Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/B_nHZXRqe-VigrzahxODIvE4-Gw.roa
File:                     B_nHZXRqe-VigrzahxODIvE4-Gw.roa (raw, json)
Hash identifier:          cxhGXgNMWQ3MuSGSOYks8tD2ycCgfzHIhUzHqjfQwYw=
Subject key identifier:   07:F9:C7:65:74:6A:7B:E5:62:82:BC:DA:87:13:83:22:F1:38:F8:6C
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       018CC56EECD78CA4E065D6B623C6B633FDAA
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/B_nHZXRqe-VigrzahxODIvE4-Gw.roa
Signing time:             Mon 01 Jan 2024 14:30:30 +0000
ROA not before:           Mon 01 Jan 2024 14:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59989
IP address blocks:        94.72.152.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:ec:d7:8c:a4:e0:65:d6:b6:23:c6:b6:33:fd:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  1 14:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07f9c765746a7be56282bcda87138322f138f86c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:fb:45:90:a9:99:5d:09:d6:f7:ba:c7:58:27:
                    2c:71:b7:79:40:37:e3:eb:b6:13:e2:8c:74:ef:ae:
                    ea:5a:0c:04:e8:1b:5e:3a:73:79:1b:37:31:51:f6:
                    df:6a:3d:de:06:0a:a4:74:a2:b0:c2:25:66:ee:84:
                    0d:98:c6:e3:5a:14:ab:86:ac:f2:20:b6:2e:e0:08:
                    c6:98:3a:9b:4b:ca:10:e5:84:b2:d7:c7:c5:c7:06:
                    47:b9:2b:3e:9c:af:d2:db:5b:9f:65:61:93:4a:77:
                    c1:4a:e5:35:1b:b7:23:9a:ac:03:0b:4f:78:44:b8:
                    24:6e:39:bb:86:42:0f:82:a5:70:08:44:8e:31:58:
                    f3:8c:d2:8d:63:5d:2f:ff:17:d0:13:a2:46:5c:54:
                    6d:4f:94:b4:05:53:e2:a7:55:e4:83:b8:1c:23:0e:
                    0c:2d:e7:53:e5:6d:d8:37:80:da:a2:38:8a:fc:b2:
                    99:ee:43:e1:c7:ec:7e:aa:05:df:c2:f9:eb:0d:3d:
                    65:99:a8:dd:83:13:e4:33:d1:7e:31:5f:8f:9d:d8:
                    46:7a:6e:24:b3:bc:21:44:2c:c4:22:16:37:d0:dc:
                    df:73:af:8e:b2:e7:32:d4:58:0d:19:92:37:e5:30:
                    dd:74:e4:84:fc:32:36:86:0e:43:e2:66:6e:9a:6b:
                    c4:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:F9:C7:65:74:6A:7B:E5:62:82:BC:DA:87:13:83:22:F1:38:F8:6C
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/B_nHZXRqe-VigrzahxODIvE4-Gw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.72.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7e:e7:df:48:d1:b2:de:b8:42:a2:4c:e7:a5:49:ac:83:eb:59:
         f7:dd:7a:86:c8:b8:b9:b7:11:dd:c1:a8:4c:a3:c9:42:5d:7d:
         8e:58:7a:7a:21:1d:85:a6:07:0b:0f:d0:a3:b4:54:e9:c3:1f:
         d3:ed:22:13:56:cb:91:28:f2:87:1e:4e:33:9f:80:bf:f7:6f:
         20:d1:72:5b:9b:0d:9c:72:ed:c6:bf:b6:c4:b1:5d:9c:a2:67:
         e9:a3:a5:f6:c0:66:20:48:69:96:b6:3c:d7:ca:1d:66:58:c4:
         8b:9b:3a:3f:b8:2c:53:69:64:67:cb:b1:29:e9:b8:03:a5:94:
         bf:4d:54:39:6b:7d:61:1e:6e:98:cd:29:c5:c9:25:07:4d:89:
         d6:7d:b1:dd:3a:53:86:ed:a3:fc:c8:c1:20:a2:da:d5:ae:a2:
         7f:2c:9b:50:1f:d7:0a:a0:dc:5b:25:76:f3:29:e7:85:ec:54:
         d9:a3:af:26:d6:81:e9:b5:c7:e6:95:61:82:e9:95:33:3a:c1:
         bf:e8:4f:42:71:a2:35:b2:2e:df:09:20:cc:77:20:1c:e4:a0:
         91:9b:dd:d1:52:dc:6a:50:33:8a:97:35:a2:ac:d1:54:89:ec:
         90:13:0e:a1:8a:cb:4a:22:68:11:6a:6a:0d:28:cf:c3:d4:67:
         0a:53:b9:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbuzXjKTgZda2I8a2M/2qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjQwMTAxMTQzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2Y5Yzc2NTc0NmE3YmU1NjI4MmJjZGE4NzEzODMyMmYxMzhmODZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgPtFkKmZXQnW97rHWCcscbd5QDfj
67YT4ox0767qWgwE6BteOnN5GzcxUfbfaj3eBgqkdKKwwiVm7oQNmMbjWhSrhqzy
ILYu4AjGmDqbS8oQ5YSy18fFxwZHuSs+nK/S21ufZWGTSnfBSuU1G7cjmqwDC094
RLgkbjm7hkIPgqVwCESOMVjzjNKNY10v/xfQE6JGXFRtT5S0BVPip1Xkg7gcIw4M
LedT5W3YN4DaojiK/LKZ7kPhx+x+qgXfwvnrDT1lmajdgxPkM9F+MV+PndhGem4k
s7whRCzEIhY30Nzfc6+Osucy1FgNGZI35TDddOSE/DI2hg5D4mZummvEKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAf5x2V0anvlYoK82ocTgyLxOPhsMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvQl9uSFpYUnFlLVZpZ3J6YWh4T0RJdkU0LUd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXkiYMA0G
CSqGSIb3DQEBCwUAA4IBAQB+599I0bLeuEKiTOelSayD61n33XqGyLi5txHdwahM
o8lCXX2OWHp6IR2FpgcLD9CjtFTpwx/T7SITVsuRKPKHHk4zn4C/928g0XJbmw2c
cu3Gv7bEsV2comfpo6X2wGYgSGmWtjzXyh1mWMSLmzo/uCxTaWRny7Ep6bgDpZS/
TVQ5a31hHm6YzSnFySUHTYnWfbHdOlOG7aP8yMEgotrVrqJ/LJtQH9cKoNxbJXbz
KeeF7FTZo68m1oHptcfmlWGC6ZUzOsG/6E9CcaI1si7fCSDMdyAc5KCRm93RUtxq
UDOKlzWirNFUieyQEw6histKImgRamoNKM/D1GcKU7kR
-----END CERTIFICATE-----