Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/1e3bdd-6bc6-4169-94b1-2a8f79d030f8/1/dAUitWhIjlLuOzcsBftzsgtq_Rk.roa
File:                     dAUitWhIjlLuOzcsBftzsgtq_Rk.roa (raw, json)
Hash identifier:          NcX7SyH9Oh859zITs7ZhfQ2Ceg170UfAnYLHZWxQTy8=
Subject key identifier:   74:05:22:B5:68:48:8E:52:EE:3B:37:2C:05:FB:73:B2:0B:6A:FD:19
Certificate issuer:       /CN=bd2eac0200de608ec967aad178e400fde7880737
Certificate serial:       018CC56ED183337FE4DECC92E0E5C8893D74
Authority key identifier: BD:2E:AC:02:00:DE:60:8E:C9:67:AA:D1:78:E4:00:FD:E7:88:07:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vS6sAgDeYI7JZ6rReOQA_eeIBzc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/1e3bdd-6bc6-4169-94b1-2a8f79d030f8/1/dAUitWhIjlLuOzcsBftzsgtq_Rk.roa
Signing time:             Mon 01 Jan 2024 14:30:23 +0000
ROA not before:           Mon 01 Jan 2024 14:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209288
IP address blocks:        94.142.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/1e3bdd-6bc6-4169-94b1-2a8f79d030f8/1/vS6sAgDeYI7JZ6rReOQA_eeIBzc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/1e3bdd-6bc6-4169-94b1-2a8f79d030f8/1/vS6sAgDeYI7JZ6rReOQA_eeIBzc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vS6sAgDeYI7JZ6rReOQA_eeIBzc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:d1:83:33:7f:e4:de:cc:92:e0:e5:c8:89:3d:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd2eac0200de608ec967aad178e400fde7880737
        Validity
            Not Before: Jan  1 14:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=740522b568488e52ee3b372c05fb73b20b6afd19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:d3:cd:b1:5b:7e:5c:05:e9:7e:60:a1:79:d3:
                    b1:f0:f1:47:cb:fe:30:d2:24:e1:68:d3:fc:3e:46:
                    b4:aa:2a:e3:ce:6e:af:96:52:d9:2d:f5:54:e0:a3:
                    af:c9:ab:10:1e:d7:43:1e:f9:68:92:74:75:73:d4:
                    f5:26:6a:03:fe:f1:d3:a4:e1:fc:fb:c9:cf:52:5f:
                    d2:c5:34:04:f9:4f:66:bf:e5:e7:48:16:0d:7d:cb:
                    7d:db:3e:b0:43:fb:7a:d1:6a:b5:4f:89:f3:77:17:
                    e0:8e:dc:de:6b:e7:2a:6e:9a:79:d3:b7:5f:05:d9:
                    d6:0f:eb:ef:d7:1a:02:49:ff:2f:22:e4:0d:21:c8:
                    0d:d8:4e:07:34:18:36:58:a8:6c:96:c5:df:a1:3f:
                    fc:4d:67:5b:1b:ee:f4:84:6f:ee:32:92:15:e7:7e:
                    8b:de:a6:79:c4:2c:48:79:17:5d:a3:d5:e5:f9:60:
                    28:4e:e5:f6:d6:00:3c:72:d5:0c:69:70:02:0d:3b:
                    f3:7b:83:38:12:e9:26:6f:b6:3e:10:30:b8:5d:78:
                    46:93:42:4f:f6:58:ba:4d:9d:81:a9:92:ef:81:7b:
                    bb:8f:d7:5c:98:10:89:64:84:b2:bf:bf:df:0e:c8:
                    26:56:b0:be:0c:b1:1c:96:cf:39:25:71:00:f4:2d:
                    89:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:05:22:B5:68:48:8E:52:EE:3B:37:2C:05:FB:73:B2:0B:6A:FD:19
            X509v3 Authority Key Identifier:
                keyid:BD:2E:AC:02:00:DE:60:8E:C9:67:AA:D1:78:E4:00:FD:E7:88:07:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vS6sAgDeYI7JZ6rReOQA_eeIBzc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/1e3bdd-6bc6-4169-94b1-2a8f79d030f8/1/dAUitWhIjlLuOzcsBftzsgtq_Rk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/1e3bdd-6bc6-4169-94b1-2a8f79d030f8/1/vS6sAgDeYI7JZ6rReOQA_eeIBzc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.142.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:fa:e0:5c:e1:51:c5:a8:68:2c:4a:08:15:94:28:e9:d1:f1:
         10:31:8c:07:ee:44:d2:fc:3b:52:e3:92:9a:5f:35:53:6f:2f:
         3e:cb:fc:98:a9:89:2f:d8:72:b4:60:9b:2b:91:07:9b:03:a6:
         bf:44:e4:47:0c:50:6a:fe:3a:95:f0:26:80:bb:69:ef:8e:ec:
         88:30:b9:42:04:9a:6d:d0:5b:3f:30:97:60:92:ce:fe:ec:2d:
         27:fd:1c:83:8d:ce:a1:cf:e8:a3:02:d2:3a:fe:13:97:bb:0d:
         6c:c0:46:59:2b:a6:22:bf:34:09:68:23:94:7d:13:8b:3a:5e:
         95:da:9d:b7:c6:9e:23:96:f1:8b:b2:75:cd:81:4d:0c:33:8f:
         da:e0:8f:94:f2:55:db:c4:e9:f6:d0:ea:30:a1:2e:d2:25:4d:
         b0:98:59:aa:d0:03:a9:cb:f3:b0:d8:19:a3:a8:1d:a9:f3:b2:
         15:cc:d2:e0:4e:67:40:6a:33:cb:1b:3b:a6:90:a4:8b:15:fd:
         a5:18:f5:89:c9:da:c6:98:dd:76:80:0f:38:6b:28:5f:b8:54:
         40:50:29:04:71:28:11:01:2c:ba:3f:9b:f3:3c:30:cb:35:07:
         ff:02:27:4b:f2:93:e2:00:74:39:af:63:52:59:f6:0c:d9:e1:
         a5:e9:49:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbtGDM3/k3syS4OXIiT10MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMmVhYzAyMDBkZTYwOGVjOTY3YWFkMTc4ZTQwMGZkZTc4
ODA3MzcwHhcNMjQwMTAxMTQzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDA1MjJiNTY4NDg4ZTUyZWUzYjM3MmMwNWZiNzNiMjBiNmFmZDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgdPNsVt+XAXpfmChedOx8PFHy/4w
0iThaNP8Pka0qirjzm6vllLZLfVU4KOvyasQHtdDHvloknR1c9T1JmoD/vHTpOH8
+8nPUl/SxTQE+U9mv+XnSBYNfct92z6wQ/t60Wq1T4nzdxfgjtzea+cqbpp507df
BdnWD+vv1xoCSf8vIuQNIcgN2E4HNBg2WKhslsXfoT/8TWdbG+70hG/uMpIV536L
3qZ5xCxIeRddo9Xl+WAoTuX21gA8ctUMaXACDTvze4M4Eukmb7Y+EDC4XXhGk0JP
9li6TZ2BqZLvgXu7j9dcmBCJZISyv7/fDsgmVrC+DLEcls85JXEA9C2JswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHQFIrVoSI5S7js3LAX7c7ILav0ZMB8GA1UdIwQY
MBaAFL0urAIA3mCOyWeq0XjkAP3niAc3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlM2c0FnRGVZSTdKWjZyUmVPUUFfZWVJQnpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8xZTNiZGQtNmJjNi00MTY5LTk0YjEt
MmE4Zjc5ZDAzMGY4LzEvZEFVaXRXaElqbEx1T3pjc0JmdHpzZ3RxX1JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8xZTNiZGQtNmJjNi00MTY5LTk0YjEtMmE4Zjc5ZDAzMGY4
LzEvdlM2c0FnRGVZSTdKWjZyUmVPUUFfZWVJQnpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXo79MA0G
CSqGSIb3DQEBCwUAA4IBAQBg+uBc4VHFqGgsSggVlCjp0fEQMYwH7kTS/DtS45Ka
XzVTby8+y/yYqYkv2HK0YJsrkQebA6a/RORHDFBq/jqV8CaAu2nvjuyIMLlCBJpt
0Fs/MJdgks7+7C0n/RyDjc6hz+ijAtI6/hOXuw1swEZZK6YivzQJaCOUfROLOl6V
2p23xp4jlvGLsnXNgU0MM4/a4I+U8lXbxOn20OowoS7SJU2wmFmq0AOpy/Ow2Bmj
qB2p87IVzNLgTmdAajPLGzumkKSLFf2lGPWJydrGmN12gA84ayhfuFRAUCkEcSgR
ASy6P5vzPDDLNQf/AidL8pPiAHQ5r2NSWfYM2eGl6UnE
-----END CERTIFICATE-----