Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/a5c069-8061-4dee-9568-880b2df57f25/1/e6apXmgSdIO0mVBSQcee-Tfqznc.roa
File:                     e6apXmgSdIO0mVBSQcee-Tfqznc.roa (raw, json)
Hash identifier:          yvXoOpCx6KKBOJ/1EptwXDdJNgNW4KIJQ0FlA1cFiLc=
Subject key identifier:   7B:A6:A9:5E:68:12:74:83:B4:99:50:52:41:C7:9E:F9:37:EA:CE:77
Certificate issuer:       /CN=9d202808d1f914555e1bd59c1677287ff9b3b590
Certificate serial:       018CC424710C6EBD7F2C3191983FD1FEDE09
Authority key identifier: 9D:20:28:08:D1:F9:14:55:5E:1B:D5:9C:16:77:28:7F:F9:B3:B5:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSAoCNH5FFVeG9WcFncof_mztZA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/a5c069-8061-4dee-9568-880b2df57f25/1/e6apXmgSdIO0mVBSQcee-Tfqznc.roa
Signing time:             Mon 01 Jan 2024 08:29:31 +0000
ROA not before:           Mon 01 Jan 2024 08:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     46071
IP address blocks:        94.231.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/a5c069-8061-4dee-9568-880b2df57f25/1/nSAoCNH5FFVeG9WcFncof_mztZA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/a5c069-8061-4dee-9568-880b2df57f25/1/nSAoCNH5FFVeG9WcFncof_mztZA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSAoCNH5FFVeG9WcFncof_mztZA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:71:0c:6e:bd:7f:2c:31:91:98:3f:d1:fe:de:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d202808d1f914555e1bd59c1677287ff9b3b590
        Validity
            Not Before: Jan  1 08:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ba6a95e68127483b499505241c79ef937eace77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:13:57:aa:92:5e:1e:88:d9:d9:e5:4d:7e:29:
                    67:0e:18:fe:ea:1a:1d:0b:39:b8:6e:c4:3c:94:8d:
                    f9:1f:e1:64:5e:3d:b4:ec:3a:a5:ff:55:ae:8a:cc:
                    76:02:54:f0:b6:7c:0a:ab:ce:a3:3b:30:3f:11:de:
                    e3:08:28:ef:58:07:32:a8:bc:fb:58:11:c4:a6:d5:
                    41:84:53:d3:44:b4:73:75:68:43:36:ef:a7:e6:f6:
                    db:cf:c7:c4:a2:c6:24:f0:d4:d8:88:aa:8c:2b:ef:
                    7a:88:fa:9c:0e:ad:7a:f5:6e:22:aa:9c:80:70:e7:
                    3d:3a:7d:24:18:17:63:f1:37:c8:28:3c:c9:4f:21:
                    92:ee:67:b5:1c:4b:dc:90:d9:2d:fb:fb:7c:39:32:
                    19:be:8b:c7:fd:9d:88:cb:8b:3f:64:58:64:22:ae:
                    0e:0d:0a:c9:9a:e5:b4:3b:d6:0d:ba:3b:9d:69:7a:
                    c7:88:c3:d1:60:1e:f3:36:a3:39:4c:c6:e0:57:17:
                    b9:a3:c9:67:66:36:7e:9a:b3:74:45:0f:02:5f:af:
                    62:a5:3f:b1:0e:1a:6b:74:6c:ce:a7:ea:d3:0f:18:
                    16:67:5e:a7:71:a7:9a:29:93:80:89:e6:21:21:df:
                    0f:3c:95:bd:da:fe:76:db:84:93:47:f7:9e:b4:89:
                    54:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:A6:A9:5E:68:12:74:83:B4:99:50:52:41:C7:9E:F9:37:EA:CE:77
            X509v3 Authority Key Identifier:
                keyid:9D:20:28:08:D1:F9:14:55:5E:1B:D5:9C:16:77:28:7F:F9:B3:B5:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSAoCNH5FFVeG9WcFncof_mztZA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/a5c069-8061-4dee-9568-880b2df57f25/1/e6apXmgSdIO0mVBSQcee-Tfqznc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/a5c069-8061-4dee-9568-880b2df57f25/1/nSAoCNH5FFVeG9WcFncof_mztZA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.231.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:3e:91:9c:8a:d6:de:2d:a3:1a:95:08:57:d2:34:79:35:2f:
         3e:c2:d3:89:6b:03:36:c3:4c:77:9f:32:2a:5e:b5:90:99:0f:
         b8:a3:e7:b7:85:37:73:1c:5e:77:16:67:20:6d:0c:d0:df:39:
         31:4c:ca:6b:e1:10:c4:4a:44:86:16:09:b1:be:65:08:3c:b5:
         77:16:97:42:ef:1d:67:e8:a3:7e:72:2c:97:c5:e9:f6:e5:66:
         d1:91:2b:3a:dc:7d:17:f4:bb:c0:d4:d8:01:0c:6d:07:7e:eb:
         64:7e:ae:30:ad:d1:ff:78:4e:24:ce:d4:81:5c:05:d0:8a:ee:
         50:4d:cc:99:c2:7d:04:c3:c0:24:a4:25:25:79:87:76:25:e6:
         e4:24:0a:26:9d:3f:d6:29:ea:80:85:6f:2c:fc:f7:fb:0b:b8:
         bd:6f:c5:01:2e:ad:73:0b:24:20:63:81:aa:c7:2b:da:b3:c5:
         61:99:e6:49:6f:66:92:2b:a9:0b:a4:e4:d3:c6:07:d9:62:26:
         fc:d5:23:73:b6:c6:41:31:fd:ae:5a:da:fe:6b:64:dd:ba:95:
         26:98:e6:94:c9:5a:32:e8:d2:44:b1:60:6d:5c:bd:4b:49:36:
         ad:f1:82:8a:f2:18:93:b7:5d:e6:68:b3:b1:d3:5c:58:37:e5:
         ec:e0:2f:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJHEMbr1/LDGRmD/R/t4JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMjAyODA4ZDFmOTE0NTU1ZTFiZDU5YzE2NzcyODdmZjli
M2I1OTAwHhcNMjQwMTAxMDgyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmE2YTk1ZTY4MTI3NDgzYjQ5OTUwNTI0MWM3OWVmOTM3ZWFjZTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhNXqpJeHojZ2eVNfilnDhj+6hod
Czm4bsQ8lI35H+FkXj207Dql/1Wuisx2AlTwtnwKq86jOzA/Ed7jCCjvWAcyqLz7
WBHEptVBhFPTRLRzdWhDNu+n5vbbz8fEosYk8NTYiKqMK+96iPqcDq169W4iqpyA
cOc9On0kGBdj8TfIKDzJTyGS7me1HEvckNkt+/t8OTIZvovH/Z2Iy4s/ZFhkIq4O
DQrJmuW0O9YNujudaXrHiMPRYB7zNqM5TMbgVxe5o8lnZjZ+mrN0RQ8CX69ipT+x
DhprdGzOp+rTDxgWZ16ncaeaKZOAieYhId8PPJW92v5224STR/eetIlUTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHumqV5oEnSDtJlQUkHHnvk36s53MB8GA1UdIwQY
MBaAFJ0gKAjR+RRVXhvVnBZ3KH/5s7WQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNBb0NOSDVGRlZlRzlXY0ZuY29mX216dFpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9hNWMwNjktODA2MS00ZGVlLTk1Njgt
ODgwYjJkZjU3ZjI1LzEvZTZhcFhtZ1NkSU8wbVZCU1FjZWUtVGZxem5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9hNWMwNjktODA2MS00ZGVlLTk1NjgtODgwYjJkZjU3ZjI1
LzEvblNBb0NOSDVGRlZlRzlXY0ZuY29mX216dFpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXufIMA0G
CSqGSIb3DQEBCwUAA4IBAQBxPpGcitbeLaMalQhX0jR5NS8+wtOJawM2w0x3nzIq
XrWQmQ+4o+e3hTdzHF53FmcgbQzQ3zkxTMpr4RDESkSGFgmxvmUIPLV3FpdC7x1n
6KN+ciyXxen25WbRkSs63H0X9LvA1NgBDG0Hfutkfq4wrdH/eE4kztSBXAXQiu5Q
TcyZwn0Ew8AkpCUleYd2JebkJAomnT/WKeqAhW8s/Pf7C7i9b8UBLq1zCyQgY4Gq
xyvas8VhmeZJb2aSK6kLpOTTxgfZYib81SNztsZBMf2uWtr+a2TdupUmmOaUyVoy
6NJEsWBtXL1LSTat8YKK8hiTt13maLOx01xYN+Xs4C/M
-----END CERTIFICATE-----