Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/xkZ_eC1oAehl9IOw2DqOBa3gsqw.roa
File:                     xkZ_eC1oAehl9IOw2DqOBa3gsqw.roa (raw, json)
Hash identifier:          vX4q5Mh7CpbZWhmCVGc19IL0xJlQAd6pafGQyGd7u8s=
Subject key identifier:   C6:46:7F:78:2D:68:01:E8:65:F4:83:B0:D8:3A:8E:05:AD:E0:B2:AC
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       018F301D770FDB070B61F9420411867873AD
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/xkZ_eC1oAehl9IOw2DqOBa3gsqw.roa
Signing time:             Tue 30 Apr 2024 17:46:28 +0000
ROA not before:           Tue 30 Apr 2024 17:46:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215163
IP address blocks:        94.247.43.0/24 maxlen: 24
                          2a09:e1c2::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:30:1d:77:0f:db:07:0b:61:f9:42:04:11:86:78:73:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Apr 30 17:46:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6467f782d6801e865f483b0d83a8e05ade0b2ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:96:fe:98:40:a1:a4:48:d4:7e:0f:4e:64:d1:
                    18:a5:3e:35:f6:5e:41:1c:37:0b:9c:64:62:cb:cd:
                    5c:54:e9:6b:58:dd:62:cc:ed:2b:f8:fb:b0:d9:89:
                    48:40:2a:1b:dd:be:43:56:21:1c:ef:0e:1d:58:88:
                    47:e1:d9:c8:ff:00:8c:11:db:45:fb:88:38:cd:1c:
                    47:c5:5a:77:6d:06:86:4c:54:3d:d2:df:0a:2f:f0:
                    7f:ec:ef:55:2f:e1:bd:0a:7b:7c:6a:ee:4b:11:c4:
                    27:6f:8b:22:66:fa:20:1c:d8:fd:b1:6c:99:bd:8c:
                    0a:ef:6b:60:2f:b8:79:fc:c5:0c:8a:92:28:50:a6:
                    ff:49:44:ee:0c:dd:f3:d7:fd:e5:1b:5c:e1:17:fd:
                    3d:57:0c:e4:17:86:f0:1c:61:6a:3d:c1:cd:a9:7e:
                    92:c9:2a:3b:ea:a9:45:93:dd:1f:60:b2:f8:38:0b:
                    f5:8e:56:34:b8:eb:a3:7e:fc:1c:09:31:37:29:25:
                    38:a1:91:22:0c:7e:d5:f1:39:ff:be:b7:93:bb:39:
                    1d:ee:68:76:94:5e:ff:c4:7c:91:89:5b:08:61:74:
                    69:d0:15:48:4c:e0:39:28:1f:29:aa:6c:70:99:03:
                    1e:4b:e7:37:dc:de:68:12:25:b3:93:ce:fd:b7:2c:
                    8a:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:46:7F:78:2D:68:01:E8:65:F4:83:B0:D8:3A:8E:05:AD:E0:B2:AC
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/xkZ_eC1oAehl9IOw2DqOBa3gsqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.247.43.0/24
                IPv6:
                  2a09:e1c2::/32

    Signature Algorithm: sha256WithRSAEncryption
         47:35:4f:f4:95:7d:2b:d2:69:be:c1:1d:92:57:64:60:ac:bf:
         03:39:04:7b:66:d9:31:87:f9:fb:f2:fb:56:5a:df:3a:ad:6a:
         87:4f:fe:f5:2a:58:db:b0:c5:4d:41:65:b7:b6:0e:62:c2:f6:
         04:b8:95:f3:d0:2e:9f:91:f3:ff:75:19:cd:63:c8:41:fb:70:
         7c:2c:d4:74:78:25:65:f1:57:1d:bb:89:58:26:bb:85:93:35:
         00:ca:44:58:86:0e:88:6c:17:3c:74:e3:a1:66:ce:d3:a9:84:
         2d:2b:c8:86:02:92:eb:bc:9e:09:45:24:5a:07:d5:3f:34:14:
         97:2d:ca:51:51:1c:ed:bb:03:42:34:d6:0e:b7:92:d5:68:e1:
         bc:7c:e3:1a:42:c0:62:56:66:25:6f:ba:35:e1:2e:0a:9b:f9:
         6f:db:d0:6b:6d:a3:b4:40:92:c8:26:2d:80:eb:54:7d:c8:b0:
         2e:80:d4:2a:8a:40:db:11:61:9e:f4:f7:15:5f:a7:0b:64:d8:
         ff:e9:da:1b:b5:24:d7:c6:4b:3c:48:f9:85:10:de:2f:d4:19:
         bd:07:0c:df:79:28:b8:0b:13:17:0b:90:98:38:09:61:1f:da:
         d9:51:2d:37:ce:2f:ff:d5:ac:dc:b8:89:47:2a:34:f8:45:c5:
         32:42:66:f4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY8wHXcP2wcLYflCBBGGeHOtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjQwNDMwMTc0NjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjQ2N2Y3ODJkNjgwMWU4NjVmNDgzYjBkODNhOGUwNWFkZTBiMmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAupb+mEChpEjUfg9OZNEYpT419l5B
HDcLnGRiy81cVOlrWN1izO0r+Puw2YlIQCob3b5DViEc7w4dWIhH4dnI/wCMEdtF
+4g4zRxHxVp3bQaGTFQ90t8KL/B/7O9VL+G9Cnt8au5LEcQnb4siZvogHNj9sWyZ
vYwK72tgL7h5/MUMipIoUKb/SUTuDN3z1/3lG1zhF/09VwzkF4bwHGFqPcHNqX6S
ySo76qlFk90fYLL4OAv1jlY0uOujfvwcCTE3KSU4oZEiDH7V8Tn/vreTuzkd7mh2
lF7/xHyRiVsIYXRp0BVITOA5KB8pqmxwmQMeS+c33N5oEiWzk879tyyKIQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMZGf3gtaAHoZfSDsNg6jgWt4LKsMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEveGtaX2VDMW9BZWhsOUlPdzJEcU9CYTNnc3F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAXvcrMA0E
AgACMAcDBQAqCeHCMA0GCSqGSIb3DQEBCwUAA4IBAQBHNU/0lX0r0mm+wR2SV2Rg
rL8DOQR7Ztkxh/n78vtWWt86rWqHT/71KljbsMVNQWW3tg5iwvYEuJXz0C6fkfP/
dRnNY8hB+3B8LNR0eCVl8Vcdu4lYJruFkzUAykRYhg6IbBc8dOOhZs7TqYQtK8iG
ApLrvJ4JRSRaB9U/NBSXLcpRURztuwNCNNYOt5LVaOG8fOMaQsBiVmYlb7o14S4K
m/lv29BrbaO0QJLIJi2A61R9yLAugNQqikDbEWGe9PcVX6cLZNj/6dobtSTXxks8
SPmFEN4v1Bm9BwzfeSi4CxMXC5CYOAlhH9rZUS03zi//1azcuIlHKjT4RcUyQmb0
-----END CERTIFICATE-----