Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/Oj5EkYILL3Oh9Vi_AcudIRxqNnE.roa
File:                     Oj5EkYILL3Oh9Vi_AcudIRxqNnE.roa (raw, json)
Hash identifier:          Ab877T/qA5btF8b5cWjLEm3qWjX/sFRnKWYsmdzy0Fg=
Subject key identifier:   3A:3E:44:91:82:0B:2F:73:A1:F5:58:BF:01:CB:9D:21:1C:6A:36:71
Certificate issuer:       /CN=dc11daefaff81c7e501278d87d9bc2b204d71155
Certificate serial:       018DC709AAEEA13F2A5A281F18D1550F0247
Authority key identifier: DC:11:DA:EF:AF:F8:1C:7E:50:12:78:D8:7D:9B:C2:B2:04:D7:11:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/Oj5EkYILL3Oh9Vi_AcudIRxqNnE.roa
Signing time:             Tue 20 Feb 2024 15:01:55 +0000
ROA not before:           Tue 20 Feb 2024 15:01:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47757
IP address blocks:        94.154.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 16:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c7:09:aa:ee:a1:3f:2a:5a:28:1f:18:d1:55:0f:02:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc11daefaff81c7e501278d87d9bc2b204d71155
        Validity
            Not Before: Feb 20 15:01:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a3e4491820b2f73a1f558bf01cb9d211c6a3671
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:10:75:b1:89:e2:83:24:96:c6:12:ba:13:2a:
                    c8:b6:2a:d7:3b:81:3b:53:97:d3:25:5b:ac:df:72:
                    a7:15:71:66:81:ce:e6:85:81:86:85:77:c9:d0:02:
                    12:6d:5b:1f:40:e6:b2:0d:86:d4:5d:28:a8:73:ca:
                    52:c5:8a:1d:67:c1:d3:5c:6a:16:5c:35:b8:77:ae:
                    91:0c:de:51:68:c3:45:2b:f9:29:76:bf:5d:14:31:
                    64:64:2e:fd:46:9a:ab:b5:2a:8b:2f:db:9f:d1:aa:
                    f9:91:49:96:e9:25:d2:36:81:a3:0d:1a:e9:1d:d0:
                    0c:ee:0f:9e:2e:48:0d:7c:be:96:27:55:48:07:56:
                    20:11:b2:60:b9:3f:57:b3:32:41:d2:6e:2e:ee:7e:
                    d0:a3:d0:80:f6:60:47:db:b0:3e:79:d9:1f:28:45:
                    cb:26:40:55:10:72:cd:36:81:d6:20:8f:6d:8b:7a:
                    ab:e1:96:86:39:c3:9c:3d:7c:ce:74:4a:5b:e1:19:
                    66:a2:13:97:33:72:38:87:64:2e:52:7f:35:5f:bf:
                    ea:20:a4:ad:fe:2d:f0:d4:0f:52:ab:99:4d:a8:90:
                    b2:95:30:79:a4:87:4c:35:87:87:58:ab:4d:35:05:
                    be:d0:f7:29:77:d5:c4:00:5f:06:20:47:2c:b5:d2:
                    0c:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:3E:44:91:82:0B:2F:73:A1:F5:58:BF:01:CB:9D:21:1C:6A:36:71
            X509v3 Authority Key Identifier:
                keyid:DC:11:DA:EF:AF:F8:1C:7E:50:12:78:D8:7D:9B:C2:B2:04:D7:11:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/Oj5EkYILL3Oh9Vi_AcudIRxqNnE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:c0:11:a2:fd:49:68:7d:c6:c1:a8:74:d0:e3:5d:ae:be:69:
         6a:a1:09:ef:14:62:65:3b:4e:c3:23:75:96:11:01:01:e4:7d:
         e1:cf:4c:04:40:3d:fb:40:29:7a:be:d5:e4:9f:6b:90:e8:6d:
         a0:71:b3:6e:49:dc:a2:5f:6f:8e:5d:f6:9d:e8:65:6c:de:28:
         26:51:b0:84:88:b7:e7:02:d0:6b:86:8e:18:e7:26:76:d2:69:
         ea:17:bc:63:39:e4:79:0f:3d:11:8b:19:99:d9:75:65:79:4e:
         bd:e7:66:8f:ec:99:d9:d4:b3:b5:65:d3:4d:0a:9e:df:ab:56:
         03:43:4f:d9:a3:2a:4c:33:73:33:cf:ca:74:9e:f0:dd:67:27:
         f2:a4:af:20:b8:86:25:0b:f7:e1:05:e3:4c:2a:50:f0:e2:fd:
         84:d3:29:f5:a0:0e:32:ee:e3:a4:1e:05:7c:c4:31:d7:ca:22:
         42:45:0f:81:0b:30:12:ae:81:c6:12:c7:8c:fc:e4:e0:b7:05:
         67:9b:45:b5:11:b6:fa:53:bf:73:20:08:65:a9:56:96:53:dd:
         92:37:81:7f:28:c8:81:01:7b:0c:cf:1a:47:96:21:9d:9d:31:
         c7:13:d5:9a:ef:f6:4c:b4:75:8c:78:17:01:e3:af:ad:0a:92:
         b1:86:e3:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3HCaruoT8qWigfGNFVDwJHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMTFkYWVmYWZmODFjN2U1MDEyNzhkODdkOWJjMmIyMDRk
NzExNTUwHhcNMjQwMjIwMTUwMTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTNlNDQ5MTgyMGIyZjczYTFmNTU4YmYwMWNiOWQyMTFjNmEzNjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxB1sYnigySWxhK6EyrItirXO4E7
U5fTJVus33KnFXFmgc7mhYGGhXfJ0AISbVsfQOayDYbUXSioc8pSxYodZ8HTXGoW
XDW4d66RDN5RaMNFK/kpdr9dFDFkZC79RpqrtSqLL9uf0ar5kUmW6SXSNoGjDRrp
HdAM7g+eLkgNfL6WJ1VIB1YgEbJguT9XszJB0m4u7n7Qo9CA9mBH27A+edkfKEXL
JkBVEHLNNoHWII9ti3qr4ZaGOcOcPXzOdEpb4RlmohOXM3I4h2QuUn81X7/qIKSt
/i3w1A9Sq5lNqJCylTB5pIdMNYeHWKtNNQW+0Pcpd9XEAF8GIEcstdIMpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDo+RJGCCy9zofVYvwHLnSEcajZxMB8GA1UdIwQY
MBaAFNwR2u+v+Bx+UBJ42H2bwrIE1xFVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0JIYTc2XzRISDVRRW5qWWZadkNzZ1RYRVZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9iMjI2MDMtOTBhYi00M2FkLWFiMTYt
NjUyNDljYmM1NzNjLzEvT2o1RWtZSUxMM09oOVZpX0FjdWRJUnhxTm5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9iMjI2MDMtOTBhYi00M2FkLWFiMTYtNjUyNDljYmM1NzNj
LzEvM0JIYTc2XzRISDVRRW5qWWZadkNzZ1RYRVZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpoqMA0G
CSqGSIb3DQEBCwUAA4IBAQBAwBGi/UlofcbBqHTQ412uvmlqoQnvFGJlO07DI3WW
EQEB5H3hz0wEQD37QCl6vtXkn2uQ6G2gcbNuSdyiX2+OXfad6GVs3igmUbCEiLfn
AtBrho4Y5yZ20mnqF7xjOeR5Dz0RixmZ2XVleU6952aP7JnZ1LO1ZdNNCp7fq1YD
Q0/ZoypMM3Mzz8p0nvDdZyfypK8guIYlC/fhBeNMKlDw4v2E0yn1oA4y7uOkHgV8
xDHXyiJCRQ+BCzASroHGEseM/OTgtwVnm0W1Ebb6U79zIAhlqVaWU92SN4F/KMiB
AXsMzxpHliGdnTHHE9Wa7/ZMtHWMeBcB46+tCpKxhuNM
-----END CERTIFICATE-----