Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/917bd6-8bd3-4c28-825f-1475d22dc162/1/oQ4Rt58-T3s-k8-sE9XMDRH1DWk.roa
File:                     oQ4Rt58-T3s-k8-sE9XMDRH1DWk.roa (raw, json)
Hash identifier:          wTmt8gQGXIQfl+Dyl+31fZ/1wdWjdV41eCZzjiPxKoI=
Subject key identifier:   A1:0E:11:B7:9F:3E:4F:7B:3E:93:CF:AC:13:D5:CC:0D:11:F5:0D:69
Certificate issuer:       /CN=f6b2c89d31f617516a860a7822bba68248a769a0
Certificate serial:       018CC4931356F8C1649093D1A8C1B4852FB9
Authority key identifier: F6:B2:C8:9D:31:F6:17:51:6A:86:0A:78:22:BB:A6:82:48:A7:69:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9rLInTH2F1Fqhgp4IrumgkinaaA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/917bd6-8bd3-4c28-825f-1475d22dc162/1/oQ4Rt58-T3s-k8-sE9XMDRH1DWk.roa
Signing time:             Mon 01 Jan 2024 10:30:22 +0000
ROA not before:           Mon 01 Jan 2024 10:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204465
IP address blocks:        94.199.6.0/24 maxlen: 24
                          2a13:4600::/29 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/917bd6-8bd3-4c28-825f-1475d22dc162/1/9rLInTH2F1Fqhgp4IrumgkinaaA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/917bd6-8bd3-4c28-825f-1475d22dc162/1/9rLInTH2F1Fqhgp4IrumgkinaaA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9rLInTH2F1Fqhgp4IrumgkinaaA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:13:56:f8:c1:64:90:93:d1:a8:c1:b4:85:2f:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6b2c89d31f617516a860a7822bba68248a769a0
        Validity
            Not Before: Jan  1 10:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a10e11b79f3e4f7b3e93cfac13d5cc0d11f50d69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:2d:74:91:2f:4f:05:a1:9c:f0:2b:b6:2a:e8:
                    13:1a:ad:84:1e:41:4c:81:03:4c:2e:a7:f9:18:49:
                    4a:74:da:45:24:ae:a5:1c:6f:c9:7a:e5:b0:fe:2f:
                    05:3f:18:1a:39:fc:03:ee:03:7b:2f:50:79:5e:b1:
                    d1:b7:ef:36:3c:0c:e6:d5:0d:c4:bb:9c:45:33:34:
                    66:5d:85:e4:3c:f8:30:2a:e1:32:7c:59:ed:5f:74:
                    07:df:84:26:48:67:30:d8:bf:35:b2:a5:7c:98:5f:
                    f6:cc:de:2b:87:11:35:59:a5:c4:5c:ed:c5:62:98:
                    95:47:a8:c2:9e:bd:5f:85:12:12:7f:20:36:9f:37:
                    b3:7d:fc:6d:11:d7:7b:74:9c:52:4a:67:fc:5d:c0:
                    ab:85:ed:82:27:ff:e1:87:f2:d4:a6:0f:28:92:63:
                    ec:d8:56:bf:d4:a6:b4:5b:84:e4:49:43:95:37:28:
                    b7:5b:a6:21:53:dd:a6:9c:cd:80:bc:49:df:90:a0:
                    92:ed:96:2f:46:7a:2d:26:41:9f:57:a6:77:85:3d:
                    27:bf:0c:4f:d1:5b:8f:d2:76:a3:67:17:ef:97:63:
                    d6:b3:b5:d7:dc:a4:ba:a0:11:cd:08:dc:3d:a2:5e:
                    e0:0d:4c:29:6b:db:84:12:5d:62:44:fb:0c:f3:1e:
                    3b:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:0E:11:B7:9F:3E:4F:7B:3E:93:CF:AC:13:D5:CC:0D:11:F5:0D:69
            X509v3 Authority Key Identifier:
                keyid:F6:B2:C8:9D:31:F6:17:51:6A:86:0A:78:22:BB:A6:82:48:A7:69:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9rLInTH2F1Fqhgp4IrumgkinaaA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/917bd6-8bd3-4c28-825f-1475d22dc162/1/oQ4Rt58-T3s-k8-sE9XMDRH1DWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/917bd6-8bd3-4c28-825f-1475d22dc162/1/9rLInTH2F1Fqhgp4IrumgkinaaA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.199.6.0/24
                IPv6:
                  2a13:4600::/29

    Signature Algorithm: sha256WithRSAEncryption
         0a:01:4e:99:19:04:47:6b:29:3f:9c:bc:33:80:e8:76:9a:4e:
         b5:98:79:17:ca:61:6b:8d:7b:75:52:d6:9e:b4:9b:ed:47:95:
         f9:5e:51:a0:fd:f5:cd:50:7c:a8:56:0a:77:a2:32:23:2f:2f:
         12:66:7f:66:da:79:7e:be:4f:e9:23:bc:97:9b:86:c3:77:cb:
         b7:73:37:05:62:b8:4a:f1:1a:86:f6:6f:4d:80:d1:51:46:29:
         09:be:a0:eb:de:bb:06:49:d0:25:30:5e:13:c9:d9:3d:93:ec:
         bc:38:62:42:26:b3:3b:4c:07:b4:1f:f8:75:3c:5f:c1:bd:a7:
         62:5c:60:cb:68:9e:07:f1:bb:dd:09:8b:98:a2:5c:30:23:ed:
         3f:77:01:c1:45:7b:fd:dd:ce:41:49:7d:56:87:ba:05:1f:6c:
         5d:8d:82:3e:98:72:e2:38:1a:ae:01:f6:25:4c:a8:3c:80:20:
         a3:89:10:1c:e4:fc:b6:a8:7a:93:49:b0:b3:c6:ca:08:47:b8:
         58:10:9d:49:86:f7:f5:2e:53:74:f6:db:9d:cb:a1:46:1d:d2:
         5c:c0:75:e0:8f:dd:fd:04:4c:38:8b:47:57:b2:fd:c9:60:e6:
         d2:4c:a6:12:a6:ae:21:9a:7d:f2:b1:e2:2e:0e:83:7a:cf:34:
         9a:16:73:46
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEkxNW+MFkkJPRqMG0hS+5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2YjJjODlkMzFmNjE3NTE2YTg2MGE3ODIyYmJhNjgyNDhh
NzY5YTAwHhcNMjQwMTAxMTAzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTBlMTFiNzlmM2U0ZjdiM2U5M2NmYWMxM2Q1Y2MwZDExZjUwZDY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnS10kS9PBaGc8Cu2KugTGq2EHkFM
gQNMLqf5GElKdNpFJK6lHG/JeuWw/i8FPxgaOfwD7gN7L1B5XrHRt+82PAzm1Q3E
u5xFMzRmXYXkPPgwKuEyfFntX3QH34QmSGcw2L81sqV8mF/2zN4rhxE1WaXEXO3F
YpiVR6jCnr1fhRISfyA2nzezffxtEdd7dJxSSmf8XcCrhe2CJ//hh/LUpg8okmPs
2Fa/1Ka0W4TkSUOVNyi3W6YhU92mnM2AvEnfkKCS7ZYvRnotJkGfV6Z3hT0nvwxP
0VuP0najZxfvl2PWs7XX3KS6oBHNCNw9ol7gDUwpa9uEEl1iRPsM8x47gwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKEOEbefPk97PpPPrBPVzA0R9Q1pMB8GA1UdIwQY
MBaAFPayyJ0x9hdRaoYKeCK7poJIp2mgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXJMSW5USDJGMUZxaGdwNElydW1na2luYWFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy85MTdiZDYtOGJkMy00YzI4LTgyNWYt
MTQ3NWQyMmRjMTYyLzEvb1E0UnQ1OC1UM3Mtazgtc0U5WE1EUkgxRFdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy85MTdiZDYtOGJkMy00YzI4LTgyNWYtMTQ3NWQyMmRjMTYy
LzEvOXJMSW5USDJGMUZxaGdwNElydW1na2luYWFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAXscGMA0E
AgACMAcDBQMqE0YAMA0GCSqGSIb3DQEBCwUAA4IBAQAKAU6ZGQRHayk/nLwzgOh2
mk61mHkXymFrjXt1UtaetJvtR5X5XlGg/fXNUHyoVgp3ojIjLy8SZn9m2nl+vk/p
I7yXm4bDd8u3czcFYrhK8RqG9m9NgNFRRikJvqDr3rsGSdAlMF4Tydk9k+y8OGJC
JrM7TAe0H/h1PF/BvadiXGDLaJ4H8bvdCYuYolwwI+0/dwHBRXv93c5BSX1Wh7oF
H2xdjYI+mHLiOBquAfYlTKg8gCCjiRAc5Py2qHqTSbCzxsoIR7hYEJ1Jhvf1LlN0
9tudy6FGHdJcwHXgj939BEw4i0dXsv3JYObSTKYSpq4hmn3yseIuDoN6zzSaFnNG
-----END CERTIFICATE-----