Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/0ddff3-9e70-4d63-b5a0-c6632cc014b0/1/nQvKheQdx9TgefqBc71QnNS-Eqw.roa
File:                     nQvKheQdx9TgefqBc71QnNS-Eqw.roa (raw, json)
Hash identifier:          TVE2cosMxy8wbPeH2c/FAshBYJ18YHCC3KjO4b/QA3o=
Subject key identifier:   9D:0B:CA:85:E4:1D:C7:D4:E0:79:FA:81:73:BD:50:9C:D4:BE:12:AC
Certificate issuer:       /CN=3b9a251e5d1d3babe4c579c91eb3e0ac37f7bf2a
Certificate serial:       018CC2DB45FE9363D4FEF2EC38D915F75E66
Authority key identifier: 3B:9A:25:1E:5D:1D:3B:AB:E4:C5:79:C9:1E:B3:E0:AC:37:F7:BF:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O5olHl0dO6vkxXnJHrPgrDf3vyo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/0ddff3-9e70-4d63-b5a0-c6632cc014b0/1/nQvKheQdx9TgefqBc71QnNS-Eqw.roa
Signing time:             Mon 01 Jan 2024 02:29:59 +0000
ROA not before:           Mon 01 Jan 2024 02:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        94.142.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/0ddff3-9e70-4d63-b5a0-c6632cc014b0/1/O5olHl0dO6vkxXnJHrPgrDf3vyo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/0ddff3-9e70-4d63-b5a0-c6632cc014b0/1/O5olHl0dO6vkxXnJHrPgrDf3vyo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O5olHl0dO6vkxXnJHrPgrDf3vyo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:45:fe:93:63:d4:fe:f2:ec:38:d9:15:f7:5e:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b9a251e5d1d3babe4c579c91eb3e0ac37f7bf2a
        Validity
            Not Before: Jan  1 02:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d0bca85e41dc7d4e079fa8173bd509cd4be12ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:e2:f0:ff:b7:7e:60:f0:18:78:c9:da:82:3c:
                    27:90:4e:c0:35:7f:a8:fa:e9:d0:4d:37:fb:d2:fc:
                    13:fc:d8:b1:c9:70:fd:3f:26:f6:0d:46:b5:6d:24:
                    8c:c9:20:5d:fb:ac:35:1b:49:a5:be:e2:cd:20:ff:
                    71:87:20:9d:64:2d:c3:40:cd:4d:45:fa:8d:93:3e:
                    ca:67:3b:0d:d8:c8:06:70:04:0f:38:f4:ae:5f:98:
                    e0:40:24:87:40:7b:65:05:aa:9b:49:b9:02:ba:55:
                    eb:a7:87:4d:77:80:1f:cb:fb:7f:dc:6c:11:8b:64:
                    2a:fb:76:45:81:26:10:31:06:9a:68:2a:6d:ea:5f:
                    03:f8:7b:f2:90:51:c1:b6:cf:85:f7:81:a6:bb:29:
                    d2:3f:3a:a5:4a:f0:a8:06:e9:fd:35:48:bf:0a:46:
                    47:8b:e6:b3:83:49:4e:bf:83:b5:29:87:2f:47:f1:
                    1f:d7:81:57:53:1e:13:09:de:6d:07:5c:17:10:30:
                    67:11:ac:bc:77:7c:28:0a:48:3d:ce:30:58:c0:06:
                    1d:b3:84:a3:73:fc:25:b9:dc:97:a8:d0:34:60:2d:
                    91:b8:b0:00:86:15:d1:4f:cf:42:e2:5e:a2:19:d1:
                    67:aa:e2:3e:25:e0:74:63:8c:78:56:72:3b:a8:d4:
                    e1:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:0B:CA:85:E4:1D:C7:D4:E0:79:FA:81:73:BD:50:9C:D4:BE:12:AC
            X509v3 Authority Key Identifier:
                keyid:3B:9A:25:1E:5D:1D:3B:AB:E4:C5:79:C9:1E:B3:E0:AC:37:F7:BF:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O5olHl0dO6vkxXnJHrPgrDf3vyo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/0ddff3-9e70-4d63-b5a0-c6632cc014b0/1/nQvKheQdx9TgefqBc71QnNS-Eqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/0ddff3-9e70-4d63-b5a0-c6632cc014b0/1/O5olHl0dO6vkxXnJHrPgrDf3vyo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.142.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:a9:ba:1e:86:18:f3:55:0a:6c:2b:ce:50:db:fb:2d:e6:1a:
         b4:99:30:30:c1:97:50:a0:e4:fc:0e:03:81:16:f0:70:32:43:
         16:9d:e4:9d:42:36:c9:78:cc:ba:ae:84:97:2d:44:b8:13:29:
         59:35:85:2a:b4:d3:42:00:25:bd:77:60:8c:57:da:fe:57:54:
         f4:88:9a:3d:4c:82:7e:14:5a:2a:8f:7d:04:c2:7f:ba:08:e3:
         4a:55:c6:cb:a2:37:f7:20:31:c1:bf:15:bf:88:40:35:3d:27:
         f1:a4:f3:63:b4:ef:10:3b:66:cb:63:8b:f7:59:9d:04:fa:f0:
         62:e4:94:e8:b1:3f:c8:1c:28:66:c7:62:32:7c:d2:98:19:ee:
         24:b1:d9:c7:3e:73:48:97:b1:f8:a0:91:31:01:7b:32:e2:6a:
         8e:e1:2f:d8:9e:cf:04:38:a5:31:e9:dc:2f:70:e7:ef:cb:42:
         8f:cb:8d:16:29:e7:94:b9:b7:99:7d:50:c9:dc:18:06:fb:de:
         cc:61:16:d9:31:a2:16:7a:8e:1e:5e:4e:eb:30:77:80:97:b6:
         da:41:ae:e5:7a:85:88:aa:8b:28:59:5e:e2:06:f6:30:20:99:
         cf:93:88:a5:53:77:d9:a9:5c:1b:3b:55:56:0c:98:33:39:1e:
         c4:f8:7a:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC20X+k2PU/vLsONkV915mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiOWEyNTFlNWQxZDNiYWJlNGM1NzljOTFlYjNlMGFjMzdm
N2JmMmEwHhcNMjQwMTAxMDIyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDBiY2E4NWU0MWRjN2Q0ZTA3OWZhODE3M2JkNTA5Y2Q0YmUxMmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+Lw/7d+YPAYeMnagjwnkE7ANX+o
+unQTTf70vwT/NixyXD9Pyb2DUa1bSSMySBd+6w1G0mlvuLNIP9xhyCdZC3DQM1N
RfqNkz7KZzsN2MgGcAQPOPSuX5jgQCSHQHtlBaqbSbkCulXrp4dNd4Afy/t/3GwR
i2Qq+3ZFgSYQMQaaaCpt6l8D+HvykFHBts+F94GmuynSPzqlSvCoBun9NUi/CkZH
i+azg0lOv4O1KYcvR/Ef14FXUx4TCd5tB1wXEDBnEay8d3woCkg9zjBYwAYds4Sj
c/wludyXqNA0YC2RuLAAhhXRT89C4l6iGdFnquI+JeB0Y4x4VnI7qNThfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ0LyoXkHcfU4Hn6gXO9UJzUvhKsMB8GA1UdIwQY
MBaAFDuaJR5dHTur5MV5yR6z4Kw3978qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzVvbEhsMGRPNnZreFhuSkhyUGdyRGYzdnlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS8wZGRmZjMtOWU3MC00ZDYzLWI1YTAt
YzY2MzJjYzAxNGIwLzEvblF2S2hlUWR4OVRnZWZxQmM3MVFuTlMtRXF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS8wZGRmZjMtOWU3MC00ZDYzLWI1YTAtYzY2MzJjYzAxNGIw
LzEvTzVvbEhsMGRPNnZreFhuSkhyUGdyRGYzdnlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXo78MA0G
CSqGSIb3DQEBCwUAA4IBAQBMqboehhjzVQpsK85Q2/st5hq0mTAwwZdQoOT8DgOB
FvBwMkMWneSdQjbJeMy6roSXLUS4EylZNYUqtNNCACW9d2CMV9r+V1T0iJo9TIJ+
FFoqj30Ewn+6CONKVcbLojf3IDHBvxW/iEA1PSfxpPNjtO8QO2bLY4v3WZ0E+vBi
5JTosT/IHChmx2IyfNKYGe4ksdnHPnNIl7H4oJExAXsy4mqO4S/Yns8EOKUx6dwv
cOfvy0KPy40WKeeUubeZfVDJ3BgG+97MYRbZMaIWeo4eXk7rMHeAl7baQa7leoWI
qosoWV7iBvYwIJnPk4ilU3fZqVwbO1VWDJgzOR7E+HpV
-----END CERTIFICATE-----