Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/9h7__af2NE9z6X6OqyB0wjicmD8.roa
File:                     9h7__af2NE9z6X6OqyB0wjicmD8.roa (raw, json)
Hash identifier:          +XcGUzmf/SZ2Nlbjt1gLw0MVkPh5doD6/CQhGY+ZVis=
Subject key identifier:   F6:1E:FF:FD:A7:F6:34:4F:73:E9:7E:8E:AB:20:74:C2:38:9C:98:3F
Certificate issuer:       /CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Certificate serial:       018CC348AEAB98E2CD8E5C4A3D970494D007
Authority key identifier: 35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/9h7__af2NE9z6X6OqyB0wjicmD8.roa
Signing time:             Mon 01 Jan 2024 04:29:29 +0000
ROA not before:           Mon 01 Jan 2024 04:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202563
IP address blocks:        94.240.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ae:ab:98:e2:cd:8e:5c:4a:3d:97:04:94:d0:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
        Validity
            Not Before: Jan  1 04:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f61efffda7f6344f73e97e8eab2074c2389c983f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:5e:a3:16:7e:0c:33:cb:1f:19:af:93:22:6c:
                    f5:3a:1f:d2:e8:09:33:36:f8:6d:b8:56:81:a1:fa:
                    0b:38:47:02:ae:e9:ee:31:13:72:76:65:a2:4d:3f:
                    8b:ce:6e:36:76:3a:4f:81:a9:93:dd:79:73:23:7e:
                    b4:4d:15:bf:b1:a3:c8:18:a1:35:63:42:04:b2:d9:
                    b7:4f:eb:36:9b:4d:bf:5a:ac:52:7f:81:09:29:31:
                    63:16:27:d9:c3:ec:b8:5a:e8:05:7d:dd:25:2f:5a:
                    d3:f5:75:14:69:22:c8:7b:55:72:20:65:3b:1c:c8:
                    09:e0:72:c2:55:4e:bd:90:b9:7f:52:75:54:fa:59:
                    c4:4b:7a:5c:07:e0:77:47:5d:b3:f1:ba:d7:1c:90:
                    1c:e5:ec:8b:24:a8:60:c4:45:7b:a6:64:2f:e1:1b:
                    05:78:4c:7b:ed:f2:1b:31:b5:c1:7b:e5:29:34:d5:
                    f4:56:aa:6c:fc:08:de:e8:ec:75:f9:8b:8b:5b:0e:
                    e5:8c:09:d5:fd:ba:b1:c4:98:8a:58:95:eb:59:77:
                    04:7b:b9:ea:17:6c:dc:6b:92:a8:95:2c:d2:d1:1f:
                    dc:f3:7f:e9:91:5d:68:9d:94:91:06:48:97:7e:24:
                    da:92:36:f7:f4:05:12:28:df:01:ad:9f:47:78:78:
                    e2:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:1E:FF:FD:A7:F6:34:4F:73:E9:7E:8E:AB:20:74:C2:38:9C:98:3F
            X509v3 Authority Key Identifier:
                keyid:35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/9h7__af2NE9z6X6OqyB0wjicmD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.240.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:7f:6c:bd:d4:9e:63:bb:81:06:b0:57:ca:7a:bb:3e:62:a4:
         93:73:14:b2:b5:3a:7e:e2:06:94:87:89:ef:65:6c:8d:35:54:
         59:c2:ab:85:3a:4b:32:83:bd:1a:3d:74:65:86:48:71:1a:8d:
         4c:aa:73:a4:b2:60:ac:64:85:f0:8d:8f:22:f6:7e:ae:0e:fc:
         45:e9:b5:1c:da:1a:f7:b9:d7:5d:e2:33:f7:46:24:fb:9a:7d:
         0c:52:6b:ed:01:33:1f:05:48:bf:84:e7:08:ce:6c:57:e0:e5:
         5d:ee:a2:2a:6b:de:0d:ae:4a:51:a1:31:dc:23:71:47:f2:88:
         12:37:f5:d9:c1:7b:6c:8a:2d:d0:1c:16:33:66:a2:98:bb:12:
         25:64:7e:d5:7a:52:4c:8e:b0:ab:b6:0d:89:7d:40:ce:c7:e9:
         6a:7a:4b:26:80:f9:43:66:06:b8:f7:80:1e:20:0b:7c:ea:4e:
         ba:99:72:10:cb:75:cd:df:77:e1:a7:34:c7:91:23:9f:23:fe:
         0d:df:38:22:52:86:dc:35:33:aa:5c:b8:99:6f:b6:e3:b3:a4:
         54:b2:39:8a:63:b8:ba:48:24:21:49:d1:56:53:0e:8b:07:96:
         1c:bf:3a:82:ee:b1:85:bd:60:b8:ab:d2:b6:bd:f5:00:fc:8f:
         be:4b:41:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSK6rmOLNjlxKPZcElNAHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWEyZmQ2ZjVlNWFmODdkNWNlYTA5NTA2NmZiY2MzZDNl
NTQ2YTQwHhcNMjQwMTAxMDQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjFlZmZmZGE3ZjYzNDRmNzNlOTdlOGVhYjIwNzRjMjM4OWM5ODNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApF6jFn4MM8sfGa+TImz1Oh/S6Akz
NvhtuFaBofoLOEcCrunuMRNydmWiTT+Lzm42djpPgamT3XlzI360TRW/saPIGKE1
Y0IEstm3T+s2m02/WqxSf4EJKTFjFifZw+y4WugFfd0lL1rT9XUUaSLIe1VyIGU7
HMgJ4HLCVU69kLl/UnVU+lnES3pcB+B3R12z8brXHJAc5eyLJKhgxEV7pmQv4RsF
eEx77fIbMbXBe+UpNNX0Vqps/Aje6Ox1+YuLWw7ljAnV/bqxxJiKWJXrWXcEe7nq
F2zca5KolSzS0R/c83/pkV1onZSRBkiXfiTakjb39AUSKN8BrZ9HeHjiRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPYe//2n9jRPc+l+jqsgdMI4nJg/MB8GA1UdIwQY
MBaAFDUaL9b15a+H1c6glQZvvMPT5UakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODIt
MjMwNDllNGQyZjEyLzEvOWg3X19hZjJORTl6Nlg2T3F5QjB3amljbUQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODItMjMwNDllNGQyZjEy
LzEvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXvAPMA0G
CSqGSIb3DQEBCwUAA4IBAQBtf2y91J5ju4EGsFfKers+YqSTcxSytTp+4gaUh4nv
ZWyNNVRZwquFOksyg70aPXRlhkhxGo1MqnOksmCsZIXwjY8i9n6uDvxF6bUc2hr3
uddd4jP3RiT7mn0MUmvtATMfBUi/hOcIzmxX4OVd7qIqa94NrkpRoTHcI3FH8ogS
N/XZwXtsii3QHBYzZqKYuxIlZH7VelJMjrCrtg2JfUDOx+lqeksmgPlDZga494Ae
IAt86k66mXIQy3XN33fhpzTHkSOfI/4N3zgiUobcNTOqXLiZb7bjs6RUsjmKY7i6
SCQhSdFWUw6LB5YcvzqC7rGFvWC4q9K2vfUA/I++S0FM
-----END CERTIFICATE-----