Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/m9u7fNOf7Lf8fjE-AiikLrhk_B8.roa
File:                     m9u7fNOf7Lf8fjE-AiikLrhk_B8.roa (raw, json)
Hash identifier:          088rM33EQj2plDxL5yVRuuD6JnWEHMLa70MgioQostw=
Subject key identifier:   9B:DB:BB:7C:D3:9F:EC:B7:FC:7E:31:3E:02:28:A4:2E:B8:64:FC:1F
Certificate issuer:       /CN=adf491488a7cd8448a420945871c0b99672dc66e
Certificate serial:       018CC64B39CE9BE5600F82FE734D13DBBA74
Authority key identifier: AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/m9u7fNOf7Lf8fjE-AiikLrhk_B8.roa
Signing time:             Mon 01 Jan 2024 18:31:07 +0000
ROA not before:           Mon 01 Jan 2024 18:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62048
IP address blocks:        94.182.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:39:ce:9b:e5:60:0f:82:fe:73:4d:13:db:ba:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=adf491488a7cd8448a420945871c0b99672dc66e
        Validity
            Not Before: Jan  1 18:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9bdbbb7cd39fecb7fc7e313e0228a42eb864fc1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:8c:17:27:31:78:38:de:80:07:17:c2:d1:b9:
                    9e:fe:40:7a:e6:ff:2c:db:ed:fb:1c:e3:e2:ab:e5:
                    c6:9e:a2:11:0c:5a:33:30:9d:21:5e:31:46:14:c1:
                    a8:33:39:99:ff:63:fb:09:36:ff:92:c4:93:3d:4e:
                    05:da:83:0a:98:0b:e3:79:98:06:dd:31:ce:43:1e:
                    59:98:3f:f3:a1:f8:81:87:f4:b1:87:d3:1d:03:33:
                    64:34:48:55:dd:a3:c4:64:bd:1f:b9:9e:b5:ce:f9:
                    3c:d5:59:0a:09:ed:59:94:11:fb:f1:fc:86:dc:84:
                    49:f7:56:d9:b7:27:5d:b6:b3:4b:40:de:ca:76:c0:
                    23:bc:49:e8:d9:e7:f9:f2:02:6b:8a:b6:5e:ec:f1:
                    f3:42:6d:66:84:5c:93:a5:9e:ac:48:bd:ee:52:e5:
                    6f:25:63:23:0c:ac:f9:2d:b5:cf:32:6b:7c:30:98:
                    6c:e8:c2:58:81:90:12:ba:73:73:fa:5f:1d:7e:9e:
                    8a:7c:7d:d0:1f:99:b0:a3:d9:aa:76:f5:eb:5d:bc:
                    bd:7b:50:c5:2c:7d:25:71:a8:6e:5d:97:51:93:1f:
                    74:df:cf:6a:1d:cf:44:12:4d:20:85:1b:b8:aa:4a:
                    05:31:25:34:37:eb:ee:88:36:95:1c:6b:55:93:fb:
                    44:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:DB:BB:7C:D3:9F:EC:B7:FC:7E:31:3E:02:28:A4:2E:B8:64:FC:1F
            X509v3 Authority Key Identifier:
                keyid:AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/m9u7fNOf7Lf8fjE-AiikLrhk_B8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.182.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:4d:54:b9:38:8e:f3:24:ee:40:48:3e:02:75:e5:d6:2d:63:
         a4:cd:21:37:9f:a1:5d:7d:57:52:da:44:f2:2f:7d:69:27:91:
         33:5a:72:d7:ee:3e:b7:f9:e5:e3:78:c2:93:72:26:c9:85:77:
         b2:99:f9:99:b7:72:cf:ec:e2:79:66:20:72:48:29:fa:73:86:
         7a:cf:2c:0f:d2:19:d0:48:6a:a7:ab:cb:0b:01:c2:c3:d7:f9:
         d4:07:9b:ec:ed:f0:d5:7b:3a:16:1e:93:10:3c:19:61:57:e5:
         42:f0:d1:40:c8:b3:da:6c:f7:2b:09:ca:80:99:51:c0:ca:28:
         d3:f1:08:8c:42:37:b0:0e:af:92:57:fc:dd:03:70:ae:f4:7e:
         29:13:53:6f:4a:89:fb:68:ff:e8:b3:34:14:d7:38:33:df:bc:
         bc:16:fe:ca:3e:de:f9:2f:50:f7:98:eb:33:b0:b7:27:74:fc:
         2d:02:cb:bd:f9:fc:c7:ab:75:59:16:46:1b:68:d9:39:aa:90:
         51:bf:57:5d:60:6e:37:31:2b:55:df:9e:2d:99:9f:90:08:1b:
         dd:24:46:04:e8:84:ce:15:4c:36:a2:fc:9a:b1:fc:e1:8c:70:
         79:3a:92:04:41:94:81:9b:1d:2e:4a:96:41:03:45:e3:64:af:
         5e:1c:da:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSznOm+VgD4L+c00T27p0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZjQ5MTQ4OGE3Y2Q4NDQ4YTQyMDk0NTg3MWMwYjk5Njcy
ZGM2NmUwHhcNMjQwMTAxMTgzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmRiYmI3Y2QzOWZlY2I3ZmM3ZTMxM2UwMjI4YTQyZWI4NjRmYzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmYwXJzF4ON6ABxfC0bme/kB65v8s
2+37HOPiq+XGnqIRDFozMJ0hXjFGFMGoMzmZ/2P7CTb/ksSTPU4F2oMKmAvjeZgG
3THOQx5ZmD/zofiBh/Sxh9MdAzNkNEhV3aPEZL0fuZ61zvk81VkKCe1ZlBH78fyG
3IRJ91bZtyddtrNLQN7KdsAjvEno2ef58gJrirZe7PHzQm1mhFyTpZ6sSL3uUuVv
JWMjDKz5LbXPMmt8MJhs6MJYgZASunNz+l8dfp6KfH3QH5mwo9mqdvXrXby9e1DF
LH0lcahuXZdRkx90389qHc9EEk0ghRu4qkoFMSU0N+vuiDaVHGtVk/tEXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJvbu3zTn+y3/H4xPgIopC64ZPwfMB8GA1UdIwQY
MBaAFK30kUiKfNhEikIJRYccC5lnLcZuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQt
MGJlZTA2MTI2YjFhLzEvbTl1N2ZOT2Y3TGY4ZmpFLUFpaWtMcmhrX0I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQtMGJlZTA2MTI2YjFh
LzEvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXrbjMA0G
CSqGSIb3DQEBCwUAA4IBAQAxTVS5OI7zJO5ASD4CdeXWLWOkzSE3n6FdfVdS2kTy
L31pJ5EzWnLX7j63+eXjeMKTcibJhXeymfmZt3LP7OJ5ZiBySCn6c4Z6zywP0hnQ
SGqnq8sLAcLD1/nUB5vs7fDVezoWHpMQPBlhV+VC8NFAyLPabPcrCcqAmVHAyijT
8QiMQjewDq+SV/zdA3Cu9H4pE1NvSon7aP/oszQU1zgz37y8Fv7KPt75L1D3mOsz
sLcndPwtAsu9+fzHq3VZFkYbaNk5qpBRv1ddYG43MStV354tmZ+QCBvdJEYE6ITO
FUw2ovyasfzhjHB5OpIEQZSBmx0uSpZBA0XjZK9eHNqI
-----END CERTIFICATE-----