Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/S6ZMqQTFCkrHxDOFpIME8xKCp3o.roa
File:                     S6ZMqQTFCkrHxDOFpIME8xKCp3o.roa (raw, json)
Hash identifier:          rZN7BidfkriV+NUBzbFt330F+B5xpVzksLgmTqdWsKs=
Subject key identifier:   4B:A6:4C:A9:04:C5:0A:4A:C7:C4:33:85:A4:83:04:F3:12:82:A7:7A
Certificate issuer:       /CN=4dd74fbbbae58dd0876d99e80ec82a11a4477f7e
Certificate serial:       018CC26D0751CD006793EFB206CD03759364
Authority key identifier: 4D:D7:4F:BB:BA:E5:8D:D0:87:6D:99:E8:0E:C8:2A:11:A4:47:7F:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TddPu7rljdCHbZnoDsgqEaRHf34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/S6ZMqQTFCkrHxDOFpIME8xKCp3o.roa
Signing time:             Mon 01 Jan 2024 00:29:34 +0000
ROA not before:           Mon 01 Jan 2024 00:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57391
IP address blocks:        94.139.176.0/20 maxlen: 20
                          94.139.191.0/24 maxlen: 24
                          109.162.254.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/TddPu7rljdCHbZnoDsgqEaRHf34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/TddPu7rljdCHbZnoDsgqEaRHf34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TddPu7rljdCHbZnoDsgqEaRHf34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 03:05:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:07:51:cd:00:67:93:ef:b2:06:cd:03:75:93:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd74fbbbae58dd0876d99e80ec82a11a4477f7e
        Validity
            Not Before: Jan  1 00:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ba64ca904c50a4ac7c43385a48304f31282a77a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:84:da:9c:6e:e8:34:82:65:c8:35:fc:65:4c:
                    13:60:b7:d5:fc:5e:17:cc:72:44:8c:ad:e4:5b:92:
                    2f:a2:6b:8a:ac:13:02:c3:36:95:0e:41:e4:8b:a3:
                    0b:d5:44:77:20:5c:d8:a4:27:5e:6c:9f:e4:2f:14:
                    dc:93:41:72:cc:d8:92:2f:d5:b0:24:d0:21:d9:96:
                    a0:51:3e:91:9c:07:3a:ae:d6:44:a3:55:f3:a8:d9:
                    3f:bb:07:02:93:15:54:e4:10:e0:4d:97:1f:90:14:
                    30:04:df:89:08:c7:eb:25:14:c7:19:75:c5:1f:b9:
                    31:c9:9d:96:d2:b5:a1:f7:6d:3a:32:ad:ca:04:cc:
                    81:82:57:d2:00:ef:99:55:92:88:7b:49:57:47:0e:
                    6b:ca:e5:60:71:45:2a:89:83:cf:ac:af:99:90:54:
                    bb:15:5b:f9:8c:d8:1e:06:a0:82:a5:3d:b8:3d:e2:
                    67:65:e4:b4:f6:d3:59:38:bc:89:93:f4:61:17:59:
                    63:ad:67:78:83:d5:a9:0b:b6:c5:64:e4:89:87:ed:
                    bf:4c:6c:0b:ff:6b:25:92:aa:40:de:50:66:42:2c:
                    01:90:76:fe:11:0a:23:71:8a:2a:51:60:45:74:6a:
                    ec:ad:40:d7:0c:fb:a4:83:13:43:f4:4d:6f:31:91:
                    6c:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:A6:4C:A9:04:C5:0A:4A:C7:C4:33:85:A4:83:04:F3:12:82:A7:7A
            X509v3 Authority Key Identifier:
                keyid:4D:D7:4F:BB:BA:E5:8D:D0:87:6D:99:E8:0E:C8:2A:11:A4:47:7F:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TddPu7rljdCHbZnoDsgqEaRHf34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/S6ZMqQTFCkrHxDOFpIME8xKCp3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/TddPu7rljdCHbZnoDsgqEaRHf34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.139.176.0/20
                  109.162.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b3:fd:55:04:7f:0c:06:d5:26:a2:20:61:a8:f7:4a:7a:a1:cc:
         22:cf:7d:67:2e:5d:2d:f5:83:86:a6:f5:ca:cd:aa:ac:1d:75:
         12:7c:eb:b0:94:9b:58:a9:8e:1f:e7:dd:63:46:4a:1b:8b:ed:
         30:7d:36:1d:6b:42:05:70:49:f5:f1:c2:fa:f9:7d:ef:0a:fe:
         f0:43:c8:57:5e:0f:67:38:01:c2:bb:e7:7a:95:af:17:3a:4e:
         f1:73:b3:dc:f3:01:6d:13:e0:38:d2:c4:bd:f8:f0:b1:0f:2d:
         c2:07:a1:0a:02:f5:aa:2c:d1:f2:a6:98:06:f3:c1:a6:f1:76:
         39:73:b7:1f:2f:3a:80:00:eb:c6:ad:36:41:8c:51:22:d4:31:
         f8:54:6f:f6:08:f9:02:a1:21:d4:c7:c2:18:53:90:0e:1a:15:
         98:51:c2:87:b8:c8:d5:fb:f5:23:cf:16:c9:56:bb:86:36:68:
         5c:19:25:05:33:49:4a:b5:31:fc:2d:4a:26:6f:b1:11:4b:0e:
         5b:26:0a:ac:af:0e:b5:f9:cb:5f:f8:4b:f9:c9:fd:2d:fc:c2:
         4b:2c:0c:d1:96:8b:0c:20:6d:2f:b7:de:1e:ce:e1:fb:0e:61:
         0c:ce:7e:55:59:53:30:32:3b:14:f3:3f:e8:ef:26:cd:44:b3:
         4e:af:e5:ef
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbQdRzQBnk++yBs0DdZNkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDc0ZmJiYmFlNThkZDA4NzZkOTllODBlYzgyYTExYTQ0
NzdmN2UwHhcNMjQwMTAxMDAyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmE2NGNhOTA0YzUwYTRhYzdjNDMzODVhNDgzMDRmMzEyODJhNzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAloTanG7oNIJlyDX8ZUwTYLfV/F4X
zHJEjK3kW5IvomuKrBMCwzaVDkHki6ML1UR3IFzYpCdebJ/kLxTck0FyzNiSL9Ww
JNAh2ZagUT6RnAc6rtZEo1XzqNk/uwcCkxVU5BDgTZcfkBQwBN+JCMfrJRTHGXXF
H7kxyZ2W0rWh9206Mq3KBMyBglfSAO+ZVZKIe0lXRw5ryuVgcUUqiYPPrK+ZkFS7
FVv5jNgeBqCCpT24PeJnZeS09tNZOLyJk/RhF1ljrWd4g9WpC7bFZOSJh+2/TGwL
/2slkqpA3lBmQiwBkHb+EQojcYoqUWBFdGrsrUDXDPukgxND9E1vMZFsoQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEumTKkExQpKx8QzhaSDBPMSgqd6MB8GA1UdIwQY
MBaAFE3XT7u65Y3Qh22Z6A7IKhGkR39+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRkUHU3cmxqZENIYlpub0RzZ3FFYVJIZjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85ZjVmNTctZTgyOC00YmNmLThkMmIt
OGVhYjdmNGZlNzdlLzEvUzZaTXFRVEZDa3JIeERPRnBJTUU4eEtDcDNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85ZjVmNTctZTgyOC00YmNmLThkMmItOGVhYjdmNGZlNzdl
LzEvVGRkUHU3cmxqZENIYlpub0RzZ3FFYVJIZjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEXouwAwQB
baL+MA0GCSqGSIb3DQEBCwUAA4IBAQCz/VUEfwwG1SaiIGGo90p6ocwiz31nLl0t
9YOGpvXKzaqsHXUSfOuwlJtYqY4f591jRkobi+0wfTYda0IFcEn18cL6+X3vCv7w
Q8hXXg9nOAHCu+d6la8XOk7xc7Pc8wFtE+A40sS9+PCxDy3CB6EKAvWqLNHyppgG
88Gm8XY5c7cfLzqAAOvGrTZBjFEi1DH4VG/2CPkCoSHUx8IYU5AOGhWYUcKHuMjV
+/UjzxbJVruGNmhcGSUFM0lKtTH8LUomb7ERSw5bJgqsrw61+ctf+Ev5yf0t/MJL
LAzRlosMIG0vt94ezuH7DmEMzn5VWVMwMjsU8z/o7ybNRLNOr+Xv
-----END CERTIFICATE-----