Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/DOaaTvWF3xNS2ufoH2BJE-BENbQ.roa
File:                     DOaaTvWF3xNS2ufoH2BJE-BENbQ.roa (raw, json)
Hash identifier:          ImaKZ98Ua+7M6hEbB+mhSXxlwhD9wsousGN1517ZyWA=
Subject key identifier:   0C:E6:9A:4E:F5:85:DF:13:52:DA:E7:E8:1F:60:49:13:E0:44:35:B4
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       018CC56EEBAD8D3BF56734F0C2C92E154C78
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/DOaaTvWF3xNS2ufoH2BJE-BENbQ.roa
Signing time:             Mon 01 Jan 2024 14:30:29 +0000
ROA not before:           Mon 01 Jan 2024 14:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39135
IP address blocks:        94.72.156.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:eb:ad:8d:3b:f5:67:34:f0:c2:c9:2e:15:4c:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  1 14:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ce69a4ef585df1352dae7e81f604913e04435b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:9c:d2:8d:6a:bb:1c:bd:33:75:da:18:13:12:
                    b8:9e:5d:ec:e4:bb:ff:21:b5:ec:90:cc:26:c4:98:
                    85:c3:ab:d0:c4:2f:8f:ca:4b:79:ba:1e:c5:60:da:
                    40:47:31:48:43:f5:ee:dc:ff:7e:09:53:37:2d:f4:
                    bd:c4:9c:76:07:b6:6c:c2:68:06:16:aa:d7:cd:93:
                    5d:c3:a6:0c:16:6b:88:06:b8:64:59:a0:3b:56:d9:
                    10:5c:c8:ab:86:bd:b8:68:b6:a0:60:83:68:f9:3d:
                    41:b0:d2:3a:5c:39:7a:ec:f0:df:56:85:02:44:bd:
                    53:d9:ad:dc:76:7f:b9:27:63:73:5c:74:8e:45:bf:
                    9c:5b:62:e5:c7:4a:d7:6a:8d:cd:1a:a8:38:06:ed:
                    71:ca:47:e4:d1:ce:2f:b4:86:bb:dd:e3:4b:8c:2a:
                    fc:18:34:24:5b:20:77:d3:22:ff:cd:9b:9b:cb:d7:
                    c0:c9:93:a0:c5:7f:1c:3a:27:eb:5c:dd:6c:b4:ee:
                    2d:8e:d7:7c:42:cb:65:76:b4:da:83:ef:b1:9e:3c:
                    a7:c9:04:6f:62:9f:5a:4a:04:4f:9f:12:00:64:c5:
                    de:61:a4:35:15:4f:ee:dc:69:eb:0d:08:7e:40:f8:
                    e9:75:e5:a1:2d:90:fa:34:51:97:f2:fa:b3:44:65:
                    3d:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:E6:9A:4E:F5:85:DF:13:52:DA:E7:E8:1F:60:49:13:E0:44:35:B4
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/DOaaTvWF3xNS2ufoH2BJE-BENbQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.72.156.0/23

    Signature Algorithm: sha256WithRSAEncryption
         af:9d:38:33:88:e7:fa:aa:d3:92:7f:b6:b4:1b:a9:fc:b9:1a:
         36:39:84:b4:64:25:e3:8f:c5:4a:92:50:bd:e6:58:18:13:d6:
         e2:e1:be:e9:2f:7f:1b:1f:c4:9d:3e:26:8f:5d:68:cc:7d:22:
         72:c6:e0:f5:ae:38:a4:3a:c3:76:0d:00:6d:56:72:99:22:d1:
         ce:21:b0:77:d2:be:39:59:68:b6:f5:79:01:7a:2d:c6:05:69:
         0a:ed:14:ec:24:19:78:f1:39:20:20:7d:8a:a5:82:a1:a2:af:
         96:83:82:54:d2:c4:13:c7:01:e0:1b:87:b9:81:70:31:f2:a9:
         b0:1e:04:84:f5:d6:a8:b2:c1:ea:dc:22:29:da:d5:ed:d4:e4:
         06:1e:94:10:20:bf:13:b5:56:97:11:f9:83:a5:db:89:48:13:
         6f:56:d5:22:f4:89:e8:f0:3f:82:4c:21:6b:8f:72:11:4d:b0:
         9e:a3:fa:d0:1f:95:73:3c:16:59:82:71:e0:4b:8d:f7:83:60:
         ec:f2:7d:53:cc:84:16:68:d7:c5:f3:c2:66:09:da:92:9c:b6:
         3b:90:fc:6f:84:d6:db:c2:5a:48:5f:e0:ff:7c:bb:8a:68:9e:
         96:3b:77:37:2b:d1:94:1a:50:80:b0:a2:fe:64:f3:b9:74:f2:
         24:11:dc:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbuutjTv1ZzTwwskuFUx4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjQwMTAxMTQzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2U2OWE0ZWY1ODVkZjEzNTJkYWU3ZTgxZjYwNDkxM2UwNDQzNWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlZzSjWq7HL0zddoYExK4nl3s5Lv/
IbXskMwmxJiFw6vQxC+Pykt5uh7FYNpARzFIQ/Xu3P9+CVM3LfS9xJx2B7ZswmgG
FqrXzZNdw6YMFmuIBrhkWaA7VtkQXMirhr24aLagYINo+T1BsNI6XDl67PDfVoUC
RL1T2a3cdn+5J2NzXHSORb+cW2Llx0rXao3NGqg4Bu1xykfk0c4vtIa73eNLjCr8
GDQkWyB30yL/zZuby9fAyZOgxX8cOifrXN1stO4tjtd8QstldrTag++xnjynyQRv
Yp9aSgRPnxIAZMXeYaQ1FU/u3GnrDQh+QPjpdeWhLZD6NFGX8vqzRGU9GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAzmmk71hd8TUtrn6B9gSRPgRDW0MB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvRE9hYVR2V0YzeE5TMnVmb0gyQkpFLUJFTmJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXkicMA0G
CSqGSIb3DQEBCwUAA4IBAQCvnTgziOf6qtOSf7a0G6n8uRo2OYS0ZCXjj8VKklC9
5lgYE9bi4b7pL38bH8SdPiaPXWjMfSJyxuD1rjikOsN2DQBtVnKZItHOIbB30r45
WWi29XkBei3GBWkK7RTsJBl48TkgIH2KpYKhoq+Wg4JU0sQTxwHgG4e5gXAx8qmw
HgSE9daossHq3CIp2tXt1OQGHpQQIL8TtVaXEfmDpduJSBNvVtUi9Ino8D+CTCFr
j3IRTbCeo/rQH5VzPBZZgnHgS433g2Ds8n1TzIQWaNfF88JmCdqSnLY7kPxvhNbb
wlpIX+D/fLuKaJ6WO3c3K9GUGlCAsKL+ZPO5dPIkEdxQ
-----END CERTIFICATE-----