Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/75ba72-d7b2-4283-9f0b-e3e5fa36bb2f/1/pyQ1zyTWhnfqmGDdoAQ_kKQf_3I.roa
File:                     pyQ1zyTWhnfqmGDdoAQ_kKQf_3I.roa (raw, json)
Hash identifier:          xYNnHh9bMw+G9lyx1j3wkx0VhsMm/zO8/9EHp9gq6GM=
Subject key identifier:   A7:24:35:CF:24:D6:86:77:EA:98:60:DD:A0:04:3F:90:A4:1F:FF:72
Certificate issuer:       /CN=52302a45d0568486051a7ec466f03108c320b4c4
Certificate serial:       018CC2DB25D6B2B482D74A3647003A6D88BA
Authority key identifier: 52:30:2A:45:D0:56:84:86:05:1A:7E:C4:66:F0:31:08:C3:20:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UjAqRdBWhIYFGn7EZvAxCMMgtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/75ba72-d7b2-4283-9f0b-e3e5fa36bb2f/1/pyQ1zyTWhnfqmGDdoAQ_kKQf_3I.roa
Signing time:             Mon 01 Jan 2024 02:29:51 +0000
ROA not before:           Mon 01 Jan 2024 02:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        94.124.112.0/24 maxlen: 24
                          2a0c:b280::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/75ba72-d7b2-4283-9f0b-e3e5fa36bb2f/1/UjAqRdBWhIYFGn7EZvAxCMMgtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/75ba72-d7b2-4283-9f0b-e3e5fa36bb2f/1/UjAqRdBWhIYFGn7EZvAxCMMgtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UjAqRdBWhIYFGn7EZvAxCMMgtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:25:d6:b2:b4:82:d7:4a:36:47:00:3a:6d:88:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52302a45d0568486051a7ec466f03108c320b4c4
        Validity
            Not Before: Jan  1 02:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a72435cf24d68677ea9860dda0043f90a41fff72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:6a:81:c9:d3:77:17:64:3b:e7:6d:cf:37:cb:
                    8d:39:51:da:21:03:20:a0:cc:c0:09:4c:b8:59:f4:
                    9d:51:ee:95:ad:27:df:2f:8c:d8:b4:70:fe:04:6e:
                    da:c7:72:d2:43:a2:1c:9e:a5:8c:6a:12:d9:63:6d:
                    7d:58:00:94:cb:18:ed:01:c2:90:81:a5:da:05:26:
                    6c:86:cc:c9:f8:53:cb:3c:40:e4:3a:6f:a3:09:5f:
                    c7:03:a7:e3:a3:a1:15:a6:de:01:ff:59:00:f2:e7:
                    41:9d:52:90:0d:9c:1e:09:24:28:be:04:39:e8:b0:
                    1e:51:37:fc:d8:f0:e2:a6:35:24:48:c2:20:1c:1e:
                    d0:f3:c9:b0:06:6b:90:c3:ae:21:e1:b7:87:a1:e3:
                    21:ba:9b:d2:47:be:3b:23:26:22:1b:35:85:3b:41:
                    af:08:35:ab:f6:ba:ca:3f:41:19:40:d6:6e:09:4d:
                    05:5d:13:b8:ea:7f:61:9e:05:44:f8:ee:8a:1e:05:
                    a2:97:25:58:e3:8e:62:5d:c0:15:ab:0a:ee:f5:71:
                    e9:53:0a:d6:5c:ea:1a:f3:a3:1c:08:37:5e:a9:e9:
                    d8:f9:9c:a1:7e:91:67:cc:5d:07:bd:87:1f:c4:15:
                    70:d7:aa:7d:8e:f6:05:51:f6:91:e3:40:01:4b:95:
                    a3:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:24:35:CF:24:D6:86:77:EA:98:60:DD:A0:04:3F:90:A4:1F:FF:72
            X509v3 Authority Key Identifier:
                keyid:52:30:2A:45:D0:56:84:86:05:1A:7E:C4:66:F0:31:08:C3:20:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UjAqRdBWhIYFGn7EZvAxCMMgtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/75ba72-d7b2-4283-9f0b-e3e5fa36bb2f/1/pyQ1zyTWhnfqmGDdoAQ_kKQf_3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/75ba72-d7b2-4283-9f0b-e3e5fa36bb2f/1/UjAqRdBWhIYFGn7EZvAxCMMgtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.124.112.0/24
                IPv6:
                  2a0c:b280::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:74:1c:64:a8:c3:ad:1a:0d:e5:df:80:d0:2e:de:10:ae:08:
         f5:43:d8:af:04:0a:3b:de:8a:0e:c9:66:bc:3c:ab:77:03:d5:
         b7:da:b0:c0:b2:2a:a3:e0:3d:88:16:72:a9:d6:6e:12:c5:cd:
         c6:ca:c9:13:f4:cf:4d:73:bc:72:f9:c1:77:f9:73:73:ff:1f:
         84:be:9b:9d:1b:c3:37:7e:ac:d3:35:69:fe:e1:27:d1:ba:71:
         7d:6e:7f:73:8b:39:a9:5a:a9:64:bd:75:67:a8:c7:5d:05:21:
         44:b1:dc:20:9c:6e:0b:36:22:24:9b:a5:e3:06:51:fc:4c:68:
         99:ed:5c:2e:e1:b4:ea:78:99:80:81:f6:88:60:de:64:c1:5a:
         d7:3e:e1:19:5a:61:28:47:b7:e3:43:ea:ad:67:0c:59:0d:67:
         17:4c:bb:c5:87:5d:f6:bc:8a:a7:4d:97:f7:b9:72:d1:3b:e2:
         9a:be:43:6e:4d:5b:7a:d0:9c:28:ab:64:39:39:22:cf:91:df:
         4c:88:e3:e5:90:50:71:61:aa:c7:7d:0e:75:21:f1:75:2f:8d:
         73:63:41:d1:c2:1d:d4:29:00:27:df:de:a9:d1:4a:32:0d:53:
         eb:32:f4:06:e7:88:07:11:8f:19:56:65:f7:54:3a:9b:49:33:
         b0:56:bd:88
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzC2yXWsrSC10o2RwA6bYi6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMzAyYTQ1ZDA1Njg0ODYwNTFhN2VjNDY2ZjAzMTA4YzMy
MGI0YzQwHhcNMjQwMTAxMDIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzI0MzVjZjI0ZDY4Njc3ZWE5ODYwZGRhMDA0M2Y5MGE0MWZmZjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkWqBydN3F2Q7523PN8uNOVHaIQMg
oMzACUy4WfSdUe6VrSffL4zYtHD+BG7ax3LSQ6IcnqWMahLZY219WACUyxjtAcKQ
gaXaBSZshszJ+FPLPEDkOm+jCV/HA6fjo6EVpt4B/1kA8udBnVKQDZweCSQovgQ5
6LAeUTf82PDipjUkSMIgHB7Q88mwBmuQw64h4beHoeMhupvSR747IyYiGzWFO0Gv
CDWr9rrKP0EZQNZuCU0FXRO46n9hngVE+O6KHgWilyVY445iXcAVqwru9XHpUwrW
XOoa86McCDdeqenY+ZyhfpFnzF0HvYcfxBVw16p9jvYFUfaR40ABS5Wj8QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKckNc8k1oZ36phg3aAEP5CkH/9yMB8GA1UdIwQY
MBaAFFIwKkXQVoSGBRp+xGbwMQjDILTEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWpBcVJkQldoSVlGR243RVp2QXhDTU1ndE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS83NWJhNzItZDdiMi00MjgzLTlmMGIt
ZTNlNWZhMzZiYjJmLzEvcHlRMXp5VFdobmZxbUdEZG9BUV9rS1FmXzNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS83NWJhNzItZDdiMi00MjgzLTlmMGItZTNlNWZhMzZiYjJm
LzEvVWpBcVJkQldoSVlGR243RVp2QXhDTU1ndE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAXnxwMA8E
AgACMAkDBwAqDLKAAAAwDQYJKoZIhvcNAQELBQADggEBAGp0HGSow60aDeXfgNAu
3hCuCPVD2K8ECjveig7JZrw8q3cD1bfasMCyKqPgPYgWcqnWbhLFzcbKyRP0z01z
vHL5wXf5c3P/H4S+m50bwzd+rNM1af7hJ9G6cX1uf3OLOalaqWS9dWeox10FIUSx
3CCcbgs2IiSbpeMGUfxMaJntXC7htOp4mYCB9ohg3mTBWtc+4RlaYShHt+ND6q1n
DFkNZxdMu8WHXfa8iqdNl/e5ctE74pq+Q25NW3rQnCirZDk5Is+R30yI4+WQUHFh
qsd9DnUh8XUvjXNjQdHCHdQpACff3qnRSjINU+sy9AbniAcRjxlWZfdUOptJM7BW
vYg=
-----END CERTIFICATE-----