Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/740589-85cd-497a-90c1-a2f9a8a51bb0/1/9W1ULLoedMMpE2yoA966PfBMFVI.roa
File:                     9W1ULLoedMMpE2yoA966PfBMFVI.roa (raw, json)
Hash identifier:          lE83RUh750hpZT8Er/3ASYPFjt1OpAt0fbiZ4jMbz+E=
Subject key identifier:   F5:6D:54:2C:BA:1E:74:C3:29:13:6C:A8:03:DE:BA:3D:F0:4C:15:52
Certificate issuer:       /CN=06079c429a7146f1f9aa049bdb42ca95144b74da
Certificate serial:       018CC3B71BB33339D736DC60D717509AE54C
Authority key identifier: 06:07:9C:42:9A:71:46:F1:F9:AA:04:9B:DB:42:CA:95:14:4B:74:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BgecQppxRvH5qgSb20LKlRRLdNo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/740589-85cd-497a-90c1-a2f9a8a51bb0/1/9W1ULLoedMMpE2yoA966PfBMFVI.roa
Signing time:             Mon 01 Jan 2024 06:30:06 +0000
ROA not before:           Mon 01 Jan 2024 06:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13020
IP address blocks:        94.45.224.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/740589-85cd-497a-90c1-a2f9a8a51bb0/1/BgecQppxRvH5qgSb20LKlRRLdNo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/740589-85cd-497a-90c1-a2f9a8a51bb0/1/BgecQppxRvH5qgSb20LKlRRLdNo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BgecQppxRvH5qgSb20LKlRRLdNo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:1b:b3:33:39:d7:36:dc:60:d7:17:50:9a:e5:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06079c429a7146f1f9aa049bdb42ca95144b74da
        Validity
            Not Before: Jan  1 06:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f56d542cba1e74c329136ca803deba3df04c1552
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:55:d9:12:5b:dc:c3:e9:d4:13:74:26:53:af:
                    12:e3:13:ba:0c:93:35:92:d4:f5:a0:2f:64:48:70:
                    10:44:db:5f:67:20:70:45:44:ef:36:a0:05:02:3c:
                    f0:1f:38:47:e7:eb:73:2a:34:97:97:cb:c6:d8:fe:
                    70:db:48:83:38:a0:86:7f:29:8a:98:d1:db:a2:0c:
                    d7:8a:36:9e:2f:da:2f:8c:e5:63:c0:db:02:81:aa:
                    d8:a7:2d:26:17:5c:01:b7:36:ba:2b:fe:2a:41:88:
                    8d:82:db:01:55:95:80:37:e8:b4:34:24:59:ca:34:
                    24:df:de:12:87:8f:13:98:0e:0d:fe:b6:20:da:b7:
                    7f:2b:4d:80:fc:41:d5:1a:f8:7d:08:98:b0:43:7a:
                    8a:19:63:ea:65:0a:f6:43:5d:30:d0:8b:24:e7:09:
                    3d:6e:36:2a:56:89:b8:10:cf:2b:8b:21:ba:aa:b2:
                    63:34:e0:84:a6:02:ef:77:3e:bc:18:a0:78:43:ff:
                    5b:8c:d5:d5:25:79:ba:ab:07:18:3b:7c:02:47:54:
                    5d:4e:0d:a5:48:5a:e7:e5:e8:22:2c:64:fb:2f:ba:
                    f6:b3:47:13:29:0e:18:62:2d:f7:9a:82:20:de:9d:
                    cb:e2:83:05:61:7f:0a:72:75:e8:5f:82:3f:ca:81:
                    42:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:6D:54:2C:BA:1E:74:C3:29:13:6C:A8:03:DE:BA:3D:F0:4C:15:52
            X509v3 Authority Key Identifier:
                keyid:06:07:9C:42:9A:71:46:F1:F9:AA:04:9B:DB:42:CA:95:14:4B:74:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BgecQppxRvH5qgSb20LKlRRLdNo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/740589-85cd-497a-90c1-a2f9a8a51bb0/1/9W1ULLoedMMpE2yoA966PfBMFVI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/740589-85cd-497a-90c1-a2f9a8a51bb0/1/BgecQppxRvH5qgSb20LKlRRLdNo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.45.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         8b:3c:55:97:3e:af:55:c4:c9:1d:23:83:7a:00:c4:5c:ce:e5:
         33:7f:0a:8d:1d:9d:a3:c8:02:f7:9e:74:91:69:a1:f0:98:c6:
         22:72:2a:61:6e:77:7c:48:d0:5a:81:9f:a2:e3:11:9a:4a:32:
         54:d7:aa:72:51:32:c6:1f:d1:9e:73:64:20:5c:8f:31:90:1d:
         79:88:b8:24:21:95:56:90:ab:31:ce:94:db:95:93:99:df:84:
         9f:81:95:a5:42:2f:ce:9f:ba:64:15:b7:be:53:8d:65:65:31:
         88:43:57:08:09:98:9d:e3:02:4f:2a:94:d1:6f:5c:a3:7e:9c:
         e6:2e:9b:c9:a0:96:b0:23:e9:36:19:70:97:50:e0:2e:09:1f:
         55:11:f3:5b:e3:50:99:95:b6:c0:cf:09:d0:38:73:90:b4:35:
         d5:f9:00:50:9d:27:43:8b:69:9e:66:fd:ca:ce:e0:1f:ff:4e:
         d6:36:ac:c5:3d:92:60:06:3b:a7:4d:79:04:1a:4f:3e:41:67:
         57:a4:f9:23:92:b5:db:25:86:5b:da:b3:6c:2b:2e:dc:aa:9c:
         82:06:44:42:6c:c9:c3:f9:5c:84:a0:01:20:61:10:2b:c8:8b:
         16:71:b2:ed:8b:c9:9b:53:72:1f:12:6e:61:db:72:0e:6f:8b:
         77:64:8e:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtxuzMznXNtxg1xdQmuVMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2MDc5YzQyOWE3MTQ2ZjFmOWFhMDQ5YmRiNDJjYTk1MTQ0
Yjc0ZGEwHhcNMjQwMTAxMDYzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTZkNTQyY2JhMWU3NGMzMjkxMzZjYTgwM2RlYmEzZGYwNGMxNTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1VXZElvcw+nUE3QmU68S4xO6DJM1
ktT1oC9kSHAQRNtfZyBwRUTvNqAFAjzwHzhH5+tzKjSXl8vG2P5w20iDOKCGfymK
mNHbogzXijaeL9ovjOVjwNsCgarYpy0mF1wBtza6K/4qQYiNgtsBVZWAN+i0NCRZ
yjQk394Sh48TmA4N/rYg2rd/K02A/EHVGvh9CJiwQ3qKGWPqZQr2Q10w0Isk5wk9
bjYqVom4EM8riyG6qrJjNOCEpgLvdz68GKB4Q/9bjNXVJXm6qwcYO3wCR1RdTg2l
SFrn5egiLGT7L7r2s0cTKQ4YYi33moIg3p3L4oMFYX8KcnXoX4I/yoFCBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPVtVCy6HnTDKRNsqAPeuj3wTBVSMB8GA1UdIwQY
MBaAFAYHnEKacUbx+aoEm9tCypUUS3TaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmdlY1FwcHhSdkg1cWdTYjIwTEtsUlJMZE5vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi83NDA1ODktODVjZC00OTdhLTkwYzEt
YTJmOWE4YTUxYmIwLzEvOVcxVUxMb2VkTU1wRTJ5b0E5NjZQZkJNRlZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi83NDA1ODktODVjZC00OTdhLTkwYzEtYTJmOWE4YTUxYmIw
LzEvQmdlY1FwcHhSdkg1cWdTYjIwTEtsUlJMZE5vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFXi3gMA0G
CSqGSIb3DQEBCwUAA4IBAQCLPFWXPq9VxMkdI4N6AMRczuUzfwqNHZ2jyAL3nnSR
aaHwmMYiciphbnd8SNBagZ+i4xGaSjJU16pyUTLGH9Gec2QgXI8xkB15iLgkIZVW
kKsxzpTblZOZ34SfgZWlQi/On7pkFbe+U41lZTGIQ1cICZid4wJPKpTRb1yjfpzm
LpvJoJawI+k2GXCXUOAuCR9VEfNb41CZlbbAzwnQOHOQtDXV+QBQnSdDi2meZv3K
zuAf/07WNqzFPZJgBjunTXkEGk8+QWdXpPkjkrXbJYZb2rNsKy7cqpyCBkRCbMnD
+VyEoAEgYRAryIsWcbLti8mbU3IfEm5h23IOb4t3ZI5+
-----END CERTIFICATE-----