Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/pi9GDdufVhThRiMS4yjbHwvj4NY.roa
File:                     pi9GDdufVhThRiMS4yjbHwvj4NY.roa (raw, json)
Hash identifier:          ljOLzY8/nBA6QByAxhTdNvxgLLAEPrRU1pQeCwUXDdc=
Subject key identifier:   A6:2F:46:0D:DB:9F:56:14:E1:46:23:12:E3:28:DB:1F:0B:E3:E0:D6
Certificate issuer:       /CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Certificate serial:       018CC348AC36C0E5B9F6001FCDD1512E4580
Authority key identifier: 35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/pi9GDdufVhThRiMS4yjbHwvj4NY.roa
Signing time:             Mon 01 Jan 2024 04:29:28 +0000
ROA not before:           Mon 01 Jan 2024 04:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199238
IP address blocks:        94.240.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ac:36:c0:e5:b9:f6:00:1f:cd:d1:51:2e:45:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
        Validity
            Not Before: Jan  1 04:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a62f460ddb9f5614e1462312e328db1f0be3e0d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:0b:bc:e4:f8:09:2d:a2:01:37:00:35:6f:b4:
                    e3:f9:23:4a:bf:71:86:a6:6a:65:14:2c:b1:2d:27:
                    1c:1e:15:48:47:65:a3:63:d7:bc:02:c6:94:b7:2b:
                    1f:e9:06:56:36:cb:be:68:14:c6:31:48:68:5b:0c:
                    29:cb:4b:71:1b:99:ab:07:f2:31:63:d2:16:58:5f:
                    7e:aa:5c:a1:03:a3:14:8f:29:8f:54:13:44:1a:0d:
                    b5:8c:8e:d4:86:02:02:81:7d:90:69:60:06:81:be:
                    54:d4:84:50:1a:55:90:01:f6:27:7b:86:d8:2f:10:
                    9c:21:95:c3:e5:d8:78:9e:fe:66:74:0f:4b:7a:91:
                    b2:3c:a8:df:41:cf:cc:ca:14:b0:99:00:0f:d6:64:
                    cf:94:ce:5c:87:ca:8d:67:49:e9:89:e5:4f:26:70:
                    88:ed:70:70:ea:28:1d:3c:98:fa:00:8a:a3:6b:66:
                    20:8c:3b:22:5d:89:ea:8b:da:23:c9:57:5c:55:9d:
                    cd:5c:9a:26:03:8b:9f:db:79:f3:ec:cb:eb:98:e3:
                    47:cd:77:47:e8:37:cf:2e:6c:ef:9e:ae:08:34:14:
                    ed:a2:ee:b4:93:82:8b:d3:3e:e6:4b:e3:56:fe:3f:
                    19:c8:4f:2b:02:3e:c8:18:f0:32:e1:e4:e6:06:97:
                    7f:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:2F:46:0D:DB:9F:56:14:E1:46:23:12:E3:28:DB:1F:0B:E3:E0:D6
            X509v3 Authority Key Identifier:
                keyid:35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/pi9GDdufVhThRiMS4yjbHwvj4NY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.240.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:de:e2:eb:26:2f:da:7b:e9:45:bf:fe:96:f7:e6:22:f1:a1:
         89:30:2e:0c:7f:87:38:72:e8:c6:c8:2b:4a:9f:b9:90:5f:fe:
         c2:58:18:e9:e1:c3:85:27:26:2c:e5:b9:f0:49:bc:91:2e:dc:
         d2:c1:aa:68:2a:ff:ea:65:7d:1c:c2:12:3b:aa:47:bd:7d:b4:
         d9:56:78:96:fe:ae:c7:91:e4:91:c8:a2:dc:83:52:19:55:02:
         12:5f:14:52:7f:68:9c:34:5c:ce:cd:90:32:1d:65:09:2c:8d:
         89:8f:a8:a3:00:eb:a4:fd:e6:ed:bc:7d:9d:1f:f5:59:50:20:
         a1:bb:94:fc:31:d6:aa:c3:7e:ef:90:12:7f:33:53:b0:79:e7:
         d4:e2:72:5b:46:48:5a:7d:78:95:cf:93:48:fe:67:7e:50:53:
         75:6e:80:ca:cd:d2:52:ad:46:d6:1b:92:b2:3a:a9:b2:a5:5d:
         c4:9a:5e:65:3c:ac:be:76:0b:ee:a7:0f:f9:01:bf:5f:e3:0f:
         88:66:4c:3c:e0:d4:2c:60:5b:cf:00:93:c8:14:6e:34:ed:01:
         80:3a:d4:c3:70:62:a0:27:7f:6c:6c:c2:76:e7:e7:e6:8d:df:
         44:82:74:03:12:35:98:4e:24:0e:2b:df:0f:b6:24:ad:6e:ae:
         50:df:48:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSKw2wOW59gAfzdFRLkWAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWEyZmQ2ZjVlNWFmODdkNWNlYTA5NTA2NmZiY2MzZDNl
NTQ2YTQwHhcNMjQwMTAxMDQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjJmNDYwZGRiOWY1NjE0ZTE0NjIzMTJlMzI4ZGIxZjBiZTNlMGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAu85PgJLaIBNwA1b7Tj+SNKv3GG
pmplFCyxLSccHhVIR2WjY9e8AsaUtysf6QZWNsu+aBTGMUhoWwwpy0txG5mrB/Ix
Y9IWWF9+qlyhA6MUjymPVBNEGg21jI7UhgICgX2QaWAGgb5U1IRQGlWQAfYne4bY
LxCcIZXD5dh4nv5mdA9LepGyPKjfQc/MyhSwmQAP1mTPlM5ch8qNZ0npieVPJnCI
7XBw6igdPJj6AIqja2YgjDsiXYnqi9ojyVdcVZ3NXJomA4uf23nz7MvrmONHzXdH
6DfPLmzvnq4INBTtou60k4KL0z7mS+NW/j8ZyE8rAj7IGPAy4eTmBpd/JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKYvRg3bn1YU4UYjEuMo2x8L4+DWMB8GA1UdIwQY
MBaAFDUaL9b15a+H1c6glQZvvMPT5UakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODIt
MjMwNDllNGQyZjEyLzEvcGk5R0RkdWZWaFRoUmlNUzR5amJId3ZqNE5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODItMjMwNDllNGQyZjEy
LzEvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXvAWMA0G
CSqGSIb3DQEBCwUAA4IBAQBB3uLrJi/ae+lFv/6W9+Yi8aGJMC4Mf4c4cujGyCtK
n7mQX/7CWBjp4cOFJyYs5bnwSbyRLtzSwapoKv/qZX0cwhI7qke9fbTZVniW/q7H
keSRyKLcg1IZVQISXxRSf2icNFzOzZAyHWUJLI2Jj6ijAOuk/ebtvH2dH/VZUCCh
u5T8Mdaqw37vkBJ/M1OweefU4nJbRkhafXiVz5NI/md+UFN1boDKzdJSrUbWG5Ky
OqmypV3Eml5lPKy+dgvupw/5Ab9f4w+IZkw84NQsYFvPAJPIFG407QGAOtTDcGKg
J39sbMJ25+fmjd9EgnQDEjWYTiQOK98PtiStbq5Q30js
-----END CERTIFICATE-----