Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/c90d5d-ca61-4464-899a-d1205e0c0cce/1/3Qoof5dHJSnG7JvfeKEFCgQSYnI.roa
File:                     3Qoof5dHJSnG7JvfeKEFCgQSYnI.roa (raw, json)
Hash identifier:          XSkw7521tIRfmt+AbswHgrSEv1YyFp3hD0oP1R2QEAY=
Subject key identifier:   DD:0A:28:7F:97:47:25:29:C6:EC:9B:DF:78:A1:05:0A:04:12:62:72
Certificate issuer:       /CN=af5316fc4a83b3d03e2975f8bec270cb0f4efb1d
Certificate serial:       018F61C5FE42BE717A9602FD67540A657F1E
Authority key identifier: AF:53:16:FC:4A:83:B3:D0:3E:29:75:F8:BE:C2:70:CB:0F:4E:FB:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r1MW_EqDs9A-KXX4vsJwyw9O-x0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/c90d5d-ca61-4464-899a-d1205e0c0cce/1/3Qoof5dHJSnG7JvfeKEFCgQSYnI.roa
Signing time:             Fri 10 May 2024 09:11:56 +0000
ROA not before:           Fri 10 May 2024 09:11:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136787
IP address blocks:        45.94.232.0/24 maxlen: 24
                          45.94.233.0/24 maxlen: 24
                          45.94.234.0/24 maxlen: 24
                          45.94.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/c90d5d-ca61-4464-899a-d1205e0c0cce/1/r1MW_EqDs9A-KXX4vsJwyw9O-x0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/c90d5d-ca61-4464-899a-d1205e0c0cce/1/r1MW_EqDs9A-KXX4vsJwyw9O-x0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r1MW_EqDs9A-KXX4vsJwyw9O-x0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:61:c5:fe:42:be:71:7a:96:02:fd:67:54:0a:65:7f:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af5316fc4a83b3d03e2975f8bec270cb0f4efb1d
        Validity
            Not Before: May 10 09:11:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd0a287f97472529c6ec9bdf78a1050a04126272
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:e4:66:e2:5a:94:a2:06:91:cd:4b:00:11:53:
                    63:a9:df:cc:bd:7d:81:93:61:61:8d:bb:fc:f7:98:
                    10:17:d5:b0:ef:7a:91:53:12:65:75:40:19:bc:68:
                    5e:aa:7b:3f:75:49:77:a3:f2:b3:c3:72:92:1b:04:
                    64:ae:f4:dd:84:a4:54:91:4c:5e:a7:da:9c:45:33:
                    68:13:dc:c2:0c:f0:f8:6f:b2:07:e4:9e:f1:68:d4:
                    a0:78:32:9b:b3:43:37:cd:fb:95:ae:60:4f:99:3e:
                    9d:7d:49:97:8e:04:33:43:0a:fc:6f:6e:7d:b0:42:
                    ce:2b:af:56:a5:eb:91:78:3b:b2:6c:d7:09:2f:68:
                    25:95:51:04:5f:a1:b7:5b:40:a7:0a:76:2c:49:a8:
                    3e:5b:69:3e:22:09:e5:62:a2:44:c1:26:88:72:37:
                    87:51:28:fb:0f:0f:12:63:a5:fe:e1:a9:56:49:cc:
                    3f:4c:1d:be:10:92:4f:5a:dc:5e:dd:b9:5e:60:6c:
                    0b:4a:5d:12:a2:85:e4:d4:6c:26:96:74:b5:5b:6d:
                    b9:c3:39:0d:6c:e0:a2:fc:98:ab:24:47:e6:42:2f:
                    dd:a5:d1:79:7d:72:b2:ed:b5:7f:72:a9:49:c7:86:
                    ec:ea:bc:ff:6a:25:64:d9:d7:52:9a:8b:c9:a5:e2:
                    85:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:0A:28:7F:97:47:25:29:C6:EC:9B:DF:78:A1:05:0A:04:12:62:72
            X509v3 Authority Key Identifier:
                keyid:AF:53:16:FC:4A:83:B3:D0:3E:29:75:F8:BE:C2:70:CB:0F:4E:FB:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r1MW_EqDs9A-KXX4vsJwyw9O-x0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/c90d5d-ca61-4464-899a-d1205e0c0cce/1/3Qoof5dHJSnG7JvfeKEFCgQSYnI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/c90d5d-ca61-4464-899a-d1205e0c0cce/1/r1MW_EqDs9A-KXX4vsJwyw9O-x0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2f:25:d4:d4:e1:a0:2f:1e:d9:55:30:64:29:78:8d:5e:65:eb:
         1a:5e:20:a1:7d:ca:4c:eb:13:b2:28:7b:75:65:fe:a2:d9:16:
         89:8b:5c:83:c7:f8:e8:7c:70:17:7f:2a:74:16:6e:6b:df:31:
         e3:75:92:d7:02:c7:d2:2b:9f:5f:00:07:6c:f8:f7:fb:2a:da:
         a4:3b:fe:72:c7:d8:ed:82:2b:f0:3e:f5:30:0a:41:b6:9e:1b:
         6a:0b:f6:e1:23:2f:40:f3:55:fb:02:98:36:cb:4d:a3:f3:b5:
         4f:42:2e:00:8b:21:40:15:11:00:da:8b:9d:ba:01:0d:51:55:
         6b:86:2c:33:4d:72:f8:2a:22:b7:4d:e9:6c:eb:ea:10:a2:23:
         25:94:1b:25:d6:c4:44:de:11:71:ea:24:c9:4a:7c:65:6a:e8:
         58:d9:69:a3:d0:72:fe:6c:7a:0a:f9:47:b3:4d:90:8c:1b:1b:
         e6:00:e2:71:bb:6b:b1:d6:f6:9d:f7:aa:bf:34:2b:5f:0c:9b:
         f5:c0:5e:89:49:7c:ad:04:e3:5f:ed:94:48:90:12:1b:46:64:
         05:7a:ba:eb:0d:11:ab:38:ca:8b:75:54:ee:bd:ad:f3:27:99:
         25:1b:09:05:5d:36:2c:6e:b2:04:86:f9:2c:65:90:b4:64:ef:
         d4:87:60:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9hxf5CvnF6lgL9Z1QKZX8eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNTMxNmZjNGE4M2IzZDAzZTI5NzVmOGJlYzI3MGNiMGY0
ZWZiMWQwHhcNMjQwNTEwMDkxMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDBhMjg3Zjk3NDcyNTI5YzZlYzliZGY3OGExMDUwYTA0MTI2MjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsORm4lqUogaRzUsAEVNjqd/MvX2B
k2Fhjbv895gQF9Ww73qRUxJldUAZvGheqns/dUl3o/Kzw3KSGwRkrvTdhKRUkUxe
p9qcRTNoE9zCDPD4b7IH5J7xaNSgeDKbs0M3zfuVrmBPmT6dfUmXjgQzQwr8b259
sELOK69WpeuReDuybNcJL2gllVEEX6G3W0CnCnYsSag+W2k+IgnlYqJEwSaIcjeH
USj7Dw8SY6X+4alWScw/TB2+EJJPWtxe3bleYGwLSl0SooXk1GwmlnS1W225wzkN
bOCi/JirJEfmQi/dpdF5fXKy7bV/cqlJx4bs6rz/aiVk2ddSmovJpeKF4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN0KKH+XRyUpxuyb33ihBQoEEmJyMB8GA1UdIwQY
MBaAFK9TFvxKg7PQPil1+L7CcMsPTvsdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjFNV19FcURzOUEtS1hYNHZzSnd5dzlPLXgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC9jOTBkNWQtY2E2MS00NDY0LTg5OWEt
ZDEyMDVlMGMwY2NlLzEvM1Fvb2Y1ZEhKU25HN0p2ZmVLRUZDZ1FTWW5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC9jOTBkNWQtY2E2MS00NDY0LTg5OWEtZDEyMDVlMGMwY2Nl
LzEvcjFNV19FcURzOUEtS1hYNHZzSnd5dzlPLXgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLV7oMA0G
CSqGSIb3DQEBCwUAA4IBAQAvJdTU4aAvHtlVMGQpeI1eZesaXiChfcpM6xOyKHt1
Zf6i2RaJi1yDx/jofHAXfyp0Fm5r3zHjdZLXAsfSK59fAAds+Pf7KtqkO/5yx9jt
givwPvUwCkG2nhtqC/bhIy9A81X7Apg2y02j87VPQi4AiyFAFREA2oudugENUVVr
hiwzTXL4KiK3Tels6+oQoiMllBsl1sRE3hFx6iTJSnxlauhY2Wmj0HL+bHoK+Uez
TZCMGxvmAOJxu2ux1vad96q/NCtfDJv1wF6JSXytBONf7ZRIkBIbRmQFerrrDRGr
OMqLdVTuva3zJ5klGwkFXTYsbrIEhvksZZC0ZO/Uh2DD
-----END CERTIFICATE-----