Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/689e70-e38d-4ff1-a972-4113d686dd66/1/B1nlLL0pyLOYz7YbelNryQpasNE.roa
File:                     B1nlLL0pyLOYz7YbelNryQpasNE.roa (raw, json)
Hash identifier:          YmHb2vUjCCSNXwyN+tzjIlyShh8y708rpb32V2H7SzU=
Subject key identifier:   07:59:E5:2C:BD:29:C8:B3:98:CF:B6:1B:7A:53:6B:C9:0A:5A:B0:D1
Certificate issuer:       /CN=a674015d509b5d4f396ea363369e9d74ffad7593
Certificate serial:       018CC6B9425DCEEBE1306064E91CFE17C306
Authority key identifier: A6:74:01:5D:50:9B:5D:4F:39:6E:A3:63:36:9E:9D:74:FF:AD:75:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pnQBXVCbXU85bqNjNp6ddP-tdZM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/689e70-e38d-4ff1-a972-4113d686dd66/1/B1nlLL0pyLOYz7YbelNryQpasNE.roa
Signing time:             Mon 01 Jan 2024 20:31:19 +0000
ROA not before:           Mon 01 Jan 2024 20:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200804
IP address blocks:        185.94.112.0/23 maxlen: 23
                          185.94.114.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/689e70-e38d-4ff1-a972-4113d686dd66/1/pnQBXVCbXU85bqNjNp6ddP-tdZM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/689e70-e38d-4ff1-a972-4113d686dd66/1/pnQBXVCbXU85bqNjNp6ddP-tdZM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pnQBXVCbXU85bqNjNp6ddP-tdZM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:42:5d:ce:eb:e1:30:60:64:e9:1c:fe:17:c3:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a674015d509b5d4f396ea363369e9d74ffad7593
        Validity
            Not Before: Jan  1 20:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0759e52cbd29c8b398cfb61b7a536bc90a5ab0d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:2f:0d:91:2a:1d:44:32:ac:5a:15:d3:9f:d0:
                    74:fc:aa:9f:4d:b6:44:ac:b5:fd:ca:97:57:65:3f:
                    bd:e7:b4:df:1f:ff:fa:4d:82:4e:b1:f6:2d:d1:67:
                    49:de:f4:c4:1a:f1:2d:de:1a:a8:21:c2:a0:2d:01:
                    bf:89:89:73:ed:24:aa:ca:71:06:87:4a:8c:15:96:
                    30:3d:26:e3:f9:bf:91:97:5b:e7:14:1c:d1:cf:08:
                    b8:df:69:b8:e9:57:63:2f:f0:64:af:19:de:2f:18:
                    7b:03:6c:f6:91:99:a4:d8:87:95:1f:00:ce:67:5e:
                    fe:32:4f:21:c5:d6:6d:04:31:98:19:73:3d:14:c9:
                    4f:9c:f7:cf:41:19:12:cc:47:6c:7d:a9:e6:b0:a3:
                    7e:df:c9:94:52:3f:c1:8a:45:d0:36:84:4a:4b:72:
                    a2:e1:36:8d:20:20:89:01:ea:75:3d:77:49:d8:c4:
                    ba:60:1c:d0:6b:96:6d:21:f2:b0:9a:14:b8:fa:9c:
                    68:db:02:93:59:8d:65:bb:0a:06:2c:a2:62:d0:79:
                    a3:47:b5:33:b1:32:8d:7a:08:62:4e:3b:44:44:2f:
                    55:02:9e:13:9d:c7:fa:ed:f7:b2:3d:98:8f:be:0f:
                    a8:7c:bd:34:0e:a1:e4:4d:b0:4e:09:4d:12:c0:e2:
                    d9:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:59:E5:2C:BD:29:C8:B3:98:CF:B6:1B:7A:53:6B:C9:0A:5A:B0:D1
            X509v3 Authority Key Identifier:
                keyid:A6:74:01:5D:50:9B:5D:4F:39:6E:A3:63:36:9E:9D:74:FF:AD:75:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pnQBXVCbXU85bqNjNp6ddP-tdZM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/689e70-e38d-4ff1-a972-4113d686dd66/1/B1nlLL0pyLOYz7YbelNryQpasNE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/689e70-e38d-4ff1-a972-4113d686dd66/1/pnQBXVCbXU85bqNjNp6ddP-tdZM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.94.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1a:b1:b0:fc:d6:73:62:c4:8d:cf:ac:2f:87:e0:ad:96:43:c4:
         de:83:69:1a:00:93:f2:3a:0f:09:2f:62:19:5b:40:6e:17:ae:
         f5:e4:39:b3:2e:0f:4b:03:81:af:f7:db:57:a4:1d:a1:a0:a0:
         23:7e:19:d8:8d:3d:70:2a:9e:dc:c1:80:af:c7:30:77:ab:46:
         8a:23:2e:28:b3:5e:0d:ee:59:e9:37:95:52:01:e6:1f:39:a7:
         52:85:62:12:13:14:62:ba:93:dd:35:62:df:37:5f:ba:30:79:
         ab:ef:70:9a:04:1f:f7:f1:6d:99:07:a7:b3:61:46:fa:a4:d5:
         19:fd:26:28:f0:14:b4:08:47:8e:e5:bd:45:df:9c:94:f8:3a:
         73:dd:67:82:69:13:30:58:9d:61:bb:68:97:78:a6:e7:6d:52:
         74:5a:03:7b:f3:21:74:4f:f6:85:69:f0:33:23:69:6e:6b:d4:
         d2:da:81:c2:99:ea:2d:03:69:3b:bd:21:c2:9e:22:90:90:f0:
         94:59:a1:06:ae:b6:7e:69:32:95:93:1c:87:5a:73:2a:3b:8c:
         a3:54:fe:26:12:cc:4f:ed:57:fc:57:41:5b:9d:62:8b:7a:93:
         26:4a:27:41:d7:e4:b1:c1:09:de:4d:50:ee:08:36:d0:16:7e:
         01:3b:61:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuUJdzuvhMGBk6Rz+F8MGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2NzQwMTVkNTA5YjVkNGYzOTZlYTM2MzM2OWU5ZDc0ZmZh
ZDc1OTMwHhcNMjQwMTAxMjAzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzU5ZTUyY2JkMjljOGIzOThjZmI2MWI3YTUzNmJjOTBhNWFiMGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAji8NkSodRDKsWhXTn9B0/KqfTbZE
rLX9ypdXZT+957TfH//6TYJOsfYt0WdJ3vTEGvEt3hqoIcKgLQG/iYlz7SSqynEG
h0qMFZYwPSbj+b+Rl1vnFBzRzwi432m46VdjL/BkrxneLxh7A2z2kZmk2IeVHwDO
Z17+Mk8hxdZtBDGYGXM9FMlPnPfPQRkSzEdsfanmsKN+38mUUj/BikXQNoRKS3Ki
4TaNICCJAep1PXdJ2MS6YBzQa5ZtIfKwmhS4+pxo2wKTWY1luwoGLKJi0HmjR7Uz
sTKNeghiTjtERC9VAp4Tncf67feyPZiPvg+ofL00DqHkTbBOCU0SwOLZbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAdZ5Sy9KcizmM+2G3pTa8kKWrDRMB8GA1UdIwQY
MBaAFKZ0AV1Qm11POW6jYzaenXT/rXWTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcG5RQlhWQ2JYVTg1YnFOak5wNmRkUC10ZFpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC82ODllNzAtZTM4ZC00ZmYxLWE5NzIt
NDExM2Q2ODZkZDY2LzEvQjFubExMMHB5TE9ZejdZYmVsTnJ5UXBhc05FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC82ODllNzAtZTM4ZC00ZmYxLWE5NzItNDExM2Q2ODZkZDY2
LzEvcG5RQlhWQ2JYVTg1YnFOak5wNmRkUC10ZFpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuV5wMA0G
CSqGSIb3DQEBCwUAA4IBAQAasbD81nNixI3PrC+H4K2WQ8Teg2kaAJPyOg8JL2IZ
W0BuF6715DmzLg9LA4Gv99tXpB2hoKAjfhnYjT1wKp7cwYCvxzB3q0aKIy4os14N
7lnpN5VSAeYfOadShWISExRiupPdNWLfN1+6MHmr73CaBB/38W2ZB6ezYUb6pNUZ
/SYo8BS0CEeO5b1F35yU+Dpz3WeCaRMwWJ1hu2iXeKbnbVJ0WgN78yF0T/aFafAz
I2lua9TS2oHCmeotA2k7vSHCniKQkPCUWaEGrrZ+aTKVkxyHWnMqO4yjVP4mEsxP
7Vf8V0FbnWKLepMmSidB1+SxwQneTVDuCDbQFn4BO2Ff
-----END CERTIFICATE-----