Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/xD7ctAC0rhDAt8u6VEI6tBu3QIo.roa
File:                     xD7ctAC0rhDAt8u6VEI6tBu3QIo.roa (raw, json)
Hash identifier:          HgGsdD+D9NXK4qNVJoWdXaQbjhwp/FT4Fo08OF9cHzw=
Subject key identifier:   C4:3E:DC:B4:00:B4:AE:10:C0:B7:CB:BA:54:42:3A:B4:1B:B7:40:8A
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       018F8AFF67061E9F6F1EA3FD6A0A20114B72
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/xD7ctAC0rhDAt8u6VEI6tBu3QIo.roa
Signing time:             Sat 18 May 2024 09:19:04 +0000
ROA not before:           Sat 18 May 2024 09:19:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     46450
IP address blocks:        94.154.183.0/24 maxlen: 24
                          162.218.95.0/24 maxlen: 24
                          2a07:c6c0:9::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:8a:ff:67:06:1e:9f:6f:1e:a3:fd:6a:0a:20:11:4b:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: May 18 09:19:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c43edcb400b4ae10c0b7cbba54423ab41bb7408a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:11:d2:73:b8:8b:50:eb:78:17:35:5b:bf:cb:
                    06:ca:fd:4b:d7:9d:49:c1:11:00:d2:64:28:ca:f9:
                    2b:db:75:b7:c2:26:e6:15:e7:99:bc:20:5a:1c:a6:
                    ac:b4:ae:51:be:54:60:12:27:64:2d:02:11:cd:42:
                    da:11:4a:72:49:51:ce:83:8d:a3:50:73:17:fd:0b:
                    29:4f:5d:cd:97:26:fc:f1:eb:29:77:1e:9f:48:4a:
                    b3:1b:55:23:de:09:4c:e7:1a:b7:8b:99:de:ed:70:
                    be:ee:0a:8a:e9:ab:c4:e1:07:d7:d0:19:6b:6d:f1:
                    0d:20:90:26:6a:45:fe:ad:ef:f4:b9:fe:b2:84:6f:
                    ef:42:a5:69:6a:4c:54:a4:b8:e9:cf:89:66:15:0e:
                    ff:60:13:81:09:d4:52:35:b5:33:95:a1:4c:87:1b:
                    6c:21:73:33:52:bb:77:7b:55:f7:00:e0:b9:3b:22:
                    e2:41:88:f7:26:56:58:dd:98:41:09:7b:05:53:97:
                    35:bf:c8:34:68:93:7a:c9:48:18:7d:c7:9e:7e:a5:
                    de:bc:e8:14:ae:b5:8f:f6:c3:49:f2:e2:02:89:ca:
                    cd:aa:32:c4:7d:2a:e5:30:ad:8b:70:62:d4:21:05:
                    7f:d8:f9:a9:af:de:64:c7:49:ae:06:82:ee:00:c3:
                    36:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:3E:DC:B4:00:B4:AE:10:C0:B7:CB:BA:54:42:3A:B4:1B:B7:40:8A
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/xD7ctAC0rhDAt8u6VEI6tBu3QIo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.183.0/24
                  162.218.95.0/24
                IPv6:
                  2a07:c6c0:9::/48

    Signature Algorithm: sha256WithRSAEncryption
         14:64:3e:e8:60:66:b5:3d:cf:d0:b9:fe:ec:0e:c3:f0:2d:7e:
         d2:32:d8:b5:18:13:42:0d:97:15:04:ed:84:5d:79:d6:5a:d8:
         6e:79:06:41:77:c8:ed:6c:5b:fc:54:80:f5:00:37:28:4e:85:
         77:a6:00:b3:75:ce:b6:e5:bd:b4:52:ab:5b:68:da:09:80:fd:
         15:d8:27:a6:f9:27:06:9d:de:8a:f1:89:74:90:fb:64:7e:ab:
         ef:1f:0c:53:bd:a8:e8:f3:59:29:e1:ea:d2:30:1f:2a:b1:7a:
         ac:ad:d5:13:5b:f8:ec:b3:f6:32:1a:43:f7:8f:38:61:8d:3b:
         08:49:8a:8c:73:2c:cd:e1:1e:e3:07:ec:43:d7:46:f4:51:5c:
         d2:85:d1:c9:e8:86:3e:29:90:70:9e:eb:6d:b3:58:35:06:9f:
         d8:8c:44:c8:16:d5:58:cb:6d:9b:46:f9:60:b7:29:b7:c2:ac:
         62:b5:92:63:32:0a:44:c6:5c:aa:cd:1c:ed:20:ba:31:f8:1e:
         b0:51:e8:0d:3d:27:20:da:ee:8b:72:e8:31:b2:80:ad:ba:89:
         1c:79:f2:4a:fe:53:12:38:e7:7b:ed:a3:5d:f3:0c:07:1b:30:
         33:51:b2:a2:c4:43:58:51:b0:c3:7e:e9:db:39:57:3b:ed:92:
         39:d6:ba:61
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAY+K/2cGHp9vHqP9agogEUtyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjQwNTE4MDkxOTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDNlZGNiNDAwYjRhZTEwYzBiN2NiYmE1NDQyM2FiNDFiYjc0MDhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhHSc7iLUOt4FzVbv8sGyv1L151J
wREA0mQoyvkr23W3wibmFeeZvCBaHKastK5RvlRgEidkLQIRzULaEUpySVHOg42j
UHMX/QspT13Nlyb88espdx6fSEqzG1Uj3glM5xq3i5ne7XC+7gqK6avE4QfX0Blr
bfENIJAmakX+re/0uf6yhG/vQqVpakxUpLjpz4lmFQ7/YBOBCdRSNbUzlaFMhxts
IXMzUrt3e1X3AOC5OyLiQYj3JlZY3ZhBCXsFU5c1v8g0aJN6yUgYfceefqXevOgU
rrWP9sNJ8uICicrNqjLEfSrlMK2LcGLUIQV/2Pmpr95kx0muBoLuAMM2PQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFMQ+3LQAtK4QwLfLulRCOrQbt0CKMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEveEQ3Y3RBQzByaERBdDh1NlZFSTZ0QnUzUUlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAXpq3AwQA
otpfMA8EAgACMAkDBwAqB8bAAAkwDQYJKoZIhvcNAQELBQADggEBABRkPuhgZrU9
z9C5/uwOw/AtftIy2LUYE0INlxUE7YRdedZa2G55BkF3yO1sW/xUgPUANyhOhXem
ALN1zrblvbRSq1to2gmA/RXYJ6b5Jwad3orxiXSQ+2R+q+8fDFO9qOjzWSnh6tIw
Hyqxeqyt1RNb+Oyz9jIaQ/ePOGGNOwhJioxzLM3hHuMH7EPXRvRRXNKF0cnohj4p
kHCe622zWDUGn9iMRMgW1VjLbZtG+WC3KbfCrGK1kmMyCkTGXKrNHO0gujH4HrBR
6A09JyDa7oty6DGygK26iRx58kr+UxI453vto13zDAcbMDNRsqLEQ1hRsMN+6ds5
VzvtkjnWumE=
-----END CERTIFICATE-----