Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/v2oV3KRmZ36Cqqq9370thl4sWkk.roa
File:                     v2oV3KRmZ36Cqqq9370thl4sWkk.roa (raw, json)
Hash identifier:          39BspDRhqXLHyH5zDmqns2UmU7zbiPkpx7Bx4TG1pWg=
Subject key identifier:   BF:6A:15:DC:A4:66:67:7E:82:AA:AA:BD:DF:BD:2D:86:5E:2C:5A:49
Certificate issuer:       /CN=117f9d55826b42486dfc84d35c1a63a5ce87507c
Certificate serial:       018CC86F7393C97459586048F70AE194821D
Authority key identifier: 11:7F:9D:55:82:6B:42:48:6D:FC:84:D3:5C:1A:63:A5:CE:87:50:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/v2oV3KRmZ36Cqqq9370thl4sWkk.roa
Signing time:             Tue 02 Jan 2024 04:29:56 +0000
ROA not before:           Tue 02 Jan 2024 04:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52000
IP address blocks:        94.228.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:73:93:c9:74:59:58:60:48:f7:0a:e1:94:82:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=117f9d55826b42486dfc84d35c1a63a5ce87507c
        Validity
            Not Before: Jan  2 04:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf6a15dca466677e82aaaabddfbd2d865e2c5a49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:71:7e:1f:f5:19:a7:5b:a7:6d:47:cc:4b:ff:
                    bf:61:60:ae:89:bf:5b:ae:6f:d2:67:19:ef:cc:56:
                    57:cd:fa:5d:e6:a5:91:d0:45:e8:89:9f:6e:4e:94:
                    c8:17:53:b2:15:3e:fb:a4:9a:9a:66:43:da:11:92:
                    de:6b:ff:91:f2:71:07:85:40:03:3e:98:76:0c:3d:
                    df:87:ab:eb:5f:6e:f2:6b:b1:53:81:e3:57:d5:b0:
                    9d:42:5a:a6:1c:9c:8f:91:c9:03:aa:f7:76:b6:8c:
                    67:d9:d7:02:07:8b:ab:f6:9f:50:ab:b0:1c:2b:d4:
                    ae:32:41:98:c8:4b:cf:0a:db:7c:fa:0d:92:c9:d5:
                    1c:44:09:fc:59:6d:1a:ba:c1:ff:c1:c8:24:46:7a:
                    b3:d3:57:39:03:54:35:f6:b9:1c:6b:8c:46:d0:cd:
                    ec:46:69:e8:6a:03:fe:48:76:b9:67:46:71:a8:51:
                    9c:87:10:f7:f7:7b:c2:89:f9:aa:f2:d6:d7:e8:76:
                    1e:62:04:75:9e:a0:09:5f:f1:ca:9e:46:6d:32:aa:
                    92:7f:d4:8c:aa:fa:d6:e7:7e:c3:2d:c2:6a:8d:f3:
                    a2:49:55:e9:92:44:5c:56:ce:5a:5a:ce:bb:aa:af:
                    b0:f2:22:bd:6c:85:4b:57:c8:3a:49:8e:ec:d1:60:
                    da:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:6A:15:DC:A4:66:67:7E:82:AA:AA:BD:DF:BD:2D:86:5E:2C:5A:49
            X509v3 Authority Key Identifier:
                keyid:11:7F:9D:55:82:6B:42:48:6D:FC:84:D3:5C:1A:63:A5:CE:87:50:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/v2oV3KRmZ36Cqqq9370thl4sWkk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.228.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:0f:c0:26:2c:3e:75:1f:cc:c6:ac:16:16:37:e9:70:28:74:
         66:e9:55:b8:a6:8a:4d:28:4e:00:8c:0c:06:7b:37:01:a6:f1:
         f2:7d:b4:ca:7d:bf:b5:a9:d6:1a:1b:de:7e:8a:83:a6:55:23:
         d0:1d:4d:8c:53:d3:97:88:84:db:c2:3f:11:60:f9:1f:07:06:
         e2:67:53:14:7c:82:3e:bf:42:29:c7:88:80:3b:42:14:be:00:
         dd:cb:93:8d:39:9b:ed:48:35:21:24:f7:c0:3d:13:15:51:d4:
         ed:7d:0d:d8:40:25:87:9f:17:e5:8e:33:0e:29:a1:54:65:fb:
         a2:7a:36:f2:8f:46:7a:51:8d:14:af:78:e8:1f:d7:6f:19:b6:
         0d:13:84:f0:76:a0:ce:6e:47:02:d0:2a:4b:c7:d9:94:aa:5c:
         41:59:68:0f:3d:c4:aa:cc:36:eb:5c:9e:ea:46:43:41:2e:87:
         e7:d9:e6:b2:90:91:92:f4:f3:b5:c0:d6:13:e2:cd:fb:aa:fe:
         59:a9:10:6d:d8:a8:b3:5e:22:c9:4a:5b:ab:bf:ea:35:c6:33:
         4d:4d:54:81:bc:fb:8f:aa:bc:b3:ef:e0:37:d4:59:21:ec:b3:
         19:9f:b9:ed:57:76:ce:3f:a6:70:f2:b9:3c:3c:d3:8c:5b:0a:
         08:79:94:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb3OTyXRZWGBI9wrhlIIdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExN2Y5ZDU1ODI2YjQyNDg2ZGZjODRkMzVjMWE2M2E1Y2U4
NzUwN2MwHhcNMjQwMTAyMDQyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjZhMTVkY2E0NjY2NzdlODJhYWFhYmRkZmJkMmQ4NjVlMmM1YTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7HF+H/UZp1unbUfMS/+/YWCuib9b
rm/SZxnvzFZXzfpd5qWR0EXoiZ9uTpTIF1OyFT77pJqaZkPaEZLea/+R8nEHhUAD
Pph2DD3fh6vrX27ya7FTgeNX1bCdQlqmHJyPkckDqvd2toxn2dcCB4ur9p9Qq7Ac
K9SuMkGYyEvPCtt8+g2SydUcRAn8WW0ausH/wcgkRnqz01c5A1Q19rkca4xG0M3s
RmnoagP+SHa5Z0ZxqFGchxD393vCifmq8tbX6HYeYgR1nqAJX/HKnkZtMqqSf9SM
qvrW537DLcJqjfOiSVXpkkRcVs5aWs67qq+w8iK9bIVLV8g6SY7s0WDaRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL9qFdykZmd+gqqqvd+9LYZeLFpJMB8GA1UdIwQY
MBaAFBF/nVWCa0JIbfyE01waY6XOh1B8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVgtZFZZSnJRa2h0X0lUVFhCcGpwYzZIVUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9lYWZjNDEtYzM1OC00YjUxLTliMWMt
M2ZiYmJhOTI0OWNkLzEvdjJvVjNLUm1aMzZDcXFxOTM3MHRobDRzV2trLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9lYWZjNDEtYzM1OC00YjUxLTliMWMtM2ZiYmJhOTI0OWNk
LzEvRVgtZFZZSnJRa2h0X0lUVFhCcGpwYzZIVUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXuShMA0G
CSqGSIb3DQEBCwUAA4IBAQBPD8AmLD51H8zGrBYWN+lwKHRm6VW4popNKE4AjAwG
ezcBpvHyfbTKfb+1qdYaG95+ioOmVSPQHU2MU9OXiITbwj8RYPkfBwbiZ1MUfII+
v0Ipx4iAO0IUvgDdy5ONOZvtSDUhJPfAPRMVUdTtfQ3YQCWHnxfljjMOKaFUZfui
ejbyj0Z6UY0Ur3joH9dvGbYNE4TwdqDObkcC0CpLx9mUqlxBWWgPPcSqzDbrXJ7q
RkNBLofn2eaykJGS9PO1wNYT4s37qv5ZqRBt2KizXiLJSlurv+o1xjNNTVSBvPuP
qryz7+A31Fkh7LMZn7ntV3bOP6Zw8rk8PNOMWwoIeZQm
-----END CERTIFICATE-----