Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/lMlXeLqw45PFwwM9axEeAQDeoRU.roa
File:                     lMlXeLqw45PFwwM9axEeAQDeoRU.roa (raw, json)
Hash identifier:          fxLR7L4WXf9QkCUmD2b0i6xOJHTscWQUGTcDyzmWXu0=
Subject key identifier:   94:C9:57:78:BA:B0:E3:93:C5:C3:03:3D:6B:11:1E:01:00:DE:A1:15
Certificate issuer:       /CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Certificate serial:       018CC348AAB9E5A2DB100DA1B2ED1491A7C3
Authority key identifier: 35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/lMlXeLqw45PFwwM9axEeAQDeoRU.roa
Signing time:             Mon 01 Jan 2024 04:29:28 +0000
ROA not before:           Mon 01 Jan 2024 04:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49715
IP address blocks:        94.240.8.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:aa:b9:e5:a2:db:10:0d:a1:b2:ed:14:91:a7:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
        Validity
            Not Before: Jan  1 04:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=94c95778bab0e393c5c3033d6b111e0100dea115
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:60:c5:d9:2d:ab:72:cd:ba:d0:85:1c:1b:ec:
                    33:34:f8:13:bf:46:9e:91:9c:a2:9b:61:e8:ab:c7:
                    2c:28:12:4e:e0:cf:78:35:56:1d:46:38:d7:df:01:
                    07:db:cb:f1:54:8b:7d:25:00:e7:c1:82:0a:c5:3c:
                    c3:21:46:7c:2e:77:96:ae:6d:96:0c:9b:4f:d8:5a:
                    a2:9b:10:86:94:60:69:53:97:32:2d:5b:d8:7a:02:
                    47:f7:28:9a:10:48:71:2d:84:86:f5:3e:bc:7e:71:
                    44:f8:04:6d:fc:ef:89:c8:d4:de:62:fa:49:12:5f:
                    02:b0:3a:d6:66:15:f3:eb:90:e5:53:60:6b:e0:fc:
                    0d:4d:6f:74:86:56:24:f6:d4:2a:09:20:d6:0d:15:
                    b1:d2:e9:ed:73:87:07:8e:aa:d2:9a:bc:e6:6c:3b:
                    4b:f7:41:1b:d6:37:69:52:82:df:62:7c:be:d7:47:
                    73:72:2d:48:bc:29:2c:c9:18:e1:c7:3e:4a:0b:28:
                    da:81:5d:4e:78:41:d3:78:32:7b:c3:2b:db:03:9d:
                    8e:64:80:8b:49:a6:dd:9e:d3:80:cd:09:64:07:2a:
                    83:c7:e3:a1:9b:19:d5:14:a3:19:aa:7c:15:96:67:
                    69:b4:76:c8:99:08:4c:70:c9:b3:1c:f0:53:f7:4a:
                    25:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:C9:57:78:BA:B0:E3:93:C5:C3:03:3D:6B:11:1E:01:00:DE:A1:15
            X509v3 Authority Key Identifier:
                keyid:35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/lMlXeLqw45PFwwM9axEeAQDeoRU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.240.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         31:78:a7:db:19:37:32:c5:2b:af:f5:7f:47:13:f0:21:d8:cc:
         f5:12:a2:6f:41:9d:f7:72:71:20:6b:99:f8:2d:c0:d9:09:fc:
         33:88:ab:82:90:fd:58:27:6e:06:d2:90:aa:93:c0:8a:a9:01:
         3b:92:3d:34:81:5e:03:63:b9:c5:66:ab:d6:a2:c4:12:90:4f:
         9d:11:06:5e:ad:e1:8e:d3:33:dc:a5:5c:f1:11:49:b8:2e:b3:
         9e:0a:66:fa:f1:39:3b:a9:e5:d3:11:9a:91:33:46:59:8c:73:
         3e:8d:8c:4a:b1:75:23:7e:d1:1a:88:08:88:c4:be:1f:73:ec:
         d7:9a:28:be:57:e5:f1:62:59:72:49:ed:7f:d9:12:45:d7:c6:
         69:f1:83:5f:6e:be:67:7c:ca:e2:e5:f9:76:87:ee:d5:98:58:
         29:66:c5:e6:c2:7d:34:3a:a4:4d:5d:28:e4:85:3e:2f:d1:d4:
         42:2a:b5:0e:da:93:17:7f:0f:ae:3d:a3:05:a2:c4:3e:fe:9a:
         8d:73:16:ba:30:be:5d:0b:ce:61:e6:71:c1:28:c3:d6:d2:67:
         6e:54:73:09:6c:dd:09:b0:03:55:73:d5:76:f8:6a:6f:2d:bc:
         ae:12:ac:f4:a1:6c:ad:00:48:01:35:e3:c1:0c:db:c8:65:7f:
         1f:82:95:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSKq55aLbEA2hsu0UkafDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWEyZmQ2ZjVlNWFmODdkNWNlYTA5NTA2NmZiY2MzZDNl
NTQ2YTQwHhcNMjQwMTAxMDQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGM5NTc3OGJhYjBlMzkzYzVjMzAzM2Q2YjExMWUwMTAwZGVhMTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGDF2S2rcs260IUcG+wzNPgTv0ae
kZyim2Hoq8csKBJO4M94NVYdRjjX3wEH28vxVIt9JQDnwYIKxTzDIUZ8LneWrm2W
DJtP2FqimxCGlGBpU5cyLVvYegJH9yiaEEhxLYSG9T68fnFE+ARt/O+JyNTeYvpJ
El8CsDrWZhXz65DlU2Br4PwNTW90hlYk9tQqCSDWDRWx0untc4cHjqrSmrzmbDtL
90Eb1jdpUoLfYny+10dzci1IvCksyRjhxz5KCyjagV1OeEHTeDJ7wyvbA52OZICL
SabdntOAzQlkByqDx+OhmxnVFKMZqnwVlmdptHbImQhMcMmzHPBT90oldQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJTJV3i6sOOTxcMDPWsRHgEA3qEVMB8GA1UdIwQY
MBaAFDUaL9b15a+H1c6glQZvvMPT5UakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODIt
MjMwNDllNGQyZjEyLzEvbE1sWGVMcXc0NVBGd3dNOWF4RWVBUURlb1JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODItMjMwNDllNGQyZjEy
LzEvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXvAIMA0G
CSqGSIb3DQEBCwUAA4IBAQAxeKfbGTcyxSuv9X9HE/Ah2Mz1EqJvQZ33cnEga5n4
LcDZCfwziKuCkP1YJ24G0pCqk8CKqQE7kj00gV4DY7nFZqvWosQSkE+dEQZereGO
0zPcpVzxEUm4LrOeCmb68Tk7qeXTEZqRM0ZZjHM+jYxKsXUjftEaiAiIxL4fc+zX
mii+V+XxYllySe1/2RJF18Zp8YNfbr5nfMri5fl2h+7VmFgpZsXmwn00OqRNXSjk
hT4v0dRCKrUO2pMXfw+uPaMFosQ+/pqNcxa6ML5dC85h5nHBKMPW0mduVHMJbN0J
sANVc9V2+GpvLbyuEqz0oWytAEgBNePBDNvIZX8fgpWz
-----END CERTIFICATE-----