Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/9c5768-e80a-4110-a46d-0ff86ef95e0f/1/0VlqgR_yTPcmS4AWkt9Eby6f2B0.roa
File:                     0VlqgR_yTPcmS4AWkt9Eby6f2B0.roa (raw, json)
Hash identifier:          UQGdwjVhXhprv/a4pp9vekS2g6bHN2O5umDUGrwMpFQ=
Subject key identifier:   D1:59:6A:81:1F:F2:4C:F7:26:4B:80:16:92:DF:44:6F:2E:9F:D8:1D
Certificate issuer:       /CN=1cd3c30939b906a4515a1c65c08836829b6a3289
Certificate serial:       018CC348E82DEE355EC729324DC8170BBA4A
Authority key identifier: 1C:D3:C3:09:39:B9:06:A4:51:5A:1C:65:C0:88:36:82:9B:6A:32:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HNPDCTm5BqRRWhxlwIg2gptqMok.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/9c5768-e80a-4110-a46d-0ff86ef95e0f/1/0VlqgR_yTPcmS4AWkt9Eby6f2B0.roa
Signing time:             Mon 01 Jan 2024 04:29:44 +0000
ROA not before:           Mon 01 Jan 2024 04:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49122
IP address blocks:        94.229.112.0/22 maxlen: 22
                          94.229.124.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/9c5768-e80a-4110-a46d-0ff86ef95e0f/1/HNPDCTm5BqRRWhxlwIg2gptqMok.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/9c5768-e80a-4110-a46d-0ff86ef95e0f/1/HNPDCTm5BqRRWhxlwIg2gptqMok.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HNPDCTm5BqRRWhxlwIg2gptqMok.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 16:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e8:2d:ee:35:5e:c7:29:32:4d:c8:17:0b:ba:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1cd3c30939b906a4515a1c65c08836829b6a3289
        Validity
            Not Before: Jan  1 04:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1596a811ff24cf7264b801692df446f2e9fd81d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:77:2e:8d:04:74:9e:a9:d5:31:71:3d:23:aa:
                    e8:10:c4:3a:ad:38:97:42:b2:52:f7:37:7f:61:9a:
                    72:c9:6c:b4:ea:c4:0f:20:15:85:80:16:c2:43:66:
                    93:7f:3f:7e:c6:a6:f4:01:c4:0a:95:dc:76:f2:a4:
                    e0:72:86:2a:4e:a1:88:2f:0e:43:ec:5b:7c:9a:18:
                    2e:46:cf:a8:44:19:eb:74:07:d8:fe:e8:b2:b6:10:
                    07:67:9a:53:17:ea:07:9d:94:85:82:bb:bc:0f:90:
                    28:cd:b3:6b:48:72:67:a4:42:2d:82:5c:2e:74:3b:
                    fb:3c:02:0e:0b:02:10:25:79:fe:40:e4:28:b3:0c:
                    87:fe:c3:6b:c5:a9:20:33:1e:7c:69:3a:56:8e:1a:
                    be:42:88:1c:51:f7:f9:33:41:30:8c:8c:cd:ef:b9:
                    4f:16:32:b8:e7:2b:33:89:83:26:08:56:fc:56:49:
                    24:46:07:dc:d2:f4:8c:c6:4f:ac:ce:12:a1:18:b5:
                    f6:d6:d1:88:20:c2:3c:03:2a:60:8b:ec:b9:40:84:
                    f9:ca:28:96:5f:64:43:99:4a:a8:51:2d:42:15:a2:
                    54:d9:4e:e0:cc:29:2c:36:b2:69:c5:8f:1d:56:88:
                    0f:11:ab:1b:bb:bc:17:5e:eb:01:57:8e:02:77:ad:
                    6a:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:59:6A:81:1F:F2:4C:F7:26:4B:80:16:92:DF:44:6F:2E:9F:D8:1D
            X509v3 Authority Key Identifier:
                keyid:1C:D3:C3:09:39:B9:06:A4:51:5A:1C:65:C0:88:36:82:9B:6A:32:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HNPDCTm5BqRRWhxlwIg2gptqMok.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/9c5768-e80a-4110-a46d-0ff86ef95e0f/1/0VlqgR_yTPcmS4AWkt9Eby6f2B0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/9c5768-e80a-4110-a46d-0ff86ef95e0f/1/HNPDCTm5BqRRWhxlwIg2gptqMok.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.229.112.0/22
                  94.229.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:e2:8e:cf:5b:95:79:71:d3:33:0c:ee:20:48:1f:5a:7c:bb:
         98:c8:df:09:30:df:2b:05:1d:63:92:1b:01:35:03:d9:ef:8d:
         be:76:c7:cd:45:16:48:e6:54:48:67:62:81:76:3f:a5:73:71:
         8e:a7:9d:e6:e5:34:48:21:ee:89:10:83:86:7e:93:c7:94:b1:
         25:51:b4:f4:a0:57:14:d8:3d:e6:10:7e:a7:bb:36:a6:f3:9f:
         4c:89:70:f1:d3:d1:73:1f:70:97:3f:d3:68:a5:fe:e5:9a:73:
         21:a4:3a:8a:9c:4b:69:ef:8a:8f:dd:0f:bb:72:4c:37:cf:44:
         d2:46:fd:6d:c1:3a:ee:a1:4d:b0:5e:65:84:17:76:a6:6e:34:
         5b:8a:8e:ec:a0:8f:42:fd:7b:4d:52:ea:d6:5b:d2:62:2b:d6:
         f2:8c:1a:e5:72:c6:f5:bf:34:0f:54:7a:90:dc:86:1f:8c:27:
         1a:6a:61:5a:96:16:49:d8:89:1d:80:9a:45:e6:ba:b1:71:be:
         27:5a:c5:51:2e:66:ef:81:56:15:65:0d:a9:98:3b:7f:a4:cf:
         fc:04:4a:e4:97:7e:a7:11:0f:7e:be:90:f5:8d:72:09:f1:a9:
         13:96:25:7b:4a:d3:45:2b:61:79:c4:fb:56:fe:a7:1e:d8:c3:
         6a:5d:ea:27
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSOgt7jVexykyTcgXC7pKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjZDNjMzA5MzliOTA2YTQ1MTVhMWM2NWMwODgzNjgyOWI2
YTMyODkwHhcNMjQwMTAxMDQyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTU5NmE4MTFmZjI0Y2Y3MjY0YjgwMTY5MmRmNDQ2ZjJlOWZkODFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnncujQR0nqnVMXE9I6roEMQ6rTiX
QrJS9zd/YZpyyWy06sQPIBWFgBbCQ2aTfz9+xqb0AcQKldx28qTgcoYqTqGILw5D
7Ft8mhguRs+oRBnrdAfY/uiythAHZ5pTF+oHnZSFgru8D5AozbNrSHJnpEItglwu
dDv7PAIOCwIQJXn+QOQoswyH/sNrxakgMx58aTpWjhq+QogcUff5M0EwjIzN77lP
FjK45ysziYMmCFb8VkkkRgfc0vSMxk+szhKhGLX21tGIIMI8Aypgi+y5QIT5yiiW
X2RDmUqoUS1CFaJU2U7gzCksNrJpxY8dVogPEasbu7wXXusBV44Cd61qqwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNFZaoEf8kz3JkuAFpLfRG8un9gdMB8GA1UdIwQY
MBaAFBzTwwk5uQakUVocZcCINoKbajKJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSE5QRENUbTVCcVJSV2h4bHdJZzJncHRxTW9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi85YzU3NjgtZTgwYS00MTEwLWE0NmQt
MGZmODZlZjk1ZTBmLzEvMFZscWdSX3lUUGNtUzRBV2t0OUVieTZmMkIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi85YzU3NjgtZTgwYS00MTEwLWE0NmQtMGZmODZlZjk1ZTBm
LzEvSE5QRENUbTVCcVJSV2h4bHdJZzJncHRxTW9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCXuVwAwQC
XuV8MA0GCSqGSIb3DQEBCwUAA4IBAQAP4o7PW5V5cdMzDO4gSB9afLuYyN8JMN8r
BR1jkhsBNQPZ742+dsfNRRZI5lRIZ2KBdj+lc3GOp53m5TRIIe6JEIOGfpPHlLEl
UbT0oFcU2D3mEH6nuzam859MiXDx09FzH3CXP9Nopf7lmnMhpDqKnEtp74qP3Q+7
ckw3z0TSRv1twTruoU2wXmWEF3ambjRbio7soI9C/XtNUurWW9JiK9byjBrlcsb1
vzQPVHqQ3IYfjCcaamFalhZJ2IkdgJpF5rqxcb4nWsVRLmbvgVYVZQ2pmDt/pM/8
BErkl36nEQ9+vpD1jXIJ8akTliV7StNFK2F5xPtW/qce2MNqXeon
-----END CERTIFICATE-----