Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/IAOY-QfepE7JwugzKFDy0diGKx4.roa
File:                     IAOY-QfepE7JwugzKFDy0diGKx4.roa (raw, json)
Hash identifier:          hmbn+K1n4q89Mbv25nzZPCZ0a2G8W+ZDvwSwdotrofI=
Subject key identifier:   20:03:98:F9:07:DE:A4:4E:C9:C2:E8:33:28:50:F2:D1:D8:86:2B:1E
Certificate issuer:       /CN=29a9964e0cd35fb36757e5653ffa7626ac5deee8
Certificate serial:       018CC4246E546EB1A8F21D723AED6B80423C
Authority key identifier: 29:A9:96:4E:0C:D3:5F:B3:67:57:E5:65:3F:FA:76:26:AC:5D:EE:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KamWTgzTX7NnV-VlP_p2Jqxd7ug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/IAOY-QfepE7JwugzKFDy0diGKx4.roa
Signing time:             Mon 01 Jan 2024 08:29:31 +0000
ROA not before:           Mon 01 Jan 2024 08:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39826
IP address blocks:        94.250.32.0/23 maxlen: 23
                          94.250.33.0/24 maxlen: 24
                          94.250.34.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/KamWTgzTX7NnV-VlP_p2Jqxd7ug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/KamWTgzTX7NnV-VlP_p2Jqxd7ug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KamWTgzTX7NnV-VlP_p2Jqxd7ug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:6e:54:6e:b1:a8:f2:1d:72:3a:ed:6b:80:42:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29a9964e0cd35fb36757e5653ffa7626ac5deee8
        Validity
            Not Before: Jan  1 08:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=200398f907dea44ec9c2e8332850f2d1d8862b1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:41:fd:a9:d3:23:72:4f:09:cd:86:55:d0:11:
                    6d:d1:fb:92:68:16:e1:f7:44:25:96:e4:3b:0a:c4:
                    f0:99:be:5e:b7:10:97:7b:89:43:51:20:a5:de:cc:
                    92:d6:50:e5:e3:49:ca:c9:3a:b4:f4:15:94:0e:6c:
                    fa:3e:aa:21:f8:7f:38:eb:28:60:59:bc:4f:64:44:
                    16:bf:49:a2:2e:19:98:4a:29:1f:20:13:27:e6:b9:
                    8f:4f:d7:1d:52:a7:35:e4:02:57:55:2d:26:c5:9a:
                    2a:45:34:20:6b:5a:d5:36:d8:79:e8:3a:2d:6e:b3:
                    ba:84:fb:ab:ad:63:02:0a:01:af:45:e1:dc:50:d6:
                    86:f7:3e:d4:53:a9:8e:e4:66:b6:a6:78:27:47:07:
                    5c:85:f4:46:3f:32:47:fb:87:45:31:23:ea:69:2b:
                    7a:d1:54:bd:a3:e5:60:85:2e:00:ab:34:12:7d:11:
                    de:dc:a9:48:60:69:86:95:ee:b7:02:01:49:7d:28:
                    bd:a0:ad:f3:0a:01:af:fb:ec:f1:e4:75:11:f8:59:
                    a5:f7:38:56:33:73:90:2e:9d:51:8f:0a:91:fe:4d:
                    3e:90:b6:75:cd:20:18:b1:35:d0:7b:24:7b:3e:a5:
                    7c:df:4e:c8:92:b8:51:cc:c1:89:08:2b:eb:08:a5:
                    6f:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:03:98:F9:07:DE:A4:4E:C9:C2:E8:33:28:50:F2:D1:D8:86:2B:1E
            X509v3 Authority Key Identifier:
                keyid:29:A9:96:4E:0C:D3:5F:B3:67:57:E5:65:3F:FA:76:26:AC:5D:EE:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KamWTgzTX7NnV-VlP_p2Jqxd7ug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/IAOY-QfepE7JwugzKFDy0diGKx4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/KamWTgzTX7NnV-VlP_p2Jqxd7ug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.250.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:07:75:8a:8e:fa:3d:08:59:c5:88:76:6f:59:9d:4c:20:d4:
         a3:93:bd:57:f9:8a:1f:78:ef:d6:af:a6:b4:1d:8e:6c:09:e8:
         d6:10:bb:a1:c1:8f:6e:94:e9:2d:d6:fa:78:2b:c8:8c:06:fe:
         e1:8e:3f:e1:36:29:4e:91:01:4c:6d:16:95:b9:21:c8:dc:4e:
         83:da:f1:0d:9a:2c:96:17:89:12:41:4f:ed:1d:d3:39:50:60:
         59:5a:b0:67:21:cf:f7:89:64:cf:b5:39:df:89:39:b2:1e:1c:
         d1:35:a0:70:d8:c0:fe:41:a5:b3:7d:cb:bf:9e:ba:a0:94:6b:
         8b:76:96:e1:25:03:c1:81:5f:15:de:a4:d1:36:76:b0:91:e8:
         7d:35:81:30:fb:a5:59:31:d0:e8:13:0a:6b:a9:d3:77:a7:80:
         07:fd:b0:e1:5d:a0:d6:70:4d:b8:d3:c3:d6:14:20:55:70:b4:
         45:9c:82:44:0a:ed:10:13:91:68:fc:77:b0:e3:ab:c4:5a:c8:
         d6:e1:4a:4e:51:39:95:4a:35:91:f0:aa:85:9f:ef:6a:36:c2:
         1a:76:c8:89:83:2c:cb:7e:6b:bc:03:95:c4:53:14:96:3b:80:
         4c:a2:83:50:ca:16:f5:df:f4:bc:fa:48:d2:ed:f9:de:17:7d:
         81:5d:20:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJG5UbrGo8h1yOu1rgEI8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YTk5NjRlMGNkMzVmYjM2NzU3ZTU2NTNmZmE3NjI2YWM1
ZGVlZTgwHhcNMjQwMTAxMDgyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDAzOThmOTA3ZGVhNDRlYzljMmU4MzMyODUwZjJkMWQ4ODYyYjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0H9qdMjck8JzYZV0BFt0fuSaBbh
90QlluQ7CsTwmb5etxCXe4lDUSCl3syS1lDl40nKyTq09BWUDmz6Pqoh+H846yhg
WbxPZEQWv0miLhmYSikfIBMn5rmPT9cdUqc15AJXVS0mxZoqRTQga1rVNth56Dot
brO6hPurrWMCCgGvReHcUNaG9z7UU6mO5Ga2pngnRwdchfRGPzJH+4dFMSPqaSt6
0VS9o+VghS4AqzQSfRHe3KlIYGmGle63AgFJfSi9oK3zCgGv++zx5HUR+Fml9zhW
M3OQLp1RjwqR/k0+kLZ1zSAYsTXQeyR7PqV8307IkrhRzMGJCCvrCKVveQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCADmPkH3qROycLoMyhQ8tHYhiseMB8GA1UdIwQY
MBaAFCmplk4M01+zZ1flZT/6diasXe7oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2FtV1RnelRYN05uVi1WbFBfcDJKcXhkN3VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8yMTQwNjMtZjg4Zi00OTU4LWFlNTIt
ZDliNTMzZjdmYmMzLzEvSUFPWS1RZmVwRTdKd3VnektGRHkwZGlHS3g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8yMTQwNjMtZjg4Zi00OTU4LWFlNTItZDliNTMzZjdmYmMz
LzEvS2FtV1RnelRYN05uVi1WbFBfcDJKcXhkN3VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXvogMA0G
CSqGSIb3DQEBCwUAA4IBAQApB3WKjvo9CFnFiHZvWZ1MINSjk71X+YofeO/Wr6a0
HY5sCejWELuhwY9ulOkt1vp4K8iMBv7hjj/hNilOkQFMbRaVuSHI3E6D2vENmiyW
F4kSQU/tHdM5UGBZWrBnIc/3iWTPtTnfiTmyHhzRNaBw2MD+QaWzfcu/nrqglGuL
dpbhJQPBgV8V3qTRNnawkeh9NYEw+6VZMdDoEwprqdN3p4AH/bDhXaDWcE2408PW
FCBVcLRFnIJECu0QE5Fo/Hew46vEWsjW4UpOUTmVSjWR8KqFn+9qNsIadsiJgyzL
fmu8A5XEUxSWO4BMooNQyhb13/S8+kjS7fneF32BXSAf
-----END CERTIFICATE-----