Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/ff3618-7032-4143-9374-ba1418d22087/1/eB1yc7PtmvaqSSZ9xwLhBJoNy8g.roa
File:                     eB1yc7PtmvaqSSZ9xwLhBJoNy8g.roa (raw, json)
Hash identifier:          gBPmjAV5pK+2hPTH2Kg2xzlqwu+4lmEZD9l4gTdeJ2E=
Subject key identifier:   78:1D:72:73:B3:ED:9A:F6:AA:49:26:7D:C7:02:E1:04:9A:0D:CB:C8
Certificate issuer:       /CN=5ce1aae0c93ad04b7298082b68bf6a54fa68bcf0
Certificate serial:       018CC8DEE7DA2CA98F21B7683311F0387FDF
Authority key identifier: 5C:E1:AA:E0:C9:3A:D0:4B:72:98:08:2B:68:BF:6A:54:FA:68:BC:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XOGq4Mk60EtymAgraL9qVPpovPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/ff3618-7032-4143-9374-ba1418d22087/1/eB1yc7PtmvaqSSZ9xwLhBJoNy8g.roa
Signing time:             Tue 02 Jan 2024 06:31:40 +0000
ROA not before:           Tue 02 Jan 2024 06:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42831
IP address blocks:        94.136.168.0/22 maxlen: 22
                          185.75.20.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/ff3618-7032-4143-9374-ba1418d22087/1/XOGq4Mk60EtymAgraL9qVPpovPA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/ff3618-7032-4143-9374-ba1418d22087/1/XOGq4Mk60EtymAgraL9qVPpovPA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XOGq4Mk60EtymAgraL9qVPpovPA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:e7:da:2c:a9:8f:21:b7:68:33:11:f0:38:7f:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ce1aae0c93ad04b7298082b68bf6a54fa68bcf0
        Validity
            Not Before: Jan  2 06:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=781d7273b3ed9af6aa49267dc702e1049a0dcbc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:7d:3c:e1:b4:df:e1:52:ab:6e:77:3f:35:08:
                    3f:98:b4:56:32:be:0e:ad:c0:7b:f5:c4:51:0e:a6:
                    7f:6c:46:e1:69:6a:e4:90:78:9a:92:2d:20:34:d7:
                    f9:e7:c1:e6:05:a9:93:9e:1c:cf:3e:7b:01:fa:7e:
                    be:3c:e8:90:58:1b:80:88:d9:13:a3:b0:b4:c8:24:
                    7c:ee:80:51:7c:8b:e8:aa:07:af:e1:00:40:d3:aa:
                    62:3f:19:a0:9c:df:9c:02:f8:65:e7:11:15:1d:80:
                    44:1d:69:17:2f:cb:4e:7e:da:65:4a:37:c5:36:0a:
                    1c:ba:79:db:cb:af:d4:54:31:b9:bf:c1:7a:07:a3:
                    d8:84:20:c7:16:54:95:17:2e:6b:a2:f2:26:bf:61:
                    c4:53:e3:e4:88:d5:91:65:36:07:d9:2a:d7:d1:6d:
                    e0:aa:24:5e:81:49:cb:6d:09:c7:8d:7d:58:b0:8d:
                    a8:3c:54:27:0c:79:6b:ad:8a:a9:56:ca:ba:c7:3f:
                    98:dd:c2:fe:36:7e:c3:59:28:fc:6a:1c:63:8a:9b:
                    5c:6a:93:d0:83:d7:48:1a:ae:70:74:9c:3f:3f:43:
                    14:99:99:0b:81:37:17:22:0a:0e:9c:73:12:2c:a7:
                    9d:c6:6b:b9:48:31:f4:0c:dc:ff:d7:6e:08:95:bb:
                    70:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:1D:72:73:B3:ED:9A:F6:AA:49:26:7D:C7:02:E1:04:9A:0D:CB:C8
            X509v3 Authority Key Identifier:
                keyid:5C:E1:AA:E0:C9:3A:D0:4B:72:98:08:2B:68:BF:6A:54:FA:68:BC:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XOGq4Mk60EtymAgraL9qVPpovPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/ff3618-7032-4143-9374-ba1418d22087/1/eB1yc7PtmvaqSSZ9xwLhBJoNy8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/ff3618-7032-4143-9374-ba1418d22087/1/XOGq4Mk60EtymAgraL9qVPpovPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.136.168.0/22
                  185.75.20.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5e:85:c1:31:d2:ca:84:f4:6f:f1:10:94:cf:c5:3e:03:4f:59:
         a1:cb:c7:58:25:4b:20:18:9e:93:a8:fe:9e:3d:6d:c7:4a:e0:
         28:e9:61:b0:a6:ee:a3:95:21:06:25:4b:b4:fe:6f:6b:04:53:
         51:d5:e0:2e:63:2f:da:d7:1a:1a:2e:83:48:a7:80:7e:49:92:
         95:d7:69:d8:58:3b:25:a3:43:13:2c:39:34:75:1a:d9:2d:7e:
         55:48:c6:fa:94:84:40:5c:e4:93:5c:fd:94:67:00:00:be:da:
         89:bf:36:60:f3:62:a6:dd:60:93:2b:45:6f:d1:7f:a9:09:d7:
         50:5f:4c:43:cb:0c:a8:cd:31:23:91:11:c8:d7:7d:6d:ca:d7:
         6c:b6:44:be:de:9b:0e:d6:e6:5c:29:8e:80:17:7d:b1:0b:a3:
         5f:57:5e:20:15:09:76:72:00:93:a8:28:5d:b1:c9:d1:df:e4:
         01:80:1a:b2:10:5d:43:b0:bc:0a:12:e7:c9:66:15:9f:04:43:
         6a:e3:bd:f9:f3:90:ea:ba:15:36:b2:96:cc:bd:9e:2d:c0:75:
         14:7b:cc:13:54:88:95:aa:00:5e:c7:9e:e0:21:78:66:2f:93:
         03:ad:55:7c:ac:f7:95:9a:0a:de:bf:08:66:2a:05:72:dc:61:
         a7:43:50:1a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3ufaLKmPIbdoMxHwOH/fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjZTFhYWUwYzkzYWQwNGI3Mjk4MDgyYjY4YmY2YTU0ZmE2
OGJjZjAwHhcNMjQwMTAyMDYzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODFkNzI3M2IzZWQ5YWY2YWE0OTI2N2RjNzAyZTEwNDlhMGRjYmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0n084bTf4VKrbnc/NQg/mLRWMr4O
rcB79cRRDqZ/bEbhaWrkkHiaki0gNNf558HmBamTnhzPPnsB+n6+POiQWBuAiNkT
o7C0yCR87oBRfIvoqgev4QBA06piPxmgnN+cAvhl5xEVHYBEHWkXL8tOftplSjfF
Ngocunnby6/UVDG5v8F6B6PYhCDHFlSVFy5rovImv2HEU+PkiNWRZTYH2SrX0W3g
qiRegUnLbQnHjX1YsI2oPFQnDHlrrYqpVsq6xz+Y3cL+Nn7DWSj8ahxjiptcapPQ
g9dIGq5wdJw/P0MUmZkLgTcXIgoOnHMSLKedxmu5SDH0DNz/124IlbtwdQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHgdcnOz7Zr2qkkmfccC4QSaDcvIMB8GA1UdIwQY
MBaAFFzhquDJOtBLcpgIK2i/alT6aLzwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWE9HcTRNazYwRXR5bUFncmFMOXFWUHBvdlBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mZjM2MTgtNzAzMi00MTQzLTkzNzQt
YmExNDE4ZDIyMDg3LzEvZUIxeWM3UHRtdmFxU1NaOXh3TGhCSm9OeThnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mZjM2MTgtNzAzMi00MTQzLTkzNzQtYmExNDE4ZDIyMDg3
LzEvWE9HcTRNazYwRXR5bUFncmFMOXFWUHBvdlBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCXoioAwQB
uUsUMA0GCSqGSIb3DQEBCwUAA4IBAQBehcEx0sqE9G/xEJTPxT4DT1mhy8dYJUsg
GJ6TqP6ePW3HSuAo6WGwpu6jlSEGJUu0/m9rBFNR1eAuYy/a1xoaLoNIp4B+SZKV
12nYWDslo0MTLDk0dRrZLX5VSMb6lIRAXOSTXP2UZwAAvtqJvzZg82Km3WCTK0Vv
0X+pCddQX0xDywyozTEjkRHI131tytdstkS+3psO1uZcKY6AF32xC6NfV14gFQl2
cgCTqChdscnR3+QBgBqyEF1DsLwKEufJZhWfBENq473585DquhU2spbMvZ4twHUU
e8wTVIiVqgBex57gIXhmL5MDrVV8rPeVmgrevwhmKgVy3GGnQ1Aa
-----END CERTIFICATE-----