Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/ecaf44-08cc-41bb-81d3-262bec717b17/1/n5eXbGkH_aw5CuhL68ZyMaGN1lk.roa
File:                     n5eXbGkH_aw5CuhL68ZyMaGN1lk.roa (raw, json)
Hash identifier:          WLq282Jqhc+uAPUDeMFGUJGmnhv3DngBSxbKUoUKzj8=
Subject key identifier:   9F:97:97:6C:69:07:FD:AC:39:0A:E8:4B:EB:C6:72:31:A1:8D:D6:59
Certificate issuer:       /CN=f4b9dd9e34fe66d75138903708f8ce1fbd342d64
Certificate serial:       018CC86EFB2303D11F229D9CD25B7473EDCD
Authority key identifier: F4:B9:DD:9E:34:FE:66:D7:51:38:90:37:08:F8:CE:1F:BD:34:2D:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LndnjT-ZtdROJA3CPjOH700LWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/ecaf44-08cc-41bb-81d3-262bec717b17/1/n5eXbGkH_aw5CuhL68ZyMaGN1lk.roa
Signing time:             Tue 02 Jan 2024 04:29:25 +0000
ROA not before:           Tue 02 Jan 2024 04:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35008
IP address blocks:        194.246.109.0/24 maxlen: 24
                          2001:67c:760::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/ecaf44-08cc-41bb-81d3-262bec717b17/1/9LndnjT-ZtdROJA3CPjOH700LWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/ecaf44-08cc-41bb-81d3-262bec717b17/1/9LndnjT-ZtdROJA3CPjOH700LWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9LndnjT-ZtdROJA3CPjOH700LWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:fb:23:03:d1:1f:22:9d:9c:d2:5b:74:73:ed:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b9dd9e34fe66d75138903708f8ce1fbd342d64
        Validity
            Not Before: Jan  2 04:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f97976c6907fdac390ae84bebc67231a18dd659
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:96:f0:68:29:ce:24:0e:49:95:2b:eb:ce:f7:
                    3d:57:2b:20:c8:4e:02:86:e7:2b:f0:7d:c9:e1:d1:
                    d7:ab:4a:e8:ee:c3:a0:de:7d:a1:c1:e4:a5:38:51:
                    29:c7:86:1f:4e:c1:bd:b4:3a:6d:7d:a7:73:61:f5:
                    72:0e:64:1e:3d:35:97:fa:04:32:70:5e:6d:28:5d:
                    28:5f:62:c7:ad:fb:1f:e1:54:ba:32:c8:7a:95:f9:
                    8b:32:e7:db:37:0b:ab:81:2c:76:3e:c3:57:51:86:
                    7a:2d:e1:86:97:c8:d8:13:62:ad:24:b3:45:b8:b0:
                    0d:ca:d6:ae:9f:e9:3d:af:b4:83:c4:2e:91:8d:9b:
                    6f:83:77:fb:e2:16:f1:b6:04:3a:5d:42:5d:3b:df:
                    01:ff:e4:96:e2:c4:b0:b8:22:bd:11:a9:99:cf:3d:
                    87:50:a4:e2:06:fe:b9:bd:89:68:10:2f:00:a1:02:
                    22:0f:5d:f9:13:1e:ee:a3:43:e8:72:c6:cb:1c:14:
                    3f:4c:07:de:b7:25:c9:32:18:2b:47:c4:ff:ac:80:
                    8f:9d:8f:24:3c:ef:0a:68:57:5a:fc:f3:0c:b9:27:
                    0c:ce:51:2d:14:c9:11:db:22:79:5b:24:93:05:98:
                    ea:a9:3a:55:a7:66:31:f2:ba:89:90:e0:03:9f:ec:
                    0e:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:97:97:6C:69:07:FD:AC:39:0A:E8:4B:EB:C6:72:31:A1:8D:D6:59
            X509v3 Authority Key Identifier:
                keyid:F4:B9:DD:9E:34:FE:66:D7:51:38:90:37:08:F8:CE:1F:BD:34:2D:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LndnjT-ZtdROJA3CPjOH700LWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/ecaf44-08cc-41bb-81d3-262bec717b17/1/n5eXbGkH_aw5CuhL68ZyMaGN1lk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/ecaf44-08cc-41bb-81d3-262bec717b17/1/9LndnjT-ZtdROJA3CPjOH700LWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.246.109.0/24
                IPv6:
                  2001:67c:760::/48

    Signature Algorithm: sha256WithRSAEncryption
         a7:95:6d:48:44:78:f5:05:0f:94:80:65:47:cd:40:48:00:3c:
         0c:fa:dc:18:2b:b4:78:d4:74:61:35:fb:a2:d7:20:3e:1a:88:
         e5:82:34:a1:fa:75:3b:7d:79:3e:0f:5e:6f:b3:6e:3f:8a:56:
         4a:f6:60:44:20:3a:3d:fa:aa:41:e8:e6:c9:b1:30:02:5c:4e:
         98:37:07:e2:87:39:22:00:02:30:e8:28:c6:76:87:5c:e7:cc:
         cf:4c:aa:ec:d9:d3:63:be:fb:e0:e8:89:4b:b5:46:ff:ee:58:
         df:ac:c6:2a:10:39:8c:15:79:51:b3:4e:56:5c:fa:97:17:fb:
         81:8b:34:fb:61:4b:e6:11:24:2c:ae:f5:e9:39:22:1e:68:61:
         03:f0:6e:30:cb:5a:c0:b1:61:46:a1:fe:6e:04:c7:c3:90:23:
         32:64:35:37:08:75:24:6e:a1:4c:d4:ac:cb:d0:b1:f1:e9:4d:
         b6:f8:99:8e:be:52:1a:1b:04:52:e0:e5:1b:44:0a:b8:6c:7f:
         0b:55:20:9c:34:43:46:de:6f:fb:0b:79:c9:1c:1c:a8:6e:37:
         80:da:15:ab:d3:33:d7:95:75:f0:fc:dd:d4:17:7c:d9:3e:cf:
         b6:4a:78:04:99:2d:4a:8a:65:61:f0:86:c9:b8:90:8b:e0:32:
         d0:49:14:84
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIbvsjA9EfIp2c0lt0c+3NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0YjlkZDllMzRmZTY2ZDc1MTM4OTAzNzA4ZjhjZTFmYmQz
NDJkNjQwHhcNMjQwMTAyMDQyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Zjk3OTc2YzY5MDdmZGFjMzkwYWU4NGJlYmM2NzIzMWExOGRkNjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAppbwaCnOJA5JlSvrzvc9VysgyE4C
hucr8H3J4dHXq0ro7sOg3n2hweSlOFEpx4YfTsG9tDptfadzYfVyDmQePTWX+gQy
cF5tKF0oX2LHrfsf4VS6Msh6lfmLMufbNwurgSx2PsNXUYZ6LeGGl8jYE2KtJLNF
uLANytaun+k9r7SDxC6RjZtvg3f74hbxtgQ6XUJdO98B/+SW4sSwuCK9EamZzz2H
UKTiBv65vYloEC8AoQIiD135Ex7uo0PocsbLHBQ/TAfetyXJMhgrR8T/rICPnY8k
PO8KaFda/PMMuScMzlEtFMkR2yJ5WySTBZjqqTpVp2Yx8rqJkOADn+wOrwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJ+Xl2xpB/2sOQroS+vGcjGhjdZZMB8GA1UdIwQY
MBaAFPS53Z40/mbXUTiQNwj4zh+9NC1kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxuZG5qVC1adGRST0pBM0NQak9INzAwTFdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9lY2FmNDQtMDhjYy00MWJiLTgxZDMt
MjYyYmVjNzE3YjE3LzEvbjVlWGJHa0hfYXc1Q3VoTDY4WnlNYUdOMWxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9lY2FmNDQtMDhjYy00MWJiLTgxZDMtMjYyYmVjNzE3YjE3
LzEvOUxuZG5qVC1adGRST0pBM0NQak9INzAwTFdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwvZtMA8E
AgACMAkDBwAgAQZ8B2AwDQYJKoZIhvcNAQELBQADggEBAKeVbUhEePUFD5SAZUfN
QEgAPAz63BgrtHjUdGE1+6LXID4aiOWCNKH6dTt9eT4PXm+zbj+KVkr2YEQgOj36
qkHo5smxMAJcTpg3B+KHOSIAAjDoKMZ2h1znzM9MquzZ02O+++DoiUu1Rv/uWN+s
xioQOYwVeVGzTlZc+pcX+4GLNPthS+YRJCyu9ek5Ih5oYQPwbjDLWsCxYUah/m4E
x8OQIzJkNTcIdSRuoUzUrMvQsfHpTbb4mY6+UhobBFLg5RtECrhsfwtVIJw0Q0be
b/sLeckcHKhuN4DaFavTM9eVdfD83dQXfNk+z7ZKeASZLUqKZWHwhsm4kIvgMtBJ
FIQ=
-----END CERTIFICATE-----