Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/9cae3a-08ba-466a-9a9a-c730c4916879/1/nQlVzrKAzMFSY-038uflKgLTR1E.roa
File:                     nQlVzrKAzMFSY-038uflKgLTR1E.roa (raw, json)
Hash identifier:          8ERZnPjZ9IG0U36hle/qM/0+NKirciVQGQtpRCdsohw=
Subject key identifier:   9D:09:55:CE:B2:80:CC:C1:52:63:ED:37:F2:E7:E5:2A:02:D3:47:51
Certificate issuer:       /CN=e3d4d08ab0892daa5cdf088c535accab0942f8e3
Certificate serial:       018CC3B66DF1BC3948DF1BF3EB0D4461D41C
Authority key identifier: E3:D4:D0:8A:B0:89:2D:AA:5C:DF:08:8C:53:5A:CC:AB:09:42:F8:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49TQirCJLapc3wiMU1rMqwlC-OM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/9cae3a-08ba-466a-9a9a-c730c4916879/1/nQlVzrKAzMFSY-038uflKgLTR1E.roa
Signing time:             Mon 01 Jan 2024 06:29:22 +0000
ROA not before:           Mon 01 Jan 2024 06:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24589
IP address blocks:        94.103.48.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/9cae3a-08ba-466a-9a9a-c730c4916879/1/49TQirCJLapc3wiMU1rMqwlC-OM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/9cae3a-08ba-466a-9a9a-c730c4916879/1/49TQirCJLapc3wiMU1rMqwlC-OM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49TQirCJLapc3wiMU1rMqwlC-OM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 17:36:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:6d:f1:bc:39:48:df:1b:f3:eb:0d:44:61:d4:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d4d08ab0892daa5cdf088c535accab0942f8e3
        Validity
            Not Before: Jan  1 06:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d0955ceb280ccc15263ed37f2e7e52a02d34751
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:b3:4c:43:e6:47:14:b2:8c:65:61:bf:3f:78:
                    01:21:d6:36:1a:e3:1f:36:c8:ba:52:a4:94:51:7d:
                    ef:03:61:0e:89:c8:56:a9:a1:7b:e0:f6:3e:30:7a:
                    9f:d2:b9:9d:2e:24:bf:62:32:c5:40:50:24:38:c7:
                    de:41:68:56:e5:8c:43:c7:77:57:d3:21:89:af:42:
                    8a:0d:36:21:89:51:4f:fb:d6:d2:17:d1:c5:43:2b:
                    34:3e:59:a4:3f:87:9b:db:76:bf:51:02:27:82:06:
                    0f:e2:8c:57:d2:d5:c9:b1:54:25:7f:61:ab:56:b9:
                    ac:27:b9:9f:07:63:0d:20:ae:12:57:bf:0d:a2:2c:
                    54:e0:90:14:65:0a:b7:cd:81:49:42:f8:25:24:cb:
                    db:27:01:e9:04:a2:1d:0a:03:09:49:ad:5b:6d:f3:
                    84:77:d8:3a:c7:d5:83:57:30:58:e0:0c:fb:38:4b:
                    b9:e1:3d:35:37:c9:b6:18:62:f3:b2:2b:8a:f1:a6:
                    04:7e:28:b2:56:4e:b9:92:55:ab:77:7c:1d:ab:20:
                    96:bf:26:1b:32:c5:e2:ca:9e:89:a5:d1:cf:ee:b6:
                    b3:d6:40:5a:73:84:71:ae:ee:4e:33:7e:51:10:ae:
                    11:27:c8:27:6b:ab:53:3c:61:7d:00:a5:ba:8d:57:
                    03:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:09:55:CE:B2:80:CC:C1:52:63:ED:37:F2:E7:E5:2A:02:D3:47:51
            X509v3 Authority Key Identifier:
                keyid:E3:D4:D0:8A:B0:89:2D:AA:5C:DF:08:8C:53:5A:CC:AB:09:42:F8:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49TQirCJLapc3wiMU1rMqwlC-OM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/9cae3a-08ba-466a-9a9a-c730c4916879/1/nQlVzrKAzMFSY-038uflKgLTR1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/9cae3a-08ba-466a-9a9a-c730c4916879/1/49TQirCJLapc3wiMU1rMqwlC-OM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.103.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         55:49:bd:89:a4:5c:f4:95:72:41:95:3c:db:a4:b5:35:bd:75:
         e5:f2:b4:41:8f:3f:6a:b6:44:89:4f:85:a1:1c:da:bf:b2:b9:
         01:df:63:b4:fb:3f:32:94:62:3b:ef:8b:b5:e3:45:f1:f3:78:
         e0:07:3d:a4:d7:7f:04:71:bb:dc:52:5d:7e:e6:24:cb:de:3d:
         a0:7f:9f:16:51:1e:fc:cf:b8:48:e3:c8:84:52:e9:ce:71:f1:
         cc:eb:aa:bd:7d:20:28:48:d6:7a:2a:27:6a:e2:d7:df:03:3d:
         45:f9:6a:47:5f:0a:a3:70:f5:7c:7f:53:90:6c:2a:64:8d:26:
         cd:1a:52:5a:56:97:84:75:a9:72:f3:e8:2b:02:fd:48:e1:a2:
         46:a2:88:00:bd:46:f0:d3:e3:f2:e9:67:43:94:41:1e:2b:93:
         34:11:cc:0c:4b:9b:a6:6c:99:b9:9d:10:94:16:20:13:a8:d9:
         31:c7:c1:86:43:02:4e:ea:54:eb:55:b5:d7:5a:b2:74:52:ec:
         6b:9c:e0:88:f2:db:10:48:b2:1e:3c:66:77:40:d3:5c:2b:a7:
         f6:d9:70:1c:2e:72:29:d9:60:6a:7c:77:64:cf:4b:2a:fc:da:
         ba:f8:1f:5d:15:e6:97:ab:ec:69:c7:3c:05:9b:78:f4:40:30:
         d1:3a:fa:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtm3xvDlI3xvz6w1EYdQcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDRkMDhhYjA4OTJkYWE1Y2RmMDg4YzUzNWFjY2FiMDk0
MmY4ZTMwHhcNMjQwMTAxMDYyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDA5NTVjZWIyODBjY2MxNTI2M2VkMzdmMmU3ZTUyYTAyZDM0NzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLNMQ+ZHFLKMZWG/P3gBIdY2GuMf
Nsi6UqSUUX3vA2EOichWqaF74PY+MHqf0rmdLiS/YjLFQFAkOMfeQWhW5YxDx3dX
0yGJr0KKDTYhiVFP+9bSF9HFQys0PlmkP4eb23a/UQInggYP4oxX0tXJsVQlf2Gr
VrmsJ7mfB2MNIK4SV78NoixU4JAUZQq3zYFJQvglJMvbJwHpBKIdCgMJSa1bbfOE
d9g6x9WDVzBY4Az7OEu54T01N8m2GGLzsiuK8aYEfiiyVk65klWrd3wdqyCWvyYb
MsXiyp6JpdHP7raz1kBac4Rxru5OM35REK4RJ8gna6tTPGF9AKW6jVcDMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ0JVc6ygMzBUmPtN/Ln5SoC00dRMB8GA1UdIwQY
MBaAFOPU0IqwiS2qXN8IjFNazKsJQvjjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlUUWlyQ0pMYXBjM3dpTVUxck1xd2xDLU9NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS85Y2FlM2EtMDhiYS00NjZhLTlhOWEt
YzczMGM0OTE2ODc5LzEvblFsVnpyS0F6TUZTWS0wMzh1ZmxLZ0xUUjFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS85Y2FlM2EtMDhiYS00NjZhLTlhOWEtYzczMGM0OTE2ODc5
LzEvNDlUUWlyQ0pMYXBjM3dpTVUxck1xd2xDLU9NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEXmcwMA0G
CSqGSIb3DQEBCwUAA4IBAQBVSb2JpFz0lXJBlTzbpLU1vXXl8rRBjz9qtkSJT4Wh
HNq/srkB32O0+z8ylGI774u140Xx83jgBz2k138EcbvcUl1+5iTL3j2gf58WUR78
z7hI48iEUunOcfHM66q9fSAoSNZ6Kidq4tffAz1F+WpHXwqjcPV8f1OQbCpkjSbN
GlJaVpeEdaly8+grAv1I4aJGoogAvUbw0+Py6WdDlEEeK5M0EcwMS5umbJm5nRCU
FiATqNkxx8GGQwJO6lTrVbXXWrJ0UuxrnOCI8tsQSLIePGZ3QNNcK6f22XAcLnIp
2WBqfHdkz0sq/Nq6+B9dFeaXq+xpxzwFm3j0QDDROvp/
-----END CERTIFICATE-----