Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/zSBhYW8SpTKpjLQaQ0OsrgtP_yQ.roa
File:                     zSBhYW8SpTKpjLQaQ0OsrgtP_yQ.roa (raw, json)
Hash identifier:          n+sc34jE2uK/L7TPDngOUnew5WcMRzIKqMwoOpDuHy4=
Subject key identifier:   CD:20:61:61:6F:12:A5:32:A9:8C:B4:1A:43:43:AC:AE:0B:4F:FF:24
Certificate issuer:       /CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
Certificate serial:       01932626640BD888A26F81469C07C9E9D3CE
Authority key identifier: DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/zSBhYW8SpTKpjLQaQ0OsrgtP_yQ.roa
Signing time:             Wed 13 Nov 2024 15:31:10 +0000
ROA not before:           Wed 13 Nov 2024 15:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211358
IP address blocks:        94.142.130.0/24 maxlen: 24
                          94.142.130.0/25 maxlen: 25
                          94.142.130.128/25 maxlen: 25

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:26:26:64:0b:d8:88:a2:6f:81:46:9c:07:c9:e9:d3:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
        Validity
            Not Before: Nov 13 15:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd2061616f12a532a98cb41a4343acae0b4fff24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:a5:2e:02:24:d6:97:83:31:a3:ce:31:b7:fe:
                    0a:58:01:96:92:f5:bf:91:52:68:6b:ba:9a:ba:a1:
                    0a:47:51:08:f4:e6:96:97:65:3b:5c:20:f4:96:ca:
                    9a:b4:0d:3e:42:b9:c6:e5:a4:ce:34:5a:74:d1:d3:
                    c7:a1:d8:2d:3a:e3:cd:ec:b2:5a:47:dc:45:8f:1f:
                    1a:83:2d:00:d5:36:47:14:ed:44:38:d6:aa:c2:2f:
                    79:3c:cb:3f:d1:52:66:cc:f7:cc:2a:81:57:31:a3:
                    92:07:a1:4e:41:c0:60:e9:39:92:1d:55:d4:70:6d:
                    d7:84:27:c3:57:8f:79:b8:8d:72:08:09:86:73:ca:
                    55:93:f5:3a:ef:60:a9:b0:06:a3:38:1b:ca:54:0f:
                    50:ec:b7:97:1f:59:83:60:17:3f:74:71:30:1b:db:
                    76:3f:ba:f1:ba:c4:00:3c:3f:6e:e8:ac:08:46:18:
                    b3:54:db:83:ee:d0:b8:61:67:e7:aa:c5:36:8e:fe:
                    63:d3:c8:e7:07:20:b1:02:7d:be:a6:b9:88:7e:26:
                    6e:67:9f:29:da:70:28:8a:c3:6e:e9:6d:25:9a:b2:
                    47:71:03:6c:55:a7:49:f2:e4:0a:6b:f4:57:a3:ee:
                    ee:06:e5:a7:b4:13:9a:6e:84:3c:09:42:bf:82:18:
                    1c:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:20:61:61:6F:12:A5:32:A9:8C:B4:1A:43:43:AC:AE:0B:4F:FF:24
            X509v3 Authority Key Identifier:
                keyid:DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/zSBhYW8SpTKpjLQaQ0OsrgtP_yQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.142.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:27:b1:a2:36:78:62:17:54:7c:a0:dc:2e:c9:ab:ae:ed:85:
         d4:8f:7d:67:aa:50:a6:f7:c3:38:6f:03:e4:78:cd:0d:b9:cf:
         68:0a:34:a1:a3:7d:26:85:bb:62:8f:7a:db:5a:f5:16:ad:11:
         42:34:aa:5c:51:ce:6a:bc:c8:e6:51:ed:3f:1e:22:10:db:06:
         01:4c:2b:de:bf:8d:73:dd:c2:b2:95:14:e7:95:a4:28:d2:9e:
         14:12:4f:bb:fe:17:e1:9c:0f:78:94:9b:76:ed:36:c4:b6:bf:
         c8:f6:f3:dd:5b:81:39:3c:bd:43:9b:99:d6:f3:ff:08:ac:a2:
         b1:d2:af:15:a3:84:38:7b:e7:6c:ba:00:ad:e4:ea:77:8f:c5:
         29:5d:50:e2:80:75:4b:69:15:0b:d2:1c:78:73:c9:e8:3f:c9:
         97:c9:0c:e9:cf:87:20:4a:bf:a5:05:a9:97:98:38:b9:a6:73:
         c3:94:5f:19:13:87:27:a2:20:44:36:1a:0d:6b:ba:02:43:a4:
         16:41:01:ae:64:61:91:50:26:35:b5:1b:d1:40:d9:30:d0:49:
         8f:8c:0e:aa:33:bb:ba:41:c5:bc:51:6a:53:c7:8f:71:ff:4c:
         41:ee:00:4a:34:88:f8:c7:31:97:e7:1f:ef:6e:8e:eb:b3:1f:
         03:36:54:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMmJmQL2Iiib4FGnAfJ6dPOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYjM5NmRmYTk1MWVjNDE1N2YyMTFlNWVkNzQwZWQ5N2Ux
YjBmM2YwHhcNMjQxMTEzMTUzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDIwNjE2MTZmMTJhNTMyYTk4Y2I0MWE0MzQzYWNhZTBiNGZmZjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwaUuAiTWl4Mxo84xt/4KWAGWkvW/
kVJoa7qauqEKR1EI9OaWl2U7XCD0lsqatA0+QrnG5aTONFp00dPHodgtOuPN7LJa
R9xFjx8agy0A1TZHFO1EONaqwi95PMs/0VJmzPfMKoFXMaOSB6FOQcBg6TmSHVXU
cG3XhCfDV495uI1yCAmGc8pVk/U672CpsAajOBvKVA9Q7LeXH1mDYBc/dHEwG9t2
P7rxusQAPD9u6KwIRhizVNuD7tC4YWfnqsU2jv5j08jnByCxAn2+prmIfiZuZ58p
2nAoisNu6W0lmrJHcQNsVadJ8uQKa/RXo+7uBuWntBOaboQ8CUK/ghgc1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM0gYWFvEqUyqYy0GkNDrK4LT/8kMB8GA1UdIwQY
MBaAFNuzlt+pUexBV/IR5e10Dtl+Gw8/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMt
ZGY1NzJmZTk2NzJhLzEvelNCaFlXOFNwVEtwakxRYVEwT3NyZ3RQX3lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMtZGY1NzJmZTk2NzJh
LzEvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXo6CMA0G
CSqGSIb3DQEBCwUAA4IBAQBOJ7GiNnhiF1R8oNwuyauu7YXUj31nqlCm98M4bwPk
eM0Nuc9oCjSho30mhbtij3rbWvUWrRFCNKpcUc5qvMjmUe0/HiIQ2wYBTCvev41z
3cKylRTnlaQo0p4UEk+7/hfhnA94lJt27TbEtr/I9vPdW4E5PL1Dm5nW8/8IrKKx
0q8Vo4Q4e+dsugCt5Op3j8UpXVDigHVLaRUL0hx4c8noP8mXyQzpz4cgSr+lBamX
mDi5pnPDlF8ZE4cnoiBENhoNa7oCQ6QWQQGuZGGRUCY1tRvRQNkw0EmPjA6qM7u6
QcW8UWpTx49x/0xB7gBKNIj4xzGX5x/vbo7rsx8DNlTP
-----END CERTIFICATE-----