Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/3589ePvXqytZB1Sw2mpgDUhIPJM.roa
File:                     3589ePvXqytZB1Sw2mpgDUhIPJM.roa (raw, json)
Hash identifier:          eTz5KF0sbxe6SOrB2wV8qx8BDlLuXnFCE0jDn/G75z4=
Subject key identifier:   DF:9F:3D:78:FB:D7:AB:2B:59:07:54:B0:DA:6A:60:0D:48:48:3C:93
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       018CC64ADB24F1F3B8D3AE035C96F44E3738
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/3589ePvXqytZB1Sw2mpgDUhIPJM.roa
Signing time:             Mon 01 Jan 2024 18:30:43 +0000
ROA not before:           Mon 01 Jan 2024 18:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198636
IP address blocks:        94.131.28.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:db:24:f1:f3:b8:d3:ae:03:5c:96:f4:4e:37:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Jan  1 18:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df9f3d78fbd7ab2b590754b0da6a600d48483c93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:51:91:58:73:ad:e8:3e:af:45:c8:f5:c9:64:
                    09:8e:76:c4:f7:8f:ab:f3:2e:5b:56:4b:ac:90:01:
                    4f:99:1a:4a:fa:25:7d:a7:ee:b6:d8:42:8a:53:f8:
                    f6:4a:d3:1f:1e:ab:35:12:86:0e:ca:15:fd:b2:68:
                    d0:f1:f1:4a:22:fe:d1:cc:cf:15:14:e7:f2:d1:15:
                    51:da:99:e9:6e:0c:f6:26:8e:9f:a4:5e:3e:df:ff:
                    4c:c8:f5:5f:d6:14:4d:ec:29:50:e9:3a:2e:77:7a:
                    7e:90:2a:b6:60:8e:55:4c:2b:f8:60:4f:52:5d:4d:
                    36:be:c9:fd:ce:6d:af:d3:f6:e4:4b:3b:c2:af:2e:
                    fa:b0:ab:4b:5b:42:a8:76:6a:ff:07:46:9b:5d:ea:
                    fd:4f:27:f3:ee:0a:c1:ee:16:33:61:6a:8b:2a:43:
                    99:c0:2b:9b:d9:d5:52:2f:de:20:b6:ab:19:e9:b0:
                    8c:2e:84:59:9d:01:6d:4b:80:26:56:17:88:cd:47:
                    70:9e:9f:bf:3b:9d:60:9d:99:4a:29:f5:a4:44:6b:
                    3c:41:c6:de:20:27:fd:bc:93:ad:15:7d:32:5b:59:
                    72:25:53:7f:b2:df:e7:0c:da:3b:bc:80:19:ca:35:
                    4f:31:d7:07:2f:74:c6:0b:7b:01:0a:bc:07:cc:f7:
                    2c:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:9F:3D:78:FB:D7:AB:2B:59:07:54:B0:DA:6A:60:0D:48:48:3C:93
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/3589ePvXqytZB1Sw2mpgDUhIPJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9e:da:1e:dc:1d:75:eb:10:fd:d6:08:08:c0:fe:fd:d3:11:bd:
         88:6c:c5:2e:f2:11:d5:f6:32:f5:42:1a:82:98:b1:73:da:96:
         f0:ec:95:d0:f5:48:9c:17:56:9c:e0:ac:d4:01:18:46:6a:55:
         83:36:85:dc:1f:96:a4:4b:a4:41:50:63:ab:2c:74:4a:ae:07:
         8c:fc:25:88:0a:36:0c:96:d0:2e:bd:6f:75:8e:e6:e2:48:a7:
         8c:eb:a3:17:f9:c4:1f:77:b9:33:0c:e1:1d:83:2a:df:02:32:
         1e:2c:7d:3a:b5:99:fe:89:4b:22:6d:59:a6:4b:a3:e0:0d:20:
         74:1e:df:0e:01:4a:cb:ea:64:27:ea:c6:eb:c8:8f:00:a6:dd:
         3f:28:e7:05:da:b2:92:55:c8:db:09:5b:9a:5c:5e:00:14:ac:
         3b:79:6e:f4:0b:d2:2f:da:b6:52:cd:f6:5f:21:75:f5:e7:e9:
         77:ab:e9:c3:cc:39:f9:d7:e4:cd:13:a6:79:9d:87:46:51:28:
         e0:be:c1:53:91:1f:07:08:2c:47:71:50:ad:b0:ae:33:c5:dc:
         c5:70:b1:10:64:b9:2d:f7:a5:00:ea:2a:85:4f:02:0f:dc:6c:
         2f:20:d9:38:2b:d7:66:96:1a:f3:8e:5a:64:a7:e7:2e:c0:17:
         fa:5b:bd:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGStsk8fO4064DXJb0Tjc4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjQwMTAxMTgzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjlmM2Q3OGZiZDdhYjJiNTkwNzU0YjBkYTZhNjAwZDQ4NDgzYzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi1GRWHOt6D6vRcj1yWQJjnbE94+r
8y5bVkuskAFPmRpK+iV9p+622EKKU/j2StMfHqs1EoYOyhX9smjQ8fFKIv7RzM8V
FOfy0RVR2pnpbgz2Jo6fpF4+3/9MyPVf1hRN7ClQ6Toud3p+kCq2YI5VTCv4YE9S
XU02vsn9zm2v0/bkSzvCry76sKtLW0Kodmr/B0abXer9Tyfz7grB7hYzYWqLKkOZ
wCub2dVSL94gtqsZ6bCMLoRZnQFtS4AmVheIzUdwnp+/O51gnZlKKfWkRGs8Qcbe
ICf9vJOtFX0yW1lyJVN/st/nDNo7vIAZyjVPMdcHL3TGC3sBCrwHzPcsQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN+fPXj716srWQdUsNpqYA1ISDyTMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvMzU4OWVQdlhxeXRaQjFTdzJtcGdEVWhJUEpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXoMcMA0G
CSqGSIb3DQEBCwUAA4IBAQCe2h7cHXXrEP3WCAjA/v3TEb2IbMUu8hHV9jL1QhqC
mLFz2pbw7JXQ9UicF1ac4KzUARhGalWDNoXcH5akS6RBUGOrLHRKrgeM/CWICjYM
ltAuvW91jubiSKeM66MX+cQfd7kzDOEdgyrfAjIeLH06tZn+iUsibVmmS6PgDSB0
Ht8OAUrL6mQn6sbryI8Apt0/KOcF2rKSVcjbCVuaXF4AFKw7eW70C9Iv2rZSzfZf
IXX15+l3q+nDzDn51+TNE6Z5nYdGUSjgvsFTkR8HCCxHcVCtsK4zxdzFcLEQZLkt
96UA6iqFTwIP3GwvINk4K9dmlhrzjlpkp+cuwBf6W73D
-----END CERTIFICATE-----