Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/3fe931-7dd6-443b-aade-d9a61937a1e5/1/Baezm_8bXkS9o1OGc3Ib3OzxzbQ.roa
File:                     Baezm_8bXkS9o1OGc3Ib3OzxzbQ.roa (raw, json)
Hash identifier:          J71/TnZdKLOG43ntzIGcfhnOq0LZrZ8hFPCXN2VPbKs=
Subject key identifier:   05:A7:B3:9B:FF:1B:5E:44:BD:A3:53:86:73:72:1B:DC:EC:F1:CD:B4
Certificate issuer:       /CN=4df1811f3997b950ac89e410ea3ef018a673d5fc
Certificate serial:       018D363EF3EA52380B78F5A7C1F76D9140F1
Authority key identifier: 4D:F1:81:1F:39:97:B9:50:AC:89:E4:10:EA:3E:F0:18:A6:73:D5:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TfGBHzmXuVCsieQQ6j7wGKZz1fw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/3fe931-7dd6-443b-aade-d9a61937a1e5/1/Baezm_8bXkS9o1OGc3Ib3OzxzbQ.roa
Signing time:             Tue 23 Jan 2024 12:15:11 +0000
ROA not before:           Tue 23 Jan 2024 12:15:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200985
IP address blocks:        94.199.96.0/22 maxlen: 24
                          2a06:d6c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/3fe931-7dd6-443b-aade-d9a61937a1e5/1/TfGBHzmXuVCsieQQ6j7wGKZz1fw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/3fe931-7dd6-443b-aade-d9a61937a1e5/1/TfGBHzmXuVCsieQQ6j7wGKZz1fw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TfGBHzmXuVCsieQQ6j7wGKZz1fw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:36:3e:f3:ea:52:38:0b:78:f5:a7:c1:f7:6d:91:40:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4df1811f3997b950ac89e410ea3ef018a673d5fc
        Validity
            Not Before: Jan 23 12:15:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=05a7b39bff1b5e44bda3538673721bdcecf1cdb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:66:d8:0e:6f:9b:37:d0:6b:bf:17:5a:29:25:
                    83:7d:c9:15:5f:06:20:2b:e3:62:e7:fe:2e:8d:c4:
                    59:d4:88:ff:66:bd:49:8b:cf:00:32:9e:ff:8a:94:
                    dc:04:b9:01:06:87:6f:4f:6c:b4:f4:64:95:49:a6:
                    9f:29:77:62:cf:90:8e:aa:06:2a:a8:c2:d9:2a:34:
                    38:82:c1:2c:82:96:97:4c:1a:ca:1e:c3:68:e1:a6:
                    24:79:63:84:6f:15:5e:8a:33:63:b1:6d:8a:c1:c0:
                    b1:ab:49:ca:ed:f3:2a:4f:21:d6:01:15:d6:ec:d8:
                    81:08:5f:b8:99:98:54:6d:a1:90:2f:97:a7:bf:4c:
                    98:1e:14:a9:19:52:91:6f:56:ff:f7:46:91:d8:93:
                    47:22:7b:fe:f5:a5:28:45:7f:14:92:80:b2:1e:25:
                    06:a4:da:14:a3:9b:32:c0:a4:bb:91:d9:dd:f9:f3:
                    2d:13:7d:52:f6:e4:54:0a:ba:55:4a:fd:27:34:aa:
                    8c:ba:d5:33:7e:49:ec:89:37:48:98:fb:d4:1e:af:
                    fe:fc:ea:72:5a:60:00:48:8a:fc:3e:b7:ce:cc:99:
                    3e:22:8a:de:66:62:9f:07:67:ec:14:47:8c:2d:ec:
                    03:54:c5:68:96:8c:bd:63:71:48:c5:59:a0:71:cf:
                    37:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:A7:B3:9B:FF:1B:5E:44:BD:A3:53:86:73:72:1B:DC:EC:F1:CD:B4
            X509v3 Authority Key Identifier:
                keyid:4D:F1:81:1F:39:97:B9:50:AC:89:E4:10:EA:3E:F0:18:A6:73:D5:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TfGBHzmXuVCsieQQ6j7wGKZz1fw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/3fe931-7dd6-443b-aade-d9a61937a1e5/1/Baezm_8bXkS9o1OGc3Ib3OzxzbQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/3fe931-7dd6-443b-aade-d9a61937a1e5/1/TfGBHzmXuVCsieQQ6j7wGKZz1fw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.199.96.0/22
                IPv6:
                  2a06:d6c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         45:39:40:c5:3f:8c:e3:06:c5:4d:5d:c7:d3:2c:12:0a:10:84:
         6d:b9:3a:0a:ef:fa:7d:47:a9:f9:79:63:60:fe:d2:58:e5:fb:
         a8:96:83:8f:3c:0b:9b:4f:0b:63:f5:09:a9:78:5b:42:a2:a2:
         a6:23:2f:15:68:de:63:95:36:60:1f:70:a7:c1:6a:21:3c:27:
         e3:a8:cc:16:88:69:3a:a7:7a:36:2b:b8:85:ae:c4:95:f5:33:
         25:9c:3d:0a:41:d6:2f:07:6c:0e:61:b8:16:cc:84:91:b3:09:
         23:52:9d:b5:49:6a:51:3c:f0:89:21:55:aa:5d:41:06:eb:57:
         d8:57:53:55:70:e1:e2:13:5d:06:4c:cf:81:77:29:a1:5b:9e:
         ea:44:d1:dd:0c:4c:f3:a9:dc:8d:53:cf:15:48:5e:cb:06:f4:
         fe:22:a0:6e:10:75:94:44:9f:72:6a:11:31:60:c7:2a:46:66:
         11:c2:09:10:0c:27:17:c7:b4:ab:cf:71:c0:15:ab:67:aa:ab:
         f6:a4:30:9c:18:18:b9:87:54:0c:c6:8b:fd:66:73:cb:eb:98:
         9f:2b:fe:be:49:95:c2:20:28:77:a6:35:e1:5f:ab:15:24:11:
         13:61:0b:32:c0:83:29:a0:8e:26:31:68:c2:08:a3:1d:dc:55:
         90:b7:63:1f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY02PvPqUjgLePWnwfdtkUDxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZjE4MTFmMzk5N2I5NTBhYzg5ZTQxMGVhM2VmMDE4YTY3
M2Q1ZmMwHhcNMjQwMTIzMTIxNTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWE3YjM5YmZmMWI1ZTQ0YmRhMzUzODY3MzcyMWJkY2VjZjFjZGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA12bYDm+bN9BrvxdaKSWDfckVXwYg
K+Ni5/4ujcRZ1Ij/Zr1Ji88AMp7/ipTcBLkBBodvT2y09GSVSaafKXdiz5COqgYq
qMLZKjQ4gsEsgpaXTBrKHsNo4aYkeWOEbxVeijNjsW2KwcCxq0nK7fMqTyHWARXW
7NiBCF+4mZhUbaGQL5env0yYHhSpGVKRb1b/90aR2JNHInv+9aUoRX8UkoCyHiUG
pNoUo5sywKS7kdnd+fMtE31S9uRUCrpVSv0nNKqMutUzfknsiTdImPvUHq/+/Opy
WmAASIr8PrfOzJk+IoreZmKfB2fsFEeMLewDVMVoloy9Y3FIxVmgcc83gQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAWns5v/G15EvaNThnNyG9zs8c20MB8GA1UdIwQY
MBaAFE3xgR85l7lQrInkEOo+8Bimc9X8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGZHQkh6bVh1VkNzaWVRUTZqN3dHS1p6MWZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8zZmU5MzEtN2RkNi00NDNiLWFhZGUt
ZDlhNjE5MzdhMWU1LzEvQmFlem1fOGJYa1M5bzFPR2MzSWIzT3p4emJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8zZmU5MzEtN2RkNi00NDNiLWFhZGUtZDlhNjE5MzdhMWU1
LzEvVGZHQkh6bVh1VkNzaWVRUTZqN3dHS1p6MWZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCXsdgMA0E
AgACMAcDBQAqBtbAMA0GCSqGSIb3DQEBCwUAA4IBAQBFOUDFP4zjBsVNXcfTLBIK
EIRtuToK7/p9R6n5eWNg/tJY5fuoloOPPAubTwtj9QmpeFtCoqKmIy8VaN5jlTZg
H3CnwWohPCfjqMwWiGk6p3o2K7iFrsSV9TMlnD0KQdYvB2wOYbgWzISRswkjUp21
SWpRPPCJIVWqXUEG61fYV1NVcOHiE10GTM+BdymhW57qRNHdDEzzqdyNU88VSF7L
BvT+IqBuEHWURJ9yahExYMcqRmYRwgkQDCcXx7Srz3HAFatnqqv2pDCcGBi5h1QM
xov9ZnPL65ifK/6+SZXCICh3pjXhX6sVJBETYQsywIMpoI4mMWjCCKMd3FWQt2Mf
-----END CERTIFICATE-----