Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/lICq0eo5P-Axsog5Hx6FXYSQY4k.roa
File:                     lICq0eo5P-Axsog5Hx6FXYSQY4k.roa (raw, json)
Hash identifier:          JlcFYpOXnqLTDv9/pwm19BH50eR0rn9KZzLrCOo3RLY=
Subject key identifier:   94:80:AA:D1:EA:39:3F:E0:31:B2:88:39:1F:1E:85:5D:84:90:63:89
Certificate issuer:       /CN=dc11daefaff81c7e501278d87d9bc2b204d71155
Certificate serial:       019420684952940B0938FDDC44FC58856711
Authority key identifier: DC:11:DA:EF:AF:F8:1C:7E:50:12:78:D8:7D:9B:C2:B2:04:D7:11:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/lICq0eo5P-Axsog5Hx6FXYSQY4k.roa
Signing time:             Wed 01 Jan 2025 05:48:12 +0000
ROA not before:           Wed 01 Jan 2025 05:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210538
IP address blocks:        94.154.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:49:52:94:0b:09:38:fd:dc:44:fc:58:85:67:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc11daefaff81c7e501278d87d9bc2b204d71155
        Validity
            Not Before: Jan  1 05:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9480aad1ea393fe031b288391f1e855d84906389
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:61:a3:7e:fa:6f:6a:67:f5:cb:59:00:8c:87:
                    cf:7a:b6:d4:e7:38:2d:d5:af:8a:98:69:1f:fa:6b:
                    0e:63:40:c7:96:a6:52:2f:bb:5a:3c:8d:40:4b:18:
                    f0:e8:d9:4d:1e:87:e6:7b:b1:18:28:27:46:a9:43:
                    96:2f:1c:43:bc:e2:f5:25:a1:db:1f:ee:58:b6:db:
                    7a:f4:c8:c5:1a:2b:2c:01:93:8b:d6:3e:5e:67:35:
                    d3:12:5e:31:62:e9:28:56:e8:45:2e:94:8f:87:37:
                    87:28:63:23:26:7f:5b:19:9d:3a:62:f8:06:bf:86:
                    bf:aa:af:66:37:0c:84:64:88:2f:d1:dd:49:a3:9e:
                    83:4c:c7:58:a7:72:b7:f1:19:ef:79:47:db:91:d0:
                    68:06:69:2f:c8:8c:0b:f6:b2:3b:7c:fe:45:ca:8f:
                    f5:ad:fa:9c:17:2b:8d:d8:c6:3a:e0:1b:8c:04:f9:
                    b3:ca:5e:53:ee:f0:38:ed:3b:50:6a:72:69:ba:0f:
                    3a:5a:91:30:ff:eb:8f:02:ce:b7:db:61:8d:9e:ea:
                    a1:78:dc:65:f6:b7:75:33:6c:61:49:3e:34:66:53:
                    d3:95:2a:c4:ca:97:97:a2:3f:8a:ae:8b:79:c8:49:
                    70:6a:46:ce:ec:5b:29:25:80:85:46:6b:dd:7e:ac:
                    b4:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:80:AA:D1:EA:39:3F:E0:31:B2:88:39:1F:1E:85:5D:84:90:63:89
            X509v3 Authority Key Identifier:
                keyid:DC:11:DA:EF:AF:F8:1C:7E:50:12:78:D8:7D:9B:C2:B2:04:D7:11:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/lICq0eo5P-Axsog5Hx6FXYSQY4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:0c:49:bd:02:3c:b6:7b:c6:fc:c2:d8:02:23:97:a2:aa:19:
         aa:08:2e:fd:2b:3c:ba:bb:97:0b:cb:8d:d7:5f:ae:c1:7e:7e:
         7c:27:e8:cb:c2:b7:3c:11:5c:da:41:0c:56:c6:fb:3f:93:fa:
         55:88:e7:cd:1d:8c:85:20:6b:9c:77:f8:05:fc:ef:e4:fb:be:
         bf:97:f0:34:91:b2:92:8a:6e:34:bd:d3:de:0d:0c:49:53:43:
         73:c2:01:69:12:e6:66:cc:42:15:98:70:c2:6f:28:bc:b8:c4:
         7f:c1:01:70:ea:c7:03:22:85:d7:9e:09:2c:7e:3d:72:c7:3c:
         1d:24:90:20:8e:8d:44:24:63:0e:93:43:b3:77:4c:5d:83:b5:
         1b:8b:a8:a2:bd:f7:b9:e0:1d:fd:6f:56:ef:42:ab:41:ca:83:
         14:01:d5:fd:b4:95:b3:e4:fb:fb:5f:8e:5b:3f:64:b8:d4:21:
         9a:27:67:09:a7:11:41:60:ea:c7:46:79:75:12:a8:27:2c:d2:
         57:42:7c:2e:c8:2c:41:91:b4:11:52:15:47:c1:53:6c:79:b7:
         71:78:f0:60:a1:a9:63:d8:e7:ee:42:1a:59:cd:84:c1:e1:22:
         11:0b:1c:04:9d:45:61:7c:da:c9:a5:ca:09:e0:bb:31:cf:f9:
         64:04:c2:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaElSlAsJOP3cRPxYhWcRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMTFkYWVmYWZmODFjN2U1MDEyNzhkODdkOWJjMmIyMDRk
NzExNTUwHhcNMjUwMTAxMDU0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDgwYWFkMWVhMzkzZmUwMzFiMjg4MzkxZjFlODU1ZDg0OTA2Mzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqWGjfvpvamf1y1kAjIfPerbU5zgt
1a+KmGkf+msOY0DHlqZSL7taPI1ASxjw6NlNHofme7EYKCdGqUOWLxxDvOL1JaHb
H+5Yttt69MjFGissAZOL1j5eZzXTEl4xYukoVuhFLpSPhzeHKGMjJn9bGZ06YvgG
v4a/qq9mNwyEZIgv0d1Jo56DTMdYp3K38RnveUfbkdBoBmkvyIwL9rI7fP5Fyo/1
rfqcFyuN2MY64BuMBPmzyl5T7vA47TtQanJpug86WpEw/+uPAs6322GNnuqheNxl
9rd1M2xhST40ZlPTlSrEypeXoj+Krot5yElwakbO7FspJYCFRmvdfqy0KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJSAqtHqOT/gMbKIOR8ehV2EkGOJMB8GA1UdIwQY
MBaAFNwR2u+v+Bx+UBJ42H2bwrIE1xFVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0JIYTc2XzRISDVRRW5qWWZadkNzZ1RYRVZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9iMjI2MDMtOTBhYi00M2FkLWFiMTYt
NjUyNDljYmM1NzNjLzEvbElDcTBlbzVQLUF4c29nNUh4NkZYWVNRWTRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9iMjI2MDMtOTBhYi00M2FkLWFiMTYtNjUyNDljYmM1NzNj
LzEvM0JIYTc2XzRISDVRRW5qWWZadkNzZ1RYRVZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpouMA0G
CSqGSIb3DQEBCwUAA4IBAQBlDEm9Ajy2e8b8wtgCI5eiqhmqCC79Kzy6u5cLy43X
X67Bfn58J+jLwrc8EVzaQQxWxvs/k/pViOfNHYyFIGucd/gF/O/k+76/l/A0kbKS
im40vdPeDQxJU0NzwgFpEuZmzEIVmHDCbyi8uMR/wQFw6scDIoXXngksfj1yxzwd
JJAgjo1EJGMOk0Ozd0xdg7Ubi6iivfe54B39b1bvQqtByoMUAdX9tJWz5Pv7X45b
P2S41CGaJ2cJpxFBYOrHRnl1EqgnLNJXQnwuyCxBkbQRUhVHwVNsebdxePBgoalj
2OfuQhpZzYTB4SIRCxwEnUVhfNrJpcoJ4Lsxz/lkBMIw
-----END CERTIFICATE-----