Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/sfChRx2c-0nb4F0ipZxOCK9lb5s.roa
File:                     sfChRx2c-0nb4F0ipZxOCK9lb5s.roa (raw, json)
Hash identifier:          udHFJQ2e/4zFqGOtuIUuD1UvTPnZiUm6w0pOQ999PV0=
Subject key identifier:   B1:F0:A1:47:1D:9C:FB:49:DB:E0:5D:22:A5:9C:4E:08:AF:65:6F:9B
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       018CC5DC31D87CD34FE03129E76A98B83C4B
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/sfChRx2c-0nb4F0ipZxOCK9lb5s.roa
Signing time:             Mon 01 Jan 2024 16:29:51 +0000
ROA not before:           Mon 01 Jan 2024 16:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49228
IP address blocks:        45.94.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:31:d8:7c:d3:4f:e0:31:29:e7:6a:98:b8:3c:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Jan  1 16:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1f0a1471d9cfb49dbe05d22a59c4e08af656f9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:7d:03:06:18:c0:c1:91:f1:04:62:b1:0f:f8:
                    de:f6:ea:99:1c:27:01:59:c8:91:8d:d0:ad:af:c0:
                    67:0f:c8:75:cf:27:f2:78:72:3b:a6:0a:f8:7d:2a:
                    e7:12:77:8e:66:37:e7:4d:4f:4f:ad:16:db:fa:36:
                    5c:a9:91:c4:3e:19:45:76:c5:1b:88:af:01:24:c4:
                    55:45:3a:39:c7:2e:3d:3e:6b:d2:98:a6:4c:aa:41:
                    0f:ce:cd:b2:df:04:13:72:b9:07:ae:50:bf:30:94:
                    3e:30:3c:31:88:df:8a:fe:9a:4e:d8:3d:f2:30:1e:
                    67:cd:a8:ea:96:12:84:0b:bf:bb:3c:e0:cd:29:46:
                    39:34:e7:22:e0:36:5e:84:53:41:ca:b5:d8:63:ad:
                    68:c2:0d:76:de:9c:62:33:44:ea:51:75:ac:29:c9:
                    9d:ab:4e:d8:d2:b6:e1:e7:7e:5c:45:09:24:08:92:
                    77:12:5d:e2:14:03:de:a5:ef:20:38:da:dc:76:8b:
                    5b:8c:98:77:a7:7d:5e:27:d4:6a:4c:72:af:03:fd:
                    4f:7a:63:6b:9e:5a:98:45:ba:4c:f3:17:86:d4:6f:
                    48:dd:2e:59:ae:d2:cd:2c:43:e6:97:32:fc:ce:4f:
                    86:ee:8b:48:13:ca:55:ee:92:d9:06:d6:1f:7a:4b:
                    81:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:F0:A1:47:1D:9C:FB:49:DB:E0:5D:22:A5:9C:4E:08:AF:65:6F:9B
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/sfChRx2c-0nb4F0ipZxOCK9lb5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:9a:68:56:6b:cf:2e:fb:9e:9f:13:1f:c8:e4:8f:10:23:eb:
         b1:db:8d:7b:33:a4:d4:47:9d:3a:0c:ea:38:15:25:f4:3d:09:
         3f:2c:eb:97:92:c9:77:b4:d8:c9:5a:32:51:72:91:b7:83:04:
         cb:da:73:38:38:46:6a:63:55:0d:49:34:cc:b1:a1:14:91:e7:
         89:6c:1e:80:dd:5e:e0:5c:b6:bc:32:8e:d6:09:a9:08:d1:f3:
         c0:d2:09:c8:a3:f6:f4:73:2f:b9:e4:33:5a:4a:cc:bf:b7:3b:
         5d:20:cd:ad:fa:06:b0:dc:c6:7d:ac:37:9d:9f:38:c3:11:fa:
         28:fe:d3:98:be:84:d3:08:30:92:80:e7:2e:c7:c6:7a:b4:e2:
         b6:84:87:97:48:18:d0:bc:d0:f8:36:d4:da:66:8b:66:4e:75:
         98:60:8f:c1:75:cc:0c:3d:79:d7:87:3d:ec:99:ca:1c:e6:c5:
         3e:2f:75:9c:5b:d2:91:76:05:15:20:07:34:5a:7b:f2:6a:09:
         83:0c:87:15:49:bf:57:d4:57:e3:a8:53:24:16:25:34:1d:33:
         c2:ac:2a:72:d5:38:f1:60:07:74:64:74:5b:83:4c:17:d7:8e:
         53:38:2d:62:cc:26:ed:6a:a2:55:c5:0d:19:85:b9:a5:3e:bf:
         8f:d8:62:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3DHYfNNP4DEp52qYuDxLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjQwMTAxMTYyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWYwYTE0NzFkOWNmYjQ5ZGJlMDVkMjJhNTljNGUwOGFmNjU2ZjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmH0DBhjAwZHxBGKxD/je9uqZHCcB
WciRjdCtr8BnD8h1zyfyeHI7pgr4fSrnEneOZjfnTU9PrRbb+jZcqZHEPhlFdsUb
iK8BJMRVRTo5xy49PmvSmKZMqkEPzs2y3wQTcrkHrlC/MJQ+MDwxiN+K/ppO2D3y
MB5nzajqlhKEC7+7PODNKUY5NOci4DZehFNByrXYY61owg123pxiM0TqUXWsKcmd
q07Y0rbh535cRQkkCJJ3El3iFAPepe8gONrcdotbjJh3p31eJ9RqTHKvA/1PemNr
nlqYRbpM8xeG1G9I3S5ZrtLNLEPmlzL8zk+G7otIE8pV7pLZBtYfekuBOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLHwoUcdnPtJ2+BdIqWcTgivZW+bMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvc2ZDaFJ4MmMtMG5iNEYwaXBaeE9DSzlsYjVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV7UMA0G
CSqGSIb3DQEBCwUAA4IBAQCrmmhWa88u+56fEx/I5I8QI+ux2417M6TUR506DOo4
FSX0PQk/LOuXksl3tNjJWjJRcpG3gwTL2nM4OEZqY1UNSTTMsaEUkeeJbB6A3V7g
XLa8Mo7WCakI0fPA0gnIo/b0cy+55DNaSsy/tztdIM2t+gaw3MZ9rDednzjDEfoo
/tOYvoTTCDCSgOcux8Z6tOK2hIeXSBjQvND4NtTaZotmTnWYYI/BdcwMPXnXhz3s
mcoc5sU+L3WcW9KRdgUVIAc0WnvyagmDDIcVSb9X1FfjqFMkFiU0HTPCrCpy1Tjx
YAd0ZHRbg0wX145TOC1izCbtaqJVxQ0ZhbmlPr+P2GJ/
-----END CERTIFICATE-----