Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/bLix9hV-qK7ZdvmYP-DalFTKjpU.roa
File:                     bLix9hV-qK7ZdvmYP-DalFTKjpU.roa (raw, json)
Hash identifier:          nueQoUq+r9CqlKpSGVKFwrsLxJRFf2fmBL2ZgmFXCss=
Subject key identifier:   6C:B8:B1:F6:15:7E:A8:AE:D9:76:F9:98:3F:E0:DA:94:54:CA:8E:95
Certificate issuer:       /CN=117f9d55826b42486dfc84d35c1a63a5ce87507c
Certificate serial:       018CC86F734CE7B602E1F02E8A7F5F09A184
Authority key identifier: 11:7F:9D:55:82:6B:42:48:6D:FC:84:D3:5C:1A:63:A5:CE:87:50:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/bLix9hV-qK7ZdvmYP-DalFTKjpU.roa
Signing time:             Tue 02 Jan 2024 04:29:56 +0000
ROA not before:           Tue 02 Jan 2024 04:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44477
IP address blocks:        94.228.163.0/24 maxlen: 24
                          94.228.162.0/24 maxlen: 24
                          94.228.165.0/24 maxlen: 24
                          94.228.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:73:4c:e7:b6:02:e1:f0:2e:8a:7f:5f:09:a1:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=117f9d55826b42486dfc84d35c1a63a5ce87507c
        Validity
            Not Before: Jan  2 04:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6cb8b1f6157ea8aed976f9983fe0da9454ca8e95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ec:29:e5:31:43:4c:3b:de:1d:1b:cc:52:dd:
                    ba:16:01:0f:7e:bf:59:3e:f9:2f:fb:85:ed:cd:66:
                    32:80:d3:84:2f:ae:1d:39:1a:7d:37:62:d1:5d:15:
                    8f:e2:55:fe:05:bd:f9:c0:bf:fd:f0:73:ff:be:72:
                    97:e0:97:08:eb:46:f4:1e:b6:b4:2b:50:5d:07:2a:
                    78:f1:26:30:f3:f2:d4:cd:02:5d:fb:c3:3b:59:48:
                    2a:05:2a:69:43:12:ed:9f:6b:12:24:c0:72:a0:d2:
                    6e:fe:4c:8f:c4:6d:2f:92:24:08:d2:11:e0:f6:a7:
                    fc:92:fd:c1:48:24:64:fd:38:65:aa:25:97:05:e1:
                    d5:d9:7a:8c:14:23:1e:b4:d3:49:54:ae:45:87:02:
                    8f:52:df:ee:e1:77:b1:db:86:04:0e:b7:34:a7:a0:
                    e3:34:0d:bd:3a:4c:76:35:15:1b:73:fd:6b:6a:fd:
                    cd:11:6a:f5:d7:f7:23:46:e6:2a:96:2b:2d:ef:3c:
                    a2:52:c3:e0:ee:66:d5:e7:82:d1:0e:36:a4:c6:1a:
                    c5:99:01:1a:57:4e:09:af:1d:1c:32:ef:af:60:23:
                    19:86:3e:68:33:69:bb:6c:33:5f:48:d0:6f:82:fe:
                    3e:c4:dd:5e:c1:c4:03:b4:13:13:46:ed:66:99:37:
                    d4:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:B8:B1:F6:15:7E:A8:AE:D9:76:F9:98:3F:E0:DA:94:54:CA:8E:95
            X509v3 Authority Key Identifier:
                keyid:11:7F:9D:55:82:6B:42:48:6D:FC:84:D3:5C:1A:63:A5:CE:87:50:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/bLix9hV-qK7ZdvmYP-DalFTKjpU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.228.162.0-94.228.165.255

    Signature Algorithm: sha256WithRSAEncryption
         9a:23:a8:6c:52:47:62:f9:a9:23:e2:b1:42:d7:3a:b4:f9:86:
         e0:67:36:2a:6d:6a:14:c9:30:fd:29:d6:d5:e3:20:2a:f5:7e:
         e3:9c:6b:0a:cc:73:2d:e0:27:3f:c1:2d:c2:ed:c7:ee:0b:21:
         1e:56:9d:f7:37:6e:fc:d3:53:cd:fa:cd:42:0d:23:9c:68:d1:
         31:f4:3b:8d:07:d0:20:35:74:36:c5:c2:7e:ec:ca:f1:98:86:
         4e:94:20:9a:06:42:61:f6:5f:ba:de:45:d9:62:8c:55:31:1b:
         4e:29:7c:b8:ef:26:2c:c2:62:4e:60:8e:23:44:10:c7:ed:cd:
         6a:2d:e9:87:14:94:d9:e1:51:c6:6b:e0:59:7c:07:6f:69:04:
         da:9c:ee:6d:3c:35:50:12:0b:d1:bb:4f:0c:06:c6:f9:8d:6d:
         d8:99:bc:fb:f7:2c:f1:04:8b:6c:23:26:9f:ca:b1:6f:d5:8d:
         89:65:a4:06:9d:5c:a6:dc:5f:34:56:78:52:08:32:cc:a0:c3:
         82:23:db:85:2a:09:1c:83:25:84:7f:dc:c1:0f:0a:dc:c6:ba:
         5d:87:1a:5d:71:31:64:a2:b8:18:bf:3d:de:fe:08:35:de:dc:
         b4:63:e8:84:a6:26:36:d0:ae:f4:8e:6c:3c:bd:27:ed:b1:52:
         95:a9:b1:2f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzIb3NM57YC4fAuin9fCaGEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExN2Y5ZDU1ODI2YjQyNDg2ZGZjODRkMzVjMWE2M2E1Y2U4
NzUwN2MwHhcNMjQwMTAyMDQyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2I4YjFmNjE1N2VhOGFlZDk3NmY5OTgzZmUwZGE5NDU0Y2E4ZTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmewp5TFDTDveHRvMUt26FgEPfr9Z
Pvkv+4XtzWYygNOEL64dORp9N2LRXRWP4lX+Bb35wL/98HP/vnKX4JcI60b0Hra0
K1BdByp48SYw8/LUzQJd+8M7WUgqBSppQxLtn2sSJMByoNJu/kyPxG0vkiQI0hHg
9qf8kv3BSCRk/ThlqiWXBeHV2XqMFCMetNNJVK5FhwKPUt/u4Xex24YEDrc0p6Dj
NA29Okx2NRUbc/1rav3NEWr11/cjRuYqlist7zyiUsPg7mbV54LRDjakxhrFmQEa
V04Jrx0cMu+vYCMZhj5oM2m7bDNfSNBvgv4+xN1ewcQDtBMTRu1mmTfUBwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGy4sfYVfqiu2Xb5mD/g2pRUyo6VMB8GA1UdIwQY
MBaAFBF/nVWCa0JIbfyE01waY6XOh1B8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVgtZFZZSnJRa2h0X0lUVFhCcGpwYzZIVUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9lYWZjNDEtYzM1OC00YjUxLTliMWMt
M2ZiYmJhOTI0OWNkLzEvYkxpeDloVi1xSzdaZHZtWVAtRGFsRlRLanBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9lYWZjNDEtYzM1OC00YjUxLTliMWMtM2ZiYmJhOTI0OWNk
LzEvRVgtZFZZSnJRa2h0X0lUVFhCcGpwYzZIVUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAFe5KID
BAFe5KQwDQYJKoZIhvcNAQELBQADggEBAJojqGxSR2L5qSPisULXOrT5huBnNipt
ahTJMP0p1tXjICr1fuOcawrMcy3gJz/BLcLtx+4LIR5Wnfc3bvzTU836zUINI5xo
0TH0O40H0CA1dDbFwn7syvGYhk6UIJoGQmH2X7reRdlijFUxG04pfLjvJizCYk5g
jiNEEMftzWot6YcUlNnhUcZr4Fl8B29pBNqc7m08NVASC9G7TwwGxvmNbdiZvPv3
LPEEi2wjJp/KsW/VjYllpAadXKbcXzRWeFIIMsygw4Ij24UqCRyDJYR/3MEPCtzG
ul2HGl1xMWSiuBi/Pd7+CDXe3LRj6ISmJjbQrvSObDy9J+2xUpWpsS8=
-----END CERTIFICATE-----