Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/024143-042c-4222-be0b-a12b3c3ae88f/1/L_POlrseo6cvwNdnw-vsvZstlJk.roa
File:                     L_POlrseo6cvwNdnw-vsvZstlJk.roa (raw, json)
Hash identifier:          WwcIIWBT+lNN50yo6U3rAV1PxfDh9fZLlYfvYvP/KBU=
Subject key identifier:   2F:F3:CE:96:BB:1E:A3:A7:2F:C0:D7:67:C3:EB:EC:BD:9B:2D:94:99
Certificate issuer:       /CN=b93a51da2053044f96262f637d0c9cc05d730041
Certificate serial:       018CC5DCA19B5D377655FE9FE213E5AD2A9E
Authority key identifier: B9:3A:51:DA:20:53:04:4F:96:26:2F:63:7D:0C:9C:C0:5D:73:00:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uTpR2iBTBE-WJi9jfQycwF1zAEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/024143-042c-4222-be0b-a12b3c3ae88f/1/L_POlrseo6cvwNdnw-vsvZstlJk.roa
Signing time:             Mon 01 Jan 2024 16:30:19 +0000
ROA not before:           Mon 01 Jan 2024 16:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34769
IP address blocks:        85.94.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/024143-042c-4222-be0b-a12b3c3ae88f/1/uTpR2iBTBE-WJi9jfQycwF1zAEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/024143-042c-4222-be0b-a12b3c3ae88f/1/uTpR2iBTBE-WJi9jfQycwF1zAEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uTpR2iBTBE-WJi9jfQycwF1zAEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:a1:9b:5d:37:76:55:fe:9f:e2:13:e5:ad:2a:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b93a51da2053044f96262f637d0c9cc05d730041
        Validity
            Not Before: Jan  1 16:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ff3ce96bb1ea3a72fc0d767c3ebecbd9b2d9499
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:37:f8:e5:55:48:74:67:97:12:67:b9:c4:6a:
                    62:7e:f1:8d:b5:dd:4e:4a:ea:1d:b7:ab:83:fa:49:
                    55:9c:f0:35:81:43:e0:c6:19:0c:22:47:99:8a:f9:
                    b1:97:ea:b4:6c:ae:d9:41:68:70:c9:fa:b2:a2:ef:
                    96:87:25:bf:14:cd:a0:29:0e:b1:19:73:c3:40:0b:
                    52:cb:8e:8c:76:9c:35:32:61:28:8d:ca:b4:a9:9d:
                    bd:56:34:b7:4a:43:3a:fe:7c:41:6e:99:1e:4f:4d:
                    3c:b2:72:b1:1f:8f:a0:bf:48:16:bc:ab:37:9c:b7:
                    8c:aa:30:e8:b0:e8:d2:d9:30:a3:5d:83:b2:e7:03:
                    ff:6c:2a:69:31:b0:0d:a9:6f:2e:f7:a8:74:6d:f5:
                    92:c0:3d:df:4b:2f:c8:08:7d:96:b5:3f:43:1b:8f:
                    2b:38:31:1d:d9:66:21:01:83:05:df:e5:d6:b1:16:
                    57:a1:71:50:eb:e4:0e:e4:e9:06:96:60:1e:6c:94:
                    27:6f:ab:de:f7:5a:e1:dc:bd:0f:8d:1f:07:82:ba:
                    23:3c:cb:1a:4d:57:7c:b4:ff:1b:49:63:01:c0:d0:
                    fe:f2:9d:fb:7e:7c:51:5d:f7:70:83:20:8c:38:97:
                    62:a5:1d:53:d6:b2:ad:3e:ca:cb:f3:09:4a:62:f5:
                    bd:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:F3:CE:96:BB:1E:A3:A7:2F:C0:D7:67:C3:EB:EC:BD:9B:2D:94:99
            X509v3 Authority Key Identifier:
                keyid:B9:3A:51:DA:20:53:04:4F:96:26:2F:63:7D:0C:9C:C0:5D:73:00:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uTpR2iBTBE-WJi9jfQycwF1zAEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/024143-042c-4222-be0b-a12b3c3ae88f/1/L_POlrseo6cvwNdnw-vsvZstlJk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/024143-042c-4222-be0b-a12b3c3ae88f/1/uTpR2iBTBE-WJi9jfQycwF1zAEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.94.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:39:f0:6d:61:54:a3:5e:c9:1b:8a:27:18:e9:65:75:c5:68:
         cf:5c:df:47:92:2a:ad:c4:ed:ff:90:fb:3c:d4:c9:66:3c:05:
         4f:fd:f1:ec:26:62:3d:fd:e7:b8:17:cc:8e:15:97:2d:04:5e:
         f3:b6:cf:a1:1e:f9:be:ee:93:e6:09:b4:a2:7b:ed:5d:7a:d8:
         a6:83:a4:d9:e3:80:2d:35:f8:70:4c:5d:00:1b:96:23:c2:cd:
         4e:8a:6f:89:46:2a:f6:12:e4:e8:1c:69:8c:1e:9f:9c:6a:f0:
         d9:85:f0:ea:31:86:32:e1:c0:79:16:41:ce:86:bd:a7:32:54:
         2f:ed:3b:01:68:7f:df:e9:83:af:fa:92:a4:6c:9c:cf:93:b8:
         f4:fa:77:e5:64:a9:4e:62:d9:60:03:95:0d:db:03:b7:68:f8:
         99:57:68:db:1c:64:4c:e0:5f:bf:69:62:27:7c:22:74:f6:b4:
         eb:e0:a6:7d:54:f9:49:d8:08:52:40:a4:70:99:45:65:91:55:
         0a:9c:f7:86:ee:6f:69:a5:d1:bf:96:59:64:85:90:ec:a7:87:
         99:bf:6c:36:07:b3:4e:87:45:49:68:e0:56:8b:e3:ac:db:27:
         c9:ba:31:56:c3:94:dc:a4:7f:98:9c:db:52:d9:e8:ad:ce:6d:
         36:3d:0f:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3KGbXTd2Vf6f4hPlrSqeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5M2E1MWRhMjA1MzA0NGY5NjI2MmY2MzdkMGM5Y2MwNWQ3
MzAwNDEwHhcNMjQwMTAxMTYzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmYzY2U5NmJiMWVhM2E3MmZjMGQ3NjdjM2ViZWNiZDliMmQ5NDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiTf45VVIdGeXEme5xGpifvGNtd1O
Suodt6uD+klVnPA1gUPgxhkMIkeZivmxl+q0bK7ZQWhwyfqyou+WhyW/FM2gKQ6x
GXPDQAtSy46Mdpw1MmEojcq0qZ29VjS3SkM6/nxBbpkeT008snKxH4+gv0gWvKs3
nLeMqjDosOjS2TCjXYOy5wP/bCppMbANqW8u96h0bfWSwD3fSy/ICH2WtT9DG48r
ODEd2WYhAYMF3+XWsRZXoXFQ6+QO5OkGlmAebJQnb6ve91rh3L0PjR8HgrojPMsa
TVd8tP8bSWMBwND+8p37fnxRXfdwgyCMOJdipR1T1rKtPsrL8wlKYvW99QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC/zzpa7HqOnL8DXZ8Pr7L2bLZSZMB8GA1UdIwQY
MBaAFLk6UdogUwRPliYvY30MnMBdcwBBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVRwUjJpQlRCRS1XSmk5amZReWN3RjF6QUVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS8wMjQxNDMtMDQyYy00MjIyLWJlMGIt
YTEyYjNjM2FlODhmLzEvTF9QT2xyc2VvNmN2d05kbnctdnN2WnN0bEprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS8wMjQxNDMtMDQyYy00MjIyLWJlMGItYTEyYjNjM2FlODhm
LzEvdVRwUjJpQlRCRS1XSmk5amZReWN3RjF6QUVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVV7gMA0G
CSqGSIb3DQEBCwUAA4IBAQC7OfBtYVSjXskbiicY6WV1xWjPXN9HkiqtxO3/kPs8
1MlmPAVP/fHsJmI9/ee4F8yOFZctBF7zts+hHvm+7pPmCbSie+1detimg6TZ44At
NfhwTF0AG5Yjws1Oim+JRir2EuToHGmMHp+cavDZhfDqMYYy4cB5FkHOhr2nMlQv
7TsBaH/f6YOv+pKkbJzPk7j0+nflZKlOYtlgA5UN2wO3aPiZV2jbHGRM4F+/aWIn
fCJ09rTr4KZ9VPlJ2AhSQKRwmUVlkVUKnPeG7m9ppdG/lllkhZDsp4eZv2w2B7NO
h0VJaOBWi+Os2yfJujFWw5TcpH+YnNtS2eitzm02PQ+H
-----END CERTIFICATE-----