Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/mRd8WhPk5XHAbA7kLSUn1kxZn3E.roa
File:                     mRd8WhPk5XHAbA7kLSUn1kxZn3E.roa (raw, json)
Hash identifier:          9TKd+JNWq1CucB4znz1kXM09yc1fLOtkGlOF5282hDE=
Subject key identifier:   99:17:7C:5A:13:E4:E5:71:C0:6C:0E:E4:2D:25:27:D6:4C:59:9F:71
Certificate issuer:       /CN=c0e549fdceeb02912c8a8741c816806bbe19c448
Certificate serial:       019126A8D60BFF50736F047D5F564F9E86FE
Authority key identifier: C0:E5:49:FD:CE:EB:02:91:2C:8A:87:41:C8:16:80:6B:BE:19:C4:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wOVJ_c7rApEsiodByBaAa74ZxEg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/mRd8WhPk5XHAbA7kLSUn1kxZn3E.roa
Signing time:             Tue 06 Aug 2024 07:48:04 +0000
ROA not before:           Tue 06 Aug 2024 07:48:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31082
IP address blocks:        94.125.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/wOVJ_c7rApEsiodByBaAa74ZxEg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/wOVJ_c7rApEsiodByBaAa74ZxEg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wOVJ_c7rApEsiodByBaAa74ZxEg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:26:a8:d6:0b:ff:50:73:6f:04:7d:5f:56:4f:9e:86:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0e549fdceeb02912c8a8741c816806bbe19c448
        Validity
            Not Before: Aug  6 07:48:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99177c5a13e4e571c06c0ee42d2527d64c599f71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:52:9f:43:1c:36:91:98:83:e4:51:94:01:9f:
                    8a:b5:f4:b6:43:e4:69:29:3b:b5:a9:cc:0e:9e:fb:
                    58:1b:3e:2f:a8:78:9f:00:43:88:94:94:5b:29:03:
                    3b:9d:32:ac:4b:fc:de:fe:2e:2d:3c:d0:f4:7e:a7:
                    fd:11:24:1f:f0:12:83:0f:e8:35:9b:fa:de:78:55:
                    db:68:13:7f:85:65:ff:bf:19:2c:90:f1:02:8c:19:
                    9c:cb:0c:13:01:53:ab:09:53:e2:ac:8f:14:b9:85:
                    be:13:47:6d:b1:23:84:72:e9:3d:ba:d4:d7:98:b6:
                    7d:ff:67:7f:f6:c2:51:52:1d:73:0e:8e:54:a1:e8:
                    7a:ce:8a:5f:5f:08:86:f1:74:6e:48:d3:a0:b1:49:
                    79:7f:01:c5:52:79:ec:bb:11:46:5b:41:97:a1:c1:
                    c7:b4:79:50:e1:34:a1:22:54:7f:c3:a2:94:97:02:
                    14:a5:a0:61:86:b7:7b:29:a5:a0:44:7d:07:40:82:
                    14:15:30:e5:13:38:f5:af:7a:75:17:88:3f:47:16:
                    4f:b8:58:d6:95:16:74:c8:16:38:51:94:db:76:02:
                    82:78:83:aa:21:8e:d8:c1:f0:de:76:25:71:73:0c:
                    05:a8:10:11:29:82:ad:0a:9d:e9:86:62:2c:65:49:
                    81:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:17:7C:5A:13:E4:E5:71:C0:6C:0E:E4:2D:25:27:D6:4C:59:9F:71
            X509v3 Authority Key Identifier:
                keyid:C0:E5:49:FD:CE:EB:02:91:2C:8A:87:41:C8:16:80:6B:BE:19:C4:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wOVJ_c7rApEsiodByBaAa74ZxEg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/mRd8WhPk5XHAbA7kLSUn1kxZn3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/wOVJ_c7rApEsiodByBaAa74ZxEg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.125.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:c5:af:a4:ec:c4:3a:ca:b8:05:23:25:af:a5:8a:13:07:6b:
         06:68:ab:06:3d:7a:6c:28:be:b4:06:29:7f:80:8b:bd:59:bb:
         24:cd:6a:e1:e1:5b:9c:98:9d:92:c7:e0:29:04:34:5e:d3:9e:
         e7:33:de:1e:4b:7d:94:3c:7a:fc:28:be:4e:23:4c:46:14:24:
         e7:c4:3a:42:50:fe:65:4e:9e:90:c2:48:e4:fb:c1:a6:86:5b:
         29:b1:a9:33:b5:d7:db:dd:e3:42:70:da:08:54:09:2d:de:cc:
         64:9a:63:31:f1:0f:71:9b:9c:7e:7a:3e:38:a6:34:54:d1:2b:
         f1:40:4b:53:2f:e4:ba:b4:16:79:ac:ef:35:66:aa:33:77:ad:
         9c:d4:1f:26:6f:03:f5:95:27:fd:b2:74:c1:00:a0:b0:23:5f:
         48:25:c6:71:fd:8a:17:20:62:b5:eb:ac:aa:d2:0e:b5:37:5f:
         ba:17:b3:13:bf:5e:c9:a0:36:b6:96:d9:7d:7d:1a:58:13:c1:
         a3:b6:cc:e3:09:d7:83:29:22:31:24:d0:7b:5a:16:95:e6:38:
         b0:b5:7b:1f:a1:d2:a2:50:81:28:6f:73:26:f9:d2:0c:d8:eb:
         4e:04:9c:e5:49:9c:71:ce:b6:99:ce:ce:b9:48:a8:1e:ee:50:
         cb:86:64:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEmqNYL/1BzbwR9X1ZPnob+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwZTU0OWZkY2VlYjAyOTEyYzhhODc0MWM4MTY4MDZiYmUx
OWM0NDgwHhcNMjQwODA2MDc0ODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTE3N2M1YTEzZTRlNTcxYzA2YzBlZTQyZDI1MjdkNjRjNTk5ZjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4FKfQxw2kZiD5FGUAZ+KtfS2Q+Rp
KTu1qcwOnvtYGz4vqHifAEOIlJRbKQM7nTKsS/ze/i4tPND0fqf9ESQf8BKDD+g1
m/reeFXbaBN/hWX/vxkskPECjBmcywwTAVOrCVPirI8UuYW+E0dtsSOEcuk9utTX
mLZ9/2d/9sJRUh1zDo5Uoeh6zopfXwiG8XRuSNOgsUl5fwHFUnnsuxFGW0GXocHH
tHlQ4TShIlR/w6KUlwIUpaBhhrd7KaWgRH0HQIIUFTDlEzj1r3p1F4g/RxZPuFjW
lRZ0yBY4UZTbdgKCeIOqIY7YwfDediVxcwwFqBARKYKtCp3phmIsZUmBlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJkXfFoT5OVxwGwO5C0lJ9ZMWZ9xMB8GA1UdIwQY
MBaAFMDlSf3O6wKRLIqHQcgWgGu+GcRIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd09WSl9jN3JBcEVzaW9kQnlCYUFhNzRaeEVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8xNjBmOGYtZGJhYi00ODJkLWIzOWMt
YWQyZmRhNDc5ODhlLzEvbVJkOFdoUGs1WEhBYkE3a0xTVW4xa3habjNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8xNjBmOGYtZGJhYi00ODJkLWIzOWMtYWQyZmRhNDc5ODhl
LzEvd09WSl9jN3JBcEVzaW9kQnlCYUFhNzRaeEVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXn2OMA0G
CSqGSIb3DQEBCwUAA4IBAQBDxa+k7MQ6yrgFIyWvpYoTB2sGaKsGPXpsKL60Bil/
gIu9WbskzWrh4VucmJ2Sx+ApBDRe057nM94eS32UPHr8KL5OI0xGFCTnxDpCUP5l
Tp6Qwkjk+8Gmhlspsakztdfb3eNCcNoIVAkt3sxkmmMx8Q9xm5x+ej44pjRU0Svx
QEtTL+S6tBZ5rO81Zqozd62c1B8mbwP1lSf9snTBAKCwI19IJcZx/YoXIGK166yq
0g61N1+6F7MTv17JoDa2ltl9fRpYE8GjtszjCdeDKSIxJNB7WhaV5jiwtXsfodKi
UIEob3Mm+dIM2OtOBJzlSZxxzraZzs65SKge7lDLhmRJ
-----END CERTIFICATE-----