Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/mBKgNxaG6rRw8b8a0_oPuOpVVRo.roa
File:                     mBKgNxaG6rRw8b8a0_oPuOpVVRo.roa (raw, json)
Hash identifier:          4QHUFwtra+l5tymbdJywMMYlhttUiCCKzgREulAwPGU=
Subject key identifier:   98:12:A0:37:16:86:EA:B4:70:F1:BF:1A:D3:FA:0F:B8:EA:55:55:1A
Certificate issuer:       /CN=dc11daefaff81c7e501278d87d9bc2b204d71155
Certificate serial:       01919D60F4D27057827FCEB7C9381418E86A
Authority key identifier: DC:11:DA:EF:AF:F8:1C:7E:50:12:78:D8:7D:9B:C2:B2:04:D7:11:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/mBKgNxaG6rRw8b8a0_oPuOpVVRo.roa
Signing time:             Thu 29 Aug 2024 09:04:22 +0000
ROA not before:           Thu 29 Aug 2024 09:04:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        94.154.40.0/24 maxlen: 24
                          94.154.41.0/24 maxlen: 24
                          94.154.44.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:9d:60:f4:d2:70:57:82:7f:ce:b7:c9:38:14:18:e8:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc11daefaff81c7e501278d87d9bc2b204d71155
        Validity
            Not Before: Aug 29 09:04:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9812a0371686eab470f1bf1ad3fa0fb8ea55551a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:48:1a:93:45:0e:58:5f:90:c7:a5:7a:2a:0b:
                    0a:59:9a:57:41:17:03:6e:d4:96:84:6d:76:bc:04:
                    f4:be:68:8e:f7:bd:8a:c0:69:08:ba:22:c7:53:b3:
                    1b:78:cf:4b:4a:e9:a7:e5:e3:97:2d:fc:3d:98:4e:
                    71:85:81:2e:69:fa:6e:c9:54:e6:cd:2d:82:4c:dd:
                    13:82:72:98:f8:29:7b:95:3f:d6:97:2c:ca:2a:05:
                    b0:8a:97:35:41:ff:51:4b:83:c2:5c:a5:7f:02:5d:
                    20:b2:38:e1:75:98:eb:22:0c:63:82:fe:5c:25:b6:
                    65:b0:4f:17:37:cf:59:ba:d6:f2:cb:0b:db:c1:67:
                    30:0e:7f:0c:26:d4:5e:54:5e:93:e4:5b:f9:c3:d7:
                    b5:99:4e:60:63:25:ee:e7:12:a7:a9:34:82:bc:36:
                    db:40:ed:5c:f7:29:5b:17:e9:d3:21:fe:ba:12:4e:
                    e3:c7:b6:e0:b8:28:86:c0:3c:0b:96:f6:a8:41:8f:
                    41:6b:d7:65:86:d0:37:d7:c0:f1:76:b0:8c:e7:5a:
                    c1:18:46:09:d3:e3:7f:e1:d5:d5:b4:0f:d5:80:fa:
                    0b:ab:e9:ac:e2:66:63:c9:f6:f5:59:38:bb:8d:0f:
                    68:b2:b0:af:72:34:80:46:ab:47:94:ca:00:ed:b4:
                    66:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:12:A0:37:16:86:EA:B4:70:F1:BF:1A:D3:FA:0F:B8:EA:55:55:1A
            X509v3 Authority Key Identifier:
                keyid:DC:11:DA:EF:AF:F8:1C:7E:50:12:78:D8:7D:9B:C2:B2:04:D7:11:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/mBKgNxaG6rRw8b8a0_oPuOpVVRo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.40.0/23
                  94.154.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2c:2d:55:aa:f0:1b:a7:e8:b5:48:66:70:b7:e5:f7:f0:3a:e3:
         5f:75:2b:44:11:59:e3:d1:ef:bf:aa:33:a8:11:59:bc:6b:f5:
         52:70:bc:a2:77:a0:07:9d:32:d3:1b:e9:ca:a3:ed:46:22:75:
         51:0f:eb:77:aa:b5:88:91:f0:0a:00:90:c6:52:1e:b0:d3:e1:
         26:78:07:a6:3b:d8:a1:f2:2c:1f:c7:89:79:f1:ed:74:51:fc:
         56:ce:a5:63:16:d7:12:d9:d6:fa:f1:e4:35:d6:ea:d1:7a:5e:
         97:5a:75:af:04:e7:26:8a:6d:98:b0:a7:bf:80:dd:1e:c1:e8:
         8b:97:bc:17:ac:fd:4a:d5:31:9b:bc:fe:65:c8:5f:93:85:29:
         31:65:88:40:8e:03:6a:9a:f1:55:57:6b:b0:73:d8:1f:f1:36:
         59:6c:b6:e5:93:24:78:c7:68:72:20:22:ab:cf:8e:1f:22:b0:
         e3:80:d5:df:6a:18:35:f6:12:72:cd:40:a8:5c:cf:82:80:77:
         73:ad:15:6a:f7:60:ee:0a:15:cb:99:ab:67:54:23:8e:58:fe:
         ea:b8:ce:82:bc:ac:51:57:18:66:91:d0:fc:61:50:1b:98:78:
         61:78:e4:95:b5:e4:7b:23:73:11:77:99:5e:39:bf:11:b6:12:
         e5:a7:80:05
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZGdYPTScFeCf863yTgUGOhqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMTFkYWVmYWZmODFjN2U1MDEyNzhkODdkOWJjMmIyMDRk
NzExNTUwHhcNMjQwODI5MDkwNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODEyYTAzNzE2ODZlYWI0NzBmMWJmMWFkM2ZhMGZiOGVhNTU1NTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlkgak0UOWF+Qx6V6KgsKWZpXQRcD
btSWhG12vAT0vmiO972KwGkIuiLHU7MbeM9LSumn5eOXLfw9mE5xhYEuafpuyVTm
zS2CTN0TgnKY+Cl7lT/WlyzKKgWwipc1Qf9RS4PCXKV/Al0gsjjhdZjrIgxjgv5c
JbZlsE8XN89ZutbyywvbwWcwDn8MJtReVF6T5Fv5w9e1mU5gYyXu5xKnqTSCvDbb
QO1c9ylbF+nTIf66Ek7jx7bguCiGwDwLlvaoQY9Ba9dlhtA318DxdrCM51rBGEYJ
0+N/4dXVtA/VgPoLq+ms4mZjyfb1WTi7jQ9osrCvcjSARqtHlMoA7bRmpwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJgSoDcWhuq0cPG/GtP6D7jqVVUaMB8GA1UdIwQY
MBaAFNwR2u+v+Bx+UBJ42H2bwrIE1xFVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0JIYTc2XzRISDVRRW5qWWZadkNzZ1RYRVZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9iMjI2MDMtOTBhYi00M2FkLWFiMTYt
NjUyNDljYmM1NzNjLzEvbUJLZ054YUc2clJ3OGI4YTBfb1B1T3BWVlJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9iMjI2MDMtOTBhYi00M2FkLWFiMTYtNjUyNDljYmM1NzNj
LzEvM0JIYTc2XzRISDVRRW5qWWZadkNzZ1RYRVZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBXpooAwQB
XposMA0GCSqGSIb3DQEBCwUAA4IBAQAsLVWq8Bun6LVIZnC35ffwOuNfdStEEVnj
0e+/qjOoEVm8a/VScLyid6AHnTLTG+nKo+1GInVRD+t3qrWIkfAKAJDGUh6w0+Em
eAemO9ih8iwfx4l58e10UfxWzqVjFtcS2db68eQ11urRel6XWnWvBOcmim2YsKe/
gN0eweiLl7wXrP1K1TGbvP5lyF+ThSkxZYhAjgNqmvFVV2uwc9gf8TZZbLblkyR4
x2hyICKrz44fIrDjgNXfahg19hJyzUCoXM+CgHdzrRVq92DuChXLmatnVCOOWP7q
uM6CvKxRVxhmkdD8YVAbmHhheOSVteR7I3MRd5leOb8RthLlp4AF
-----END CERTIFICATE-----