Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/6ff230-e012-4531-866c-0a8bd2f36c72/1/So1IWIPJNExxI6BKopLOyum4KOk.roa
File:                     So1IWIPJNExxI6BKopLOyum4KOk.roa (raw, json)
Hash identifier:          v8Cos1DPB2uBdZlmisS1AxYmhoswQsmhdG8rb9w8yIc=
Subject key identifier:   4A:8D:48:58:83:C9:34:4C:71:23:A0:4A:A2:92:CE:CA:E9:B8:28:E9
Certificate issuer:       /CN=77001bcc69a16503421b88851f47aa16c5cf2dbc
Certificate serial:       018CC6B8373015B6D8DCE8583C3AA2FF69A2
Authority key identifier: 77:00:1B:CC:69:A1:65:03:42:1B:88:85:1F:47:AA:16:C5:CF:2D:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dwAbzGmhZQNCG4iFH0eqFsXPLbw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/6ff230-e012-4531-866c-0a8bd2f36c72/1/So1IWIPJNExxI6BKopLOyum4KOk.roa
Signing time:             Mon 01 Jan 2024 20:30:10 +0000
ROA not before:           Mon 01 Jan 2024 20:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6730
IP address blocks:        94.154.9.0/24 maxlen: 24
                          2a0f:f0c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/6ff230-e012-4531-866c-0a8bd2f36c72/1/dwAbzGmhZQNCG4iFH0eqFsXPLbw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/6ff230-e012-4531-866c-0a8bd2f36c72/1/dwAbzGmhZQNCG4iFH0eqFsXPLbw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dwAbzGmhZQNCG4iFH0eqFsXPLbw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Jun 2024 14:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:37:30:15:b6:d8:dc:e8:58:3c:3a:a2:ff:69:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77001bcc69a16503421b88851f47aa16c5cf2dbc
        Validity
            Not Before: Jan  1 20:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a8d485883c9344c7123a04aa292cecae9b828e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:c6:8e:59:f2:30:fd:1d:5c:ff:cc:da:c3:c6:
                    9f:e6:9f:8b:1c:9a:28:07:e2:64:a2:86:63:27:6d:
                    9b:91:67:f7:aa:8f:fd:71:46:5f:cd:5e:2c:c8:37:
                    6f:e6:0d:4b:21:14:ab:cf:55:06:60:75:b1:a2:c4:
                    c1:5d:ab:27:65:c5:6c:a9:de:28:81:0d:8c:20:98:
                    89:54:1c:f6:f6:3b:f7:b5:b5:cf:37:b5:15:94:32:
                    c0:4e:2c:6b:bb:d8:c8:21:a9:1d:cf:89:d9:eb:01:
                    cd:27:7f:11:e4:eb:f9:f3:ea:60:88:c0:bc:71:58:
                    97:dc:af:3e:38:5a:10:2d:db:4f:1b:1a:17:e3:19:
                    7e:85:ff:92:77:20:22:92:bc:bb:1e:2d:cb:3d:53:
                    69:5e:f8:cf:55:e8:b6:56:37:da:6b:16:9c:59:2a:
                    25:71:d8:75:2e:62:f7:a0:39:10:47:85:9d:33:25:
                    96:49:b1:91:bf:a8:6f:8c:27:84:59:4c:82:af:aa:
                    12:e9:29:6a:e3:1b:62:80:40:89:58:4d:5d:11:8c:
                    d0:09:7c:b2:b7:ba:3b:30:25:73:42:a6:5a:24:7f:
                    3e:33:a7:43:08:63:bf:e9:db:b0:0e:8e:bc:e8:9a:
                    66:c8:96:99:81:ad:63:6a:3c:d9:3f:03:89:3f:a1:
                    dd:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:8D:48:58:83:C9:34:4C:71:23:A0:4A:A2:92:CE:CA:E9:B8:28:E9
            X509v3 Authority Key Identifier:
                keyid:77:00:1B:CC:69:A1:65:03:42:1B:88:85:1F:47:AA:16:C5:CF:2D:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dwAbzGmhZQNCG4iFH0eqFsXPLbw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/6ff230-e012-4531-866c-0a8bd2f36c72/1/So1IWIPJNExxI6BKopLOyum4KOk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/6ff230-e012-4531-866c-0a8bd2f36c72/1/dwAbzGmhZQNCG4iFH0eqFsXPLbw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.9.0/24
                IPv6:
                  2a0f:f0c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         7f:3e:31:52:d4:b7:48:7d:8d:d7:72:ea:5e:ca:4d:74:5f:a2:
         39:c7:d1:dc:79:dc:12:6e:4c:b0:66:80:c0:95:4b:85:d9:93:
         bf:a0:61:3c:13:f2:5f:da:f5:4d:35:0f:31:41:b4:ed:d4:e5:
         49:21:c9:14:01:69:d4:2b:cb:97:08:f3:0e:4b:a7:a0:e0:f8:
         df:39:5b:fd:68:11:13:e2:ca:bc:ef:a4:56:23:0c:4b:d5:85:
         33:8e:5c:36:be:57:c4:49:fc:5d:6a:a8:ed:15:4d:8c:ac:d0:
         6b:79:ca:62:0d:8e:a6:86:8f:c5:b7:70:6c:8a:a9:ec:e5:ba:
         ba:fa:3c:7e:0e:ff:4d:39:9a:20:2d:9f:9e:21:46:36:2f:bf:
         2c:98:2c:2e:d3:34:43:88:ef:71:bd:49:6a:52:76:ee:95:1e:
         43:df:b5:bd:33:cd:92:48:8c:e5:bc:9c:ae:f4:2a:45:00:cf:
         68:2a:bb:9f:e3:16:af:1f:a2:45:71:d4:a2:07:1d:71:0d:39:
         69:c0:b6:ab:d3:e7:03:ec:53:87:d3:aa:cc:5f:83:f8:5d:95:
         b8:c0:03:08:8f:dd:3e:a6:24:5d:03:2d:ee:b5:3d:07:d2:0c:
         09:9e:eb:4c:22:4b:78:bb:60:d9:34:06:af:5d:b0:9c:aa:56:
         b6:d5:f5:5f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGuDcwFbbY3OhYPDqi/2miMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3MDAxYmNjNjlhMTY1MDM0MjFiODg4NTFmNDdhYTE2YzVj
ZjJkYmMwHhcNMjQwMTAxMjAzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YThkNDg1ODgzYzkzNDRjNzEyM2EwNGFhMjkyY2VjYWU5YjgyOGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncaOWfIw/R1c/8zaw8af5p+LHJoo
B+JkooZjJ22bkWf3qo/9cUZfzV4syDdv5g1LIRSrz1UGYHWxosTBXasnZcVsqd4o
gQ2MIJiJVBz29jv3tbXPN7UVlDLATixru9jIIakdz4nZ6wHNJ38R5Ov58+pgiMC8
cViX3K8+OFoQLdtPGxoX4xl+hf+SdyAikry7Hi3LPVNpXvjPVei2VjfaaxacWSol
cdh1LmL3oDkQR4WdMyWWSbGRv6hvjCeEWUyCr6oS6Slq4xtigECJWE1dEYzQCXyy
t7o7MCVzQqZaJH8+M6dDCGO/6duwDo686JpmyJaZga1jajzZPwOJP6HdNwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEqNSFiDyTRMcSOgSqKSzsrpuCjpMB8GA1UdIwQY
MBaAFHcAG8xpoWUDQhuIhR9HqhbFzy28MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHdBYnpHbWhaUU5DRzRpRkgwZXFGc1hQTGJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS82ZmYyMzAtZTAxMi00NTMxLTg2NmMt
MGE4YmQyZjM2YzcyLzEvU28xSVdJUEpORXh4STZCS29wTE95dW00S09rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS82ZmYyMzAtZTAxMi00NTMxLTg2NmMtMGE4YmQyZjM2Yzcy
LzEvZHdBYnpHbWhaUU5DRzRpRkgwZXFGc1hQTGJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAXpoJMA0E
AgACMAcDBQAqD/DAMA0GCSqGSIb3DQEBCwUAA4IBAQB/PjFS1LdIfY3Xcupeyk10
X6I5x9HcedwSbkywZoDAlUuF2ZO/oGE8E/Jf2vVNNQ8xQbTt1OVJIckUAWnUK8uX
CPMOS6eg4PjfOVv9aBET4sq876RWIwxL1YUzjlw2vlfESfxdaqjtFU2MrNBrecpi
DY6mho/Ft3Bsiqns5bq6+jx+Dv9NOZogLZ+eIUY2L78smCwu0zRDiO9xvUlqUnbu
lR5D37W9M82SSIzlvJyu9CpFAM9oKruf4xavH6JFcdSiBx1xDTlpwLar0+cD7FOH
06rMX4P4XZW4wAMIj90+piRdAy3utT0H0gwJnutMIkt4u2DZNAavXbCcqla21fVf
-----END CERTIFICATE-----