Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/94a062-8510-44d5-9e4b-c32a9a085ae0/1/q6YwftgUAvWJn9Q5GVwpYJtLidc.roa
File:                     q6YwftgUAvWJn9Q5GVwpYJtLidc.roa (raw, json)
Hash identifier:          aHBcM4HUFOI4DEpV8lYOjLB7DMOOMiAqlkmJj21edaU=
Subject key identifier:   AB:A6:30:7E:D8:14:02:F5:89:9F:D4:39:19:5C:29:60:9B:4B:89:D7
Certificate issuer:       /CN=bf1d5974b4e599ca72dcc4dac066d7714202efc9
Certificate serial:       018CC4937C01AEDBA980715149BCBD343856
Authority key identifier: BF:1D:59:74:B4:E5:99:CA:72:DC:C4:DA:C0:66:D7:71:42:02:EF:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vx1ZdLTlmcpy3MTawGbXcUIC78k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/94a062-8510-44d5-9e4b-c32a9a085ae0/1/q6YwftgUAvWJn9Q5GVwpYJtLidc.roa
Signing time:             Mon 01 Jan 2024 10:30:48 +0000
ROA not before:           Mon 01 Jan 2024 10:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12843
IP address blocks:        194.180.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/94a062-8510-44d5-9e4b-c32a9a085ae0/1/vx1ZdLTlmcpy3MTawGbXcUIC78k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/94a062-8510-44d5-9e4b-c32a9a085ae0/1/vx1ZdLTlmcpy3MTawGbXcUIC78k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vx1ZdLTlmcpy3MTawGbXcUIC78k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:7c:01:ae:db:a9:80:71:51:49:bc:bd:34:38:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf1d5974b4e599ca72dcc4dac066d7714202efc9
        Validity
            Not Before: Jan  1 10:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aba6307ed81402f5899fd439195c29609b4b89d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:ff:ec:c2:f6:62:b0:fd:0e:46:d6:94:bb:2f:
                    db:b6:6c:c1:d9:d5:73:a3:a4:d7:a5:e5:de:8c:6b:
                    a7:26:4c:00:9c:b9:e4:b9:ec:85:14:45:38:5f:63:
                    b8:47:d4:b8:a7:66:78:79:5e:92:4b:3d:bd:03:de:
                    fe:1b:bb:cb:89:17:e1:90:1f:dc:82:01:df:10:ec:
                    11:b1:b1:21:9b:5e:54:41:15:b0:e9:34:c0:aa:82:
                    77:5f:20:99:34:fa:7d:c5:82:7d:7b:7f:4a:f0:38:
                    17:b0:cd:46:38:9c:bd:65:fb:7d:ea:dc:5d:3e:04:
                    12:b1:ce:0f:3d:27:6b:69:66:12:07:c5:48:5f:95:
                    c6:f1:d2:9d:4e:7d:b5:25:57:46:c7:6e:aa:45:b1:
                    8b:d9:c3:6f:e4:9a:37:59:b4:da:15:af:77:ea:22:
                    13:b7:2e:6f:64:8f:e6:29:96:d1:15:fd:04:22:6b:
                    82:27:01:25:78:09:41:38:da:4f:1f:e9:bd:7f:6c:
                    15:7e:9c:a1:ca:9e:47:bb:9d:11:e9:1e:b9:0a:64:
                    ca:d6:84:b3:b9:a9:b4:5d:67:fe:2a:a0:fe:75:76:
                    cc:ac:9f:ae:b5:64:99:fb:c9:d9:4d:29:81:ba:7e:
                    c9:98:8b:7f:79:ce:ae:47:ce:d4:7c:72:96:9d:e1:
                    a4:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:A6:30:7E:D8:14:02:F5:89:9F:D4:39:19:5C:29:60:9B:4B:89:D7
            X509v3 Authority Key Identifier:
                keyid:BF:1D:59:74:B4:E5:99:CA:72:DC:C4:DA:C0:66:D7:71:42:02:EF:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vx1ZdLTlmcpy3MTawGbXcUIC78k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/94a062-8510-44d5-9e4b-c32a9a085ae0/1/q6YwftgUAvWJn9Q5GVwpYJtLidc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/94a062-8510-44d5-9e4b-c32a9a085ae0/1/vx1ZdLTlmcpy3MTawGbXcUIC78k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.180.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:a4:3b:f7:29:6b:5e:40:64:ed:3c:6e:f7:68:ad:b4:45:8a:
         a3:e8:fe:2e:b8:2f:99:70:f3:41:a6:75:84:5b:d0:cc:49:9d:
         66:09:19:ed:fd:8b:fd:89:6c:be:26:5d:0e:3c:e0:27:1d:b8:
         fa:71:70:8f:ad:86:6c:e4:2d:66:7f:85:5e:0a:a7:44:ac:21:
         08:a1:85:48:a5:ab:9d:6a:ee:57:75:ca:57:5c:c8:1b:b3:04:
         62:e1:cc:dd:cf:50:4a:a0:d4:99:e9:09:50:06:d0:a6:40:c0:
         85:8c:db:23:6b:12:01:a0:e9:6c:d6:2e:22:36:65:6d:61:80:
         98:d1:cd:a0:92:53:47:98:fc:9b:7c:d7:32:24:1a:0d:e8:37:
         07:13:1c:dd:dd:71:3f:0b:70:63:91:b8:24:45:d9:49:d2:76:
         2c:7f:4e:e9:57:86:cc:85:c0:a1:85:7c:9f:1b:55:3e:a1:ab:
         bb:e3:38:3d:d0:6e:ef:35:10:dc:8f:2d:79:5a:01:e9:34:44:
         88:81:d6:1e:1c:af:84:77:22:b3:50:6f:70:9a:6d:76:67:bd:
         01:da:2d:8f:cb:bd:de:f3:c2:64:ce:4b:aa:23:8f:2f:a0:50:
         0e:85:32:67:38:cb:4c:a8:91:bc:22:ff:f3:2c:32:26:59:77:
         aa:d7:05:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk3wBrtupgHFRSby9NDhWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmMWQ1OTc0YjRlNTk5Y2E3MmRjYzRkYWMwNjZkNzcxNDIw
MmVmYzkwHhcNMjQwMTAxMTAzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmE2MzA3ZWQ4MTQwMmY1ODk5ZmQ0MzkxOTVjMjk2MDliNGI4OWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkv/swvZisP0ORtaUuy/btmzB2dVz
o6TXpeXejGunJkwAnLnkueyFFEU4X2O4R9S4p2Z4eV6SSz29A97+G7vLiRfhkB/c
ggHfEOwRsbEhm15UQRWw6TTAqoJ3XyCZNPp9xYJ9e39K8DgXsM1GOJy9Zft96txd
PgQSsc4PPSdraWYSB8VIX5XG8dKdTn21JVdGx26qRbGL2cNv5Jo3WbTaFa936iIT
ty5vZI/mKZbRFf0EImuCJwEleAlBONpPH+m9f2wVfpyhyp5Hu50R6R65CmTK1oSz
uam0XWf+KqD+dXbMrJ+utWSZ+8nZTSmBun7JmIt/ec6uR87UfHKWneGkdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKumMH7YFAL1iZ/UORlcKWCbS4nXMB8GA1UdIwQY
MBaAFL8dWXS05ZnKctzE2sBm13FCAu/JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdngxWmRMVGxtY3B5M01UYXdHYlhjVUlDNzhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi85NGEwNjItODUxMC00NGQ1LTllNGIt
YzMyYTlhMDg1YWUwLzEvcTZZd2Z0Z1VBdldKbjlRNUdWd3BZSnRMaWRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi85NGEwNjItODUxMC00NGQ1LTllNGItYzMyYTlhMDg1YWUw
LzEvdngxWmRMVGxtY3B5M01UYXdHYlhjVUlDNzhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwrTMMA0G
CSqGSIb3DQEBCwUAA4IBAQA8pDv3KWteQGTtPG73aK20RYqj6P4uuC+ZcPNBpnWE
W9DMSZ1mCRnt/Yv9iWy+Jl0OPOAnHbj6cXCPrYZs5C1mf4VeCqdErCEIoYVIpaud
au5XdcpXXMgbswRi4czdz1BKoNSZ6QlQBtCmQMCFjNsjaxIBoOls1i4iNmVtYYCY
0c2gklNHmPybfNcyJBoN6DcHExzd3XE/C3BjkbgkRdlJ0nYsf07pV4bMhcChhXyf
G1U+oau74zg90G7vNRDcjy15WgHpNESIgdYeHK+EdyKzUG9wmm12Z70B2i2Py73e
88JkzkuqI48voFAOhTJnOMtMqJG8Iv/zLDImWXeq1wWj
-----END CERTIFICATE-----