Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/e699a3-4d37-491a-b463-ef36a321749a/1/rTdiAz0Ku8pCtThAZ1l6bDub7Cg.roa
File:                     rTdiAz0Ku8pCtThAZ1l6bDub7Cg.roa (raw, json)
Hash identifier:          2toC3IjBu78e2MDG1IZNY9pngMhe8a3Wu8WHFiL0W2E=
Subject key identifier:   AD:37:62:03:3D:0A:BB:CA:42:B5:38:40:67:59:7A:6C:3B:9B:EC:28
Certificate issuer:       /CN=0d55fa2a62837db9afe4423e4c119e9499b21b43
Certificate serial:       018D83CA635F30C0D5B1AA9438F93377BC10
Authority key identifier: 0D:55:FA:2A:62:83:7D:B9:AF:E4:42:3E:4C:11:9E:94:99:B2:1B:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DVX6KmKDfbmv5EI-TBGelJmyG0M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/e699a3-4d37-491a-b463-ef36a321749a/1/rTdiAz0Ku8pCtThAZ1l6bDub7Cg.roa
Signing time:             Wed 07 Feb 2024 13:38:15 +0000
ROA not before:           Wed 07 Feb 2024 13:38:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215564
IP address blocks:        94.199.3.0/24 maxlen: 24
                          2a13:b040::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/e699a3-4d37-491a-b463-ef36a321749a/1/DVX6KmKDfbmv5EI-TBGelJmyG0M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/e699a3-4d37-491a-b463-ef36a321749a/1/DVX6KmKDfbmv5EI-TBGelJmyG0M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DVX6KmKDfbmv5EI-TBGelJmyG0M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:83:ca:63:5f:30:c0:d5:b1:aa:94:38:f9:33:77:bc:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d55fa2a62837db9afe4423e4c119e9499b21b43
        Validity
            Not Before: Feb  7 13:38:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad3762033d0abbca42b5384067597a6c3b9bec28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:a0:f0:59:7b:7f:18:56:f2:1e:61:aa:82:8f:
                    37:72:bb:7d:13:4b:b3:eb:72:cf:bc:a2:df:39:12:
                    b4:36:7e:ea:33:5f:b9:de:49:ff:26:5b:ac:cc:2a:
                    40:24:60:10:90:84:5c:62:77:03:75:70:89:54:3c:
                    76:09:85:a2:c1:a0:5b:44:03:81:6f:72:ec:29:8a:
                    91:d4:c4:e9:2d:05:db:69:90:28:e8:f0:7b:da:ea:
                    dd:f1:98:8e:b2:d9:a7:a4:ed:32:49:f1:01:60:9a:
                    44:f7:ec:2b:d8:6a:03:3d:7c:45:6c:93:55:33:aa:
                    d5:01:c3:93:f8:f0:8e:d2:95:99:a7:f9:c3:be:ba:
                    a4:5d:fc:8c:34:04:46:05:97:8c:9f:49:49:30:fa:
                    63:d7:d2:56:d2:f4:09:a5:c4:56:a1:79:57:db:33:
                    01:3b:40:37:8a:08:39:f3:80:de:62:cc:1f:ac:7e:
                    97:de:e9:30:65:37:18:04:38:8c:dc:0e:6a:c8:f3:
                    64:e4:de:dd:eb:45:24:09:1d:f0:7e:c0:87:72:ed:
                    d7:0e:02:08:36:d5:40:4e:4a:a8:98:35:16:b6:cd:
                    b3:9e:8b:92:cf:23:78:bd:b3:e6:6d:0a:08:84:18:
                    3a:9d:66:1e:07:13:a5:42:79:97:ef:f4:e8:95:9e:
                    b9:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:37:62:03:3D:0A:BB:CA:42:B5:38:40:67:59:7A:6C:3B:9B:EC:28
            X509v3 Authority Key Identifier:
                keyid:0D:55:FA:2A:62:83:7D:B9:AF:E4:42:3E:4C:11:9E:94:99:B2:1B:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DVX6KmKDfbmv5EI-TBGelJmyG0M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/e699a3-4d37-491a-b463-ef36a321749a/1/rTdiAz0Ku8pCtThAZ1l6bDub7Cg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/e699a3-4d37-491a-b463-ef36a321749a/1/DVX6KmKDfbmv5EI-TBGelJmyG0M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.199.3.0/24
                IPv6:
                  2a13:b040::/29

    Signature Algorithm: sha256WithRSAEncryption
         8a:e6:8e:52:1a:1c:ac:82:83:64:b8:b9:95:3e:5b:5b:91:75:
         40:1f:5c:0e:8b:8d:01:e9:a6:52:47:ec:a3:4c:15:70:97:de:
         0b:21:78:2e:b9:26:1e:7a:4b:da:6e:56:b3:11:0a:f0:f3:a1:
         d5:4d:35:5a:91:10:18:d1:14:20:b2:a5:8e:b8:94:1c:57:db:
         f8:b6:03:07:ca:2d:ca:04:c0:48:24:55:7f:14:e8:81:6b:1d:
         2d:5b:3c:8a:c4:4f:e3:e8:42:46:9a:72:96:b6:48:c8:17:88:
         16:c7:29:8a:65:17:bd:b1:d9:0c:d6:1b:de:74:48:5f:03:47:
         b1:ce:49:2a:7d:3a:a9:c6:ac:18:fe:2b:45:0a:fc:1d:f1:8b:
         c3:69:85:a9:92:ff:4b:68:95:45:98:d8:62:d6:15:56:50:9c:
         99:62:85:3f:5c:15:d5:71:96:f6:fe:9c:0f:cd:b5:9d:12:b8:
         96:87:7e:c9:93:3e:8a:5d:d0:70:27:cc:c9:7a:fb:af:55:47:
         36:9e:cd:a4:20:07:59:d7:07:f4:56:e0:a9:10:28:f6:f3:b8:
         7b:ee:99:bc:1f:f4:45:c9:19:cd:34:7a:81:ca:6b:e7:6b:71:
         b7:b9:f7:b6:2e:d3:fc:f1:d0:96:98:5d:69:08:e1:7b:9a:bb:
         9d:dd:6e:56
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY2DymNfMMDVsaqUOPkzd7wQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNTVmYTJhNjI4MzdkYjlhZmU0NDIzZTRjMTE5ZTk0OTli
MjFiNDMwHhcNMjQwMjA3MTMzODE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDM3NjIwMzNkMGFiYmNhNDJiNTM4NDA2NzU5N2E2YzNiOWJlYzI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnKDwWXt/GFbyHmGqgo83crt9E0uz
63LPvKLfORK0Nn7qM1+53kn/JluszCpAJGAQkIRcYncDdXCJVDx2CYWiwaBbRAOB
b3LsKYqR1MTpLQXbaZAo6PB72urd8ZiOstmnpO0ySfEBYJpE9+wr2GoDPXxFbJNV
M6rVAcOT+PCO0pWZp/nDvrqkXfyMNARGBZeMn0lJMPpj19JW0vQJpcRWoXlX2zMB
O0A3igg584DeYswfrH6X3ukwZTcYBDiM3A5qyPNk5N7d60UkCR3wfsCHcu3XDgII
NtVATkqomDUWts2znouSzyN4vbPmbQoIhBg6nWYeBxOlQnmX7/TolZ656QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFK03YgM9CrvKQrU4QGdZemw7m+woMB8GA1UdIwQY
MBaAFA1V+ipig325r+RCPkwRnpSZshtDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFZYNkttS0RmYm12NUVJLVRCR2VsSm15RzBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC9lNjk5YTMtNGQzNy00OTFhLWI0NjMt
ZWYzNmEzMjE3NDlhLzEvclRkaUF6MEt1OHBDdFRoQVoxbDZiRHViN0NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC9lNjk5YTMtNGQzNy00OTFhLWI0NjMtZWYzNmEzMjE3NDlh
LzEvRFZYNkttS0RmYm12NUVJLVRCR2VsSm15RzBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAXscDMA0E
AgACMAcDBQMqE7BAMA0GCSqGSIb3DQEBCwUAA4IBAQCK5o5SGhysgoNkuLmVPltb
kXVAH1wOi40B6aZSR+yjTBVwl94LIXguuSYeekvablazEQrw86HVTTVakRAY0RQg
sqWOuJQcV9v4tgMHyi3KBMBIJFV/FOiBax0tWzyKxE/j6EJGmnKWtkjIF4gWxymK
ZRe9sdkM1hvedEhfA0exzkkqfTqpxqwY/itFCvwd8YvDaYWpkv9LaJVFmNhi1hVW
UJyZYoU/XBXVcZb2/pwPzbWdEriWh37Jkz6KXdBwJ8zJevuvVUc2ns2kIAdZ1wf0
VuCpECj287h77pm8H/RFyRnNNHqBymvna3G3ufe2LtP88dCWmF1pCOF7mrud3W5W
-----END CERTIFICATE-----