Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/dIKnVDdffbYxYe8Xn_rzW1-cuQA.roa
File:                     dIKnVDdffbYxYe8Xn_rzW1-cuQA.roa (raw, json)
Hash identifier:          tfKghvC+tNh8db2JH9hzrwA1QgLYCdf+lE/QjuFD9X4=
Subject key identifier:   74:82:A7:54:37:5F:7D:B6:31:61:EF:17:9F:FA:F3:5B:5F:9C:B9:00
Certificate issuer:       /CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
Certificate serial:       018CC26CF8EEC7626BE935BAFA02BCD0C099
Authority key identifier: 17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/dIKnVDdffbYxYe8Xn_rzW1-cuQA.roa
Signing time:             Mon 01 Jan 2024 00:29:30 +0000
ROA not before:           Mon 01 Jan 2024 00:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204192
IP address blocks:        94.40.7.0/24 maxlen: 24
                          94.40.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f8:ee:c7:62:6b:e9:35:ba:fa:02:bc:d0:c0:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
        Validity
            Not Before: Jan  1 00:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7482a754375f7db63161ef179ffaf35b5f9cb900
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:cd:6b:4e:16:98:1d:29:db:5c:94:96:4a:eb:
                    40:fb:18:7e:f4:7c:42:b3:25:12:85:27:d4:22:bc:
                    4a:e0:9b:7a:81:5c:d2:44:39:40:b1:b8:c5:8f:1e:
                    00:fe:ee:b5:60:77:de:fc:e1:d5:68:a3:c1:81:2c:
                    d8:dd:1b:11:7a:3a:17:00:e1:97:b9:36:ce:1e:55:
                    17:cf:39:3f:f1:32:93:99:06:94:79:7e:4c:89:3b:
                    3c:6f:26:6a:49:97:c7:67:72:16:52:a9:d3:45:b4:
                    c2:7d:23:14:ac:49:85:f4:4c:f4:08:95:76:32:32:
                    80:c9:8a:3d:e4:1c:75:26:3f:5a:26:1d:45:c0:e7:
                    15:36:7e:ad:7f:3c:a1:f2:64:31:ee:af:fa:05:d8:
                    46:9d:9d:70:f4:a5:19:fe:65:e6:d2:7b:7e:55:35:
                    42:a8:ac:aa:ad:d8:b6:db:8d:f7:e7:8e:e3:f1:6a:
                    7b:59:2a:60:10:52:33:d0:8c:f2:73:c4:df:67:92:
                    d9:f5:1b:92:4b:51:05:ac:2d:44:59:f4:fa:17:93:
                    f6:9f:28:d1:cf:b7:22:32:d7:31:ec:79:38:57:f7:
                    78:76:14:62:8c:72:58:c9:54:2c:57:c7:42:e0:bf:
                    7c:c7:56:9a:40:40:cd:14:70:ad:8c:f5:76:56:bb:
                    65:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:82:A7:54:37:5F:7D:B6:31:61:EF:17:9F:FA:F3:5B:5F:9C:B9:00
            X509v3 Authority Key Identifier:
                keyid:17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/dIKnVDdffbYxYe8Xn_rzW1-cuQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.40.7.0-94.40.8.255

    Signature Algorithm: sha256WithRSAEncryption
         be:4d:38:06:64:d9:c0:31:1f:c1:26:a0:5d:62:5f:f2:a9:e7:
         a1:e9:55:79:c4:2d:d6:8a:75:67:35:80:1e:03:b3:ba:20:e1:
         84:c4:ef:05:64:11:96:48:21:5d:99:34:14:f6:bc:d9:dd:f9:
         eb:33:9d:92:a1:20:ae:23:15:30:d1:ce:f7:20:aa:14:af:61:
         0e:a5:66:ec:7b:7c:6b:36:be:ee:33:1e:a5:d5:ff:c1:04:5a:
         aa:de:12:9b:a1:74:d4:2f:d2:fc:c3:09:fc:b6:01:36:2e:b9:
         34:c4:91:8e:f1:00:93:06:d9:ff:69:4e:bc:03:83:57:52:65:
         76:3e:06:34:9b:e7:5b:29:19:66:4c:2e:0d:83:20:02:b9:f7:
         90:85:0e:77:4d:96:fb:0f:c7:05:5f:60:dd:e7:9d:f1:a4:33:
         d2:52:9a:40:c5:7d:3c:42:0a:57:6b:71:29:a7:94:66:4a:00:
         0b:da:a3:fb:86:01:35:7c:53:65:1b:50:68:e7:60:7a:1d:96:
         35:b8:57:cd:67:e0:09:04:42:6d:8e:5a:ac:b8:4a:d5:cf:29:
         85:03:cb:e0:30:e5:27:99:42:a0:f5:9f:67:e5:82:a3:18:b7:
         a2:0a:1c:41:0a:15:07:3a:87:7c:2a:05:ce:f4:b8:fb:5f:0a:
         10:f1:b0:76
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzCbPjux2Jr6TW6+gK80MCZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3OTMwMWRjYzdmYWU0ZjdjZTAxZTQ5ODdhNzdjYjgyYTMz
NmFiZmYwHhcNMjQwMTAxMDAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDgyYTc1NDM3NWY3ZGI2MzE2MWVmMTc5ZmZhZjM1YjVmOWNiOTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjs1rThaYHSnbXJSWSutA+xh+9HxC
syUShSfUIrxK4Jt6gVzSRDlAsbjFjx4A/u61YHfe/OHVaKPBgSzY3RsRejoXAOGX
uTbOHlUXzzk/8TKTmQaUeX5MiTs8byZqSZfHZ3IWUqnTRbTCfSMUrEmF9Ez0CJV2
MjKAyYo95Bx1Jj9aJh1FwOcVNn6tfzyh8mQx7q/6BdhGnZ1w9KUZ/mXm0nt+VTVC
qKyqrdi22433547j8Wp7WSpgEFIz0Izyc8TfZ5LZ9RuSS1EFrC1EWfT6F5P2nyjR
z7ciMtcx7Hk4V/d4dhRijHJYyVQsV8dC4L98x1aaQEDNFHCtjPV2VrtlHQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHSCp1Q3X322MWHvF5/681tfnLkAMB8GA1UdIwQY
MBaAFBeTAdzH+uT3zgHkmHp3y4KjNqv/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQt
YWZmOTJjMTZkOGUzLzEvZElLblZEZGZmYll4WWU4WG5fcnpXMS1jdVFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQtYWZmOTJjMTZkOGUz
LzEvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABeKAcD
BABeKAgwDQYJKoZIhvcNAQELBQADggEBAL5NOAZk2cAxH8EmoF1iX/Kp56HpVXnE
LdaKdWc1gB4Ds7og4YTE7wVkEZZIIV2ZNBT2vNnd+esznZKhIK4jFTDRzvcgqhSv
YQ6lZux7fGs2vu4zHqXV/8EEWqreEpuhdNQv0vzDCfy2ATYuuTTEkY7xAJMG2f9p
TrwDg1dSZXY+BjSb51spGWZMLg2DIAK595CFDndNlvsPxwVfYN3nnfGkM9JSmkDF
fTxCCldrcSmnlGZKAAvao/uGATV8U2UbUGjnYHodljW4V81n4AkEQm2OWqy4StXP
KYUDy+Aw5SeZQqD1n2flgqMYt6IKHEEKFQc6h3wqBc70uPtfChDxsHY=
-----END CERTIFICATE-----