Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/3fe931-7dd6-443b-aade-d9a61937a1e5/1/0cRicyUmidWBE_djmBXaUftVUV8.roa
File:                     0cRicyUmidWBE_djmBXaUftVUV8.roa (raw, json)
Hash identifier:          dXABuyX9P0JlwXTXdUP6jSuD7WT1eGa315E6Ln6WIa4=
Subject key identifier:   D1:C4:62:73:25:26:89:D5:81:13:F7:63:98:15:DA:51:FB:55:51:5F
Certificate issuer:       /CN=4df1811f3997b950ac89e410ea3ef018a673d5fc
Certificate serial:       018D363EF39056FAAAEF379DFED2213AFBCC
Authority key identifier: 4D:F1:81:1F:39:97:B9:50:AC:89:E4:10:EA:3E:F0:18:A6:73:D5:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TfGBHzmXuVCsieQQ6j7wGKZz1fw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/3fe931-7dd6-443b-aade-d9a61937a1e5/1/0cRicyUmidWBE_djmBXaUftVUV8.roa
Signing time:             Tue 23 Jan 2024 12:15:11 +0000
ROA not before:           Tue 23 Jan 2024 12:15:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199657
IP address blocks:        94.199.96.0/22 maxlen: 24
                          2a06:d6c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/3fe931-7dd6-443b-aade-d9a61937a1e5/1/TfGBHzmXuVCsieQQ6j7wGKZz1fw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/3fe931-7dd6-443b-aade-d9a61937a1e5/1/TfGBHzmXuVCsieQQ6j7wGKZz1fw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TfGBHzmXuVCsieQQ6j7wGKZz1fw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 23:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:36:3e:f3:90:56:fa:aa:ef:37:9d:fe:d2:21:3a:fb:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4df1811f3997b950ac89e410ea3ef018a673d5fc
        Validity
            Not Before: Jan 23 12:15:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1c46273252689d58113f7639815da51fb55515f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:d9:78:9c:5e:1d:4f:8b:3b:7e:7e:90:5e:65:
                    f8:b3:df:75:d3:6a:66:ba:b3:0b:8d:c1:0a:bc:ad:
                    50:d8:bd:86:75:ed:6f:3e:1e:2a:1c:b2:1a:9f:c3:
                    5d:d0:f2:d2:bf:4f:b2:f1:14:fe:ec:c8:6d:b6:8a:
                    84:fc:24:bb:f0:ea:94:a5:11:ff:17:26:3e:a6:7b:
                    5a:34:41:53:46:11:ec:5a:9c:17:12:bc:8b:1f:8c:
                    6e:14:e6:5e:19:c9:a3:87:6c:84:be:a4:22:d7:5e:
                    b0:15:f8:38:5b:33:a5:89:ee:17:dd:c6:34:65:36:
                    96:62:0f:70:a9:58:c6:54:12:8a:b6:92:fd:ce:d5:
                    ad:ab:57:3e:73:ea:66:85:d7:a5:61:7b:6d:24:b5:
                    d8:12:9d:d2:c5:35:13:7d:fd:92:3c:e5:82:62:51:
                    65:83:8c:b9:8c:57:b5:9c:8a:10:06:16:31:92:03:
                    15:2c:18:21:eb:e6:6d:8f:cb:85:ba:d1:2e:10:aa:
                    73:8b:34:51:0b:c7:f2:96:36:e6:a1:88:fd:3c:90:
                    33:57:25:81:71:4b:79:32:e0:85:32:6c:38:c9:b1:
                    48:7c:ff:61:27:25:8a:9f:d4:2c:a6:58:f0:62:7d:
                    46:13:c0:6e:48:8e:00:93:d3:36:f2:5f:78:6e:43:
                    6e:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:C4:62:73:25:26:89:D5:81:13:F7:63:98:15:DA:51:FB:55:51:5F
            X509v3 Authority Key Identifier:
                keyid:4D:F1:81:1F:39:97:B9:50:AC:89:E4:10:EA:3E:F0:18:A6:73:D5:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TfGBHzmXuVCsieQQ6j7wGKZz1fw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/3fe931-7dd6-443b-aade-d9a61937a1e5/1/0cRicyUmidWBE_djmBXaUftVUV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/3fe931-7dd6-443b-aade-d9a61937a1e5/1/TfGBHzmXuVCsieQQ6j7wGKZz1fw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.199.96.0/22
                IPv6:
                  2a06:d6c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         75:cf:48:88:e4:50:3b:8c:d5:2f:76:d7:b5:e1:c3:ba:01:fd:
         77:f0:a0:df:91:ad:8f:5d:8e:62:42:3b:c8:63:98:0a:e6:e5:
         78:ca:c8:73:e3:ef:4d:a3:60:ea:8f:a2:87:13:0f:de:a6:8e:
         0e:00:78:e3:8b:8a:65:32:77:d7:ba:42:76:07:da:09:8f:3f:
         b1:6b:59:cd:d9:22:ba:b4:ad:27:dd:f3:4f:80:77:5b:45:3a:
         15:68:eb:71:60:e8:07:1f:95:8e:51:6c:88:87:47:c6:86:f5:
         47:07:ca:b2:b4:1f:9d:fa:50:3c:1a:c6:3c:36:71:f6:34:44:
         f9:16:50:85:65:d4:e0:14:51:18:6e:3e:54:90:5a:24:4f:a1:
         45:03:85:35:76:bf:ff:2f:1f:ce:2f:bd:fd:f4:43:1d:0f:67:
         42:c8:30:e6:38:3e:f1:2e:e9:1f:b5:c7:12:bd:d9:6f:c9:9b:
         29:91:ff:13:74:1a:5d:99:0d:95:11:a8:f6:06:93:10:f1:dd:
         08:68:45:3b:0e:52:af:87:50:7a:ae:85:7e:6c:3b:f5:20:0a:
         d2:23:78:16:ae:57:4f:90:69:d0:ed:1f:23:80:d2:b8:ba:64:
         15:28:90:48:8c:5a:ac:67:69:74:2f:27:e1:81:cc:b6:b8:58:
         84:78:55:47
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY02PvOQVvqq7zed/tIhOvvMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZjE4MTFmMzk5N2I5NTBhYzg5ZTQxMGVhM2VmMDE4YTY3
M2Q1ZmMwHhcNMjQwMTIzMTIxNTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWM0NjI3MzI1MjY4OWQ1ODExM2Y3NjM5ODE1ZGE1MWZiNTU1MTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgtl4nF4dT4s7fn6QXmX4s99102pm
urMLjcEKvK1Q2L2Gde1vPh4qHLIan8Nd0PLSv0+y8RT+7MhttoqE/CS78OqUpRH/
FyY+pntaNEFTRhHsWpwXEryLH4xuFOZeGcmjh2yEvqQi116wFfg4WzOlie4X3cY0
ZTaWYg9wqVjGVBKKtpL9ztWtq1c+c+pmhdelYXttJLXYEp3SxTUTff2SPOWCYlFl
g4y5jFe1nIoQBhYxkgMVLBgh6+Ztj8uFutEuEKpzizRRC8fyljbmoYj9PJAzVyWB
cUt5MuCFMmw4ybFIfP9hJyWKn9QspljwYn1GE8BuSI4Ak9M28l94bkNuNQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNHEYnMlJonVgRP3Y5gV2lH7VVFfMB8GA1UdIwQY
MBaAFE3xgR85l7lQrInkEOo+8Bimc9X8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGZHQkh6bVh1VkNzaWVRUTZqN3dHS1p6MWZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8zZmU5MzEtN2RkNi00NDNiLWFhZGUt
ZDlhNjE5MzdhMWU1LzEvMGNSaWN5VW1pZFdCRV9kam1CWGFVZnRWVVY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8zZmU5MzEtN2RkNi00NDNiLWFhZGUtZDlhNjE5MzdhMWU1
LzEvVGZHQkh6bVh1VkNzaWVRUTZqN3dHS1p6MWZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCXsdgMA0E
AgACMAcDBQAqBtbAMA0GCSqGSIb3DQEBCwUAA4IBAQB1z0iI5FA7jNUvdte14cO6
Af138KDfka2PXY5iQjvIY5gK5uV4yshz4+9No2Dqj6KHEw/epo4OAHjji4plMnfX
ukJ2B9oJjz+xa1nN2SK6tK0n3fNPgHdbRToVaOtxYOgHH5WOUWyIh0fGhvVHB8qy
tB+d+lA8GsY8NnH2NET5FlCFZdTgFFEYbj5UkFokT6FFA4U1dr//Lx/OL7399EMd
D2dCyDDmOD7xLukftccSvdlvyZspkf8TdBpdmQ2VEaj2BpMQ8d0IaEU7DlKvh1B6
roV+bDv1IArSI3gWrldPkGnQ7R8jgNK4umQVKJBIjFqsZ2l0Lyfhgcy2uFiEeFVH
-----END CERTIFICATE-----