Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/6c1e01-1595-47b0-9e03-cf7232ddebec/1/N4Pi6nqZivONrY1Oq2cYnIx9Px0.roa
File:                     N4Pi6nqZivONrY1Oq2cYnIx9Px0.roa (raw, json)
Hash identifier:          Xkt2+8zas34rHnb3LSnNp/AhhDty5F6WrrREaqH/mZI=
Subject key identifier:   37:83:E2:EA:7A:99:8A:F3:8D:AD:8D:4E:AB:67:18:9C:8C:7D:3F:1D
Certificate issuer:       /CN=0c57cb3a1e53e7629ee3b9f2672d4571ef85d2c8
Certificate serial:       018CC2DACF7FE9B70A42048B13E66F47C64D
Authority key identifier: 0C:57:CB:3A:1E:53:E7:62:9E:E3:B9:F2:67:2D:45:71:EF:85:D2:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DFfLOh5T52Ke47nyZy1Fce-F0sg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/6c1e01-1595-47b0-9e03-cf7232ddebec/1/N4Pi6nqZivONrY1Oq2cYnIx9Px0.roa
Signing time:             Mon 01 Jan 2024 02:29:29 +0000
ROA not before:           Mon 01 Jan 2024 02:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204013
IP address blocks:        94.126.50.0/24 maxlen: 24
                          94.126.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/6c1e01-1595-47b0-9e03-cf7232ddebec/1/DFfLOh5T52Ke47nyZy1Fce-F0sg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/6c1e01-1595-47b0-9e03-cf7232ddebec/1/DFfLOh5T52Ke47nyZy1Fce-F0sg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DFfLOh5T52Ke47nyZy1Fce-F0sg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 22:03:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:cf:7f:e9:b7:0a:42:04:8b:13:e6:6f:47:c6:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c57cb3a1e53e7629ee3b9f2672d4571ef85d2c8
        Validity
            Not Before: Jan  1 02:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3783e2ea7a998af38dad8d4eab67189c8c7d3f1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:b3:20:49:54:74:89:46:b4:90:62:72:33:da:
                    d1:88:ea:d4:7d:8b:29:1d:d0:41:ef:88:cf:56:ff:
                    4f:99:97:3a:88:19:a3:11:75:c2:36:4b:35:c0:9a:
                    8a:80:79:5c:af:2d:74:89:90:af:10:55:24:30:cc:
                    8e:89:fc:a9:1e:68:22:fb:20:db:de:a4:32:f1:1e:
                    f8:a6:ee:3f:85:ca:bf:0e:62:d2:a8:7e:ab:15:bd:
                    41:4e:e7:a2:44:6d:20:f1:83:f3:c0:6e:21:54:08:
                    b3:d8:b7:eb:22:83:42:86:69:0b:01:1f:b3:20:74:
                    bb:92:46:9c:69:51:59:c7:af:ba:0d:38:14:6e:c7:
                    a4:2f:a9:d7:89:bc:16:6f:54:22:4e:5f:92:8a:5e:
                    23:25:28:0d:8a:3e:63:70:a7:e7:3f:37:19:4b:b6:
                    58:41:dd:d9:c6:b9:e3:8f:8e:97:36:28:53:83:f4:
                    9a:1c:01:14:3e:c3:92:fe:fa:da:75:a6:f1:7f:2c:
                    a7:2c:32:ec:19:5b:6f:87:0f:15:41:ab:e7:a6:f2:
                    fe:1e:9d:48:3f:9d:23:0c:5b:70:a8:08:e3:cd:6c:
                    07:36:fa:64:5e:e7:08:63:80:c5:1b:46:ed:4a:bc:
                    e4:5c:ec:23:74:6d:d3:a3:10:34:5a:ff:26:c1:ae:
                    63:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:83:E2:EA:7A:99:8A:F3:8D:AD:8D:4E:AB:67:18:9C:8C:7D:3F:1D
            X509v3 Authority Key Identifier:
                keyid:0C:57:CB:3A:1E:53:E7:62:9E:E3:B9:F2:67:2D:45:71:EF:85:D2:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DFfLOh5T52Ke47nyZy1Fce-F0sg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6c1e01-1595-47b0-9e03-cf7232ddebec/1/N4Pi6nqZivONrY1Oq2cYnIx9Px0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6c1e01-1595-47b0-9e03-cf7232ddebec/1/DFfLOh5T52Ke47nyZy1Fce-F0sg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.126.50.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6e:03:cd:dd:26:bf:ba:0a:7f:d6:aa:82:35:d9:80:fa:ff:81:
         8d:11:1c:b7:10:61:9f:0b:d2:bf:57:77:e7:8b:61:46:c0:87:
         d9:01:50:b8:50:50:e3:33:59:8c:6a:1a:fe:2f:2a:84:d8:c7:
         bb:ed:41:a3:e8:4d:db:44:44:37:58:99:10:b1:8f:d5:d5:7a:
         ee:fa:bd:8f:86:88:8f:39:37:83:68:8d:aa:e0:fb:c9:de:ec:
         49:64:81:52:af:16:e4:65:db:bf:8c:f4:b4:c4:bf:30:f4:7e:
         19:54:44:43:17:6c:dc:71:dd:a8:70:c0:ac:79:d4:d2:d2:50:
         79:c6:54:a0:48:52:cd:95:d6:68:d7:a4:04:43:e2:b1:a6:0e:
         95:c0:f2:81:2b:08:51:a7:75:76:3c:aa:ef:70:74:39:7d:7d:
         c3:82:ec:3c:22:34:96:1a:07:1e:38:03:c1:00:9c:1f:e4:cb:
         21:23:16:9d:eb:fc:88:a0:14:48:46:ff:ba:53:a5:e0:d6:ad:
         e5:9b:d6:55:a9:2a:ba:dd:f1:d2:cc:99:27:20:d7:a1:fa:d3:
         40:49:9e:7f:7e:c2:5f:89:e0:cb:a6:28:0f:8d:a3:e3:d3:bd:
         a1:06:d7:70:a5:bc:f5:a4:01:5e:a2:29:58:eb:9d:1f:05:a4:
         ec:26:d3:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2s9/6bcKQgSLE+ZvR8ZNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjNTdjYjNhMWU1M2U3NjI5ZWUzYjlmMjY3MmQ0NTcxZWY4
NWQyYzgwHhcNMjQwMTAxMDIyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzgzZTJlYTdhOTk4YWYzOGRhZDhkNGVhYjY3MTg5YzhjN2QzZjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2rMgSVR0iUa0kGJyM9rRiOrUfYsp
HdBB74jPVv9PmZc6iBmjEXXCNks1wJqKgHlcry10iZCvEFUkMMyOifypHmgi+yDb
3qQy8R74pu4/hcq/DmLSqH6rFb1BTueiRG0g8YPzwG4hVAiz2LfrIoNChmkLAR+z
IHS7kkacaVFZx6+6DTgUbsekL6nXibwWb1QiTl+Sil4jJSgNij5jcKfnPzcZS7ZY
Qd3Zxrnjj46XNihTg/SaHAEUPsOS/vradabxfyynLDLsGVtvhw8VQavnpvL+Hp1I
P50jDFtwqAjjzWwHNvpkXucIY4DFG0btSrzkXOwjdG3ToxA0Wv8mwa5jdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDeD4up6mYrzja2NTqtnGJyMfT8dMB8GA1UdIwQY
MBaAFAxXyzoeU+dinuO58mctRXHvhdLIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREZmTE9oNVQ1MktlNDdueVp5MUZjZS1GMHNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS82YzFlMDEtMTU5NS00N2IwLTllMDMt
Y2Y3MjMyZGRlYmVjLzEvTjRQaTZucVppdk9OclkxT3EyY1luSXg5UHgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS82YzFlMDEtMTU5NS00N2IwLTllMDMtY2Y3MjMyZGRlYmVj
LzEvREZmTE9oNVQ1MktlNDdueVp5MUZjZS1GMHNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXn4yMA0G
CSqGSIb3DQEBCwUAA4IBAQBuA83dJr+6Cn/WqoI12YD6/4GNERy3EGGfC9K/V3fn
i2FGwIfZAVC4UFDjM1mMahr+LyqE2Me77UGj6E3bREQ3WJkQsY/V1Xru+r2PhoiP
OTeDaI2q4PvJ3uxJZIFSrxbkZdu/jPS0xL8w9H4ZVERDF2zccd2ocMCsedTS0lB5
xlSgSFLNldZo16QEQ+Kxpg6VwPKBKwhRp3V2PKrvcHQ5fX3Dguw8IjSWGgceOAPB
AJwf5MshIxad6/yIoBRIRv+6U6Xg1q3lm9ZVqSq63fHSzJknINeh+tNASZ5/fsJf
ieDLpigPjaPj072hBtdwpbz1pAFeoilY650fBaTsJtNH
-----END CERTIFICATE-----