Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/2bd1dc-ade1-46c9-b9c0-339ee700af6f/1/4xGOwWx0ty-6OpbCrwaCMJ0l7p0.roa
File:                     4xGOwWx0ty-6OpbCrwaCMJ0l7p0.roa (raw, json)
Hash identifier:          r7fM/2WiOk18QKrNgxHi/HCD2jBA+8nn8GrHn+Xi8rU=
Subject key identifier:   E3:11:8E:C1:6C:74:B7:2F:BA:3A:96:C2:AF:06:82:30:9D:25:EE:9D
Certificate issuer:       /CN=f19655b59a864cad73cc295f4f78ff83cae86aac
Certificate serial:       018CCA2AAAAC3BD64D95FDD20EC4CA67A8B6
Authority key identifier: F1:96:55:B5:9A:86:4C:AD:73:CC:29:5F:4F:78:FF:83:CA:E8:6A:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8ZZVtZqGTK1zzClfT3j_g8roaqw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/2bd1dc-ade1-46c9-b9c0-339ee700af6f/1/4xGOwWx0ty-6OpbCrwaCMJ0l7p0.roa
Signing time:             Tue 02 Jan 2024 12:34:02 +0000
ROA not before:           Tue 02 Jan 2024 12:34:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198949
IP address blocks:        94.125.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/2bd1dc-ade1-46c9-b9c0-339ee700af6f/1/8ZZVtZqGTK1zzClfT3j_g8roaqw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/2bd1dc-ade1-46c9-b9c0-339ee700af6f/1/8ZZVtZqGTK1zzClfT3j_g8roaqw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8ZZVtZqGTK1zzClfT3j_g8roaqw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:aa:ac:3b:d6:4d:95:fd:d2:0e:c4:ca:67:a8:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f19655b59a864cad73cc295f4f78ff83cae86aac
        Validity
            Not Before: Jan  2 12:34:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3118ec16c74b72fba3a96c2af0682309d25ee9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:6c:98:fb:4e:54:8c:e8:e0:a6:b9:fd:ca:56:
                    3a:da:62:cd:65:27:39:a7:1e:65:f8:e9:0f:d2:03:
                    45:f8:94:10:6d:52:9c:b6:bd:75:1f:ba:c4:79:de:
                    c2:da:af:92:0d:9f:fd:6d:e5:0c:1f:35:e3:56:84:
                    86:39:a5:d7:34:93:a7:11:a4:dd:cf:52:c6:28:fc:
                    75:72:54:f9:57:95:ac:da:f7:1f:41:e4:0d:7c:f4:
                    b7:1a:06:ed:29:ee:7a:c1:fd:eb:d3:e2:70:57:d2:
                    64:88:c7:1b:75:74:94:06:28:93:da:1c:86:1f:50:
                    35:33:dc:96:20:8a:e0:d2:37:d0:95:15:6a:6b:35:
                    45:9d:4d:a1:10:5e:fb:2e:45:cf:68:1a:a7:3e:6a:
                    1f:f8:8a:52:b0:d8:a5:f5:1f:ab:1c:ab:d0:0d:94:
                    ae:23:b2:79:2a:30:2c:84:30:9b:0d:65:45:96:14:
                    48:ea:d1:db:67:f9:9b:af:75:9f:33:a2:7e:31:72:
                    68:81:7c:cc:5d:d8:20:fd:1e:a8:c3:8a:47:c2:63:
                    cd:6e:98:fe:30:41:cc:c6:13:c9:b7:ce:24:41:bc:
                    23:54:2f:27:6d:c2:61:96:c8:99:e3:75:7d:9c:6d:
                    f9:f9:9d:2f:ca:a1:67:38:95:aa:8f:49:3e:f7:98:
                    7d:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:11:8E:C1:6C:74:B7:2F:BA:3A:96:C2:AF:06:82:30:9D:25:EE:9D
            X509v3 Authority Key Identifier:
                keyid:F1:96:55:B5:9A:86:4C:AD:73:CC:29:5F:4F:78:FF:83:CA:E8:6A:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8ZZVtZqGTK1zzClfT3j_g8roaqw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/2bd1dc-ade1-46c9-b9c0-339ee700af6f/1/4xGOwWx0ty-6OpbCrwaCMJ0l7p0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/2bd1dc-ade1-46c9-b9c0-339ee700af6f/1/8ZZVtZqGTK1zzClfT3j_g8roaqw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.125.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:c4:f8:a1:9e:14:bb:a0:84:f8:c4:5b:67:b2:80:ea:bf:f9:
         1f:f6:a6:11:81:4f:1a:63:61:a7:28:96:c5:6c:a9:fe:47:d1:
         04:35:25:ea:ee:6c:58:3a:85:eb:af:38:3a:cf:a3:d8:0d:3f:
         3a:ae:cc:87:ee:83:00:ae:61:e7:5c:b6:cb:2f:50:e6:a2:77:
         72:47:31:ca:a8:15:8c:b3:03:4f:5b:e8:c0:db:7b:b5:bd:71:
         ef:c1:f6:70:1d:38:d3:30:e7:f9:84:7c:77:90:bf:2b:7d:ac:
         7c:dd:1a:5a:86:a6:08:6a:74:de:91:fe:44:8a:6f:20:23:61:
         8e:f0:a0:4d:3e:7e:2b:9b:78:85:dd:90:02:82:81:bc:96:35:
         d8:29:2f:5d:76:42:06:e8:bd:cf:3f:f9:95:89:85:63:81:02:
         06:88:35:2e:1e:2b:cc:66:2d:0c:5c:c5:b7:ff:34:71:16:fe:
         8b:ba:3a:d4:65:2d:09:b4:4f:ec:b3:cf:77:1d:11:6a:6e:75:
         0c:05:d5:dd:41:f9:a6:7f:31:83:68:75:65:47:83:e9:d2:a6:
         e9:fc:39:d1:3f:26:dc:9b:ad:ba:3b:ef:92:04:76:8a:4f:dd:
         88:8c:6f:e8:46:06:ef:f6:a4:dd:8f:ef:4f:f3:16:61:79:23:
         81:e7:d0:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKqqsO9ZNlf3SDsTKZ6i2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxOTY1NWI1OWE4NjRjYWQ3M2NjMjk1ZjRmNzhmZjgzY2Fl
ODZhYWMwHhcNMjQwMTAyMTIzNDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzExOGVjMTZjNzRiNzJmYmEzYTk2YzJhZjA2ODIzMDlkMjVlZTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAymyY+05UjOjgprn9ylY62mLNZSc5
px5l+OkP0gNF+JQQbVKctr11H7rEed7C2q+SDZ/9beUMHzXjVoSGOaXXNJOnEaTd
z1LGKPx1clT5V5Ws2vcfQeQNfPS3GgbtKe56wf3r0+JwV9JkiMcbdXSUBiiT2hyG
H1A1M9yWIIrg0jfQlRVqazVFnU2hEF77LkXPaBqnPmof+IpSsNil9R+rHKvQDZSu
I7J5KjAshDCbDWVFlhRI6tHbZ/mbr3WfM6J+MXJogXzMXdgg/R6ow4pHwmPNbpj+
MEHMxhPJt84kQbwjVC8nbcJhlsiZ43V9nG35+Z0vyqFnOJWqj0k+95h9uwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOMRjsFsdLcvujqWwq8GgjCdJe6dMB8GA1UdIwQY
MBaAFPGWVbWahkytc8wpX094/4PK6GqsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFpaVnRacUdUSzF6ekNsZlQzal9nOHJvYXF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi8yYmQxZGMtYWRlMS00NmM5LWI5YzAt
MzM5ZWU3MDBhZjZmLzEvNHhHT3dXeDB0eS02T3BiQ3J3YUNNSjBsN3AwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi8yYmQxZGMtYWRlMS00NmM5LWI5YzAtMzM5ZWU3MDBhZjZm
LzEvOFpaVnRacUdUSzF6ekNsZlQzal9nOHJvYXF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXn0cMA0G
CSqGSIb3DQEBCwUAA4IBAQAhxPihnhS7oIT4xFtnsoDqv/kf9qYRgU8aY2GnKJbF
bKn+R9EENSXq7mxYOoXrrzg6z6PYDT86rsyH7oMArmHnXLbLL1DmondyRzHKqBWM
swNPW+jA23u1vXHvwfZwHTjTMOf5hHx3kL8rfax83RpahqYIanTekf5Eim8gI2GO
8KBNPn4rm3iF3ZACgoG8ljXYKS9ddkIG6L3PP/mViYVjgQIGiDUuHivMZi0MXMW3
/zRxFv6LujrUZS0JtE/ss893HRFqbnUMBdXdQfmmfzGDaHVlR4Pp0qbp/DnRPybc
m626O++SBHaKT92IjG/oRgbv9qTdj+9P8xZheSOB59Cy
-----END CERTIFICATE-----