Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/d8ed41-71f6-4bb7-a3ee-a0bb140a596e/1/ij4BSufcwAgfVRX2DuJ6U5kJCPg.roa
File:                     ij4BSufcwAgfVRX2DuJ6U5kJCPg.roa (raw, json)
Hash identifier:          pbjxxiEB83CuOWuQ87lIhLUcfNts1fLqGX4+8vwr6cM=
Subject key identifier:   8A:3E:01:4A:E7:DC:C0:08:1F:55:15:F6:0E:E2:7A:53:99:09:08:F8
Certificate issuer:       /CN=55d5dc9e220112a27c152bc32389038974ae4572
Certificate serial:       018D37888A1C8346F4689129B3E7A1BC8013
Authority key identifier: 55:D5:DC:9E:22:01:12:A2:7C:15:2B:C3:23:89:03:89:74:AE:45:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VdXcniIBEqJ8FSvDI4kDiXSuRXI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/d8ed41-71f6-4bb7-a3ee-a0bb140a596e/1/ij4BSufcwAgfVRX2DuJ6U5kJCPg.roa
Signing time:             Tue 23 Jan 2024 18:15:11 +0000
ROA not before:           Tue 23 Jan 2024 18:15:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25091
IP address blocks:        94.100.138.0/23 maxlen: 23
                          2a01:6780:12::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/d8ed41-71f6-4bb7-a3ee-a0bb140a596e/1/VdXcniIBEqJ8FSvDI4kDiXSuRXI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/d8ed41-71f6-4bb7-a3ee-a0bb140a596e/1/VdXcniIBEqJ8FSvDI4kDiXSuRXI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VdXcniIBEqJ8FSvDI4kDiXSuRXI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:37:88:8a:1c:83:46:f4:68:91:29:b3:e7:a1:bc:80:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55d5dc9e220112a27c152bc32389038974ae4572
        Validity
            Not Before: Jan 23 18:15:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a3e014ae7dcc0081f5515f60ee27a53990908f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:44:fd:91:0b:30:bf:b0:ca:f6:bc:2f:89:db:
                    bc:74:32:3f:f2:fd:db:d1:1c:f7:cf:9b:26:97:fa:
                    16:10:02:19:4d:6d:81:21:d2:9c:d4:40:4f:46:05:
                    8f:c1:1c:f4:16:96:ea:94:82:23:e6:4b:73:9d:d8:
                    e9:f2:11:47:2d:8e:0a:1a:f3:43:9b:b2:53:2e:d6:
                    5e:bd:97:4b:42:da:f9:45:ea:7a:8f:21:e9:9f:08:
                    9e:3a:e4:c3:cf:43:60:8e:60:66:88:89:53:ca:43:
                    1d:43:bf:21:18:7b:7a:4b:af:cd:0a:dc:60:73:ca:
                    43:8e:c4:7b:7b:03:ca:6b:53:45:be:5f:83:97:ab:
                    a6:ba:3c:93:d0:f9:cf:3a:30:9d:44:79:f1:eb:b0:
                    aa:8c:2d:0e:97:94:70:f8:17:78:14:4a:b6:90:68:
                    ec:0a:b7:0d:50:64:e8:29:1d:74:49:81:28:a7:8d:
                    bb:da:c5:90:c5:4f:25:f2:c4:35:08:0c:bf:dc:50:
                    25:4f:84:f2:9a:78:06:a4:d3:8d:7e:62:1c:64:b8:
                    7e:6d:9c:e4:49:77:eb:f3:93:44:51:26:2e:48:54:
                    23:db:74:18:34:08:22:15:0a:4d:be:ab:88:d4:ae:
                    00:1f:57:5b:ac:d2:2f:57:63:5b:9a:43:39:38:fc:
                    dd:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:3E:01:4A:E7:DC:C0:08:1F:55:15:F6:0E:E2:7A:53:99:09:08:F8
            X509v3 Authority Key Identifier:
                keyid:55:D5:DC:9E:22:01:12:A2:7C:15:2B:C3:23:89:03:89:74:AE:45:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VdXcniIBEqJ8FSvDI4kDiXSuRXI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/d8ed41-71f6-4bb7-a3ee-a0bb140a596e/1/ij4BSufcwAgfVRX2DuJ6U5kJCPg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/d8ed41-71f6-4bb7-a3ee-a0bb140a596e/1/VdXcniIBEqJ8FSvDI4kDiXSuRXI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.100.138.0/23
                IPv6:
                  2a01:6780:12::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:e9:cd:96:91:90:0c:19:d7:2c:85:81:0d:d9:f7:27:6c:6f:
         b9:8e:c2:78:66:de:45:75:29:a3:17:c6:12:53:2f:d5:ab:fa:
         58:95:4b:97:b3:49:71:eb:07:96:27:c9:27:24:2c:e8:70:a0:
         89:80:a4:5f:ca:f1:45:7b:d7:90:28:b5:d9:9f:f4:eb:5f:3b:
         8e:7d:b5:bc:bb:52:14:45:f6:cf:8e:78:df:9f:7a:7b:18:7f:
         8f:b4:0e:43:a6:b3:08:a9:50:f3:c4:4c:9a:50:99:b3:e9:dd:
         51:22:dc:34:b9:5e:1f:74:dc:3f:31:3f:49:4a:7a:f0:f5:37:
         46:b8:b2:09:f3:7b:b6:c5:11:bf:2c:6f:c0:10:de:74:d3:06:
         ab:51:09:10:4c:3e:68:67:11:c5:b4:fe:c2:a0:25:65:a9:25:
         e2:7f:74:ad:47:b5:84:a6:44:13:c4:ee:50:b0:81:92:3d:9d:
         d2:90:12:52:44:ba:69:c7:55:73:48:fb:fb:06:5c:f8:39:55:
         35:b7:c6:b6:d8:95:f8:a1:4f:67:b7:51:23:e4:e7:82:88:7a:
         15:de:ed:1e:de:29:6f:c7:cd:27:7a:08:07:e2:e0:84:01:b7:
         37:15:21:51:a1:d0:fc:75:96:40:24:eb:78:cc:7f:36:1f:73:
         4c:e9:df:05
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY03iIocg0b0aJEps+ehvIATMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ZDVkYzllMjIwMTEyYTI3YzE1MmJjMzIzODkwMzg5NzRh
ZTQ1NzIwHhcNMjQwMTIzMTgxNTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTNlMDE0YWU3ZGNjMDA4MWY1NTE1ZjYwZWUyN2E1Mzk5MDkwOGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0T9kQswv7DK9rwvidu8dDI/8v3b
0Rz3z5sml/oWEAIZTW2BIdKc1EBPRgWPwRz0FpbqlIIj5ktzndjp8hFHLY4KGvND
m7JTLtZevZdLQtr5Rep6jyHpnwieOuTDz0NgjmBmiIlTykMdQ78hGHt6S6/NCtxg
c8pDjsR7ewPKa1NFvl+Dl6umujyT0PnPOjCdRHnx67CqjC0Ol5Rw+Bd4FEq2kGjs
CrcNUGToKR10SYEop4272sWQxU8l8sQ1CAy/3FAlT4TymngGpNONfmIcZLh+bZzk
SXfr85NEUSYuSFQj23QYNAgiFQpNvquI1K4AH1dbrNIvV2NbmkM5OPzdWQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIo+AUrn3MAIH1UV9g7ielOZCQj4MB8GA1UdIwQY
MBaAFFXV3J4iARKifBUrwyOJA4l0rkVyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmRYY25pSUJFcUo4RlN2REk0a0RpWFN1UlhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9kOGVkNDEtNzFmNi00YmI3LWEzZWUt
YTBiYjE0MGE1OTZlLzEvaWo0QlN1ZmN3QWdmVlJYMkR1SjZVNWtKQ1BnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9kOGVkNDEtNzFmNi00YmI3LWEzZWUtYTBiYjE0MGE1OTZl
LzEvVmRYY25pSUJFcUo4RlN2REk0a0RpWFN1UlhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBXmSKMA8E
AgACMAkDBwAqAWeAABIwDQYJKoZIhvcNAQELBQADggEBAG3pzZaRkAwZ1yyFgQ3Z
9ydsb7mOwnhm3kV1KaMXxhJTL9Wr+liVS5ezSXHrB5YnySckLOhwoImApF/K8UV7
15Aotdmf9OtfO459tby7UhRF9s+OeN+fensYf4+0DkOmswipUPPETJpQmbPp3VEi
3DS5Xh903D8xP0lKevD1N0a4sgnze7bFEb8sb8AQ3nTTBqtRCRBMPmhnEcW0/sKg
JWWpJeJ/dK1HtYSmRBPE7lCwgZI9ndKQElJEumnHVXNI+/sGXPg5VTW3xrbYlfih
T2e3USPk54KIehXe7R7eKW/HzSd6CAfi4IQBtzcVIVGh0Px1lkAk63jMfzYfc0zp
3wU=
-----END CERTIFICATE-----