Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/BOrjA6kqX_FPUoK3iCKQDxW62dw.roa
File:                     BOrjA6kqX_FPUoK3iCKQDxW62dw.roa (raw, json)
Hash identifier:          ovAXeSd+KlHSNzpmGEn/SjSiw3A8o4WDMjvoRWoFQKo=
Subject key identifier:   04:EA:E3:03:A9:2A:5F:F1:4F:52:82:B7:88:22:90:0F:15:BA:D9:DC
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       018CC7276A4BAA280564FE4E6B9DBB9FA779
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/BOrjA6kqX_FPUoK3iCKQDxW62dw.roa
Signing time:             Mon 01 Jan 2024 22:31:38 +0000
ROA not before:           Mon 01 Jan 2024 22:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201036
IP address blocks:        94.42.102.0/24 maxlen: 24
                          94.42.176.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 19:51:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:6a:4b:aa:28:05:64:fe:4e:6b:9d:bb:9f:a7:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 22:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=04eae303a92a5ff14f5282b78822900f15bad9dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:7d:ea:92:ea:8a:16:a1:90:8c:63:74:05:31:
                    de:66:14:76:8d:a2:86:c7:9f:d9:ff:24:4d:20:67:
                    5d:12:5c:af:93:a5:5a:9f:f1:76:c7:d3:c0:1d:d5:
                    59:df:ff:02:05:17:e8:8e:ee:4d:95:1f:0d:60:9a:
                    06:60:b0:24:8a:f3:db:f4:29:bf:f6:2e:4d:33:82:
                    ee:4f:41:72:5f:fb:7d:96:9a:12:8a:c3:b4:bb:94:
                    de:90:a6:5c:11:a7:db:a4:52:46:da:be:d7:75:c0:
                    8a:9f:7e:6b:1c:00:25:2a:dc:2e:5e:97:7e:82:d2:
                    28:59:cb:ed:ca:79:9a:8d:11:f4:35:65:ee:75:68:
                    e7:81:d6:0d:ac:1d:30:4e:18:62:37:c7:61:f3:8b:
                    af:c8:f1:da:2b:93:6a:9f:4c:bd:d9:c2:80:c8:0f:
                    d5:c6:81:3b:d2:63:4e:0a:b2:2d:65:b0:d5:7b:7d:
                    f8:04:cd:8d:ec:42:bd:00:76:ea:0f:bf:76:93:c4:
                    6c:a6:9f:f3:3a:d3:7d:a7:5c:11:6c:ba:2c:bd:d2:
                    fb:66:44:a4:13:6b:fe:ec:37:ab:3e:fc:70:94:7f:
                    80:b8:08:16:48:b2:3a:1f:6a:15:8a:43:e6:4e:fb:
                    9d:5d:9d:e6:08:66:8a:df:3d:97:35:78:e3:ed:bf:
                    ed:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:EA:E3:03:A9:2A:5F:F1:4F:52:82:B7:88:22:90:0F:15:BA:D9:DC
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/BOrjA6kqX_FPUoK3iCKQDxW62dw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.42.102.0/24
                  94.42.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         50:b3:0c:86:37:02:df:3c:c2:e1:e0:c0:1f:ed:36:a3:10:73:
         94:db:48:01:e3:87:9d:a6:b8:4f:1d:16:3d:cb:b7:ae:b4:ff:
         d2:d6:d5:ce:de:a4:68:5b:32:49:36:34:18:c5:77:34:dc:e5:
         7f:b4:ac:40:ae:f2:95:f2:2c:91:45:99:fc:31:ac:6b:06:69:
         6d:a2:a6:55:8d:7a:7f:f8:c1:03:68:cb:fc:30:af:30:8f:6d:
         31:7b:d9:48:ac:7f:af:d8:29:8f:07:c0:27:e8:90:22:2c:14:
         ff:42:2b:4f:c8:d3:2b:3e:d1:1a:c2:e6:ec:6f:b0:cb:42:03:
         c4:38:99:56:66:70:b2:5a:33:d0:f1:11:10:0b:c8:a1:e8:30:
         20:0a:8e:9b:2c:ae:e0:61:df:4b:25:90:df:8d:5b:f1:42:be:
         c1:df:fa:71:77:9c:9c:43:88:ae:03:36:4d:d4:e2:1f:58:e6:
         3a:f5:7f:99:e4:de:34:be:0b:9a:3e:03:3a:69:35:54:ec:3e:
         71:a6:2a:93:5e:7d:d5:94:7c:39:fc:20:b1:46:d8:12:1e:af:
         43:92:9f:38:67:bc:13:88:10:de:10:e3:73:d3:17:c9:af:fa:
         1f:8e:3b:0e:4f:07:a3:ca:39:da:ba:e8:ab:80:6f:ff:3f:53:
         cd:5b:cd:d1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJ2pLqigFZP5Oa527n6d5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjQwMTAxMjIzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGVhZTMwM2E5MmE1ZmYxNGY1MjgyYjc4ODIyOTAwZjE1YmFkOWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApn3qkuqKFqGQjGN0BTHeZhR2jaKG
x5/Z/yRNIGddElyvk6Van/F2x9PAHdVZ3/8CBRfoju5NlR8NYJoGYLAkivPb9Cm/
9i5NM4LuT0FyX/t9lpoSisO0u5TekKZcEafbpFJG2r7XdcCKn35rHAAlKtwuXpd+
gtIoWcvtynmajRH0NWXudWjngdYNrB0wThhiN8dh84uvyPHaK5Nqn0y92cKAyA/V
xoE70mNOCrItZbDVe334BM2N7EK9AHbqD792k8Rspp/zOtN9p1wRbLosvdL7ZkSk
E2v+7DerPvxwlH+AuAgWSLI6H2oVikPmTvudXZ3mCGaK3z2XNXjj7b/tVQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFATq4wOpKl/xT1KCt4gikA8VutncMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvQk9yakE2a3FYX0ZQVW9LM2lDS1FEeFc2MmR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXipmAwQC
XiqwMA0GCSqGSIb3DQEBCwUAA4IBAQBQswyGNwLfPMLh4MAf7TajEHOU20gB44ed
prhPHRY9y7eutP/S1tXO3qRoWzJJNjQYxXc03OV/tKxArvKV8iyRRZn8MaxrBmlt
oqZVjXp/+MEDaMv8MK8wj20xe9lIrH+v2CmPB8An6JAiLBT/QitPyNMrPtEawubs
b7DLQgPEOJlWZnCyWjPQ8REQC8ih6DAgCo6bLK7gYd9LJZDfjVvxQr7B3/pxd5yc
Q4iuAzZN1OIfWOY69X+Z5N40vguaPgM6aTVU7D5xpiqTXn3VlHw5/CCxRtgSHq9D
kp84Z7wTiBDeEONz0xfJr/ofjjsOTwejyjnauuirgG//P1PNW83R
-----END CERTIFICATE-----