Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/rUfzwyiPkzLDhTDz_N-WMQLqzq0.roa
File:                     rUfzwyiPkzLDhTDz_N-WMQLqzq0.roa (raw, json)
Hash identifier:          6t9rddKGa+et13IJpDuTaNAvNuwVfjoEore6SKCevHE=
Subject key identifier:   AD:47:F3:C3:28:8F:93:32:C3:85:30:F3:FC:DF:96:31:02:EA:CE:AD
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       018CC64AD313513EA9515BA13025C31687B1
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/rUfzwyiPkzLDhTDz_N-WMQLqzq0.roa
Signing time:             Mon 01 Jan 2024 18:30:41 +0000
ROA not before:           Mon 01 Jan 2024 18:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3356
IP address blocks:        94.131.80.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 13:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:d3:13:51:3e:a9:51:5b:a1:30:25:c3:16:87:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Jan  1 18:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad47f3c3288f9332c38530f3fcdf963102eacead
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:84:b6:63:8b:82:25:34:34:fb:20:fb:cb:96:
                    c5:63:8f:2d:ca:4b:9f:67:88:14:b1:17:47:8a:06:
                    75:e9:d3:59:24:b5:44:a6:c1:68:c7:ff:8d:1c:89:
                    7f:44:a9:4c:0e:cf:27:6d:0f:06:fe:7a:f6:95:a8:
                    f4:c6:1b:1a:6b:b3:ce:92:42:25:7e:2d:2d:02:d7:
                    60:6d:0e:8f:64:84:5c:b9:ee:b2:5e:53:f0:56:9d:
                    4e:cc:c5:7b:87:69:50:9f:3a:73:c7:84:23:6b:8a:
                    6f:70:81:91:bc:26:c3:89:c1:51:20:db:ad:bc:0d:
                    35:d9:19:18:11:9a:36:9e:d6:cb:53:9b:be:44:72:
                    2a:55:11:28:02:2b:36:5b:c0:a7:8b:2c:bb:61:00:
                    f0:43:2a:61:28:a4:59:6c:dc:63:99:f7:a1:67:2c:
                    93:e7:3f:70:c2:37:53:75:71:09:b2:9e:ff:08:e7:
                    47:41:f7:db:f6:3d:61:b0:01:01:ec:58:c2:a4:59:
                    f6:99:45:49:e9:0e:57:6f:b2:be:aa:32:a9:4e:12:
                    94:e6:a1:30:eb:8c:e2:d8:7d:6a:d2:1c:a7:66:f5:
                    d9:04:60:83:c1:d7:4d:f2:01:c2:b2:7d:03:33:cc:
                    6f:54:b7:8f:c0:94:69:0c:bb:14:76:6b:61:20:b0:
                    96:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:47:F3:C3:28:8F:93:32:C3:85:30:F3:FC:DF:96:31:02:EA:CE:AD
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/rUfzwyiPkzLDhTDz_N-WMQLqzq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.80.0/20

    Signature Algorithm: sha256WithRSAEncryption
         16:7d:f6:1c:01:04:f2:7b:e9:dd:b3:bf:3a:df:fa:a3:a5:3b:
         7b:fa:91:19:24:73:87:37:e6:f5:24:4a:59:e5:7f:de:ab:e2:
         11:99:e6:ac:00:55:d5:b6:d2:9d:2b:8b:27:df:62:8d:8b:17:
         94:46:f7:13:52:55:8e:e3:29:6b:15:6a:81:df:21:9e:70:f4:
         8a:84:e9:3a:19:7a:34:76:c1:ce:21:65:52:38:2a:12:4c:8c:
         19:e3:5a:ab:bb:ee:ae:aa:bb:fe:1e:7e:9f:72:2e:e8:8f:29:
         68:38:11:29:05:74:0f:8e:0e:e4:7d:0b:55:69:0e:48:4b:ed:
         c2:f5:d0:16:93:23:39:43:bf:da:dd:34:5c:9f:f4:04:92:f4:
         e0:93:40:3b:5f:fa:11:3c:8c:f0:23:c8:ca:2d:da:30:4e:be:
         33:02:51:16:2c:80:36:cc:4d:a0:54:b4:5d:6a:7c:40:20:9b:
         e8:0d:cf:c5:27:13:20:f5:e3:ee:d8:6e:c7:21:90:15:09:3e:
         26:15:7a:60:af:b3:c0:14:0f:15:32:7b:ba:1c:3f:b2:5e:c5:
         e1:db:f6:d2:10:f6:40:9f:d9:5d:f5:a0:8c:36:6b:cc:65:ce:
         21:fa:2b:8d:17:df:4c:2e:d1:2c:91:b3:b4:dc:d1:2c:2b:96:
         56:b3:ff:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGStMTUT6pUVuhMCXDFoexMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjQwMTAxMTgzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDQ3ZjNjMzI4OGY5MzMyYzM4NTMwZjNmY2RmOTYzMTAyZWFjZWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIS2Y4uCJTQ0+yD7y5bFY48tykuf
Z4gUsRdHigZ16dNZJLVEpsFox/+NHIl/RKlMDs8nbQ8G/nr2laj0xhsaa7POkkIl
fi0tAtdgbQ6PZIRcue6yXlPwVp1OzMV7h2lQnzpzx4Qja4pvcIGRvCbDicFRINut
vA012RkYEZo2ntbLU5u+RHIqVREoAis2W8Cniyy7YQDwQyphKKRZbNxjmfehZyyT
5z9wwjdTdXEJsp7/COdHQffb9j1hsAEB7FjCpFn2mUVJ6Q5Xb7K+qjKpThKU5qEw
64zi2H1q0hynZvXZBGCDwddN8gHCsn0DM8xvVLePwJRpDLsUdmthILCWZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK1H88Moj5Myw4Uw8/zfljEC6s6tMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvclVmend5aVBrekxEaFREel9OLVdNUUxxenEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEXoNQMA0G
CSqGSIb3DQEBCwUAA4IBAQAWffYcAQTye+nds7863/qjpTt7+pEZJHOHN+b1JEpZ
5X/eq+IRmeasAFXVttKdK4sn32KNixeURvcTUlWO4ylrFWqB3yGecPSKhOk6GXo0
dsHOIWVSOCoSTIwZ41qru+6uqrv+Hn6fci7ojyloOBEpBXQPjg7kfQtVaQ5IS+3C
9dAWkyM5Q7/a3TRcn/QEkvTgk0A7X/oRPIzwI8jKLdowTr4zAlEWLIA2zE2gVLRd
anxAIJvoDc/FJxMg9ePu2G7HIZAVCT4mFXpgr7PAFA8VMnu6HD+yXsXh2/bSEPZA
n9ld9aCMNmvMZc4h+iuNF99MLtEskbO03NEsK5ZWs//G
-----END CERTIFICATE-----