Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/ab45e4-6ea0-495f-8b78-9b5d76a949f4/1/vQ5CG6arfMM5etGi0OK5TsR58xE.roa
File:                     vQ5CG6arfMM5etGi0OK5TsR58xE.roa (raw, json)
Hash identifier:          O1YQHBI+srgf43ZjPaWXEjlUEDWR+/G9UC3V+eWxxEE=
Subject key identifier:   BD:0E:42:1B:A6:AB:7C:C3:39:7A:D1:A2:D0:E2:B9:4E:C4:79:F3:11
Certificate issuer:       /CN=1e35c06a8c06d5dd64fe76b090a3e1e2a4996dc8
Certificate serial:       018CC795618DCBB36EC6DF4BCBAF3AFC4BBD
Authority key identifier: 1E:35:C0:6A:8C:06:D5:DD:64:FE:76:B0:90:A3:E1:E2:A4:99:6D:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HjXAaowG1d1k_nawkKPh4qSZbcg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/ab45e4-6ea0-495f-8b78-9b5d76a949f4/1/vQ5CG6arfMM5etGi0OK5TsR58xE.roa
Signing time:             Tue 02 Jan 2024 00:31:44 +0000
ROA not before:           Tue 02 Jan 2024 00:31:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15600
IP address blocks:        94.16.128.0/17 maxlen: 24
                          185.74.160.0/22 maxlen: 22
                          2a00:9fe0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/ab45e4-6ea0-495f-8b78-9b5d76a949f4/1/HjXAaowG1d1k_nawkKPh4qSZbcg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/ab45e4-6ea0-495f-8b78-9b5d76a949f4/1/HjXAaowG1d1k_nawkKPh4qSZbcg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HjXAaowG1d1k_nawkKPh4qSZbcg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:61:8d:cb:b3:6e:c6:df:4b:cb:af:3a:fc:4b:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e35c06a8c06d5dd64fe76b090a3e1e2a4996dc8
        Validity
            Not Before: Jan  2 00:31:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd0e421ba6ab7cc3397ad1a2d0e2b94ec479f311
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:0f:a7:39:ad:b2:86:d4:d0:d0:14:de:cd:6f:
                    12:2d:5e:00:d6:e2:fc:73:cd:1c:f0:2c:73:48:61:
                    e8:30:b2:1c:fe:c2:94:4f:8f:79:e8:04:74:21:00:
                    74:53:4e:b8:d3:51:ea:2e:0f:31:3a:56:57:5b:33:
                    2c:18:26:a0:79:d3:bb:b8:c7:ea:70:7b:0a:89:68:
                    68:f7:59:8b:96:c3:65:d7:64:02:12:2a:78:b2:ce:
                    21:d1:03:02:9c:88:88:95:17:65:55:4d:56:4d:7d:
                    ea:be:01:2e:0a:52:01:06:69:11:52:37:0c:d5:1e:
                    94:d0:85:a9:cf:07:01:0c:e1:80:3b:62:07:eb:b2:
                    55:22:74:2e:76:5f:61:48:cc:08:c8:1a:5f:8e:8c:
                    cd:0b:91:26:95:fa:13:49:9b:96:59:0e:43:81:bd:
                    ec:1d:5a:70:12:d3:1d:7c:2e:a4:27:3f:cf:d3:15:
                    5f:0e:06:60:f7:ff:8c:e7:64:18:4a:19:fd:1d:cc:
                    b6:13:bd:d0:e8:55:0b:c6:fa:95:ea:4a:99:20:2f:
                    ab:c9:15:92:df:f0:b1:85:80:44:5d:41:03:90:b5:
                    19:14:4d:53:71:e5:c4:2e:b3:1c:34:76:14:19:26:
                    26:a0:3b:20:3f:69:20:f3:80:db:e3:04:72:80:f4:
                    bd:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:0E:42:1B:A6:AB:7C:C3:39:7A:D1:A2:D0:E2:B9:4E:C4:79:F3:11
            X509v3 Authority Key Identifier:
                keyid:1E:35:C0:6A:8C:06:D5:DD:64:FE:76:B0:90:A3:E1:E2:A4:99:6D:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HjXAaowG1d1k_nawkKPh4qSZbcg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/ab45e4-6ea0-495f-8b78-9b5d76a949f4/1/vQ5CG6arfMM5etGi0OK5TsR58xE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/ab45e4-6ea0-495f-8b78-9b5d76a949f4/1/HjXAaowG1d1k_nawkKPh4qSZbcg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.16.128.0/17
                  185.74.160.0/22
                IPv6:
                  2a00:9fe0::/29

    Signature Algorithm: sha256WithRSAEncryption
         a3:f0:42:4d:5e:a5:79:d7:bd:a8:02:68:25:98:c3:45:95:2e:
         63:1d:7f:06:1a:10:76:2a:6b:02:77:41:54:a9:b8:0d:70:e6:
         d2:98:c8:20:fb:10:22:d9:e3:68:25:ba:1a:b3:e0:6a:21:d2:
         dc:ed:1d:b8:5b:50:9f:e4:e7:64:3b:8d:4e:30:a9:62:9d:02:
         11:3d:22:b8:09:c1:ab:6f:75:35:56:73:ac:2c:67:c8:ea:78:
         f8:16:f6:20:dd:5d:94:9e:b4:83:db:b9:e2:fc:ed:59:7c:de:
         2a:7c:0b:00:21:2e:d5:46:9b:4a:cc:4a:cb:60:92:b1:1e:1c:
         4a:f0:e3:5d:1f:c3:4d:0a:19:86:93:52:c5:65:ba:af:ca:8e:
         8c:4b:f1:94:f9:9e:43:ca:cb:2a:f7:f8:8b:d9:8d:ff:fd:26:
         74:2e:1c:f4:3f:3d:34:31:0e:1e:57:5a:9b:5c:96:aa:6e:22:
         83:1f:e8:76:51:ed:b7:57:29:95:16:a9:1d:72:2c:3d:a2:62:
         01:aa:c6:38:7e:17:c1:45:39:a0:29:bb:a2:6a:cb:69:88:b2:
         c6:e9:fb:79:f4:07:00:41:cb:7d:f7:ca:38:50:f3:6d:f2:71:
         d0:82:62:92:fa:50:7f:b9:b0:2b:8b:ab:98:2d:cb:18:10:b6:
         dc:53:a5:2b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzHlWGNy7Nuxt9Ly686/Eu9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlMzVjMDZhOGMwNmQ1ZGQ2NGZlNzZiMDkwYTNlMWUyYTQ5
OTZkYzgwHhcNMjQwMTAyMDAzMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDBlNDIxYmE2YWI3Y2MzMzk3YWQxYTJkMGUyYjk0ZWM0NzlmMzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyg+nOa2yhtTQ0BTezW8SLV4A1uL8
c80c8CxzSGHoMLIc/sKUT4956AR0IQB0U06401HqLg8xOlZXWzMsGCagedO7uMfq
cHsKiWho91mLlsNl12QCEip4ss4h0QMCnIiIlRdlVU1WTX3qvgEuClIBBmkRUjcM
1R6U0IWpzwcBDOGAO2IH67JVInQudl9hSMwIyBpfjozNC5EmlfoTSZuWWQ5Dgb3s
HVpwEtMdfC6kJz/P0xVfDgZg9/+M52QYShn9Hcy2E73Q6FULxvqV6kqZIC+ryRWS
3/CxhYBEXUEDkLUZFE1TceXELrMcNHYUGSYmoDsgP2kg84Db4wRygPS9mQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFL0OQhumq3zDOXrRotDiuU7EefMRMB8GA1UdIwQY
MBaAFB41wGqMBtXdZP52sJCj4eKkmW3IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGpYQWFvd0cxZDFrX25hd2tLUGg0cVNaYmNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9hYjQ1ZTQtNmVhMC00OTVmLThiNzgt
OWI1ZDc2YTk0OWY0LzEvdlE1Q0c2YXJmTU01ZXRHaTBPSzVUc1I1OHhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9hYjQ1ZTQtNmVhMC00OTVmLThiNzgtOWI1ZDc2YTk0OWY0
LzEvSGpYQWFvd0cxZDFrX25hd2tLUGg0cVNaYmNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQHXhCAAwQC
uUqgMA0EAgACMAcDBQMqAJ/gMA0GCSqGSIb3DQEBCwUAA4IBAQCj8EJNXqV5172o
AmglmMNFlS5jHX8GGhB2KmsCd0FUqbgNcObSmMgg+xAi2eNoJboas+BqIdLc7R24
W1Cf5OdkO41OMKlinQIRPSK4CcGrb3U1VnOsLGfI6nj4FvYg3V2UnrSD27ni/O1Z
fN4qfAsAIS7VRptKzErLYJKxHhxK8ONdH8NNChmGk1LFZbqvyo6MS/GU+Z5Dyssq
9/iL2Y3//SZ0Lhz0Pz00MQ4eV1qbXJaqbiKDH+h2Ue23VymVFqkdciw9omIBqsY4
fhfBRTmgKbuiastpiLLG6ft59AcAQct998o4UPNt8nHQgmKS+lB/ubAri6uYLcsY
ELbcU6Ur
-----END CERTIFICATE-----