Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/6sDkXv4tpYKDCT8lAyXzSyVFclE.roa
File:                     6sDkXv4tpYKDCT8lAyXzSyVFclE.roa (raw, json)
Hash identifier:          UGL1rDQDc0biYnNt05Gxt0b1jXnBmOwg1Im7Me3H+jM=
Subject key identifier:   EA:C0:E4:5E:FE:2D:A5:82:83:09:3F:25:03:25:F3:4B:25:45:72:51
Certificate issuer:       /CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
Certificate serial:       018CC725A2E5195AD52BA1068B4B262BEDF9
Authority key identifier: 89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/6sDkXv4tpYKDCT8lAyXzSyVFclE.roa
Signing time:             Mon 01 Jan 2024 22:29:41 +0000
ROA not before:           Mon 01 Jan 2024 22:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206150
IP address blocks:        94.137.75.0/24 maxlen: 24
                          94.137.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:a2:e5:19:5a:d5:2b:a1:06:8b:4b:26:2b:ed:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
        Validity
            Not Before: Jan  1 22:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eac0e45efe2da58283093f250325f34b25457251
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:a5:b8:27:da:d4:cc:47:ba:12:f2:2c:10:e1:
                    59:eb:9f:af:f4:1d:97:ce:cb:bc:91:d8:91:94:fa:
                    99:7d:c3:7e:e4:29:82:eb:57:c4:5e:86:5d:df:32:
                    5d:66:7b:69:83:dc:c1:18:bf:08:54:75:91:a3:1e:
                    be:7b:b8:1e:a4:ec:98:7d:b0:67:5f:00:a3:cb:17:
                    f0:77:a4:5d:94:a9:9e:dc:9a:a9:cc:2d:45:2a:2a:
                    13:ef:a8:47:b3:02:f3:b5:1c:72:55:f6:9c:83:f3:
                    77:de:37:38:7c:4a:1f:66:3f:8b:24:47:16:ee:21:
                    e1:9c:3b:b1:bb:2a:b8:d7:fe:0b:c4:0e:ed:77:8a:
                    0a:7d:26:77:60:70:7e:ba:37:bc:f8:ac:88:36:19:
                    bb:68:fe:c8:1a:b1:c8:b0:ed:96:e2:34:31:15:02:
                    60:e0:e3:40:af:a5:b3:d2:b9:86:47:24:8b:91:31:
                    fa:17:78:7c:c6:04:0c:42:29:55:cc:2c:cb:4f:63:
                    73:1c:3a:14:51:c0:81:61:10:28:32:5b:75:e1:c4:
                    eb:48:89:0b:2e:12:ad:de:a4:4d:d6:bc:ef:1e:68:
                    d7:a7:34:fd:13:17:92:41:9e:a2:e2:fe:1e:6f:42:
                    7d:c9:cd:51:94:7c:1d:64:f8:3e:12:6d:4a:29:37:
                    ac:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:C0:E4:5E:FE:2D:A5:82:83:09:3F:25:03:25:F3:4B:25:45:72:51
            X509v3 Authority Key Identifier:
                keyid:89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/6sDkXv4tpYKDCT8lAyXzSyVFclE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.137.75.0/24
                  94.137.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:5a:05:25:d6:5e:18:03:5a:2b:cb:e7:d8:eb:36:32:56:46:
         42:f5:10:b3:d8:49:4e:88:81:39:b8:ce:a4:15:b6:3a:e0:86:
         29:8a:7c:63:d1:1b:95:a6:f9:d6:39:03:4c:96:95:cb:fd:1e:
         6c:d3:83:2f:c9:f7:59:72:4c:bf:fa:91:6f:78:ea:0a:5b:18:
         9f:ec:a2:21:b2:79:d2:86:31:97:b6:dc:37:6d:42:e8:5a:05:
         e9:d8:90:42:24:f8:18:93:4e:62:52:61:37:0c:64:4f:16:3c:
         0e:c0:11:82:ea:ca:69:58:19:a5:19:a5:ee:0c:1f:0a:9b:25:
         b2:2a:27:76:62:df:d3:77:b7:ef:fb:68:05:ff:2d:c7:46:8c:
         54:5f:10:ef:c0:0e:0d:f5:67:15:be:8b:94:3c:7e:f2:f3:46:
         a6:8c:77:d2:42:78:53:70:39:00:f6:49:84:bc:b2:ec:b9:c5:
         ae:f7:3b:10:8c:83:1a:fe:14:be:f5:5b:60:99:48:8f:e1:27:
         da:4e:5c:1f:91:a8:c0:72:a8:ae:ec:0f:3b:9b:0a:39:3e:03:
         10:4d:e8:c7:39:65:46:17:1a:5b:a5:35:07:69:e3:22:0c:a2:
         6f:8c:98:9d:77:a1:17:9c:0d:80:c5:bf:17:92:a6:57:11:6c:
         8f:e9:94:50
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJaLlGVrVK6EGi0smK+35MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YWMwYWNiZmRiN2EyNzRlZjM2YzE2ZjU4NjBhZGEyYTI0
NzA2OTcwHhcNMjQwMTAxMjIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWMwZTQ1ZWZlMmRhNTgyODMwOTNmMjUwMzI1ZjM0YjI1NDU3MjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmqW4J9rUzEe6EvIsEOFZ65+v9B2X
zsu8kdiRlPqZfcN+5CmC61fEXoZd3zJdZntpg9zBGL8IVHWRox6+e7gepOyYfbBn
XwCjyxfwd6RdlKme3JqpzC1FKioT76hHswLztRxyVfacg/N33jc4fEofZj+LJEcW
7iHhnDuxuyq41/4LxA7td4oKfSZ3YHB+uje8+KyINhm7aP7IGrHIsO2W4jQxFQJg
4ONAr6Wz0rmGRySLkTH6F3h8xgQMQilVzCzLT2NzHDoUUcCBYRAoMlt14cTrSIkL
LhKt3qRN1rzvHmjXpzT9ExeSQZ6i4v4eb0J9yc1RlHwdZPg+Em1KKTesRwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOrA5F7+LaWCgwk/JQMl80slRXJRMB8GA1UdIwQY
MBaAFImsCsv9t6J07zbBb1hgraKiRwaXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMt
ZDRkYmY3MDY2ZmQzLzEvNnNEa1h2NHRwWUtEQ1Q4bEF5WHpTeVZGY2xFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMtZDRkYmY3MDY2ZmQz
LzEvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXolLAwQA
XolNMA0GCSqGSIb3DQEBCwUAA4IBAQAJWgUl1l4YA1ory+fY6zYyVkZC9RCz2ElO
iIE5uM6kFbY64IYpinxj0RuVpvnWOQNMlpXL/R5s04MvyfdZcky/+pFveOoKWxif
7KIhsnnShjGXttw3bULoWgXp2JBCJPgYk05iUmE3DGRPFjwOwBGC6sppWBmlGaXu
DB8KmyWyKid2Yt/Td7fv+2gF/y3HRoxUXxDvwA4N9WcVvouUPH7y80amjHfSQnhT
cDkA9kmEvLLsucWu9zsQjIMa/hS+9VtgmUiP4SfaTlwfkajAcqiu7A87mwo5PgMQ
TejHOWVGFxpbpTUHaeMiDKJvjJidd6EXnA2Axb8XkqZXEWyP6ZRQ
-----END CERTIFICATE-----