Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/hXGGb5Ji0ggYGlx7VB8wK5ioXQk.roa
File:                     hXGGb5Ji0ggYGlx7VB8wK5ioXQk.roa (raw, json)
Hash identifier:          zNw/B88XzIT9hhxPO3vMysF5YLzAfJ8Lxz/pLWCHV/o=
Subject key identifier:   85:71:86:6F:92:62:D2:08:18:1A:5C:7B:54:1F:30:2B:98:A8:5D:09
Certificate issuer:       /CN=adf491488a7cd8448a420945871c0b99672dc66e
Certificate serial:       018CC64B37B565415A250BB146001118CE56
Authority key identifier: AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/hXGGb5Ji0ggYGlx7VB8wK5ioXQk.roa
Signing time:             Mon 01 Jan 2024 18:31:07 +0000
ROA not before:           Mon 01 Jan 2024 18:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42440
IP address blocks:        94.183.58.1/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:37:b5:65:41:5a:25:0b:b1:46:00:11:18:ce:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=adf491488a7cd8448a420945871c0b99672dc66e
        Validity
            Not Before: Jan  1 18:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8571866f9262d208181a5c7b541f302b98a85d09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:4a:46:ef:50:35:0a:8e:8f:c4:cd:57:dc:bc:
                    8d:9a:d0:87:6c:2e:3c:04:ba:ec:5a:a9:38:bc:46:
                    ee:0e:27:51:2f:7e:f8:70:45:97:64:fa:cd:5b:36:
                    a4:23:14:63:b7:b2:1e:f6:f2:35:62:88:49:0e:c3:
                    45:63:ba:8c:d9:98:b0:74:25:47:ee:a8:d2:a8:e6:
                    97:ac:15:ab:79:38:89:76:15:ce:14:20:6a:c5:de:
                    fe:2b:3d:ab:09:0e:4b:91:d0:80:66:51:3b:ba:28:
                    7a:9a:85:32:5e:70:e4:2f:3c:50:90:28:ed:8d:c0:
                    95:9a:09:98:3c:ff:c0:8f:1c:37:30:03:3d:3a:85:
                    d4:d5:e5:c9:aa:e2:75:da:67:f2:82:36:17:ea:1b:
                    24:8c:38:4b:5f:33:f5:f8:c9:af:d7:8f:d7:62:96:
                    dc:7b:27:ad:fd:d7:a9:bf:90:82:d0:c5:a6:5e:60:
                    81:0c:d6:9a:d5:f2:5c:a6:1b:5f:35:93:ad:20:50:
                    4a:b9:75:a6:aa:b2:b8:d8:9d:83:a1:06:3f:fc:cf:
                    c2:c1:32:32:d4:2d:ae:a1:7d:28:ac:32:4c:18:f5:
                    56:26:37:d3:6a:5e:10:8a:58:f7:ee:91:05:b8:78:
                    dd:0c:fb:4c:c4:62:26:02:f3:26:ef:02:2d:4a:2d:
                    4b:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:71:86:6F:92:62:D2:08:18:1A:5C:7B:54:1F:30:2B:98:A8:5D:09
            X509v3 Authority Key Identifier:
                keyid:AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/hXGGb5Ji0ggYGlx7VB8wK5ioXQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.183.58.1/32

    Signature Algorithm: sha256WithRSAEncryption
         11:7f:6e:46:5b:58:25:f2:02:fb:69:86:88:25:37:7b:cb:ea:
         b1:ae:70:86:ff:dc:f1:f1:34:63:2c:0c:93:2a:39:7d:70:0e:
         66:cd:34:ac:58:68:2b:a5:46:75:5b:69:bb:64:e2:68:5c:90:
         43:93:58:81:37:0b:32:73:40:e9:d3:2d:81:db:8f:56:4d:a8:
         d7:7c:ee:0a:2b:6a:56:ab:5f:d8:f7:a9:7e:b1:18:d3:3e:d3:
         a7:f7:61:52:6c:80:bc:00:39:37:57:34:c4:e4:13:02:fe:98:
         54:e4:6f:3c:64:20:59:7c:f9:43:a2:8c:ae:8e:8c:88:f5:c3:
         42:34:71:49:5a:85:ea:46:85:0b:bb:ae:e2:3c:71:02:db:d9:
         6d:84:a6:8f:a0:ce:e4:a6:42:f5:0c:95:fb:d2:e0:a7:3d:b6:
         c7:ed:7e:d3:8f:cf:e4:9d:c9:cd:6e:cc:2e:2d:f7:a8:e8:14:
         22:0e:5f:3a:f7:14:3d:10:2e:22:b3:2c:fa:ff:72:81:ca:13:
         35:a9:28:f9:38:f2:7f:44:eb:57:1c:ea:da:06:0f:9d:2e:0a:
         c4:80:ff:33:c3:12:71:ae:5a:91:fc:5d:da:70:70:09:ba:b0:
         e2:aa:97:b4:8a:e6:24:ff:ba:86:16:f7:81:e3:5c:8c:e5:35:
         c4:78:b3:49
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGSze1ZUFaJQuxRgARGM5WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZjQ5MTQ4OGE3Y2Q4NDQ4YTQyMDk0NTg3MWMwYjk5Njcy
ZGM2NmUwHhcNMjQwMTAxMTgzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTcxODY2ZjkyNjJkMjA4MTgxYTVjN2I1NDFmMzAyYjk4YTg1ZDA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0pG71A1Co6PxM1X3LyNmtCHbC48
BLrsWqk4vEbuDidRL374cEWXZPrNWzakIxRjt7Ie9vI1YohJDsNFY7qM2ZiwdCVH
7qjSqOaXrBWreTiJdhXOFCBqxd7+Kz2rCQ5LkdCAZlE7uih6moUyXnDkLzxQkCjt
jcCVmgmYPP/Ajxw3MAM9OoXU1eXJquJ12mfygjYX6hskjDhLXzP1+Mmv14/XYpbc
eyet/depv5CC0MWmXmCBDNaa1fJcphtfNZOtIFBKuXWmqrK42J2DoQY//M/CwTIy
1C2uoX0orDJMGPVWJjfTal4Qilj37pEFuHjdDPtMxGImAvMm7wItSi1LuwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIVxhm+SYtIIGBpce1QfMCuYqF0JMB8GA1UdIwQY
MBaAFK30kUiKfNhEikIJRYccC5lnLcZuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQt
MGJlZTA2MTI2YjFhLzEvaFhHR2I1SmkwZ2dZR2x4N1ZCOHdLNWlvWFFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQtMGJlZTA2MTI2YjFh
LzEvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUAXrc6ATAN
BgkqhkiG9w0BAQsFAAOCAQEAEX9uRltYJfIC+2mGiCU3e8vqsa5whv/c8fE0YywM
kyo5fXAOZs00rFhoK6VGdVtpu2TiaFyQQ5NYgTcLMnNA6dMtgduPVk2o13zuCitq
Vqtf2PepfrEY0z7Tp/dhUmyAvAA5N1c0xOQTAv6YVORvPGQgWXz5Q6KMro6MiPXD
QjRxSVqF6kaFC7uu4jxxAtvZbYSmj6DO5KZC9QyV+9Lgpz22x+1+04/P5J3JzW7M
Li33qOgUIg5fOvcUPRAuIrMs+v9ygcoTNako+Tjyf0TrVxzq2gYPnS4KxID/M8MS
ca5akfxd2nBwCbqw4qqXtIrmJP+6hhb3geNcjOU1xHizSQ==
-----END CERTIFICATE-----