Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/1a40f5-b9c9-4856-83c6-ef040aebea60/1/cbfaYBjluJFGRHIZotfNKfL5QOM.roa
File:                     cbfaYBjluJFGRHIZotfNKfL5QOM.roa (raw, json)
Hash identifier:          hnnwP5hTMZNnGccOJwmbq229la5aF88t7OiSZXiU/mU=
Subject key identifier:   71:B7:DA:60:18:E5:B8:91:46:44:72:19:A2:D7:CD:29:F2:F9:40:E3
Certificate issuer:       /CN=a4176719912989979e086125a2a41a133fffdc24
Certificate serial:       0194AC0834DA2E080E08C834C395632B7954
Authority key identifier: A4:17:67:19:91:29:89:97:9E:08:61:25:A2:A4:1A:13:3F:FF:DC:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pBdnGZEpiZeeCGEloqQaEz__3CQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/1a40f5-b9c9-4856-83c6-ef040aebea60/1/cbfaYBjluJFGRHIZotfNKfL5QOM.roa
Signing time:             Tue 28 Jan 2025 08:30:06 +0000
ROA not before:           Tue 28 Jan 2025 08:30:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56843
IP address blocks:        94.154.104.0/22 maxlen: 22
                          94.154.104.0/24 maxlen: 24
                          94.154.105.0/24 maxlen: 24
                          94.154.106.0/24 maxlen: 24
                          94.154.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/1a40f5-b9c9-4856-83c6-ef040aebea60/1/pBdnGZEpiZeeCGEloqQaEz__3CQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/1a40f5-b9c9-4856-83c6-ef040aebea60/1/pBdnGZEpiZeeCGEloqQaEz__3CQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pBdnGZEpiZeeCGEloqQaEz__3CQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ac:08:34:da:2e:08:0e:08:c8:34:c3:95:63:2b:79:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4176719912989979e086125a2a41a133fffdc24
        Validity
            Not Before: Jan 28 08:30:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=71b7da6018e5b89146447219a2d7cd29f2f940e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:8e:28:fe:1f:78:2a:6f:4a:05:54:1f:15:a9:
                    f9:fd:f8:7f:7c:4a:44:9e:c0:e5:19:53:3c:82:c2:
                    55:b3:15:4a:d3:26:5f:6c:58:05:ce:e1:ae:cd:f8:
                    f4:90:e0:67:62:93:dc:eb:3a:03:1b:42:e4:c0:8a:
                    77:7d:3b:5f:27:7b:e5:a8:4a:d6:58:14:1c:ee:c1:
                    cd:02:a8:2f:a5:49:01:f1:f6:89:bf:bc:ad:a1:89:
                    7a:78:1f:c2:94:b6:92:e7:2b:33:e3:aa:3e:b1:3e:
                    bb:22:44:e9:08:85:fa:70:8b:0c:0b:22:37:99:6c:
                    11:b9:fc:e8:7e:b7:05:37:3a:d2:df:83:cd:a1:3d:
                    0e:aa:14:5f:06:5e:98:07:c8:69:ea:d9:f1:b0:04:
                    38:8e:8d:ca:9a:15:3a:f6:48:b1:a2:44:cd:d3:29:
                    8d:a8:be:2d:75:f9:1b:41:1d:0b:66:71:eb:19:fb:
                    e5:53:5b:40:db:c3:a3:8d:6f:b3:1a:2d:f2:bb:ef:
                    90:61:b8:1a:af:cb:51:d6:ec:9f:4c:4b:e9:9a:9d:
                    85:9d:5f:a9:0a:61:9d:1e:cb:5c:0f:3c:20:f1:0b:
                    b1:88:8e:1c:05:03:d8:28:de:5a:77:17:91:3d:3d:
                    64:2c:c5:9c:50:73:3e:bb:ba:7e:a3:7b:c4:3d:0a:
                    6d:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:B7:DA:60:18:E5:B8:91:46:44:72:19:A2:D7:CD:29:F2:F9:40:E3
            X509v3 Authority Key Identifier:
                keyid:A4:17:67:19:91:29:89:97:9E:08:61:25:A2:A4:1A:13:3F:FF:DC:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pBdnGZEpiZeeCGEloqQaEz__3CQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/1a40f5-b9c9-4856-83c6-ef040aebea60/1/cbfaYBjluJFGRHIZotfNKfL5QOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/1a40f5-b9c9-4856-83c6-ef040aebea60/1/pBdnGZEpiZeeCGEloqQaEz__3CQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5f:63:87:06:1d:db:62:e9:88:ea:e2:d2:a6:bb:12:7c:3b:e9:
         31:b2:cc:1b:82:20:d6:0a:69:ae:6d:2f:8f:86:0f:79:62:a0:
         f4:ac:8f:42:33:31:41:af:57:d7:48:ff:86:3f:ef:69:2a:40:
         ad:e2:b6:5d:94:72:d0:7d:b1:9f:a1:6a:50:d5:ee:56:f3:23:
         8d:15:83:8d:1a:7d:56:d2:41:27:41:74:4f:32:22:77:29:2c:
         16:9b:24:3b:e4:99:cf:db:da:d3:08:dd:3d:f3:24:1b:bf:58:
         f0:31:48:10:ac:27:fd:cf:b1:45:d0:37:7c:bd:ba:06:93:1a:
         17:fd:47:57:23:43:6d:5a:19:89:c2:8c:ba:b6:da:d5:93:69:
         46:fd:07:29:08:bc:cb:9e:2c:b3:cf:e3:da:27:dd:65:69:ec:
         3f:4c:09:45:17:01:47:e0:94:0e:01:13:22:83:cd:2c:41:1d:
         c9:7e:45:90:50:7b:7c:d1:db:4e:c1:45:f1:95:ca:b9:b0:02:
         1b:16:04:9e:8d:a5:fc:ff:e5:9e:27:95:54:15:6e:ca:36:8f:
         25:53:d3:54:aa:46:32:6e:31:41:35:1c:64:a4:de:c7:37:cc:
         4d:e9:2c:6d:4d:7e:ae:a3:6f:9e:5d:0a:b3:34:7d:d9:a1:b0:
         1d:41:cc:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSsCDTaLggOCMg0w5VjK3lUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0MTc2NzE5OTEyOTg5OTc5ZTA4NjEyNWEyYTQxYTEzM2Zm
ZmRjMjQwHhcNMjUwMTI4MDgzMDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWI3ZGE2MDE4ZTViODkxNDY0NDcyMTlhMmQ3Y2QyOWYyZjk0MGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1I4o/h94Km9KBVQfFan5/fh/fEpE
nsDlGVM8gsJVsxVK0yZfbFgFzuGuzfj0kOBnYpPc6zoDG0LkwIp3fTtfJ3vlqErW
WBQc7sHNAqgvpUkB8faJv7ytoYl6eB/ClLaS5ysz46o+sT67IkTpCIX6cIsMCyI3
mWwRufzofrcFNzrS34PNoT0OqhRfBl6YB8hp6tnxsAQ4jo3KmhU69kixokTN0ymN
qL4tdfkbQR0LZnHrGfvlU1tA28OjjW+zGi3yu++QYbgar8tR1uyfTEvpmp2FnV+p
CmGdHstcDzwg8QuxiI4cBQPYKN5adxeRPT1kLMWcUHM+u7p+o3vEPQpt3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHG32mAY5biRRkRyGaLXzSny+UDjMB8GA1UdIwQY
MBaAFKQXZxmRKYmXnghhJaKkGhM//9wkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEJkbkdaRXBpWmVlQ0dFbG9xUWFFel9fM0NRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8xYTQwZjUtYjljOS00ODU2LTgzYzYt
ZWYwNDBhZWJlYTYwLzEvY2JmYVlCamx1SkZHUkhJWm90Zk5LZkw1UU9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8xYTQwZjUtYjljOS00ODU2LTgzYzYtZWYwNDBhZWJlYTYw
LzEvcEJkbkdaRXBpWmVlQ0dFbG9xUWFFel9fM0NRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXppoMA0G
CSqGSIb3DQEBCwUAA4IBAQBfY4cGHdti6Yjq4tKmuxJ8O+kxsswbgiDWCmmubS+P
hg95YqD0rI9CMzFBr1fXSP+GP+9pKkCt4rZdlHLQfbGfoWpQ1e5W8yONFYONGn1W
0kEnQXRPMiJ3KSwWmyQ75JnP29rTCN098yQbv1jwMUgQrCf9z7FF0Dd8vboGkxoX
/UdXI0NtWhmJwoy6ttrVk2lG/QcpCLzLniyzz+PaJ91laew/TAlFFwFH4JQOARMi
g80sQR3JfkWQUHt80dtOwUXxlcq5sAIbFgSejaX8/+WeJ5VUFW7KNo8lU9NUqkYy
bjFBNRxkpN7HN8xN6SxtTX6uo2+eXQqzNH3ZobAdQcwA
-----END CERTIFICATE-----