Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/b67944-6389-4108-8628-d8f93536af63/1/ofnnnRS-0edAh-KbpUDjVq7Vt1I.roa
File:                     ofnnnRS-0edAh-KbpUDjVq7Vt1I.roa (raw, json)
Hash identifier:          QC0Y8Nchs9EDSB0QW13TkmfU2hGkNwHlOHjY8H+GtUk=
Subject key identifier:   A1:F9:E7:9D:14:BE:D1:E7:40:87:E2:9B:A5:40:E3:56:AE:D5:B7:52
Certificate issuer:       /CN=9ab33743a654906143399f903704801682638e7c
Certificate serial:       018CCFA9C9C9E0896F69309E65C03A27FD5F
Authority key identifier: 9A:B3:37:43:A6:54:90:61:43:39:9F:90:37:04:80:16:82:63:8E:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mrM3Q6ZUkGFDOZ-QNwSAFoJjjnw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/b67944-6389-4108-8628-d8f93536af63/1/ofnnnRS-0edAh-KbpUDjVq7Vt1I.roa
Signing time:             Wed 03 Jan 2024 14:11:00 +0000
ROA not before:           Wed 03 Jan 2024 14:11:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56485
IP address blocks:        94.101.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/b67944-6389-4108-8628-d8f93536af63/1/mrM3Q6ZUkGFDOZ-QNwSAFoJjjnw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/b67944-6389-4108-8628-d8f93536af63/1/mrM3Q6ZUkGFDOZ-QNwSAFoJjjnw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mrM3Q6ZUkGFDOZ-QNwSAFoJjjnw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:cf:a9:c9:c9:e0:89:6f:69:30:9e:65:c0:3a:27:fd:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab33743a654906143399f903704801682638e7c
        Validity
            Not Before: Jan  3 14:11:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1f9e79d14bed1e74087e29ba540e356aed5b752
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:70:ef:f6:69:6d:eb:4e:eb:e5:68:0a:6a:99:
                    3a:9c:96:e9:9c:bd:f3:9a:95:ee:e5:1c:11:eb:e2:
                    78:18:f1:24:39:4a:74:c0:32:11:11:fd:e5:1e:7a:
                    4b:5a:53:54:fc:f9:eb:ff:92:c0:f2:99:65:8e:4a:
                    91:69:58:f7:e2:e7:63:a1:03:b1:f4:0e:56:af:8e:
                    d0:95:99:b3:e8:2c:67:67:20:a4:7d:c5:5e:e4:60:
                    41:4c:6a:41:bf:dc:59:e8:77:44:2f:aa:31:e8:9a:
                    8c:be:69:b0:eb:b9:e4:24:a5:90:7b:86:e0:6d:db:
                    dd:98:a0:5a:60:4c:25:5e:48:57:c6:50:f2:71:93:
                    1e:90:6f:65:de:32:fa:bb:63:88:68:9a:f2:2c:07:
                    79:29:60:fe:d1:1f:a2:c6:d8:0d:8a:6e:51:63:50:
                    b6:75:95:19:f0:40:4b:31:23:d4:72:bb:a6:b7:5e:
                    be:42:75:73:42:ca:29:f7:ff:ae:df:39:f2:99:85:
                    45:09:98:f4:6d:b1:fb:d4:d9:ea:67:a9:c3:d5:80:
                    17:d3:49:87:0d:f7:7a:77:19:b7:c2:7f:a9:d3:91:
                    49:b8:24:9b:35:2a:5b:93:95:a5:ab:3f:c0:d4:e8:
                    97:98:18:88:a8:22:a7:ee:f3:eb:74:f2:08:01:be:
                    25:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:F9:E7:9D:14:BE:D1:E7:40:87:E2:9B:A5:40:E3:56:AE:D5:B7:52
            X509v3 Authority Key Identifier:
                keyid:9A:B3:37:43:A6:54:90:61:43:39:9F:90:37:04:80:16:82:63:8E:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mrM3Q6ZUkGFDOZ-QNwSAFoJjjnw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/b67944-6389-4108-8628-d8f93536af63/1/ofnnnRS-0edAh-KbpUDjVq7Vt1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/b67944-6389-4108-8628-d8f93536af63/1/mrM3Q6ZUkGFDOZ-QNwSAFoJjjnw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.101.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:66:84:5c:fe:91:9e:cb:09:1f:ca:5a:10:b3:f8:0a:7d:ef:
         0f:6f:fb:fe:e1:da:87:69:96:52:04:4e:a1:69:8c:88:a6:c0:
         8d:86:c3:ed:93:b2:71:20:ba:88:96:ee:49:fc:94:e0:fd:52:
         df:6c:94:f1:7b:bb:d0:5a:ee:ef:56:12:6b:ef:b5:51:f5:e7:
         50:de:29:18:8d:e0:7c:ea:f3:cd:9e:4d:98:fc:95:9a:ec:22:
         47:5f:c0:cc:82:ad:db:d1:8e:dc:77:0f:10:6c:5f:64:d5:5b:
         f6:52:a5:ae:c4:9c:b0:6b:75:24:8c:60:7f:f8:9c:11:ef:0c:
         98:3b:25:5e:27:7c:dc:97:4f:38:26:2b:f9:f9:23:70:86:3f:
         7d:0f:f6:f9:d1:81:d4:b4:37:ef:e8:7d:9f:67:7c:e1:51:06:
         56:a6:c8:19:8f:05:60:f8:0d:e4:64:8b:a0:6c:6a:7b:92:2b:
         f3:92:83:31:d9:f9:f4:5d:bf:68:08:5f:87:43:1b:de:85:db:
         db:93:1a:c1:fd:da:57:99:aa:8e:89:43:a0:fe:b9:6d:c3:5b:
         10:e0:2f:a8:dc:b5:c2:02:44:58:15:b4:e4:17:83:1f:84:87:
         60:8a:dc:9c:35:c0:09:67:f7:58:81:ba:88:a9:5a:ef:8c:13:
         87:3f:03:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzPqcnJ4IlvaTCeZcA6J/1fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhYjMzNzQzYTY1NDkwNjE0MzM5OWY5MDM3MDQ4MDE2ODI2
MzhlN2MwHhcNMjQwMTAzMTQxMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWY5ZTc5ZDE0YmVkMWU3NDA4N2UyOWJhNTQwZTM1NmFlZDViNzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAonDv9mlt607r5WgKapk6nJbpnL3z
mpXu5RwR6+J4GPEkOUp0wDIREf3lHnpLWlNU/Pnr/5LA8plljkqRaVj34udjoQOx
9A5Wr47QlZmz6CxnZyCkfcVe5GBBTGpBv9xZ6HdEL6ox6JqMvmmw67nkJKWQe4bg
bdvdmKBaYEwlXkhXxlDycZMekG9l3jL6u2OIaJryLAd5KWD+0R+ixtgNim5RY1C2
dZUZ8EBLMSPUcrumt16+QnVzQsop9/+u3znymYVFCZj0bbH71NnqZ6nD1YAX00mH
Dfd6dxm3wn+p05FJuCSbNSpbk5Wlqz/A1OiXmBiIqCKn7vPrdPIIAb4llQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKH5550UvtHnQIfim6VA41au1bdSMB8GA1UdIwQY
MBaAFJqzN0OmVJBhQzmfkDcEgBaCY458MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXJNM1E2WlVrR0ZET1otUU53U0FGb0pqam53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9iNjc5NDQtNjM4OS00MTA4LTg2Mjgt
ZDhmOTM1MzZhZjYzLzEvb2Zubm5SUy0wZWRBaC1LYnBVRGpWcTdWdDFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9iNjc5NDQtNjM4OS00MTA4LTg2MjgtZDhmOTM1MzZhZjYz
LzEvbXJNM1E2WlVrR0ZET1otUU53U0FGb0pqam53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXmVtMA0G
CSqGSIb3DQEBCwUAA4IBAQBcZoRc/pGeywkfyloQs/gKfe8Pb/v+4dqHaZZSBE6h
aYyIpsCNhsPtk7JxILqIlu5J/JTg/VLfbJTxe7vQWu7vVhJr77VR9edQ3ikYjeB8
6vPNnk2Y/JWa7CJHX8DMgq3b0Y7cdw8QbF9k1Vv2UqWuxJywa3UkjGB/+JwR7wyY
OyVeJ3zcl084Jiv5+SNwhj99D/b50YHUtDfv6H2fZ3zhUQZWpsgZjwVg+A3kZIug
bGp7kivzkoMx2fn0Xb9oCF+HQxvehdvbkxrB/dpXmaqOiUOg/rltw1sQ4C+o3LXC
AkRYFbTkF4MfhIdgitycNcAJZ/dYgbqIqVrvjBOHPwMy
-----END CERTIFICATE-----