Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/e3decc-3ef7-4cb2-81d1-9013ca996b16/1/rXlYzmdxJF3PFGJBlBhNczthy2Q.roa
File:                     rXlYzmdxJF3PFGJBlBhNczthy2Q.roa (raw, json)
Hash identifier:          4r1tP6Q9H60LHZGs84Y7dy65IuoukACGtHq9N0j6uXQ=
Subject key identifier:   AD:79:58:CE:67:71:24:5D:CF:14:62:41:94:18:4D:73:3B:61:CB:64
Certificate issuer:       /CN=02b610cd43bafced91480fabfdcaae82049fbf71
Certificate serial:       018E3824E2021D0C0B053BD8D6E6D55CC40B
Authority key identifier: 02:B6:10:CD:43:BA:FC:ED:91:48:0F:AB:FD:CA:AE:82:04:9F:BF:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ArYQzUO6_O2RSA-r_cquggSfv3E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/e3decc-3ef7-4cb2-81d1-9013ca996b16/1/rXlYzmdxJF3PFGJBlBhNczthy2Q.roa
Signing time:             Wed 13 Mar 2024 14:08:44 +0000
ROA not before:           Wed 13 Mar 2024 14:08:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209671
IP address blocks:        185.94.108.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/e3decc-3ef7-4cb2-81d1-9013ca996b16/1/ArYQzUO6_O2RSA-r_cquggSfv3E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/e3decc-3ef7-4cb2-81d1-9013ca996b16/1/ArYQzUO6_O2RSA-r_cquggSfv3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ArYQzUO6_O2RSA-r_cquggSfv3E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:38:24:e2:02:1d:0c:0b:05:3b:d8:d6:e6:d5:5c:c4:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02b610cd43bafced91480fabfdcaae82049fbf71
        Validity
            Not Before: Mar 13 14:08:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad7958ce6771245dcf14624194184d733b61cb64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:53:39:b2:3e:e4:29:04:b5:c6:e5:7f:d3:9a:
                    28:29:31:7a:ee:12:d4:3b:df:29:97:17:69:4e:52:
                    11:78:ef:33:ed:80:25:00:65:e1:71:17:a2:99:2e:
                    e6:a0:e0:62:b1:50:22:5c:bf:18:ed:6d:4f:fd:b7:
                    a2:39:e0:b9:58:2d:56:c4:1e:7f:6a:8d:87:d1:33:
                    39:e6:81:ce:0b:6c:2b:72:b8:d4:d2:54:dd:cf:2a:
                    ba:7f:c1:ac:13:84:8b:4b:7b:f6:35:27:cf:13:7d:
                    c4:26:d0:40:73:e8:bf:f3:0a:a6:23:c0:3f:f2:c4:
                    bf:7c:db:08:3c:75:15:8f:a5:38:55:24:3c:87:02:
                    f1:f0:52:f5:fb:47:a4:7c:b3:bc:de:47:54:77:04:
                    7b:af:53:b8:b5:23:98:75:a9:5e:8e:96:1e:9e:ba:
                    10:f3:8b:91:d0:c3:10:e3:31:04:fe:32:46:f7:7d:
                    0c:6e:c1:a0:1c:98:79:b7:9e:a5:2e:25:98:fb:e1:
                    09:6a:95:5e:96:c3:5e:a9:7f:5f:1f:15:3f:20:57:
                    aa:10:3e:bb:14:47:27:1c:a3:1b:ff:2c:f2:ac:ee:
                    0c:1c:0a:f7:0a:ad:17:75:d1:6e:a2:d6:03:ef:53:
                    af:64:84:99:2d:1c:8e:55:d3:e2:e9:41:d7:e5:fd:
                    84:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:79:58:CE:67:71:24:5D:CF:14:62:41:94:18:4D:73:3B:61:CB:64
            X509v3 Authority Key Identifier:
                keyid:02:B6:10:CD:43:BA:FC:ED:91:48:0F:AB:FD:CA:AE:82:04:9F:BF:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ArYQzUO6_O2RSA-r_cquggSfv3E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/e3decc-3ef7-4cb2-81d1-9013ca996b16/1/rXlYzmdxJF3PFGJBlBhNczthy2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/e3decc-3ef7-4cb2-81d1-9013ca996b16/1/ArYQzUO6_O2RSA-r_cquggSfv3E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.94.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6a:19:5a:b6:76:35:c7:2c:e9:51:2e:cc:80:34:bc:cb:a8:41:
         19:10:c5:14:c3:11:fe:ec:fe:59:4b:d6:42:88:4d:8e:52:60:
         8c:df:64:18:f1:f2:44:69:1c:fb:0d:92:bf:7d:6b:e2:07:2f:
         02:e0:32:5b:d1:7c:56:e3:c8:71:b3:e6:86:7d:2a:d9:df:3d:
         8c:36:0d:a2:d5:ea:49:dc:3e:17:3c:cd:b8:13:f4:39:2f:ce:
         eb:b3:d4:71:37:0d:ef:dc:0a:f3:c1:77:43:ad:d5:04:20:32:
         6e:b2:1a:45:c7:e9:5d:ce:63:06:47:01:02:a0:26:17:28:23:
         cc:d5:cd:b5:71:bf:e7:28:54:c7:0c:36:7f:cd:5e:aa:b3:31:
         0c:57:22:41:f6:32:45:a7:79:33:68:43:a5:60:98:87:a0:ff:
         70:08:e5:99:e3:e3:a5:3a:e8:84:2f:bb:11:19:0b:88:1f:4f:
         c9:1d:1b:ee:8a:9e:a0:dc:16:c3:60:0a:87:e3:72:f8:35:59:
         a6:c2:9a:a0:d4:3a:f3:6c:8e:dd:01:ef:71:43:5e:f6:89:3f:
         2b:c8:23:be:ea:70:cc:ff:77:75:bc:47:9e:bc:22:24:b0:3e:
         b0:2f:ac:98:a1:ae:46:3b:70:d3:e2:d4:0f:6a:ba:12:15:db:
         08:87:3d:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY44JOICHQwLBTvY1ubVXMQLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyYjYxMGNkNDNiYWZjZWQ5MTQ4MGZhYmZkY2FhZTgyMDQ5
ZmJmNzEwHhcNMjQwMzEzMTQwODQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDc5NThjZTY3NzEyNDVkY2YxNDYyNDE5NDE4NGQ3MzNiNjFjYjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFM5sj7kKQS1xuV/05ooKTF67hLU
O98plxdpTlIReO8z7YAlAGXhcReimS7moOBisVAiXL8Y7W1P/beiOeC5WC1WxB5/
ao2H0TM55oHOC2wrcrjU0lTdzyq6f8GsE4SLS3v2NSfPE33EJtBAc+i/8wqmI8A/
8sS/fNsIPHUVj6U4VSQ8hwLx8FL1+0ekfLO83kdUdwR7r1O4tSOYdalejpYenroQ
84uR0MMQ4zEE/jJG930MbsGgHJh5t56lLiWY++EJapVelsNeqX9fHxU/IFeqED67
FEcnHKMb/yzyrO4MHAr3Cq0XddFuotYD71OvZISZLRyOVdPi6UHX5f2EZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK15WM5ncSRdzxRiQZQYTXM7YctkMB8GA1UdIwQY
MBaAFAK2EM1DuvztkUgPq/3KroIEn79xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXJZUXpVTzZfTzJSU0Etcl9jcXVnZ1NmdjNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9lM2RlY2MtM2VmNy00Y2IyLTgxZDEt
OTAxM2NhOTk2YjE2LzEvclhsWXptZHhKRjNQRkdKQmxCaE5jenRoeTJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9lM2RlY2MtM2VmNy00Y2IyLTgxZDEtOTAxM2NhOTk2YjE2
LzEvQXJZUXpVTzZfTzJSU0Etcl9jcXVnZ1NmdjNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuV5sMA0G
CSqGSIb3DQEBCwUAA4IBAQBqGVq2djXHLOlRLsyANLzLqEEZEMUUwxH+7P5ZS9ZC
iE2OUmCM32QY8fJEaRz7DZK/fWviBy8C4DJb0XxW48hxs+aGfSrZ3z2MNg2i1epJ
3D4XPM24E/Q5L87rs9RxNw3v3ArzwXdDrdUEIDJushpFx+ldzmMGRwECoCYXKCPM
1c21cb/nKFTHDDZ/zV6qszEMVyJB9jJFp3kzaEOlYJiHoP9wCOWZ4+OlOuiEL7sR
GQuIH0/JHRvuip6g3BbDYAqH43L4NVmmwpqg1DrzbI7dAe9xQ172iT8ryCO+6nDM
/3d1vEeevCIksD6wL6yYoa5GO3DT4tQParoSFdsIhz2s
-----END CERTIFICATE-----