Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/714b48-6468-4d45-9fff-69367f9a5fc9/1/zqZ7YeHqk0hiMOBiaFjWyV4aSgw.roa
File:                     zqZ7YeHqk0hiMOBiaFjWyV4aSgw.roa (raw, json)
Hash identifier:          nueI04if8crC0LwyghMW1a+2gA4Ngf7rPXeWCLYQ4io=
Subject key identifier:   CE:A6:7B:61:E1:EA:93:48:62:30:E0:62:68:58:D6:C9:5E:1A:4A:0C
Certificate issuer:       /CN=db7fd26ca5f791470b0b729b72f61f800058a322
Certificate serial:       018CC7955FEDC3B905EB4E31D91426E7A285
Authority key identifier: DB:7F:D2:6C:A5:F7:91:47:0B:0B:72:9B:72:F6:1F:80:00:58:A3:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/23_SbKX3kUcLC3KbcvYfgABYoyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/714b48-6468-4d45-9fff-69367f9a5fc9/1/zqZ7YeHqk0hiMOBiaFjWyV4aSgw.roa
Signing time:             Tue 02 Jan 2024 00:31:44 +0000
ROA not before:           Tue 02 Jan 2024 00:31:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204810
IP address blocks:        94.142.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/714b48-6468-4d45-9fff-69367f9a5fc9/1/23_SbKX3kUcLC3KbcvYfgABYoyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/714b48-6468-4d45-9fff-69367f9a5fc9/1/23_SbKX3kUcLC3KbcvYfgABYoyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/23_SbKX3kUcLC3KbcvYfgABYoyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:5f:ed:c3:b9:05:eb:4e:31:d9:14:26:e7:a2:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db7fd26ca5f791470b0b729b72f61f800058a322
        Validity
            Not Before: Jan  2 00:31:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cea67b61e1ea93486230e0626858d6c95e1a4a0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:30:f4:37:b2:1e:7f:c4:8e:a3:34:e9:ec:cd:
                    f6:7f:28:d4:27:d5:f6:d4:e7:19:41:8e:32:d6:a7:
                    be:9e:40:da:c8:4c:a4:63:15:21:2a:27:e4:11:a1:
                    c2:45:49:f3:27:cf:5e:c5:e7:25:51:ad:1f:53:52:
                    84:56:32:0c:ec:71:98:cf:96:10:fa:45:ed:30:15:
                    69:9d:cd:cb:01:f5:bd:43:d4:08:0f:3e:f9:a5:8d:
                    2f:60:13:b0:e1:de:39:ba:58:14:a0:09:f3:e6:86:
                    0b:5b:08:92:06:e7:e0:24:53:9e:18:4d:50:2f:37:
                    09:1e:fc:db:49:e7:c3:26:2d:40:3c:2d:4d:59:8c:
                    94:c7:1c:5f:4d:40:0c:df:db:c8:81:ca:5e:b5:cc:
                    91:f6:4f:8a:a7:10:1c:64:28:9b:96:35:c0:41:7b:
                    52:55:01:f6:1f:0f:f0:db:6e:bd:f1:9c:0f:20:26:
                    1b:ed:a7:cc:26:a2:49:5d:fb:71:26:87:3d:05:e8:
                    84:4a:e7:32:10:1d:27:c6:d3:a8:b5:00:f1:b5:38:
                    ba:0d:b2:9e:a4:28:40:7c:8a:d6:d6:1e:4a:ec:f6:
                    fb:b4:88:01:4b:b2:c6:cf:b6:8a:dc:c7:fe:1b:cf:
                    9a:af:35:8d:62:5b:24:bc:20:bb:86:e1:0d:33:e6:
                    2c:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:A6:7B:61:E1:EA:93:48:62:30:E0:62:68:58:D6:C9:5E:1A:4A:0C
            X509v3 Authority Key Identifier:
                keyid:DB:7F:D2:6C:A5:F7:91:47:0B:0B:72:9B:72:F6:1F:80:00:58:A3:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/23_SbKX3kUcLC3KbcvYfgABYoyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/714b48-6468-4d45-9fff-69367f9a5fc9/1/zqZ7YeHqk0hiMOBiaFjWyV4aSgw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/714b48-6468-4d45-9fff-69367f9a5fc9/1/23_SbKX3kUcLC3KbcvYfgABYoyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.142.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:f1:c3:c4:79:e8:69:08:4e:a0:f5:4c:fb:48:68:ad:76:c5:
         23:bd:08:44:97:90:6f:88:9b:83:30:ae:64:bb:e8:19:07:7d:
         dd:2b:e0:73:36:f5:d1:06:52:35:c2:c6:d4:df:bc:4d:c0:52:
         3e:5a:bc:ef:1f:9a:43:bf:67:1e:e0:ef:2d:f3:d9:b6:b6:1e:
         70:bd:dc:56:95:64:a4:b6:35:0f:f4:d5:0a:d2:90:c8:4d:47:
         65:43:eb:a7:4c:a6:5a:c7:b2:05:af:39:78:29:07:bc:27:ec:
         94:1c:38:51:7a:6b:e8:ef:66:10:77:90:7f:80:4c:a8:03:0e:
         17:a5:e3:5c:38:d5:b8:8b:51:3c:5d:42:bf:30:c3:0e:ef:2c:
         88:b4:da:eb:07:28:8d:4a:e0:ad:f2:ca:06:11:28:cc:91:35:
         03:09:1b:a5:43:a9:d3:16:3a:05:6f:0c:f8:15:64:66:35:00:
         f0:a3:01:c3:86:ea:00:47:90:3c:63:2d:43:f7:e5:f0:32:a9:
         a2:5c:c8:68:dd:2a:13:61:00:fb:e2:47:81:56:37:7d:24:59:
         62:4f:b6:33:24:e5:77:ca:65:6c:1a:b8:b0:ee:81:a5:a9:ef:
         61:59:05:2d:4b:f7:d9:bb:28:dd:73:d9:2d:b0:3b:ad:e9:81:
         d3:17:6c:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlV/tw7kF604x2RQm56KFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiN2ZkMjZjYTVmNzkxNDcwYjBiNzI5YjcyZjYxZjgwMDA1
OGEzMjIwHhcNMjQwMTAyMDAzMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWE2N2I2MWUxZWE5MzQ4NjIzMGUwNjI2ODU4ZDZjOTVlMWE0YTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgzD0N7Ief8SOozTp7M32fyjUJ9X2
1OcZQY4y1qe+nkDayEykYxUhKifkEaHCRUnzJ89execlUa0fU1KEVjIM7HGYz5YQ
+kXtMBVpnc3LAfW9Q9QIDz75pY0vYBOw4d45ulgUoAnz5oYLWwiSBufgJFOeGE1Q
LzcJHvzbSefDJi1APC1NWYyUxxxfTUAM39vIgcpetcyR9k+KpxAcZCibljXAQXtS
VQH2Hw/w22698ZwPICYb7afMJqJJXftxJoc9BeiESucyEB0nxtOotQDxtTi6DbKe
pChAfIrW1h5K7Pb7tIgBS7LGz7aK3Mf+G8+arzWNYlskvCC7huENM+YsPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM6me2Hh6pNIYjDgYmhY1sleGkoMMB8GA1UdIwQY
MBaAFNt/0myl95FHCwtym3L2H4AAWKMiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjNfU2JLWDNrVWNMQzNLYmN2WWZnQUJZb3lJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi83MTRiNDgtNjQ2OC00ZDQ1LTlmZmYt
NjkzNjdmOWE1ZmM5LzEvenFaN1llSHFrMGhpTU9CaWFGald5VjRhU2d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi83MTRiNDgtNjQ2OC00ZDQ1LTlmZmYtNjkzNjdmOWE1ZmM5
LzEvMjNfU2JLWDNrVWNMQzNLYmN2WWZnQUJZb3lJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXo6BMA0G
CSqGSIb3DQEBCwUAA4IBAQCT8cPEeehpCE6g9Uz7SGitdsUjvQhEl5BviJuDMK5k
u+gZB33dK+BzNvXRBlI1wsbU37xNwFI+WrzvH5pDv2ce4O8t89m2th5wvdxWlWSk
tjUP9NUK0pDITUdlQ+unTKZax7IFrzl4KQe8J+yUHDhRemvo72YQd5B/gEyoAw4X
peNcONW4i1E8XUK/MMMO7yyItNrrByiNSuCt8soGESjMkTUDCRulQ6nTFjoFbwz4
FWRmNQDwowHDhuoAR5A8Yy1D9+XwMqmiXMho3SoTYQD74keBVjd9JFliT7YzJOV3
ymVsGriw7oGlqe9hWQUtS/fZuyjdc9ktsDut6YHTF2xe
-----END CERTIFICATE-----