Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/0dbvzHmgnyF-jZ9mOQ1kQYzT5HE.roa
File:                     0dbvzHmgnyF-jZ9mOQ1kQYzT5HE.roa (raw, json)
Hash identifier:          mCw1BygUx3fITE6zZFl11g+2f3ufjim8n3eWsGMwqk8=
Subject key identifier:   D1:D6:EF:CC:79:A0:9F:21:7E:8D:9F:66:39:0D:64:41:8C:D3:E4:71
Certificate issuer:       /CN=29a9964e0cd35fb36757e5653ffa7626ac5deee8
Certificate serial:       018CC4246FADE977839B7615FEDEAF3D036B
Authority key identifier: 29:A9:96:4E:0C:D3:5F:B3:67:57:E5:65:3F:FA:76:26:AC:5D:EE:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KamWTgzTX7NnV-VlP_p2Jqxd7ug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/0dbvzHmgnyF-jZ9mOQ1kQYzT5HE.roa
Signing time:             Mon 01 Jan 2024 08:29:31 +0000
ROA not before:           Mon 01 Jan 2024 08:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59847
IP address blocks:        94.250.21.0/24 maxlen: 24
                          94.250.20.0/24 maxlen: 24
                          94.250.23.0/24 maxlen: 24
                          94.250.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/KamWTgzTX7NnV-VlP_p2Jqxd7ug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/KamWTgzTX7NnV-VlP_p2Jqxd7ug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KamWTgzTX7NnV-VlP_p2Jqxd7ug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:6f:ad:e9:77:83:9b:76:15:fe:de:af:3d:03:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29a9964e0cd35fb36757e5653ffa7626ac5deee8
        Validity
            Not Before: Jan  1 08:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1d6efcc79a09f217e8d9f66390d64418cd3e471
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:c7:dc:73:65:d5:ba:71:66:1c:2c:51:e2:3b:
                    88:95:a2:f2:f1:0b:15:de:4c:35:44:e9:9a:10:0c:
                    a9:0b:de:7b:e7:98:47:d0:98:84:33:68:1f:39:43:
                    77:e8:d8:33:65:3d:82:2e:f1:eb:6e:8f:f2:70:1c:
                    59:60:22:79:bf:9a:08:aa:c1:cc:88:56:5d:ed:24:
                    7a:a2:97:3e:a8:8e:76:19:8d:9c:57:8a:11:7c:17:
                    53:a0:db:8f:b3:f1:28:2a:84:fc:8e:f8:ac:43:eb:
                    43:15:29:1a:92:2a:4c:60:b6:72:0f:0d:35:fd:7c:
                    54:61:5d:9c:b7:44:8d:0d:ab:a6:f2:26:23:aa:e9:
                    06:a7:e6:c0:97:5a:a2:8f:4d:e8:a0:56:00:d8:73:
                    2a:6c:96:da:03:12:52:0c:da:2e:c0:2c:64:a5:41:
                    fa:2c:93:0f:be:02:f6:ae:1e:66:14:ce:16:bb:fc:
                    e8:60:dc:c9:77:ac:75:53:73:47:4e:42:5d:34:7a:
                    66:61:08:6f:94:a0:1b:f7:f3:53:c6:49:73:df:1e:
                    8b:ee:38:11:55:7c:68:0d:da:a9:84:bc:a5:6b:f8:
                    9a:31:89:62:0e:30:b1:0e:dc:3c:6a:b1:d8:fe:a4:
                    35:f4:9f:da:24:26:d4:05:5f:7a:c4:bc:be:ba:9a:
                    08:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:D6:EF:CC:79:A0:9F:21:7E:8D:9F:66:39:0D:64:41:8C:D3:E4:71
            X509v3 Authority Key Identifier:
                keyid:29:A9:96:4E:0C:D3:5F:B3:67:57:E5:65:3F:FA:76:26:AC:5D:EE:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KamWTgzTX7NnV-VlP_p2Jqxd7ug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/0dbvzHmgnyF-jZ9mOQ1kQYzT5HE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/KamWTgzTX7NnV-VlP_p2Jqxd7ug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.250.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5f:d8:b1:ea:1b:26:15:23:58:4f:c5:45:98:47:3e:42:8e:c8:
         89:58:7a:22:ee:d2:06:f6:b1:87:11:1e:28:f6:da:35:db:a3:
         09:42:2a:df:4e:33:ff:b3:e4:26:4b:1c:3a:ec:c3:2f:2e:8c:
         cc:51:67:5e:0a:c7:11:fb:08:cb:48:87:47:03:a9:f3:62:c3:
         53:a2:36:78:eb:79:18:2b:34:d5:98:47:cb:21:47:9f:34:6f:
         d0:68:54:58:fa:64:34:87:1e:84:d9:d5:a0:03:05:cb:b9:ea:
         53:1a:2f:ec:10:b7:30:97:a8:59:e2:12:fc:8b:88:9c:71:d7:
         81:77:89:35:45:a3:e0:8c:93:ff:5e:95:8a:8c:5c:86:28:57:
         90:6a:e4:7a:82:06:03:9a:6e:9a:e6:be:46:ef:d5:e6:6f:a7:
         7e:4b:2a:00:bd:0a:7e:45:80:7d:66:bc:23:e8:8c:e9:08:41:
         4e:ff:36:1a:95:ef:68:f6:36:ea:6f:ab:26:34:32:0c:29:98:
         20:a0:d5:d3:28:1f:67:81:99:c4:b3:9b:63:30:b7:f2:ba:29:
         b6:7b:68:26:62:76:86:7f:99:94:1b:9c:cc:a9:64:e5:b3:be:
         97:21:07:d7:14:79:bf:53:05:d0:fa:4e:bf:c9:2c:1a:5e:2b:
         00:99:90:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJG+t6XeDm3YV/t6vPQNrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YTk5NjRlMGNkMzVmYjM2NzU3ZTU2NTNmZmE3NjI2YWM1
ZGVlZTgwHhcNMjQwMTAxMDgyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWQ2ZWZjYzc5YTA5ZjIxN2U4ZDlmNjYzOTBkNjQ0MThjZDNlNDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhsfcc2XVunFmHCxR4juIlaLy8QsV
3kw1ROmaEAypC95755hH0JiEM2gfOUN36NgzZT2CLvHrbo/ycBxZYCJ5v5oIqsHM
iFZd7SR6opc+qI52GY2cV4oRfBdToNuPs/EoKoT8jvisQ+tDFSkakipMYLZyDw01
/XxUYV2ct0SNDaum8iYjqukGp+bAl1qij03ooFYA2HMqbJbaAxJSDNouwCxkpUH6
LJMPvgL2rh5mFM4Wu/zoYNzJd6x1U3NHTkJdNHpmYQhvlKAb9/NTxklz3x6L7jgR
VXxoDdqphLyla/iaMYliDjCxDtw8arHY/qQ19J/aJCbUBV96xLy+upoIzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNHW78x5oJ8hfo2fZjkNZEGM0+RxMB8GA1UdIwQY
MBaAFCmplk4M01+zZ1flZT/6diasXe7oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2FtV1RnelRYN05uVi1WbFBfcDJKcXhkN3VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8yMTQwNjMtZjg4Zi00OTU4LWFlNTIt
ZDliNTMzZjdmYmMzLzEvMGRidnpIbWdueUYtalo5bU9RMWtRWXpUNUhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8yMTQwNjMtZjg4Zi00OTU4LWFlNTItZDliNTMzZjdmYmMz
LzEvS2FtV1RnelRYN05uVi1WbFBfcDJKcXhkN3VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXvoUMA0G
CSqGSIb3DQEBCwUAA4IBAQBf2LHqGyYVI1hPxUWYRz5CjsiJWHoi7tIG9rGHER4o
9to126MJQirfTjP/s+QmSxw67MMvLozMUWdeCscR+wjLSIdHA6nzYsNTojZ463kY
KzTVmEfLIUefNG/QaFRY+mQ0hx6E2dWgAwXLuepTGi/sELcwl6hZ4hL8i4iccdeB
d4k1RaPgjJP/XpWKjFyGKFeQauR6ggYDmm6a5r5G79Xmb6d+SyoAvQp+RYB9Zrwj
6IzpCEFO/zYale9o9jbqb6smNDIMKZggoNXTKB9ngZnEs5tjMLfyuim2e2gmYnaG
f5mUG5zMqWTls76XIQfXFHm/UwXQ+k6/ySwaXisAmZDY
-----END CERTIFICATE-----