Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/918358-157d-4c6b-b7e5-aff61451e84e/1/12_j47AEFlNkQmnvJ6lQS6k9OJM.roa
File:                     12_j47AEFlNkQmnvJ6lQS6k9OJM.roa (raw, json)
Hash identifier:          QL5MIkOPhYomrHDRf0wI6//DVHKZ3F+ShGeX+xkxEXo=
Subject key identifier:   D7:6F:E3:E3:B0:04:16:53:64:42:69:EF:27:A9:50:4B:A9:3D:38:93
Certificate issuer:       /CN=13e5dd14bde932372dc8b5932cc54d608dbbe908
Certificate serial:       01948E88F0527EBBBB3BD396E006AED797A9
Authority key identifier: 13:E5:DD:14:BD:E9:32:37:2D:C8:B5:93:2C:C5:4D:60:8D:BB:E9:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E-XdFL3pMjctyLWTLMVNYI276Qg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/918358-157d-4c6b-b7e5-aff61451e84e/1/12_j47AEFlNkQmnvJ6lQS6k9OJM.roa
Signing time:             Wed 22 Jan 2025 15:02:06 +0000
ROA not before:           Wed 22 Jan 2025 15:02:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        94.156.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/918358-157d-4c6b-b7e5-aff61451e84e/1/E-XdFL3pMjctyLWTLMVNYI276Qg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/918358-157d-4c6b-b7e5-aff61451e84e/1/E-XdFL3pMjctyLWTLMVNYI276Qg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E-XdFL3pMjctyLWTLMVNYI276Qg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:8e:88:f0:52:7e:bb:bb:3b:d3:96:e0:06:ae:d7:97:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13e5dd14bde932372dc8b5932cc54d608dbbe908
        Validity
            Not Before: Jan 22 15:02:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d76fe3e3b0041653644269ef27a9504ba93d3893
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:58:47:e9:84:34:26:5a:12:20:39:11:0b:ae:
                    9a:93:bf:e9:98:a8:23:f3:58:f7:98:1e:44:1e:17:
                    89:ef:13:82:a2:eb:ec:3b:27:a3:b4:62:70:7c:98:
                    02:04:03:83:7e:4b:94:e6:22:9d:e9:1c:2d:a0:36:
                    09:00:6a:57:05:b2:09:f2:6e:4e:b5:e3:d2:f7:c9:
                    3e:56:48:51:d3:d2:81:16:47:54:6b:5e:48:75:a9:
                    0a:80:e0:e3:f2:9b:a8:aa:17:35:6d:20:16:9c:ac:
                    00:53:68:71:91:6d:3f:48:af:bd:85:55:0d:7a:ca:
                    0a:de:54:f7:98:66:18:ce:ee:25:02:2c:43:60:3e:
                    50:ac:26:14:84:b5:44:70:22:d9:21:a7:c1:f7:17:
                    71:6a:37:9c:b8:b9:ce:b9:19:2e:5a:c2:1e:e7:66:
                    44:d3:63:e8:74:60:0e:b1:84:74:42:58:e8:2f:94:
                    17:07:a9:6b:e3:04:36:f7:e5:f5:64:64:27:68:f8:
                    81:17:4c:f6:bd:c3:53:52:30:86:68:d2:4c:bd:9c:
                    a1:c2:ce:04:29:76:01:56:e6:ab:50:21:e0:f5:fb:
                    04:b0:1d:97:41:7a:43:d9:38:85:35:2e:33:35:27:
                    93:07:43:22:11:7e:c7:a8:d2:df:c9:4b:1f:b5:30:
                    7b:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:6F:E3:E3:B0:04:16:53:64:42:69:EF:27:A9:50:4B:A9:3D:38:93
            X509v3 Authority Key Identifier:
                keyid:13:E5:DD:14:BD:E9:32:37:2D:C8:B5:93:2C:C5:4D:60:8D:BB:E9:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E-XdFL3pMjctyLWTLMVNYI276Qg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/918358-157d-4c6b-b7e5-aff61451e84e/1/12_j47AEFlNkQmnvJ6lQS6k9OJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/918358-157d-4c6b-b7e5-aff61451e84e/1/E-XdFL3pMjctyLWTLMVNYI276Qg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.156.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:98:aa:fb:29:7b:8f:7d:70:9f:b2:57:49:99:6b:63:a3:1a:
         74:3f:78:f1:2c:3b:be:a9:76:f6:d6:b9:7a:b5:4b:b8:7f:49:
         ce:ee:54:04:75:f7:09:9c:ee:42:da:de:13:48:b5:55:35:2e:
         c2:04:dc:83:89:3e:6b:dc:61:07:9a:1a:10:16:dc:f4:03:97:
         d4:f3:d5:ab:1b:e8:45:09:cc:3b:bf:bb:4a:c5:ab:e3:bd:58:
         87:ea:f8:50:bf:43:3f:54:1d:dc:cb:d9:4c:88:42:6a:d1:09:
         c3:08:2f:4b:df:bc:3f:d5:33:19:4b:a1:18:ad:9d:43:3b:e9:
         c9:0a:28:28:16:9c:42:2b:6a:f9:a1:44:c3:19:ba:e7:67:a9:
         74:b8:62:04:91:b3:3a:06:23:60:e6:b1:14:38:26:1c:20:0d:
         9d:79:56:9b:d4:ac:8a:ec:26:c7:e5:96:6b:3b:8f:fd:6a:9a:
         97:52:d2:4e:f2:a7:d3:4c:09:20:a2:a7:f6:07:ba:d4:c3:58:
         a7:35:0e:e1:a7:01:dc:3b:88:b3:2e:d5:a3:5f:d1:c8:38:0b:
         a8:7f:f9:48:00:a0:96:3e:bc:a8:55:31:b4:93:19:3b:8c:e0:
         d0:ef:a0:04:42:4e:67:b1:da:fe:9c:69:2b:c9:2d:ec:bd:4a:
         60:ae:ee:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSOiPBSfru7O9OW4Aau15epMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzZTVkZDE0YmRlOTMyMzcyZGM4YjU5MzJjYzU0ZDYwOGRi
YmU5MDgwHhcNMjUwMTIyMTUwMjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzZmZTNlM2IwMDQxNjUzNjQ0MjY5ZWYyN2E5NTA0YmE5M2QzODkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAklhH6YQ0JloSIDkRC66ak7/pmKgj
81j3mB5EHheJ7xOCouvsOyejtGJwfJgCBAODfkuU5iKd6RwtoDYJAGpXBbIJ8m5O
tePS98k+VkhR09KBFkdUa15IdakKgODj8puoqhc1bSAWnKwAU2hxkW0/SK+9hVUN
esoK3lT3mGYYzu4lAixDYD5QrCYUhLVEcCLZIafB9xdxajecuLnOuRkuWsIe52ZE
02PodGAOsYR0QljoL5QXB6lr4wQ29+X1ZGQnaPiBF0z2vcNTUjCGaNJMvZyhws4E
KXYBVuarUCHg9fsEsB2XQXpD2TiFNS4zNSeTB0MiEX7HqNLfyUsftTB7aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNdv4+OwBBZTZEJp7yepUEupPTiTMB8GA1UdIwQY
MBaAFBPl3RS96TI3Lci1kyzFTWCNu+kIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRS1YZEZMM3BNamN0eUxXVExNVk5ZSTI3NlFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi85MTgzNTgtMTU3ZC00YzZiLWI3ZTUt
YWZmNjE0NTFlODRlLzEvMTJfajQ3QUVGbE5rUW1udko2bFFTNms5T0pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi85MTgzNTgtMTU3ZC00YzZiLWI3ZTUtYWZmNjE0NTFlODRl
LzEvRS1YZEZMM3BNamN0eUxXVExNVk5ZSTI3NlFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpz1MA0G
CSqGSIb3DQEBCwUAA4IBAQBvmKr7KXuPfXCfsldJmWtjoxp0P3jxLDu+qXb21rl6
tUu4f0nO7lQEdfcJnO5C2t4TSLVVNS7CBNyDiT5r3GEHmhoQFtz0A5fU89WrG+hF
Ccw7v7tKxavjvViH6vhQv0M/VB3cy9lMiEJq0QnDCC9L37w/1TMZS6EYrZ1DO+nJ
CigoFpxCK2r5oUTDGbrnZ6l0uGIEkbM6BiNg5rEUOCYcIA2deVab1KyK7CbH5ZZr
O4/9apqXUtJO8qfTTAkgoqf2B7rUw1inNQ7hpwHcO4izLtWjX9HIOAuof/lIAKCW
PryoVTG0kxk7jODQ76AEQk5nsdr+nGkryS3svUpgru6P
-----END CERTIFICATE-----