Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/B1RwdbxrgWDeyX_orWHcIPoqmyo.roa
File:                     B1RwdbxrgWDeyX_orWHcIPoqmyo.roa (raw, json)
Hash identifier:          yKoHL2zh91n+vVjTKvc+awgT0mVC11chvCiaQD1qnMw=
Subject key identifier:   07:54:70:75:BC:6B:81:60:DE:C9:7F:E8:AD:61:DC:20:FA:2A:9B:2A
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       018D7A5790FA03369FD784FA53B38F45FE35
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/B1RwdbxrgWDeyX_orWHcIPoqmyo.roa
Signing time:             Mon 05 Feb 2024 17:36:15 +0000
ROA not before:           Mon 05 Feb 2024 17:36:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     53856
IP address blocks:        94.131.64.0/22 maxlen: 24
                          94.131.72.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 16:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7a:57:90:fa:03:36:9f:d7:84:fa:53:b3:8f:45:fe:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Feb  5 17:36:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07547075bc6b8160dec97fe8ad61dc20fa2a9b2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:f2:ea:ab:9f:9d:90:f8:2f:99:94:c5:ab:51:
                    35:ef:09:71:31:b2:c5:32:44:04:bd:bc:e5:0f:e3:
                    1d:b9:08:f3:20:37:8e:23:bc:1b:a5:4c:b1:c5:6d:
                    da:ea:b8:ee:77:ff:a7:4c:b0:03:b3:27:ce:c0:d0:
                    20:41:b1:9d:e7:94:ff:f8:c9:02:f2:bc:2e:f4:8e:
                    4a:aa:b4:f6:48:8b:9f:01:58:53:2e:67:18:d0:53:
                    3f:41:73:cf:c0:9b:40:a3:af:1a:32:4e:84:b5:a6:
                    d1:f2:f9:9f:72:a2:6b:2b:ee:88:e5:0b:9c:f5:94:
                    b7:e6:39:32:45:d8:4b:99:6e:8e:16:ac:02:ad:56:
                    c5:33:51:68:68:76:36:e3:67:28:9c:38:38:3b:7b:
                    cd:06:da:21:cc:df:d3:b4:38:a3:64:fd:d2:65:4e:
                    07:a9:df:e3:e6:51:f5:0e:d5:2d:2c:ff:7f:e0:cd:
                    ce:e6:5a:b0:25:6a:76:f5:ae:a4:6d:a4:1e:68:90:
                    8d:df:ff:ab:b0:7f:a8:f0:e4:64:72:31:61:ab:5f:
                    d4:34:88:71:c9:37:87:28:3d:eb:3f:15:88:ba:b8:
                    c6:52:8f:92:43:06:a1:b0:63:1f:82:7c:ca:fd:fd:
                    e4:cf:4f:99:a5:6b:4d:8a:8f:d7:76:83:ec:da:8c:
                    d3:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:54:70:75:BC:6B:81:60:DE:C9:7F:E8:AD:61:DC:20:FA:2A:9B:2A
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/B1RwdbxrgWDeyX_orWHcIPoqmyo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.64.0/22
                  94.131.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         a4:c9:c3:2d:62:0b:c0:34:b6:d9:74:be:2c:49:c6:8a:a2:a8:
         7a:86:19:3a:28:88:29:d0:df:17:03:62:9c:bd:63:6b:60:7f:
         40:24:0b:7d:6b:62:f2:96:3a:99:31:62:d2:93:fb:24:73:2e:
         ed:13:dd:6c:1c:24:c2:66:a0:ee:0f:e4:6d:b7:f6:81:4f:90:
         70:5e:ff:55:0d:a0:b4:f3:77:53:36:2d:41:b3:ce:ea:56:ab:
         72:33:86:fd:07:80:ff:33:35:6a:61:f6:20:11:51:1b:99:0c:
         d9:ff:b8:8e:62:3b:f9:fa:39:16:90:23:7a:ff:cc:51:ab:4b:
         ae:8b:c1:48:41:a1:71:c5:ea:bb:5d:a5:f3:d2:5f:ea:f5:8b:
         5d:db:f0:22:fa:01:da:7d:e5:f3:1a:0d:8e:53:94:76:1e:03:
         50:d0:b2:a3:1e:bf:77:95:b3:56:bd:fc:7c:d6:24:a9:d0:69:
         de:bd:17:05:e1:74:0d:8a:f2:ce:66:7e:f2:88:9e:e7:d1:c0:
         9c:c6:b0:7e:12:d2:28:3f:80:c2:eb:6b:7d:dd:18:ff:ef:3d:
         83:e7:87:bf:c5:97:5f:11:94:37:65:6e:f3:e1:e9:ac:81:fd:
         35:58:ad:f7:e2:9d:51:b9:2c:4c:ab:85:b2:1b:db:8c:81:0b:
         24:cd:eb:b2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY16V5D6Azaf14T6U7OPRf41MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjQwMjA1MTczNjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzU0NzA3NWJjNmI4MTYwZGVjOTdmZThhZDYxZGMyMGZhMmE5YjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg/Lqq5+dkPgvmZTFq1E17wlxMbLF
MkQEvbzlD+MduQjzIDeOI7wbpUyxxW3a6rjud/+nTLADsyfOwNAgQbGd55T/+MkC
8rwu9I5KqrT2SIufAVhTLmcY0FM/QXPPwJtAo68aMk6EtabR8vmfcqJrK+6I5Quc
9ZS35jkyRdhLmW6OFqwCrVbFM1FoaHY242conDg4O3vNBtohzN/TtDijZP3SZU4H
qd/j5lH1DtUtLP9/4M3O5lqwJWp29a6kbaQeaJCN3/+rsH+o8ORkcjFhq1/UNIhx
yTeHKD3rPxWIurjGUo+SQwahsGMfgnzK/f3kz0+ZpWtNio/XdoPs2ozTOwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAdUcHW8a4Fg3sl/6K1h3CD6KpsqMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvQjFSd2RieHJnV0RleVhfb3JXSGNJUG9xbXlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCXoNAAwQD
XoNIMA0GCSqGSIb3DQEBCwUAA4IBAQCkycMtYgvANLbZdL4sScaKoqh6hhk6KIgp
0N8XA2KcvWNrYH9AJAt9a2LyljqZMWLSk/skcy7tE91sHCTCZqDuD+Rtt/aBT5Bw
Xv9VDaC083dTNi1Bs87qVqtyM4b9B4D/MzVqYfYgEVEbmQzZ/7iOYjv5+jkWkCN6
/8xRq0uui8FIQaFxxeq7XaXz0l/q9Ytd2/Ai+gHafeXzGg2OU5R2HgNQ0LKjHr93
lbNWvfx81iSp0GnevRcF4XQNivLOZn7yiJ7n0cCcxrB+EtIoP4DC62t93Rj/7z2D
54e/xZdfEZQ3ZW7z4emsgf01WK334p1RuSxMq4WyG9uMgQskzeuy
-----END CERTIFICATE-----