Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/815590-951c-4c1f-8697-c3694088f34a/1/P1yCdLSTkrnpE6h-OkWhyjD4rQQ.roa
File:                     P1yCdLSTkrnpE6h-OkWhyjD4rQQ.roa (raw, json)
Hash identifier:          Bh97kJCfGbOPunbTIxxU0nlPOEZGtavu0WftTdaDdaI=
Subject key identifier:   3F:5C:82:74:B4:93:92:B9:E9:13:A8:7E:3A:45:A1:CA:30:F8:AD:04
Certificate issuer:       /CN=f20bf46303ff54a505f533c554251923e41f5926
Certificate serial:       018CC26D1A2BEA71B1B07530F5ABEEE43CBF
Authority key identifier: F2:0B:F4:63:03:FF:54:A5:05:F5:33:C5:54:25:19:23:E4:1F:59:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8gv0YwP_VKUF9TPFVCUZI-QfWSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/815590-951c-4c1f-8697-c3694088f34a/1/P1yCdLSTkrnpE6h-OkWhyjD4rQQ.roa
Signing time:             Mon 01 Jan 2024 00:29:39 +0000
ROA not before:           Mon 01 Jan 2024 00:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62343
IP address blocks:        94.139.36.0/23 maxlen: 24
                          2a13:ac40::/29 maxlen: 56

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/815590-951c-4c1f-8697-c3694088f34a/1/8gv0YwP_VKUF9TPFVCUZI-QfWSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/815590-951c-4c1f-8697-c3694088f34a/1/8gv0YwP_VKUF9TPFVCUZI-QfWSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8gv0YwP_VKUF9TPFVCUZI-QfWSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:1a:2b:ea:71:b1:b0:75:30:f5:ab:ee:e4:3c:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f20bf46303ff54a505f533c554251923e41f5926
        Validity
            Not Before: Jan  1 00:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f5c8274b49392b9e913a87e3a45a1ca30f8ad04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:80:28:33:87:19:b1:ba:76:7f:cf:60:6a:a3:
                    60:bd:ce:cf:8e:05:d7:cb:c2:6d:af:5f:da:14:ef:
                    82:d2:95:1e:36:16:b5:a9:f2:0c:c4:65:a5:1a:ed:
                    15:c0:2d:9a:24:1f:95:31:9f:d8:44:4b:79:82:92:
                    81:96:06:eb:30:16:35:cc:a0:5e:6b:2e:29:7d:cc:
                    3b:0f:8c:5e:2f:52:1f:84:34:e7:49:b0:21:ea:95:
                    e8:72:70:7c:c3:4d:31:1c:0c:59:ad:25:48:75:c0:
                    cd:e5:8b:32:11:1f:f1:44:02:c1:76:c3:40:14:ec:
                    d7:66:9b:88:2b:a2:94:ff:7c:42:ad:99:42:58:06:
                    b0:e9:6e:39:95:98:a6:0a:8e:f4:ce:dd:44:5f:d1:
                    47:ef:d3:67:e0:f0:21:fd:e8:2b:f4:3a:30:aa:14:
                    00:ce:65:8b:1d:1c:79:1a:fc:d6:9f:90:48:ac:f7:
                    19:69:d5:e2:3b:82:64:68:dd:f0:b8:e0:a8:fb:ed:
                    9b:b6:28:fc:ca:ad:b3:70:cb:f0:fc:42:f4:37:12:
                    cf:74:06:96:7a:fc:a3:e1:46:d1:34:34:ec:85:83:
                    06:c3:14:13:9d:7b:1d:85:28:89:97:e6:99:6f:51:
                    68:22:9a:ca:1a:52:bc:68:f6:fc:64:d9:f5:b4:b6:
                    b7:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:5C:82:74:B4:93:92:B9:E9:13:A8:7E:3A:45:A1:CA:30:F8:AD:04
            X509v3 Authority Key Identifier:
                keyid:F2:0B:F4:63:03:FF:54:A5:05:F5:33:C5:54:25:19:23:E4:1F:59:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8gv0YwP_VKUF9TPFVCUZI-QfWSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/815590-951c-4c1f-8697-c3694088f34a/1/P1yCdLSTkrnpE6h-OkWhyjD4rQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/815590-951c-4c1f-8697-c3694088f34a/1/8gv0YwP_VKUF9TPFVCUZI-QfWSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.139.36.0/23
                IPv6:
                  2a13:ac40::/29

    Signature Algorithm: sha256WithRSAEncryption
         4e:fe:62:ea:35:b9:64:31:df:5f:2a:b7:51:ad:17:b1:3a:7a:
         4d:23:a6:b8:99:ec:8a:9d:26:e2:2c:0c:05:56:13:71:c9:55:
         77:5a:32:2f:b0:c6:bb:74:0c:82:6c:40:df:60:c6:c3:b3:17:
         55:68:91:47:6d:f2:b3:a0:02:8e:da:b2:62:78:4c:0b:70:19:
         f8:8a:b0:b9:f4:58:ce:28:69:c5:b6:bf:de:5c:40:15:41:58:
         04:3a:f3:a3:0a:1a:ad:ba:3c:ba:eb:7a:1e:30:56:d2:25:fa:
         51:5c:2c:11:db:7e:e4:7d:34:de:2f:4b:fc:64:6a:4e:3f:e9:
         df:a7:e9:0b:df:41:01:fd:d3:f1:61:c1:6f:1f:d3:07:70:81:
         d6:bb:6e:1d:72:60:3f:6b:12:53:b4:e8:d3:24:ef:f2:47:7c:
         a1:fa:f8:92:9e:a5:43:7c:b0:00:96:83:6a:9a:c1:18:ef:83:
         9a:6e:ea:b5:e9:86:f5:98:a6:b2:4b:c0:86:94:5a:83:7c:eb:
         45:1f:62:0e:f5:3f:14:22:c7:05:3f:3a:79:35:53:85:e0:49:
         3f:70:16:1b:69:88:f5:c0:31:62:a0:65:83:a9:ad:b8:9c:0f:
         61:ca:59:1c:b7:d7:44:36:72:3f:8d:09:46:aa:9d:a8:90:c8:
         dc:35:9a:dc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzCbRor6nGxsHUw9avu5Dy/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyMGJmNDYzMDNmZjU0YTUwNWY1MzNjNTU0MjUxOTIzZTQx
ZjU5MjYwHhcNMjQwMTAxMDAyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjVjODI3NGI0OTM5MmI5ZTkxM2E4N2UzYTQ1YTFjYTMwZjhhZDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoAoM4cZsbp2f89gaqNgvc7PjgXX
y8Jtr1/aFO+C0pUeNha1qfIMxGWlGu0VwC2aJB+VMZ/YREt5gpKBlgbrMBY1zKBe
ay4pfcw7D4xeL1IfhDTnSbAh6pXocnB8w00xHAxZrSVIdcDN5YsyER/xRALBdsNA
FOzXZpuIK6KU/3xCrZlCWAaw6W45lZimCo70zt1EX9FH79Nn4PAh/egr9DowqhQA
zmWLHRx5GvzWn5BIrPcZadXiO4JkaN3wuOCo++2btij8yq2zcMvw/EL0NxLPdAaW
evyj4UbRNDTshYMGwxQTnXsdhSiJl+aZb1FoIprKGlK8aPb8ZNn1tLa3NQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFD9cgnS0k5K56ROofjpFocow+K0EMB8GA1UdIwQY
MBaAFPIL9GMD/1SlBfUzxVQlGSPkH1kmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGd2MFl3UF9WS1VGOVRQRlZDVVpJLVFmV1NZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS84MTU1OTAtOTUxYy00YzFmLTg2OTct
YzM2OTQwODhmMzRhLzEvUDF5Q2RMU1Rrcm5wRTZoLU9rV2h5akQ0clFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS84MTU1OTAtOTUxYy00YzFmLTg2OTctYzM2OTQwODhmMzRh
LzEvOGd2MFl3UF9WS1VGOVRQRlZDVVpJLVFmV1NZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBXoskMA0E
AgACMAcDBQMqE6xAMA0GCSqGSIb3DQEBCwUAA4IBAQBO/mLqNblkMd9fKrdRrRex
OnpNI6a4meyKnSbiLAwFVhNxyVV3WjIvsMa7dAyCbEDfYMbDsxdVaJFHbfKzoAKO
2rJieEwLcBn4irC59FjOKGnFtr/eXEAVQVgEOvOjChqtujy663oeMFbSJfpRXCwR
237kfTTeL0v8ZGpOP+nfp+kL30EB/dPxYcFvH9MHcIHWu24dcmA/axJTtOjTJO/y
R3yh+viSnqVDfLAAloNqmsEY74Oabuq16Yb1mKayS8CGlFqDfOtFH2IO9T8UIscF
Pzp5NVOF4Ek/cBYbaYj1wDFioGWDqa24nA9hylkct9dENnI/jQlGqp2okMjcNZrc
-----END CERTIFICATE-----