNASN8VBaMf9kof88ZBNJs
rQ==
-----END CERTIFICATE-----