Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/LXmAJj1lEiNSxtntVJ9osV24U-s.roa
File:                     LXmAJj1lEiNSxtntVJ9osV24U-s.roa (raw, json)
Hash identifier:          VzP4EMpZXMm1nGZhCs4fQbs0EZGxrr0oCkjfVkDoZVg=
Subject key identifier:   2D:79:80:26:3D:65:12:23:52:C6:D9:ED:54:9F:68:B1:5D:B8:53:EB
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       01942747ED9DEB2DC902AF9AF21B45B01D8C
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/LXmAJj1lEiNSxtntVJ9osV24U-s.roa
Signing time:             Thu 02 Jan 2025 13:50:12 +0000
ROA not before:           Thu 02 Jan 2025 13:50:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44309
IP address blocks:        94.236.164.0/24 maxlen: 24
                          94.236.165.0/24 maxlen: 24
                          94.236.166.0/24 maxlen: 24
                          94.236.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:ed:9d:eb:2d:c9:02:af:9a:f2:1b:45:b0:1d:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  2 13:50:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2d7980263d65122352c6d9ed549f68b15db853eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:8a:7b:7f:07:72:eb:e2:82:0c:4b:5a:cc:ea:
                    f5:5d:2b:5f:27:ea:9a:2b:98:d4:7d:2c:6b:e2:0c:
                    42:f4:0a:6a:bb:4d:c6:4f:c3:b2:c1:ef:b5:8c:c3:
                    f6:4a:a4:7c:a9:4f:e2:64:4e:4b:d7:33:9d:36:09:
                    bf:dd:2b:27:fb:b9:f6:19:3a:bc:ed:aa:25:23:c1:
                    77:68:02:a7:97:e3:7b:09:c2:56:d2:36:c3:25:c2:
                    67:e2:55:7a:b8:db:17:c0:4f:12:a4:f2:04:ee:ee:
                    23:0b:e0:69:f5:67:5f:43:86:d0:10:a5:e3:4c:54:
                    c7:f5:f1:a9:17:a5:d4:f5:a7:70:f9:b6:13:a1:33:
                    5e:8f:d3:16:21:7a:39:41:fd:94:4b:25:5f:98:38:
                    43:1f:e4:00:65:c7:5e:f5:fb:60:2d:18:8d:96:48:
                    00:1f:1d:d1:55:30:1f:7c:e7:68:09:b7:4a:12:4a:
                    13:3d:ce:c5:b9:05:c7:c6:81:4e:5e:c1:bd:a0:64:
                    d8:0e:86:4f:23:44:44:85:a9:54:fa:ee:68:60:e9:
                    b0:8d:9b:62:88:da:29:a4:26:39:55:f1:9a:46:ec:
                    5e:55:ff:c4:37:28:6b:33:18:37:6a:0c:4c:6c:73:
                    27:f9:c5:df:57:c2:d0:34:9f:a1:2c:f8:95:98:ff:
                    5f:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:79:80:26:3D:65:12:23:52:C6:D9:ED:54:9F:68:B1:5D:B8:53:EB
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/LXmAJj1lEiNSxtntVJ9osV24U-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.236.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:50:a1:31:2e:74:f4:0e:a0:05:8b:85:20:1f:87:00:9c:0f:
         7a:cd:f2:92:9b:d5:65:a9:be:0e:f5:84:89:e1:38:df:bd:d6:
         00:08:c8:62:65:2d:cd:96:65:16:cc:41:e8:0e:bd:0f:60:24:
         f5:12:20:a4:d6:f0:0e:ca:94:2c:b3:7b:6f:5a:58:71:ce:0e:
         c4:56:63:87:aa:dd:d6:37:a8:16:01:ee:50:21:c4:84:e9:35:
         58:e5:15:ce:2a:17:2d:79:37:cd:2d:1e:17:db:22:f3:b3:0d:
         8d:13:57:fc:f0:01:06:39:f9:e3:af:32:6b:a1:8a:0e:1f:91:
         73:92:c7:67:a2:a7:2b:61:c1:2f:52:51:b9:6e:eb:10:74:7f:
         cf:5e:4c:9a:26:be:3a:90:11:8b:a7:4e:dd:ae:36:57:d5:e3:
         37:d4:bc:30:80:e4:14:fa:3a:bd:fe:59:5e:60:84:9b:74:74:
         d3:25:d4:ff:4e:df:be:45:df:da:7e:bb:9f:89:9f:dc:ce:e7:
         e7:c7:c9:a4:1c:c7:4d:f0:dd:b3:48:2c:d2:a3:85:d3:46:04:
         10:fc:76:72:a4:54:fe:0e:f0:79:31:c3:0a:f2:f1:1d:3d:e1:
         da:ad:ec:c2:e9:45:2f:1c:5a:b6:5d:36:a6:31:8b:97:22:3a:
         a0:a4:26:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR+2d6y3JAq+a8htFsB2MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjUwMTAyMTM1MDEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDc5ODAyNjNkNjUxMjIzNTJjNmQ5ZWQ1NDlmNjhiMTVkYjg1M2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9Yp7fwdy6+KCDEtazOr1XStfJ+qa
K5jUfSxr4gxC9Apqu03GT8Oywe+1jMP2SqR8qU/iZE5L1zOdNgm/3Ssn+7n2GTq8
7aolI8F3aAKnl+N7CcJW0jbDJcJn4lV6uNsXwE8SpPIE7u4jC+Bp9WdfQ4bQEKXj
TFTH9fGpF6XU9adw+bYToTNej9MWIXo5Qf2USyVfmDhDH+QAZcde9ftgLRiNlkgA
Hx3RVTAffOdoCbdKEkoTPc7FuQXHxoFOXsG9oGTYDoZPI0REhalU+u5oYOmwjZti
iNoppCY5VfGaRuxeVf/ENyhrMxg3agxMbHMn+cXfV8LQNJ+hLPiVmP9fCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC15gCY9ZRIjUsbZ7VSfaLFduFPrMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvTFhtQUpqMWxFaU5TeHRudFZKOW9zVjI0VS1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXuykMA0G
CSqGSIb3DQEBCwUAA4IBAQCFUKExLnT0DqAFi4UgH4cAnA96zfKSm9Vlqb4O9YSJ
4TjfvdYACMhiZS3NlmUWzEHoDr0PYCT1EiCk1vAOypQss3tvWlhxzg7EVmOHqt3W
N6gWAe5QIcSE6TVY5RXOKhcteTfNLR4X2yLzsw2NE1f88AEGOfnjrzJroYoOH5Fz
ksdnoqcrYcEvUlG5busQdH/PXkyaJr46kBGLp07drjZX1eM31LwwgOQU+jq9/lle
YISbdHTTJdT/Tt++Rd/afrufiZ/czufnx8mkHMdN8N2zSCzSo4XTRgQQ/HZypFT+
DvB5McMK8vEdPeHarezC6UUvHFq2XTamMYuXIjqgpCbC
-----END CERTIFICATE-----