Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/fEkTt7B2Z94_GsoZ48IB1ZQKD7Q.roa
File:                     fEkTt7B2Z94_GsoZ48IB1ZQKD7Q.roa (raw, json)
Hash identifier:          95elQxDB6dkna/tlq5eDmncNxeDUfkQLmKBHXiD/AeU=
Subject key identifier:   7C:49:13:B7:B0:76:67:DE:3F:1A:CA:19:E3:C2:01:D5:94:0A:0F:B4
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       018EA9842776317984050960E365FDB79A0C
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/fEkTt7B2Z94_GsoZ48IB1ZQKD7Q.roa
Signing time:             Thu 04 Apr 2024 14:29:54 +0000
ROA not before:           Thu 04 Apr 2024 14:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215163
IP address blocks:        94.247.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Apr 2024 06:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a9:84:27:76:31:79:84:05:09:60:e3:65:fd:b7:9a:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Apr  4 14:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c4913b7b07667de3f1aca19e3c201d5940a0fb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:88:77:d3:0d:09:72:b2:9f:93:0c:8f:10:08:
                    bb:90:80:b8:b8:e6:be:4f:dd:4c:a3:90:18:bf:96:
                    4b:7d:d5:5c:61:84:cc:6d:cb:ee:8e:e8:f1:17:f3:
                    a0:f6:0d:b7:06:76:5b:7a:46:bf:04:02:f3:c6:46:
                    63:ea:a3:73:4b:cc:ff:24:c3:1b:d9:a4:41:50:fa:
                    77:d8:0c:db:9d:81:97:7e:e8:c3:53:30:c6:5c:da:
                    0b:5d:62:55:ab:20:28:62:f0:25:96:ef:b7:a9:49:
                    cc:73:ed:98:3d:76:83:1b:be:64:f8:ff:58:e8:49:
                    2f:e4:31:a9:a9:aa:bd:63:97:55:ed:7d:a0:27:ee:
                    13:32:45:24:b0:df:9d:84:19:05:be:3d:ef:65:69:
                    eb:1e:97:c0:4e:2e:a7:70:68:a6:3c:4c:0a:c6:f0:
                    7b:a0:7f:5c:a2:9f:81:1b:e4:4c:97:26:c6:1a:b2:
                    f1:3f:e4:6c:6a:f2:93:6a:23:38:66:8d:7a:1e:d9:
                    2c:69:2c:96:08:d9:4a:8a:08:4e:b7:9a:e1:89:db:
                    32:97:2b:20:28:38:ee:5c:4d:99:25:d6:22:c4:38:
                    b8:61:17:7f:ef:ac:ef:49:e3:c2:69:35:55:22:42:
                    52:5f:2e:d1:50:6e:5e:6c:d3:8c:79:f1:67:0a:7e:
                    37:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:49:13:B7:B0:76:67:DE:3F:1A:CA:19:E3:C2:01:D5:94:0A:0F:B4
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/fEkTt7B2Z94_GsoZ48IB1ZQKD7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.247.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:ec:4d:da:be:65:15:38:3a:60:48:ea:10:c3:9d:22:3b:17:
         50:24:b9:3e:f6:72:a9:70:0d:95:2d:30:34:42:6c:7b:13:f9:
         89:7f:b5:dd:47:59:28:e6:35:de:a4:02:04:c7:2a:35:b7:f7:
         ed:e0:0e:a2:f3:0f:0e:80:de:96:19:03:ea:81:0e:15:ee:39:
         62:7d:c1:97:e6:4e:f6:be:28:50:0a:c9:a6:6a:fc:ac:d4:90:
         2b:e6:af:34:8b:d7:61:a6:e2:60:06:a8:2c:ae:f7:c0:a9:d5:
         62:6f:bd:46:e1:ce:3e:76:94:76:be:9a:5c:43:10:53:8d:2f:
         06:07:5f:4a:34:39:58:77:a6:b8:ae:db:a2:7d:36:6f:83:f8:
         f6:e6:0d:14:30:d1:1f:a7:11:c7:e2:67:46:7f:d0:fb:fd:df:
         d2:9f:fb:f7:31:14:ea:33:b6:4a:48:b7:c0:41:e9:4a:82:9a:
         f4:d2:89:39:f3:14:be:06:1b:4a:06:4a:c8:7b:6d:3a:e0:c4:
         65:da:c7:c2:7e:66:07:53:c2:d7:54:ff:37:88:cb:c5:06:a2:
         74:e6:07:42:a7:02:f4:dd:28:4a:be:1a:6a:2b:fb:c3:f1:6f:
         4f:0c:af:56:92:11:7b:48:ee:e1:00:56:e2:f9:5a:32:67:b0:
         a3:32:55:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6phCd2MXmEBQlg42X9t5oMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjQwNDA0MTQyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzQ5MTNiN2IwNzY2N2RlM2YxYWNhMTllM2MyMDFkNTk0MGEwZmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg4h30w0JcrKfkwyPEAi7kIC4uOa+
T91Mo5AYv5ZLfdVcYYTMbcvujujxF/Og9g23BnZbeka/BALzxkZj6qNzS8z/JMMb
2aRBUPp32AzbnYGXfujDUzDGXNoLXWJVqyAoYvAllu+3qUnMc+2YPXaDG75k+P9Y
6Ekv5DGpqaq9Y5dV7X2gJ+4TMkUksN+dhBkFvj3vZWnrHpfATi6ncGimPEwKxvB7
oH9cop+BG+RMlybGGrLxP+RsavKTaiM4Zo16HtksaSyWCNlKighOt5rhidsylysg
KDjuXE2ZJdYixDi4YRd/76zvSePCaTVVIkJSXy7RUG5ebNOMefFnCn43lQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHxJE7ewdmfePxrKGePCAdWUCg+0MB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvZkVrVHQ3QjJaOTRfR3NvWjQ4SUIxWlFLRDdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXvcrMA0G
CSqGSIb3DQEBCwUAA4IBAQBI7E3avmUVODpgSOoQw50iOxdQJLk+9nKpcA2VLTA0
Qmx7E/mJf7XdR1ko5jXepAIExyo1t/ft4A6i8w8OgN6WGQPqgQ4V7jlifcGX5k72
vihQCsmmavys1JAr5q80i9dhpuJgBqgsrvfAqdVib71G4c4+dpR2vppcQxBTjS8G
B19KNDlYd6a4rtuifTZvg/j25g0UMNEfpxHH4mdGf9D7/d/Sn/v3MRTqM7ZKSLfA
QelKgpr00ok58xS+BhtKBkrIe2064MRl2sfCfmYHU8LXVP83iMvFBqJ05gdCpwL0
3ShKvhpqK/vD8W9PDK9WkhF7SO7hAFbi+VoyZ7CjMlWo
-----END CERTIFICATE-----