Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/u6rUUWuMMHGILgfK-Hrnfar7eV8.roa
File:                     u6rUUWuMMHGILgfK-Hrnfar7eV8.roa (raw, json)
Hash identifier:          h8X2PWevPXjsF/sj+h76rMXc3i/UbHNnq8lhqyX1hk8=
Subject key identifier:   BB:AA:D4:51:6B:8C:30:71:88:2E:07:CA:F8:7A:E7:7D:AA:FB:79:5F
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01942824D77D69BC864B2CA1FC50CC3B456F
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/u6rUUWuMMHGILgfK-Hrnfar7eV8.roa
Signing time:             Thu 02 Jan 2025 17:51:30 +0000
ROA not before:           Thu 02 Jan 2025 17:51:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        94.156.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 12:21:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:d7:7d:69:bc:86:4b:2c:a1:fc:50:cc:3b:45:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 17:51:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bbaad4516b8c3071882e07caf87ae77daafb795f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:fa:67:74:0a:27:fd:73:8c:c0:37:5d:ed:17:
                    42:0f:df:a8:b5:22:86:f6:03:bb:e1:71:03:93:1e:
                    96:bc:96:f4:58:f5:a7:60:a5:86:b2:04:46:70:5f:
                    c7:3f:70:a1:10:72:f4:4d:ed:0d:6f:60:ed:a4:6c:
                    0b:8a:76:16:22:bf:62:f9:71:1c:e3:bd:ad:bf:17:
                    d3:2d:ff:c8:f3:6b:77:25:b3:42:f3:a8:a1:8f:8e:
                    30:46:72:6f:03:09:25:83:28:4b:e6:e7:52:b7:85:
                    4e:92:df:c6:04:5a:1e:e4:b0:d2:05:e8:af:f5:72:
                    02:39:a0:6c:33:bd:72:08:6c:3b:38:6e:73:3f:41:
                    d9:4f:55:68:ee:e6:dd:8e:e5:05:86:40:e5:f2:0e:
                    a9:51:44:36:48:55:dd:26:eb:56:6f:11:47:4e:0d:
                    a4:3e:68:d8:3a:9f:51:42:37:41:1a:76:d1:9c:ed:
                    5f:97:6a:86:b0:9b:3b:ac:51:31:e4:b4:d9:11:63:
                    ec:fe:4e:0b:8c:f2:ee:9b:9e:1d:10:f7:f3:50:15:
                    85:45:61:bc:ff:35:0c:f4:68:52:5d:50:4b:21:73:
                    c6:48:02:c2:97:ee:87:0d:4a:86:17:e9:0b:35:5a:
                    5b:4e:88:e0:33:23:f7:af:e8:3a:56:f2:74:99:12:
                    21:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:AA:D4:51:6B:8C:30:71:88:2E:07:CA:F8:7A:E7:7D:AA:FB:79:5F
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/u6rUUWuMMHGILgfK-Hrnfar7eV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.156.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:bb:1e:22:a1:02:ba:b2:e5:75:5f:eb:ca:f7:5b:1f:b2:25:
         a4:76:68:d1:48:86:6a:34:30:6f:80:9c:1c:7a:53:97:14:c6:
         64:67:9f:28:22:ba:3a:16:c9:07:dd:6b:b8:10:82:18:9d:42:
         dc:3b:1a:d4:9d:10:a5:3a:42:12:50:d5:02:2d:cf:c3:fb:71:
         d5:c6:4d:eb:af:04:06:bc:b0:52:5f:d5:f6:39:b7:74:9e:9d:
         34:b5:0b:24:f2:e1:8b:e4:4c:bd:bd:8c:85:2f:04:27:c7:c6:
         0f:b5:31:03:dd:af:a5:6e:c1:0b:f9:40:f1:c0:9e:41:14:39:
         54:23:5a:b5:35:57:a8:c9:d5:0a:1b:e4:a0:12:f7:25:28:c8:
         54:a9:2f:7d:e6:a3:f3:87:fa:6f:77:d0:c3:70:b7:92:11:a2:
         87:b9:46:04:11:a3:84:33:36:fb:fa:96:9b:a6:9b:4a:7c:7b:
         ee:6e:82:10:b4:4b:a3:db:65:d0:8f:62:63:94:02:6a:f1:9b:
         f8:16:ea:8b:c0:b9:58:eb:39:2a:fc:ab:86:88:14:d2:d9:63:
         35:0f:1c:3f:4b:16:06:0b:fe:98:9d:09:8e:e6:9a:69:0a:61:
         86:9c:5d:2c:7d:f4:6f:ab:a2:1c:e5:4d:c8:4c:6e:b8:16:dd:
         ed:84:f2:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJNd9abyGSyyh/FDMO0VvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTAyMTc1MTMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmFhZDQ1MTZiOGMzMDcxODgyZTA3Y2FmODdhZTc3ZGFhZmI3OTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh/pndAon/XOMwDdd7RdCD9+otSKG
9gO74XEDkx6WvJb0WPWnYKWGsgRGcF/HP3ChEHL0Te0Nb2DtpGwLinYWIr9i+XEc
472tvxfTLf/I82t3JbNC86ihj44wRnJvAwklgyhL5udSt4VOkt/GBFoe5LDSBeiv
9XICOaBsM71yCGw7OG5zP0HZT1Vo7ubdjuUFhkDl8g6pUUQ2SFXdJutWbxFHTg2k
PmjYOp9RQjdBGnbRnO1fl2qGsJs7rFEx5LTZEWPs/k4LjPLum54dEPfzUBWFRWG8
/zUM9GhSXVBLIXPGSALCl+6HDUqGF+kLNVpbTojgMyP3r+g6VvJ0mRIhbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLuq1FFrjDBxiC4Hyvh6532q+3lfMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvdTZyVVVXdU1NSEdJTGdmSy1Icm5mYXI3ZVY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpywMA0G
CSqGSIb3DQEBCwUAA4IBAQCxux4ioQK6suV1X+vK91sfsiWkdmjRSIZqNDBvgJwc
elOXFMZkZ58oIro6FskH3Wu4EIIYnULcOxrUnRClOkISUNUCLc/D+3HVxk3rrwQG
vLBSX9X2Obd0np00tQsk8uGL5Ey9vYyFLwQnx8YPtTED3a+lbsEL+UDxwJ5BFDlU
I1q1NVeoydUKG+SgEvclKMhUqS995qPzh/pvd9DDcLeSEaKHuUYEEaOEMzb7+pab
pptKfHvuboIQtEuj22XQj2JjlAJq8Zv4FuqLwLlY6zkq/KuGiBTS2WM1Dxw/SxYG
C/6YnQmO5pppCmGGnF0sffRvq6Ic5U3ITG64Ft3thPLK
-----END CERTIFICATE-----