Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/b42949-ee0a-4123-87bf-30189a5a4eba/1/VPtPysHSOmlX7ebQX3Mc9NW0mqQ.roa
File:                     VPtPysHSOmlX7ebQX3Mc9NW0mqQ.roa (raw, json)
Hash identifier:          CPbtTtuQm1D31R9pe+64uycEABH3ONKwSpF8v6ChlPw=
Subject key identifier:   54:FB:4F:CA:C1:D2:3A:69:57:ED:E6:D0:5F:73:1C:F4:D5:B4:9A:A4
Certificate issuer:       /CN=a85310f503137ae8b35d4f329f46f069dd703815
Certificate serial:       018CC3B6DEA247824C729080F37325C8B5AA
Authority key identifier: A8:53:10:F5:03:13:7A:E8:B3:5D:4F:32:9F:46:F0:69:DD:70:38:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qFMQ9QMTeuizXU8yn0bwad1wOBU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/b42949-ee0a-4123-87bf-30189a5a4eba/1/VPtPysHSOmlX7ebQX3Mc9NW0mqQ.roa
Signing time:             Mon 01 Jan 2024 06:29:50 +0000
ROA not before:           Mon 01 Jan 2024 06:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31034
IP address blocks:        185.94.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/b42949-ee0a-4123-87bf-30189a5a4eba/1/qFMQ9QMTeuizXU8yn0bwad1wOBU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/b42949-ee0a-4123-87bf-30189a5a4eba/1/qFMQ9QMTeuizXU8yn0bwad1wOBU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qFMQ9QMTeuizXU8yn0bwad1wOBU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:de:a2:47:82:4c:72:90:80:f3:73:25:c8:b5:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a85310f503137ae8b35d4f329f46f069dd703815
        Validity
            Not Before: Jan  1 06:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=54fb4fcac1d23a6957ede6d05f731cf4d5b49aa4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:36:e8:41:57:77:75:2f:0b:27:de:62:61:80:
                    05:3e:09:a2:69:e9:d0:df:0e:4b:42:b7:f1:68:2b:
                    73:9b:83:29:75:9f:68:d5:83:21:93:be:4a:91:08:
                    d4:23:ad:8e:b7:fb:e1:3c:92:44:d0:8a:00:6a:41:
                    36:40:f8:79:f0:7f:7a:17:87:ec:d7:be:d5:62:92:
                    9a:f9:3c:43:05:eb:f4:ed:e4:77:29:18:67:1d:89:
                    1b:0b:b6:47:9d:aa:9e:fb:3a:60:54:87:d3:f7:25:
                    d9:bf:9d:86:40:4a:1a:0d:ef:96:91:d1:51:cb:c9:
                    de:01:dd:f0:6d:8d:88:7f:0e:cb:82:b3:b2:cd:b0:
                    2c:f7:59:87:db:70:69:14:e9:5b:29:01:b7:07:d0:
                    35:4e:db:64:25:87:29:98:37:9e:c1:b9:ed:5d:9d:
                    d1:36:fa:5d:3e:43:d6:27:ca:9a:1f:31:e5:f5:c7:
                    31:05:29:7b:87:9d:fa:f0:e8:e9:ed:ce:a5:a3:29:
                    18:27:55:5a:96:a2:f8:ac:91:d5:b1:a5:20:0c:48:
                    0b:9e:82:57:fc:de:54:45:8f:64:b2:2b:4c:fb:c0:
                    35:69:40:89:c8:09:06:a9:24:01:bf:a3:58:2b:b4:
                    52:e9:91:7a:94:f7:41:1a:21:88:80:32:a8:5b:1d:
                    c9:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:FB:4F:CA:C1:D2:3A:69:57:ED:E6:D0:5F:73:1C:F4:D5:B4:9A:A4
            X509v3 Authority Key Identifier:
                keyid:A8:53:10:F5:03:13:7A:E8:B3:5D:4F:32:9F:46:F0:69:DD:70:38:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qFMQ9QMTeuizXU8yn0bwad1wOBU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/b42949-ee0a-4123-87bf-30189a5a4eba/1/VPtPysHSOmlX7ebQX3Mc9NW0mqQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/b42949-ee0a-4123-87bf-30189a5a4eba/1/qFMQ9QMTeuizXU8yn0bwad1wOBU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.94.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:3f:1e:b3:ca:69:cd:b3:10:27:8b:d4:13:7d:ef:66:4a:a0:
         ba:05:bd:fd:3b:56:2d:00:eb:01:15:7c:54:ee:3f:3e:7e:6f:
         66:49:e9:d7:50:1f:fa:06:4e:90:91:4f:fc:55:f6:96:e2:52:
         5f:c0:4a:0e:c6:50:9c:b9:0d:6e:5b:5b:64:f4:52:5f:ae:ad:
         78:4d:f3:e3:44:aa:0d:1e:92:30:eb:b6:d0:c3:50:24:c9:59:
         a5:28:28:28:e8:50:1e:7e:ec:18:af:9b:ba:b9:ac:10:5a:ba:
         49:81:05:e1:37:6a:2a:5b:51:73:92:01:ed:28:6d:25:b0:cf:
         99:8c:16:ec:2d:9d:95:a5:31:fa:05:bd:b7:74:0d:ea:bd:70:
         5f:43:bc:d3:bc:a1:19:78:fd:82:81:eb:17:0e:38:86:d3:9e:
         57:0d:da:2d:9e:cc:ad:ff:36:a8:83:03:d9:28:d7:db:69:6e:
         35:48:24:4f:91:0d:bc:23:6e:56:c7:8d:79:16:02:c1:7c:33:
         73:7e:12:02:6c:79:77:19:3f:85:cd:a9:73:ba:de:56:9b:0d:
         56:db:1b:8d:7a:49:fe:e9:34:f3:22:4f:48:12:e0:8e:a1:70:
         19:b0:fa:29:a3:ee:e0:3c:e4:b7:63:8c:48:e6:d1:17:20:60:
         0a:b5:9e:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtt6iR4JMcpCA83MlyLWqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NTMxMGY1MDMxMzdhZThiMzVkNGYzMjlmNDZmMDY5ZGQ3
MDM4MTUwHhcNMjQwMTAxMDYyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGZiNGZjYWMxZDIzYTY5NTdlZGU2ZDA1ZjczMWNmNGQ1YjQ5YWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhTboQVd3dS8LJ95iYYAFPgmiaenQ
3w5LQrfxaCtzm4MpdZ9o1YMhk75KkQjUI62Ot/vhPJJE0IoAakE2QPh58H96F4fs
177VYpKa+TxDBev07eR3KRhnHYkbC7ZHnaqe+zpgVIfT9yXZv52GQEoaDe+WkdFR
y8neAd3wbY2Ifw7LgrOyzbAs91mH23BpFOlbKQG3B9A1TttkJYcpmDeewbntXZ3R
NvpdPkPWJ8qaHzHl9ccxBSl7h5368Ojp7c6loykYJ1ValqL4rJHVsaUgDEgLnoJX
/N5URY9ksitM+8A1aUCJyAkGqSQBv6NYK7RS6ZF6lPdBGiGIgDKoWx3JWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFT7T8rB0jppV+3m0F9zHPTVtJqkMB8GA1UdIwQY
MBaAFKhTEPUDE3ros11PMp9G8GndcDgVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUZNUTlRTVRldWl6WFU4eW4wYndhZDF3T0JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9iNDI5NDktZWUwYS00MTIzLTg3YmYt
MzAxODlhNWE0ZWJhLzEvVlB0UHlzSFNPbWxYN2ViUVgzTWM5TlcwbXFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9iNDI5NDktZWUwYS00MTIzLTg3YmYtMzAxODlhNWE0ZWJh
LzEvcUZNUTlRTVRldWl6WFU4eW4wYndhZDF3T0JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV5TMA0G
CSqGSIb3DQEBCwUAA4IBAQCNPx6zymnNsxAni9QTfe9mSqC6Bb39O1YtAOsBFXxU
7j8+fm9mSenXUB/6Bk6QkU/8VfaW4lJfwEoOxlCcuQ1uW1tk9FJfrq14TfPjRKoN
HpIw67bQw1AkyVmlKCgo6FAefuwYr5u6uawQWrpJgQXhN2oqW1FzkgHtKG0lsM+Z
jBbsLZ2VpTH6Bb23dA3qvXBfQ7zTvKEZeP2CgesXDjiG055XDdotnsyt/zaogwPZ
KNfbaW41SCRPkQ28I25Wx415FgLBfDNzfhICbHl3GT+Fzalzut5Wmw1W2xuNekn+
6TTzIk9IEuCOoXAZsPopo+7gPOS3Y4xI5tEXIGAKtZ41
-----END CERTIFICATE-----