Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/e3b921-a76b-41f0-b244-c8b3ac0befcb/1/fExvFw1B5xziUjhdxqJOmVxyEPY.roa
File:                     fExvFw1B5xziUjhdxqJOmVxyEPY.roa (raw, json)
Hash identifier:          +XIpjyYu1dujndmgAY1hx2YeclbpNVt+w4iL34p1Zhg=
Subject key identifier:   7C:4C:6F:17:0D:41:E7:1C:E2:52:38:5D:C6:A2:4E:99:5C:72:10:F6
Certificate issuer:       /CN=a0947039d9f080a427f7525c5d066f6cf62134f3
Certificate serial:       018CC9BC3F22189E8E0E327F6D175068196D
Authority key identifier: A0:94:70:39:D9:F0:80:A4:27:F7:52:5C:5D:06:6F:6C:F6:21:34:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oJRwOdnwgKQn91JcXQZvbPYhNPM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/e3b921-a76b-41f0-b244-c8b3ac0befcb/1/fExvFw1B5xziUjhdxqJOmVxyEPY.roa
Signing time:             Tue 02 Jan 2024 10:33:26 +0000
ROA not before:           Tue 02 Jan 2024 10:33:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213099
IP address blocks:        94.124.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/e3b921-a76b-41f0-b244-c8b3ac0befcb/1/oJRwOdnwgKQn91JcXQZvbPYhNPM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/e3b921-a76b-41f0-b244-c8b3ac0befcb/1/oJRwOdnwgKQn91JcXQZvbPYhNPM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oJRwOdnwgKQn91JcXQZvbPYhNPM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:3f:22:18:9e:8e:0e:32:7f:6d:17:50:68:19:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0947039d9f080a427f7525c5d066f6cf62134f3
        Validity
            Not Before: Jan  2 10:33:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c4c6f170d41e71ce252385dc6a24e995c7210f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:16:59:97:7c:3a:c2:9b:58:5a:f8:d7:87:21:
                    30:ea:d6:f7:ff:62:68:49:d3:6f:d4:66:4d:c4:1e:
                    64:7b:a3:78:2a:50:f3:0c:c3:01:e3:b4:e7:19:e7:
                    9d:e6:75:a8:f4:5e:97:20:c8:4a:32:ee:0f:88:2c:
                    da:33:ba:55:45:62:22:4b:48:59:df:d2:f6:3c:64:
                    f4:fb:93:2f:46:4a:32:21:c8:c0:0d:74:28:b1:ed:
                    9e:c0:84:eb:c4:60:1f:aa:44:be:f8:0a:62:fb:5d:
                    41:e6:35:be:31:cc:10:93:69:ed:c2:16:6a:bb:84:
                    cf:80:44:2a:ff:fe:38:e9:fa:ff:3f:e3:24:11:22:
                    b9:63:57:93:ce:32:30:d1:b0:90:a0:06:4d:8d:34:
                    c1:1d:18:07:47:65:c3:ed:7a:95:48:4f:f5:fb:4f:
                    d0:cc:81:56:5c:da:0c:c8:88:b7:a7:85:b8:7c:9d:
                    2a:11:33:f5:e8:38:20:f7:41:9e:9f:df:a3:4f:e2:
                    6b:b8:63:bf:51:cb:ff:c1:30:d1:28:c9:08:8a:91:
                    12:cd:ed:27:18:16:7f:c8:b4:a1:b7:01:27:d5:54:
                    09:42:7a:bd:60:e6:c2:21:7b:08:d4:32:97:d1:3c:
                    fc:e4:7a:51:99:c7:23:42:1c:2c:d2:a9:51:a6:93:
                    5f:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:4C:6F:17:0D:41:E7:1C:E2:52:38:5D:C6:A2:4E:99:5C:72:10:F6
            X509v3 Authority Key Identifier:
                keyid:A0:94:70:39:D9:F0:80:A4:27:F7:52:5C:5D:06:6F:6C:F6:21:34:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oJRwOdnwgKQn91JcXQZvbPYhNPM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/e3b921-a76b-41f0-b244-c8b3ac0befcb/1/fExvFw1B5xziUjhdxqJOmVxyEPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/e3b921-a76b-41f0-b244-c8b3ac0befcb/1/oJRwOdnwgKQn91JcXQZvbPYhNPM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.124.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:87:cc:b2:f4:69:bd:dc:97:8d:d5:f0:c3:0a:12:88:e3:e5:
         20:c6:a1:89:0e:f3:3d:6b:bb:f4:d2:d2:e7:f8:b2:76:20:2e:
         b0:a4:27:ce:b8:e3:b4:8f:06:3f:6c:07:1b:4f:3c:c3:87:f2:
         5b:ce:3c:6c:8f:b6:65:69:4a:ab:95:fe:8b:f9:dc:9d:27:7a:
         d5:65:a4:dc:70:b5:ff:e0:4b:2e:f0:63:a2:26:42:e2:3e:0a:
         8a:be:20:f7:d7:e8:f2:31:e3:03:7e:50:69:18:cc:c1:fe:1c:
         f9:da:d8:01:1a:7a:82:9c:e8:d3:9c:8b:98:f1:6a:18:3e:61:
         be:ef:1b:67:e0:cf:bc:a1:99:6d:05:7f:17:79:44:bb:23:de:
         14:93:a0:eb:88:e4:d5:f6:de:67:79:15:e0:ad:80:b3:49:fe:
         ac:82:e3:63:10:a5:8c:03:0b:67:cc:32:64:e7:87:ff:6b:45:
         42:f5:93:46:37:b8:a9:83:48:aa:ad:03:1a:d3:2d:c8:42:69:
         2c:b4:c7:9b:8e:24:2a:21:cb:bd:83:8d:10:30:6f:90:ab:50:
         a5:93:e8:88:1e:d7:d3:8e:92:4d:e4:54:5d:25:09:eb:f7:b1:
         44:24:8d:cd:a9:35:98:3a:19:b3:e7:25:24:16:e1:99:73:c7:
         d6:5e:6d:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvD8iGJ6ODjJ/bRdQaBltMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwOTQ3MDM5ZDlmMDgwYTQyN2Y3NTI1YzVkMDY2ZjZjZjYy
MTM0ZjMwHhcNMjQwMTAyMTAzMzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzRjNmYxNzBkNDFlNzFjZTI1MjM4NWRjNmEyNGU5OTVjNzIxMGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxBZZl3w6wptYWvjXhyEw6tb3/2Jo
SdNv1GZNxB5ke6N4KlDzDMMB47TnGeed5nWo9F6XIMhKMu4PiCzaM7pVRWIiS0hZ
39L2PGT0+5MvRkoyIcjADXQose2ewITrxGAfqkS++Api+11B5jW+McwQk2ntwhZq
u4TPgEQq//446fr/P+MkESK5Y1eTzjIw0bCQoAZNjTTBHRgHR2XD7XqVSE/1+0/Q
zIFWXNoMyIi3p4W4fJ0qETP16Dgg90Gen9+jT+JruGO/Ucv/wTDRKMkIipESze0n
GBZ/yLShtwEn1VQJQnq9YObCIXsI1DKX0Tz85HpRmccjQhws0qlRppNfYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHxMbxcNQecc4lI4XcaiTplcchD2MB8GA1UdIwQY
MBaAFKCUcDnZ8ICkJ/dSXF0Gb2z2ITTzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0pSd09kbndnS1FuOTFKY1hRWnZiUFloTlBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9lM2I5MjEtYTc2Yi00MWYwLWIyNDQt
YzhiM2FjMGJlZmNiLzEvZkV4dkZ3MUI1eHppVWpoZHhxSk9tVnh5RVBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9lM2I5MjEtYTc2Yi00MWYwLWIyNDQtYzhiM2FjMGJlZmNi
LzEvb0pSd09kbndnS1FuOTFKY1hRWnZiUFloTlBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXnxxMA0G
CSqGSIb3DQEBCwUAA4IBAQA0h8yy9Gm93JeN1fDDChKI4+UgxqGJDvM9a7v00tLn
+LJ2IC6wpCfOuOO0jwY/bAcbTzzDh/Jbzjxsj7ZlaUqrlf6L+dydJ3rVZaTccLX/
4Esu8GOiJkLiPgqKviD31+jyMeMDflBpGMzB/hz52tgBGnqCnOjTnIuY8WoYPmG+
7xtn4M+8oZltBX8XeUS7I94Uk6DriOTV9t5neRXgrYCzSf6sguNjEKWMAwtnzDJk
54f/a0VC9ZNGN7ipg0iqrQMa0y3IQmkstMebjiQqIcu9g40QMG+Qq1Clk+iIHtfT
jpJN5FRdJQnr97FEJI3NqTWYOhmz5yUkFuGZc8fWXm2u
-----END CERTIFICATE-----