Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/d8ed41-71f6-4bb7-a3ee-a0bb140a596e/1/7zdIFtyksCfxBdLCkUHAEY9cznY.roa
File:                     7zdIFtyksCfxBdLCkUHAEY9cznY.roa (raw, json)
Hash identifier:          IESphrV+6pjk0zB46CzGlzVHWAoGyRabTQewcSgl6G0=
Subject key identifier:   EF:37:48:16:DC:A4:B0:27:F1:05:D2:C2:91:41:C0:11:8F:5C:CE:76
Certificate issuer:       /CN=55d5dc9e220112a27c152bc32389038974ae4572
Certificate serial:       018CC5DC122791E838468CC281B90972ADEB
Authority key identifier: 55:D5:DC:9E:22:01:12:A2:7C:15:2B:C3:23:89:03:89:74:AE:45:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VdXcniIBEqJ8FSvDI4kDiXSuRXI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/d8ed41-71f6-4bb7-a3ee-a0bb140a596e/1/7zdIFtyksCfxBdLCkUHAEY9cznY.roa
Signing time:             Mon 01 Jan 2024 16:29:43 +0000
ROA not before:           Mon 01 Jan 2024 16:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12586
IP address blocks:        94.100.130.0/24 maxlen: 32
                          2a01:6780:8::/48 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/d8ed41-71f6-4bb7-a3ee-a0bb140a596e/1/VdXcniIBEqJ8FSvDI4kDiXSuRXI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/d8ed41-71f6-4bb7-a3ee-a0bb140a596e/1/VdXcniIBEqJ8FSvDI4kDiXSuRXI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VdXcniIBEqJ8FSvDI4kDiXSuRXI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 06:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:12:27:91:e8:38:46:8c:c2:81:b9:09:72:ad:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55d5dc9e220112a27c152bc32389038974ae4572
        Validity
            Not Before: Jan  1 16:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef374816dca4b027f105d2c29141c0118f5cce76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:56:df:c1:7a:59:8a:07:2e:33:91:ab:8e:34:
                    91:63:2b:7d:fe:5d:f8:13:ba:45:01:41:d9:ef:31:
                    c4:5a:92:35:da:91:2e:35:98:df:b6:1c:2e:5e:7a:
                    ef:fb:44:f4:75:12:2d:a2:1f:9a:1c:fc:8f:bc:47:
                    fb:a2:68:3c:22:d3:4c:6f:21:47:90:6e:48:b7:ca:
                    57:c2:28:81:70:39:07:c3:84:f8:45:4b:f5:04:52:
                    b9:a5:0d:33:43:7a:5c:91:53:0f:25:22:1e:55:f2:
                    3b:51:7a:4a:46:52:86:e1:bc:ad:d1:ea:7f:0e:77:
                    e7:bc:83:82:81:e9:2e:33:77:c3:17:bb:39:eb:96:
                    5b:ba:fc:3e:62:55:2d:2f:9c:5e:7c:b6:7a:8d:3f:
                    eb:81:1d:7e:24:3c:75:9e:92:dc:73:41:66:1f:a9:
                    33:a5:f6:61:87:00:aa:05:f0:5c:5f:bb:2b:ae:aa:
                    94:f9:d9:6b:0f:14:a4:f5:44:f9:d1:aa:3d:17:98:
                    2d:15:4a:03:cb:1c:50:2c:c1:e5:24:54:d7:75:f2:
                    ea:8c:49:04:85:90:5e:db:b7:26:61:95:64:0e:88:
                    ad:9c:97:46:07:02:b4:7a:ad:47:f8:b0:d9:f2:c7:
                    32:99:f5:06:b6:c2:db:9f:11:6f:fe:a0:69:1b:d7:
                    02:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:37:48:16:DC:A4:B0:27:F1:05:D2:C2:91:41:C0:11:8F:5C:CE:76
            X509v3 Authority Key Identifier:
                keyid:55:D5:DC:9E:22:01:12:A2:7C:15:2B:C3:23:89:03:89:74:AE:45:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VdXcniIBEqJ8FSvDI4kDiXSuRXI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/d8ed41-71f6-4bb7-a3ee-a0bb140a596e/1/7zdIFtyksCfxBdLCkUHAEY9cznY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/d8ed41-71f6-4bb7-a3ee-a0bb140a596e/1/VdXcniIBEqJ8FSvDI4kDiXSuRXI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.100.130.0/24
                IPv6:
                  2a01:6780:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:29:91:ec:1e:04:76:de:39:ad:c9:cc:5f:1d:bc:6a:c7:12:
         0d:ca:e1:34:86:68:7d:75:62:9d:55:eb:b0:af:3d:2c:eb:1c:
         4c:15:13:1d:b1:92:ec:ee:f3:94:0d:a5:16:9b:a6:b7:22:d1:
         96:04:83:0a:d2:9a:f5:cc:b4:aa:09:cd:b8:c6:3f:d1:f0:ab:
         a7:79:68:d3:7b:fa:0d:e6:7c:c0:b2:c5:71:ad:8e:55:6d:c1:
         ef:7e:07:68:14:02:0e:4d:80:71:9e:b4:4f:c3:73:65:2f:99:
         29:2b:d3:b8:43:86:dd:27:e7:db:40:f4:e7:89:be:c4:e9:fc:
         b5:14:b1:3e:15:61:c7:7c:84:89:7e:1e:96:9a:32:af:21:09:
         ae:31:04:7d:63:b2:6b:22:2c:24:d7:27:b3:2f:da:2a:16:39:
         55:ca:de:96:9e:ad:42:2c:3b:9e:5f:83:bb:15:5f:92:cd:84:
         bd:58:67:38:e1:b8:ef:c0:9f:b2:dc:12:06:16:18:be:4f:44:
         7a:29:74:2c:63:65:f2:68:6b:7c:1e:bc:c9:57:16:ad:d9:57:
         4c:bf:fe:92:87:33:7e:58:6d:46:a1:88:b8:55:5b:1e:a3:13:
         ef:a5:a4:29:77:3b:09:77:1f:02:9e:09:6c:6d:f4:a7:e2:5a:
         c3:3e:b2:6b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzF3BInkeg4RozCgbkJcq3rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ZDVkYzllMjIwMTEyYTI3YzE1MmJjMzIzODkwMzg5NzRh
ZTQ1NzIwHhcNMjQwMTAxMTYyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjM3NDgxNmRjYTRiMDI3ZjEwNWQyYzI5MTQxYzAxMThmNWNjZTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjlbfwXpZigcuM5GrjjSRYyt9/l34
E7pFAUHZ7zHEWpI12pEuNZjfthwuXnrv+0T0dRItoh+aHPyPvEf7omg8ItNMbyFH
kG5It8pXwiiBcDkHw4T4RUv1BFK5pQ0zQ3pckVMPJSIeVfI7UXpKRlKG4byt0ep/
DnfnvIOCgekuM3fDF7s565Zbuvw+YlUtL5xefLZ6jT/rgR1+JDx1npLcc0FmH6kz
pfZhhwCqBfBcX7srrqqU+dlrDxSk9UT50ao9F5gtFUoDyxxQLMHlJFTXdfLqjEkE
hZBe27cmYZVkDoitnJdGBwK0eq1H+LDZ8scymfUGtsLbnxFv/qBpG9cCuQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFO83SBbcpLAn8QXSwpFBwBGPXM52MB8GA1UdIwQY
MBaAFFXV3J4iARKifBUrwyOJA4l0rkVyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmRYY25pSUJFcUo4RlN2REk0a0RpWFN1UlhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9kOGVkNDEtNzFmNi00YmI3LWEzZWUt
YTBiYjE0MGE1OTZlLzEvN3pkSUZ0eWtzQ2Z4QmRMQ2tVSEFFWTljem5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9kOGVkNDEtNzFmNi00YmI3LWEzZWUtYTBiYjE0MGE1OTZl
LzEvVmRYY25pSUJFcUo4RlN2REk0a0RpWFN1UlhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAXmSCMA8E
AgACMAkDBwAqAWeAAAgwDQYJKoZIhvcNAQELBQADggEBADIpkeweBHbeOa3JzF8d
vGrHEg3K4TSGaH11Yp1V67CvPSzrHEwVEx2xkuzu85QNpRabprci0ZYEgwrSmvXM
tKoJzbjGP9Hwq6d5aNN7+g3mfMCyxXGtjlVtwe9+B2gUAg5NgHGetE/Dc2UvmSkr
07hDht0n59tA9OeJvsTp/LUUsT4VYcd8hIl+HpaaMq8hCa4xBH1jsmsiLCTXJ7Mv
2ioWOVXK3paerUIsO55fg7sVX5LNhL1YZzjhuO/An7LcEgYWGL5PRHopdCxjZfJo
a3wevMlXFq3ZV0y//pKHM35YbUahiLhVWx6jE++lpCl3Owl3HwKeCWxt9KfiWsM+
sms=
-----END CERTIFICATE-----