Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/2e6613-4332-4c19-addf-dedaf79356ce/1/dBEpJ4QHjlHr17k3iTjpD3BV3TI.roa
File:                     dBEpJ4QHjlHr17k3iTjpD3BV3TI.roa (raw, json)
Hash identifier:          rW1/Q1c0LRz+cF5BWw1LCJwN0zuB7HCmlBvrbtxOmVE=
Subject key identifier:   74:11:29:27:84:07:8E:51:EB:D7:B9:37:89:38:E9:0F:70:55:DD:32
Certificate issuer:       /CN=b78380b41e37b5757d3d4e2eecdf06d930a70b9d
Certificate serial:       018CC3B725257DBCE145A1AD01B32FA6B7EB
Authority key identifier: B7:83:80:B4:1E:37:B5:75:7D:3D:4E:2E:EC:DF:06:D9:30:A7:0B:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t4OAtB43tXV9PU4u7N8G2TCnC50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/2e6613-4332-4c19-addf-dedaf79356ce/1/dBEpJ4QHjlHr17k3iTjpD3BV3TI.roa
Signing time:             Mon 01 Jan 2024 06:30:08 +0000
ROA not before:           Mon 01 Jan 2024 06:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61213
IP address blocks:        94.140.17.0/24 maxlen: 24
                          185.206.4.0/22 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/2e6613-4332-4c19-addf-dedaf79356ce/1/t4OAtB43tXV9PU4u7N8G2TCnC50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/2e6613-4332-4c19-addf-dedaf79356ce/1/t4OAtB43tXV9PU4u7N8G2TCnC50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t4OAtB43tXV9PU4u7N8G2TCnC50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 06:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:25:25:7d:bc:e1:45:a1:ad:01:b3:2f:a6:b7:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b78380b41e37b5757d3d4e2eecdf06d930a70b9d
        Validity
            Not Before: Jan  1 06:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7411292784078e51ebd7b9378938e90f7055dd32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:b7:65:b4:d0:6b:a1:de:9d:65:f4:ec:12:52:
                    76:66:ff:a3:31:aa:a0:f2:e8:6d:f3:46:dd:bb:94:
                    86:e6:cb:82:50:58:b5:db:c8:10:f8:ce:cd:fb:4a:
                    ca:8c:87:33:01:85:80:e4:63:e9:9d:54:fc:5e:3d:
                    54:93:49:33:44:37:2b:8f:68:71:c0:2b:04:50:70:
                    a6:03:b4:0b:ff:41:bf:06:77:fb:21:a9:4b:e3:b3:
                    fe:eb:a0:50:65:f6:bb:11:6d:63:52:35:50:a8:1d:
                    9b:15:17:9d:b1:1f:8f:20:57:5a:93:96:6a:08:b6:
                    71:36:08:dd:a9:df:64:2a:04:49:42:91:c4:a9:4e:
                    ae:f4:4f:73:5a:2b:be:9f:82:0a:a9:53:9c:38:ef:
                    d9:10:bc:b1:d0:c7:5c:ae:8e:fa:f6:e1:85:94:1c:
                    23:65:a2:57:f7:d9:89:42:d2:0b:0b:dd:a0:d2:1b:
                    7c:fa:1f:83:fd:8e:41:27:bb:25:4a:e6:6e:37:8d:
                    2d:20:32:bc:de:f9:f6:81:2e:de:6b:21:c7:18:76:
                    6d:d2:98:db:49:fb:90:cd:00:da:d5:45:05:a0:4c:
                    ef:13:8b:df:54:52:ed:41:1c:43:10:ee:62:b2:ed:
                    93:6f:fe:52:89:17:16:89:73:59:03:af:7f:bc:a0:
                    be:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:11:29:27:84:07:8E:51:EB:D7:B9:37:89:38:E9:0F:70:55:DD:32
            X509v3 Authority Key Identifier:
                keyid:B7:83:80:B4:1E:37:B5:75:7D:3D:4E:2E:EC:DF:06:D9:30:A7:0B:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t4OAtB43tXV9PU4u7N8G2TCnC50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/2e6613-4332-4c19-addf-dedaf79356ce/1/dBEpJ4QHjlHr17k3iTjpD3BV3TI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/2e6613-4332-4c19-addf-dedaf79356ce/1/t4OAtB43tXV9PU4u7N8G2TCnC50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.140.17.0/24
                  185.206.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         61:7c:9c:a5:d0:63:f7:11:09:c4:01:44:7d:bb:e5:a9:f0:8e:
         93:fc:a8:06:d4:31:75:3e:58:32:4d:78:72:61:ea:29:f6:21:
         e3:0e:1a:f6:80:01:d1:b6:a3:b0:60:e0:81:a8:31:a1:a2:09:
         77:94:55:71:e8:7d:6e:6d:94:83:3e:3a:6f:3f:12:a7:4c:16:
         64:f2:d4:70:7f:70:20:bd:18:d6:eb:63:c6:7f:65:a4:0a:de:
         53:4f:94:c4:fd:a8:de:7c:76:d8:05:f0:76:7e:ca:be:d2:2e:
         ef:6c:7f:3a:7b:7b:c0:55:af:81:5b:92:38:1b:63:6f:d2:79:
         6c:bb:78:f3:c4:1c:a2:64:c3:8c:7d:e7:02:c4:a6:3b:9e:63:
         4a:14:9f:ea:0a:05:15:9d:80:e6:5b:08:2a:40:c7:d7:a0:26:
         30:0c:cf:80:9f:c9:73:e0:58:e7:1b:df:6b:c0:2d:91:6c:ac:
         be:1d:38:1a:dc:7d:b1:c5:73:b5:1c:16:60:bb:76:a4:4a:b2:
         b2:42:d7:91:fe:17:86:5b:ef:cd:c0:92:8d:8e:4a:1f:b7:8b:
         5b:8b:f0:ce:91:6f:d2:7f:6c:7e:c9:85:de:61:da:95:d7:38:
         a4:eb:29:2b:e4:48:4f:56:c2:58:47:d2:5f:c1:81:87:94:f5:
         ba:0d:40:d4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtyUlfbzhRaGtAbMvprfrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3ODM4MGI0MWUzN2I1NzU3ZDNkNGUyZWVjZGYwNmQ5MzBh
NzBiOWQwHhcNMjQwMTAxMDYzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDExMjkyNzg0MDc4ZTUxZWJkN2I5Mzc4OTM4ZTkwZjcwNTVkZDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA17dltNBrod6dZfTsElJ2Zv+jMaqg
8uht80bdu5SG5suCUFi128gQ+M7N+0rKjIczAYWA5GPpnVT8Xj1Uk0kzRDcrj2hx
wCsEUHCmA7QL/0G/Bnf7IalL47P+66BQZfa7EW1jUjVQqB2bFRedsR+PIFdak5Zq
CLZxNgjdqd9kKgRJQpHEqU6u9E9zWiu+n4IKqVOcOO/ZELyx0Mdcro769uGFlBwj
ZaJX99mJQtILC92g0ht8+h+D/Y5BJ7slSuZuN40tIDK83vn2gS7eayHHGHZt0pjb
SfuQzQDa1UUFoEzvE4vfVFLtQRxDEO5isu2Tb/5SiRcWiXNZA69/vKC+IwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHQRKSeEB45R69e5N4k46Q9wVd0yMB8GA1UdIwQY
MBaAFLeDgLQeN7V1fT1OLuzfBtkwpwudMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDRPQXRCNDN0WFY5UFU0dTdOOEcyVENuQzUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC8yZTY2MTMtNDMzMi00YzE5LWFkZGYt
ZGVkYWY3OTM1NmNlLzEvZEJFcEo0UUhqbEhyMTdrM2lUanBEM0JWM1RJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC8yZTY2MTMtNDMzMi00YzE5LWFkZGYtZGVkYWY3OTM1NmNl
LzEvdDRPQXRCNDN0WFY5UFU0dTdOOEcyVENuQzUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXowRAwQC
uc4EMA0GCSqGSIb3DQEBCwUAA4IBAQBhfJyl0GP3EQnEAUR9u+Wp8I6T/KgG1DF1
PlgyTXhyYeop9iHjDhr2gAHRtqOwYOCBqDGhogl3lFVx6H1ubZSDPjpvPxKnTBZk
8tRwf3AgvRjW62PGf2WkCt5TT5TE/ajefHbYBfB2fsq+0i7vbH86e3vAVa+BW5I4
G2Nv0nlsu3jzxByiZMOMfecCxKY7nmNKFJ/qCgUVnYDmWwgqQMfXoCYwDM+An8lz
4FjnG99rwC2RbKy+HTga3H2xxXO1HBZgu3akSrKyQteR/heGW+/NwJKNjkoft4tb
i/DOkW/Sf2x+yYXeYdqV1zik6ykr5EhPVsJYR9JfwYGHlPW6DUDU
-----END CERTIFICATE-----