Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/75ba72-d7b2-4283-9f0b-e3e5fa36bb2f/1/tsNEFRQgZPunwTDObavmJuIICbI.roa
File:                     tsNEFRQgZPunwTDObavmJuIICbI.roa (raw, json)
Hash identifier:          vXxbtNe3D00D0NbWJGSCfrr6mOviMzzoSenT000qr/s=
Subject key identifier:   B6:C3:44:15:14:20:64:FB:A7:C1:30:CE:6D:AB:E6:26:E2:08:09:B2
Certificate issuer:       /CN=52302a45d0568486051a7ec466f03108c320b4c4
Certificate serial:       018CC2DB263C46DE7B7D421F1E683F354FCD
Authority key identifier: 52:30:2A:45:D0:56:84:86:05:1A:7E:C4:66:F0:31:08:C3:20:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UjAqRdBWhIYFGn7EZvAxCMMgtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/75ba72-d7b2-4283-9f0b-e3e5fa36bb2f/1/tsNEFRQgZPunwTDObavmJuIICbI.roa
Signing time:             Mon 01 Jan 2024 02:29:51 +0000
ROA not before:           Mon 01 Jan 2024 02:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        94.124.112.0/24 maxlen: 24
                          2a0c:b280::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/75ba72-d7b2-4283-9f0b-e3e5fa36bb2f/1/UjAqRdBWhIYFGn7EZvAxCMMgtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/75ba72-d7b2-4283-9f0b-e3e5fa36bb2f/1/UjAqRdBWhIYFGn7EZvAxCMMgtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UjAqRdBWhIYFGn7EZvAxCMMgtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:26:3c:46:de:7b:7d:42:1f:1e:68:3f:35:4f:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52302a45d0568486051a7ec466f03108c320b4c4
        Validity
            Not Before: Jan  1 02:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6c34415142064fba7c130ce6dabe626e20809b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:9f:68:22:0c:16:0a:56:ba:97:16:ef:a5:61:
                    ac:42:21:14:71:e4:08:d2:cb:c7:a9:53:d0:ae:94:
                    5a:30:a4:eb:28:65:04:fa:8d:7d:2e:77:13:af:ba:
                    90:d9:40:f5:4f:1f:55:63:56:55:ac:dc:53:8f:3a:
                    40:11:64:7e:4f:5c:d4:c8:5e:b4:16:59:4a:ba:5c:
                    3c:4f:76:4c:80:64:ac:fa:2c:cf:cb:5c:bc:00:88:
                    d5:3f:b2:91:f4:db:ae:dc:1c:c0:6c:2d:3f:57:66:
                    b1:c4:fc:f3:59:53:52:fb:32:c5:a6:94:de:0f:f7:
                    a9:40:6c:5a:e4:b0:52:da:e7:38:dd:01:15:6c:68:
                    7c:6e:45:16:0b:ae:06:42:10:5e:7a:f3:93:c5:4d:
                    58:20:9f:9f:2c:a4:cb:f1:87:ab:c0:19:b9:d0:0b:
                    22:b4:d2:15:6f:68:19:dd:c9:b4:84:a9:59:d4:7f:
                    4c:85:20:52:6a:fb:2b:ad:cd:87:08:43:b7:b8:4a:
                    02:f7:b3:f7:00:8c:bb:d8:54:5f:56:4e:8a:cf:64:
                    a8:72:28:11:81:7a:a6:89:56:7d:e8:06:c3:c3:59:
                    6d:98:29:76:9d:9b:68:e9:15:82:e0:9c:9b:a3:03:
                    d9:9a:48:be:b7:cf:96:de:cc:fd:36:7d:90:6c:ec:
                    74:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:C3:44:15:14:20:64:FB:A7:C1:30:CE:6D:AB:E6:26:E2:08:09:B2
            X509v3 Authority Key Identifier:
                keyid:52:30:2A:45:D0:56:84:86:05:1A:7E:C4:66:F0:31:08:C3:20:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UjAqRdBWhIYFGn7EZvAxCMMgtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/75ba72-d7b2-4283-9f0b-e3e5fa36bb2f/1/tsNEFRQgZPunwTDObavmJuIICbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/75ba72-d7b2-4283-9f0b-e3e5fa36bb2f/1/UjAqRdBWhIYFGn7EZvAxCMMgtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.124.112.0/24
                IPv6:
                  2a0c:b280::/48

    Signature Algorithm: sha256WithRSAEncryption
         13:52:69:72:7a:74:22:87:80:e2:5d:61:d1:38:e6:64:ff:7e:
         b3:2e:f0:06:e8:6e:39:a8:b1:e9:82:87:06:7e:0d:99:c3:78:
         f9:d4:f3:c8:59:bc:79:05:6f:89:ba:92:8e:7b:8e:c9:bc:97:
         49:b0:7e:68:68:c5:71:ad:b4:ca:98:35:0e:04:98:6f:aa:df:
         68:6f:6a:30:a1:dd:ce:d3:41:52:2f:2f:c0:41:da:e4:80:f2:
         a8:36:5e:98:83:b6:66:b9:82:b6:6b:be:ea:c4:9c:6a:62:54:
         7e:5d:3a:11:11:c5:f7:92:3f:5c:01:f5:87:de:25:67:c0:db:
         61:88:ca:04:17:c8:88:bb:26:f0:f0:ad:e1:af:3a:7f:73:48:
         27:6c:4d:7f:eb:37:56:42:c7:8b:3f:f1:61:98:e4:9f:19:dc:
         89:75:f3:20:58:1a:ce:b0:5b:c1:11:46:87:c8:0a:66:2d:79:
         9c:ab:b2:7e:56:98:e6:79:f6:02:61:50:bf:11:22:93:4a:33:
         6f:4a:2b:20:fd:ea:ae:1a:a2:04:5d:93:50:82:8f:7a:d2:b7:
         6a:c6:44:b4:02:72:c2:a6:c9:6f:76:df:37:6f:67:1c:8c:2e:
         35:ef:8f:a7:30:32:e4:b2:76:13:b7:ae:1e:91:20:c1:11:7d:
         c3:d5:d9:2f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzC2yY8Rt57fUIfHmg/NU/NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMzAyYTQ1ZDA1Njg0ODYwNTFhN2VjNDY2ZjAzMTA4YzMy
MGI0YzQwHhcNMjQwMTAxMDIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmMzNDQxNTE0MjA2NGZiYTdjMTMwY2U2ZGFiZTYyNmUyMDgwOWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjp9oIgwWCla6lxbvpWGsQiEUceQI
0svHqVPQrpRaMKTrKGUE+o19LncTr7qQ2UD1Tx9VY1ZVrNxTjzpAEWR+T1zUyF60
FllKulw8T3ZMgGSs+izPy1y8AIjVP7KR9Nuu3BzAbC0/V2axxPzzWVNS+zLFppTe
D/epQGxa5LBS2uc43QEVbGh8bkUWC64GQhBeevOTxU1YIJ+fLKTL8YerwBm50Asi
tNIVb2gZ3cm0hKlZ1H9MhSBSavsrrc2HCEO3uEoC97P3AIy72FRfVk6Kz2SocigR
gXqmiVZ96AbDw1ltmCl2nZto6RWC4JybowPZmki+t8+W3sz9Nn2QbOx0OwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLbDRBUUIGT7p8Ewzm2r5ibiCAmyMB8GA1UdIwQY
MBaAFFIwKkXQVoSGBRp+xGbwMQjDILTEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWpBcVJkQldoSVlGR243RVp2QXhDTU1ndE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS83NWJhNzItZDdiMi00MjgzLTlmMGIt
ZTNlNWZhMzZiYjJmLzEvdHNORUZSUWdaUHVud1RET2Jhdm1KdUlJQ2JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS83NWJhNzItZDdiMi00MjgzLTlmMGItZTNlNWZhMzZiYjJm
LzEvVWpBcVJkQldoSVlGR243RVp2QXhDTU1ndE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAXnxwMA8E
AgACMAkDBwAqDLKAAAAwDQYJKoZIhvcNAQELBQADggEBABNSaXJ6dCKHgOJdYdE4
5mT/frMu8AbobjmosemChwZ+DZnDePnU88hZvHkFb4m6ko57jsm8l0mwfmhoxXGt
tMqYNQ4EmG+q32hvajCh3c7TQVIvL8BB2uSA8qg2XpiDtma5grZrvurEnGpiVH5d
OhERxfeSP1wB9YfeJWfA22GIygQXyIi7JvDwreGvOn9zSCdsTX/rN1ZCx4s/8WGY
5J8Z3Il18yBYGs6wW8ERRofICmYteZyrsn5WmOZ59gJhUL8RIpNKM29KKyD96q4a
ogRdk1CCj3rSt2rGRLQCcsKmyW923zdvZxyMLjXvj6cwMuSydhO3rh6RIMERfcPV
2S8=
-----END CERTIFICATE-----