Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/Pt5pWbR676wzTn49EtIAVfV40g4.roa
File:                     Pt5pWbR676wzTn49EtIAVfV40g4.roa (raw, json)
Hash identifier:          c2U0IWYJ1CL9nyPOcL3zRPGEf37ArAm4+Eut+5fstPM=
Subject key identifier:   3E:DE:69:59:B4:7A:EF:AC:33:4E:7E:3D:12:D2:00:55:F5:78:D2:0E
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019126A9C0BBADF8FF1A8ACCCEED1398C9DA
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/Pt5pWbR676wzTn49EtIAVfV40g4.roa
Signing time:             Tue 06 Aug 2024 07:49:04 +0000
ROA not before:           Tue 06 Aug 2024 07:49:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31082
IP address blocks:        94.125.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:26:a9:c0:bb:ad:f8:ff:1a:8a:cc:ce:ed:13:98:c9:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Aug  6 07:49:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ede6959b47aefac334e7e3d12d20055f578d20e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:32:0a:e2:2f:c2:4b:7f:e2:c9:93:4b:fa:bc:
                    e6:32:9f:3e:3b:cf:7e:32:b0:21:18:b2:28:05:30:
                    62:b5:00:65:6b:a9:42:e6:0c:9b:b0:d5:ef:9b:67:
                    11:b9:ab:ee:78:a4:41:25:be:4a:72:96:65:ef:25:
                    b4:7c:c7:56:51:f2:36:80:b8:44:12:bd:e9:28:b0:
                    d0:69:1f:ad:55:8e:72:33:67:da:72:e3:04:6c:15:
                    b7:75:c9:56:b5:70:4c:3e:1b:0b:7d:78:4e:ae:41:
                    8c:2c:0b:2b:48:f1:e3:e9:c8:e8:99:86:0b:63:c9:
                    b0:e5:c2:3a:dd:01:cd:de:5e:ad:e8:2a:5b:72:20:
                    ac:17:36:d1:c0:fd:6b:19:11:44:e4:27:9a:7d:fa:
                    ff:d8:8e:3f:ff:67:0a:f5:b2:b8:02:71:0a:91:98:
                    55:f1:15:15:99:4d:da:b4:15:83:42:77:a6:62:2b:
                    ff:a7:cb:76:d9:49:57:ae:7f:a0:f2:88:e1:a7:58:
                    df:6c:80:1b:1e:ec:de:6a:f5:fd:e9:36:11:49:c1:
                    4e:db:d9:2f:c2:cc:b8:19:60:35:6c:f7:ad:8b:66:
                    d0:0f:06:03:4a:ef:33:08:10:cd:1f:6e:d5:57:f6:
                    93:05:58:d4:6b:d4:d1:9e:a6:99:a9:43:16:7f:65:
                    37:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:DE:69:59:B4:7A:EF:AC:33:4E:7E:3D:12:D2:00:55:F5:78:D2:0E
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/Pt5pWbR676wzTn49EtIAVfV40g4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.125.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:f7:d9:ea:d7:a0:96:c2:1e:27:57:00:10:dd:1e:bb:7e:d8:
         20:2d:0f:d6:42:08:e5:73:79:09:05:ad:0d:cd:48:04:06:ec:
         21:96:83:03:6c:dd:ab:04:84:a3:11:cc:ac:86:91:b1:ee:0c:
         95:53:e3:d7:d4:1b:07:02:72:87:3f:5f:fb:31:8e:00:82:06:
         c3:ba:92:b7:01:fc:25:d4:96:1f:00:9a:31:7f:77:6e:10:2c:
         ff:e8:40:be:71:31:bc:8b:ad:a5:14:2e:07:45:f8:41:ce:e4:
         f4:8d:a4:2f:c1:f3:52:0b:87:ef:94:29:83:8d:0b:13:1c:a4:
         10:dc:00:ac:d0:10:8c:d9:92:08:ef:da:92:9f:da:aa:26:db:
         de:84:9b:51:e7:d6:0d:bd:47:15:40:1b:ca:d2:99:91:70:6e:
         71:b7:58:8b:39:37:3e:f4:da:f0:35:d4:5c:e0:e2:df:35:1e:
         da:73:39:80:26:66:3d:ad:54:43:67:ff:5d:e3:18:6a:93:44:
         35:48:91:18:9d:88:a5:24:9e:56:7d:e3:7f:4d:e7:f7:cf:51:
         82:09:40:98:8b:c9:d6:9b:cd:e4:c8:6b:ab:c7:4c:8a:1a:2e:
         57:05:9b:46:6f:47:62:71:8c:82:0f:f1:97:4a:cb:be:de:b2:
         a9:61:37:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEmqcC7rfj/GorMzu0TmMnaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwODA2MDc0OTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWRlNjk1OWI0N2FlZmFjMzM0ZTdlM2QxMmQyMDA1NWY1NzhkMjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjIK4i/CS3/iyZNL+rzmMp8+O89+
MrAhGLIoBTBitQBla6lC5gybsNXvm2cRuavueKRBJb5KcpZl7yW0fMdWUfI2gLhE
Er3pKLDQaR+tVY5yM2facuMEbBW3dclWtXBMPhsLfXhOrkGMLAsrSPHj6cjomYYL
Y8mw5cI63QHN3l6t6CpbciCsFzbRwP1rGRFE5Ceaffr/2I4//2cK9bK4AnEKkZhV
8RUVmU3atBWDQnemYiv/p8t22UlXrn+g8ojhp1jfbIAbHuzeavX96TYRScFO29kv
wsy4GWA1bPeti2bQDwYDSu8zCBDNH27VV/aTBVjUa9TRnqaZqUMWf2U3/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD7eaVm0eu+sM05+PRLSAFX1eNIOMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvUHQ1cFdiUjY3Nnd6VG40OUV0SUFWZlY0MGc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXn2IMA0G
CSqGSIb3DQEBCwUAA4IBAQB/99nq16CWwh4nVwAQ3R67ftggLQ/WQgjlc3kJBa0N
zUgEBuwhloMDbN2rBISjEcyshpGx7gyVU+PX1BsHAnKHP1/7MY4AggbDupK3Afwl
1JYfAJoxf3duECz/6EC+cTG8i62lFC4HRfhBzuT0jaQvwfNSC4fvlCmDjQsTHKQQ
3ACs0BCM2ZII79qSn9qqJtvehJtR59YNvUcVQBvK0pmRcG5xt1iLOTc+9NrwNdRc
4OLfNR7aczmAJmY9rVRDZ/9d4xhqk0Q1SJEYnYilJJ5WfeN/Tef3z1GCCUCYi8nW
m83kyGurx0yKGi5XBZtGb0dicYyCD/GXSsu+3rKpYTet
-----END CERTIFICATE-----