Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/rRvycewacsNjkiuoV4f77av1zv8.roa
File:                     rRvycewacsNjkiuoV4f77av1zv8.roa (raw, json)
Hash identifier:          K+hWmxu6ff74+il5QdHDHoUKLmHL3lXyBRUxZPfDgmA=
Subject key identifier:   AD:1B:F2:71:EC:1A:72:C3:63:92:2B:A8:57:87:FB:ED:AB:F5:CE:FF
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       018CC64AD655F3455DB9384545F7143EFB9A
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/rRvycewacsNjkiuoV4f77av1zv8.roa
Signing time:             Mon 01 Jan 2024 18:30:42 +0000
ROA not before:           Mon 01 Jan 2024 18:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51395
IP address blocks:        94.131.99.0/24 maxlen: 24
                          94.131.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 18:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:d6:55:f3:45:5d:b9:38:45:45:f7:14:3e:fb:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Jan  1 18:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad1bf271ec1a72c363922ba85787fbedabf5ceff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:62:27:b0:cb:db:b6:48:61:6e:9a:79:27:de:
                    f9:b6:3c:98:3d:ea:cd:ba:6a:42:b3:58:bf:eb:3f:
                    fe:47:99:1a:62:7b:ae:31:ee:38:fb:09:dd:3d:4a:
                    c7:47:f7:0f:a7:95:0c:b3:c7:1c:7c:92:cc:1e:e2:
                    df:a0:84:94:76:1c:b0:71:bb:81:b8:d1:e9:97:b9:
                    6f:30:41:f0:16:94:4e:75:10:c8:c7:d7:7e:d7:45:
                    7d:b3:35:a0:c8:e0:a4:72:77:c9:6a:61:e6:b8:c8:
                    48:98:d2:95:ae:9e:43:29:20:82:59:2d:b5:23:c8:
                    9f:c3:cf:c0:73:0e:bf:fc:d8:2a:19:18:c8:b5:01:
                    fd:d2:1d:b4:df:b9:a4:ed:84:ea:93:2a:56:1a:a7:
                    8d:7c:74:3f:07:7d:2f:02:85:47:a8:18:ad:83:16:
                    f8:5c:b7:b5:9b:c3:c0:08:7a:fb:11:e8:71:17:73:
                    d8:b7:f2:f3:90:03:a6:57:c6:d1:1f:47:85:bf:6d:
                    a0:d8:d9:70:c9:9b:91:5a:c2:47:d5:16:28:65:fe:
                    d0:16:40:3b:2c:c7:e4:d4:ad:a2:6a:23:2e:00:21:
                    8e:dd:a3:3d:b3:6d:7e:cb:16:b4:7b:7b:d3:22:17:
                    aa:35:e4:bd:fb:62:ce:58:15:84:b1:31:b3:02:87:
                    0f:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:1B:F2:71:EC:1A:72:C3:63:92:2B:A8:57:87:FB:ED:AB:F5:CE:FF
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/rRvycewacsNjkiuoV4f77av1zv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.3.0/24
                  94.131.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:be:bf:1e:f2:3b:ac:15:ad:2d:4f:75:4c:bc:a1:83:f9:bc:
         05:28:cf:2e:af:05:9a:71:14:b7:6d:d0:3a:99:a6:01:9e:75:
         54:94:25:5f:ca:5e:48:76:ba:57:7c:c6:d0:52:00:70:6d:d7:
         b1:e5:4f:69:89:34:0a:e1:ee:14:aa:3e:ac:04:eb:67:6a:a4:
         35:79:f8:7e:07:36:10:f3:93:db:68:46:a4:dd:90:7e:ab:06:
         26:34:5a:46:44:ec:17:ee:77:ca:c0:c6:92:bb:f9:09:c6:86:
         59:b1:c7:90:2c:2a:53:c6:a4:6b:64:8a:28:9e:7c:96:0e:85:
         f1:d5:6d:8e:0a:83:2d:1c:68:c7:4f:81:fc:c1:09:3a:23:8e:
         77:72:12:3d:d5:b5:65:ff:5a:8f:a8:19:65:54:cb:16:03:b6:
         65:b4:b4:86:ed:79:25:fb:f0:93:be:3f:55:80:fd:04:46:90:
         4a:76:a7:d2:69:fb:62:eb:ff:15:92:55:67:35:12:e2:f1:4c:
         55:72:61:15:1b:82:93:3b:ba:1f:98:d2:17:d0:56:f8:01:47:
         61:d0:0d:d5:f6:47:59:42:27:8b:d5:b1:89:71:23:1c:db:bb:
         be:d9:6e:e2:50:b0:0f:d2:59:e9:93:ab:38:28:ed:5b:38:63:
         fe:59:c6:f6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGStZV80VduThFRfcUPvuaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjQwMTAxMTgzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDFiZjI3MWVjMWE3MmMzNjM5MjJiYTg1Nzg3ZmJlZGFiZjVjZWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGInsMvbtkhhbpp5J975tjyYPerN
umpCs1i/6z/+R5kaYnuuMe44+wndPUrHR/cPp5UMs8ccfJLMHuLfoISUdhywcbuB
uNHpl7lvMEHwFpROdRDIx9d+10V9szWgyOCkcnfJamHmuMhImNKVrp5DKSCCWS21
I8ifw8/Acw6//NgqGRjItQH90h2037mk7YTqkypWGqeNfHQ/B30vAoVHqBitgxb4
XLe1m8PACHr7EehxF3PYt/LzkAOmV8bRH0eFv22g2NlwyZuRWsJH1RYoZf7QFkA7
LMfk1K2iaiMuACGO3aM9s21+yxa0e3vTIheqNeS9+2LOWBWEsTGzAocPGwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK0b8nHsGnLDY5IrqFeH++2r9c7/MB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvclJ2eWNld2Fjc05qa2l1b1Y0Zjc3YXYxenY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXoMDAwQA
XoNjMA0GCSqGSIb3DQEBCwUAA4IBAQCgvr8e8jusFa0tT3VMvKGD+bwFKM8urwWa
cRS3bdA6maYBnnVUlCVfyl5IdrpXfMbQUgBwbdex5U9piTQK4e4Uqj6sBOtnaqQ1
efh+BzYQ85PbaEak3ZB+qwYmNFpGROwX7nfKwMaSu/kJxoZZsceQLCpTxqRrZIoo
nnyWDoXx1W2OCoMtHGjHT4H8wQk6I453chI91bVl/1qPqBllVMsWA7ZltLSG7Xkl
+/CTvj9VgP0ERpBKdqfSafti6/8VklVnNRLi8UxVcmEVG4KTO7ofmNIX0Fb4AUdh
0A3V9kdZQieL1bGJcSMc27u+2W7iULAP0lnpk6s4KO1bOGP+Wcb2
-----END CERTIFICATE-----