Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/yptHIqko6ki9zrGWcKPD7ViNe9Y.roa
File:                     yptHIqko6ki9zrGWcKPD7ViNe9Y.roa (raw, json)
Hash identifier:          hECmKdDzts9+DNYIEtbCDeJKqR7l7Bzsajymu/DpQZU=
Subject key identifier:   CA:9B:47:22:A9:28:EA:48:BD:CE:B1:96:70:A3:C3:ED:58:8D:7B:D6
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       018EA4D682072FF9E2047CB4F84BE5887E6A
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/yptHIqko6ki9zrGWcKPD7ViNe9Y.roa
Signing time:             Wed 03 Apr 2024 16:41:45 +0000
ROA not before:           Wed 03 Apr 2024 16:41:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211192
IP address blocks:        94.177.113.0/24 maxlen: 24
                          94.177.118.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Apr 2024 23:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a4:d6:82:07:2f:f9:e2:04:7c:b4:f8:4b:e5:88:7e:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: Apr  3 16:41:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca9b4722a928ea48bdceb19670a3c3ed588d7bd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:26:56:77:41:0a:0d:b0:45:e4:ba:a1:7d:70:
                    a8:f9:e4:14:8a:d7:12:a3:64:65:cc:f2:dd:de:cf:
                    38:ee:82:3f:8c:48:3b:9f:f5:3e:23:6b:8a:1b:27:
                    36:b9:da:19:97:7a:65:e5:33:c5:cf:66:0f:b8:8e:
                    d2:19:97:35:2f:65:b5:b6:e4:35:2f:ed:6e:d1:38:
                    af:27:ae:1b:1f:6f:97:63:62:96:e2:8d:2d:44:c3:
                    30:ce:57:4d:02:9e:5a:e2:26:48:84:91:dd:43:03:
                    49:09:58:41:35:1d:41:bc:a3:b3:ee:92:48:32:0d:
                    9a:ae:9d:ed:93:36:c3:c3:e5:c9:c8:66:03:69:d3:
                    39:2e:b9:2c:6a:cb:39:16:7f:1c:ba:20:60:46:55:
                    7d:d4:e5:c2:e5:68:5f:00:01:aa:ce:08:50:4c:17:
                    58:3c:89:f8:df:9b:e9:ab:b8:72:93:13:ef:5a:95:
                    9d:2b:03:34:32:01:b5:92:5f:13:20:17:6f:25:67:
                    60:45:b9:8b:82:7c:4b:d6:ba:6c:53:fa:da:6f:30:
                    58:32:86:5d:56:04:41:89:c7:a6:a2:84:b4:95:ab:
                    ed:55:dd:b1:c9:3a:cd:17:02:89:91:48:7d:f5:aa:
                    85:1f:b5:d9:19:9d:68:3e:93:b3:20:8f:42:41:1e:
                    7c:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:9B:47:22:A9:28:EA:48:BD:CE:B1:96:70:A3:C3:ED:58:8D:7B:D6
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/yptHIqko6ki9zrGWcKPD7ViNe9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.177.113.0/24
                  94.177.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:7d:4d:e3:8c:af:b3:a6:42:a9:3d:5d:45:2c:29:5d:9c:ee:
         b1:9c:25:82:29:6e:3c:55:7b:80:9d:07:6a:f5:63:c7:41:a2:
         af:97:58:38:e4:2b:04:e6:ff:d8:e3:85:75:44:2d:51:50:b6:
         66:d9:38:a2:ef:6e:c4:f2:d6:9d:78:93:b6:23:ed:23:f4:a0:
         92:0d:dd:9f:21:94:80:e5:d4:7d:02:76:9a:3b:d7:de:7e:c3:
         22:98:db:ee:ed:79:72:1a:66:a2:76:45:e1:f3:eb:c4:68:dc:
         19:35:77:73:45:dd:b7:4f:9d:a5:7f:29:d7:66:bb:22:04:98:
         b0:07:bd:20:ad:0e:39:54:30:84:21:48:63:23:08:8e:05:b3:
         9b:d8:8e:11:e8:61:26:a5:9e:e9:bc:2d:c7:23:21:63:01:9c:
         0e:9f:96:d7:fc:78:2b:97:74:5a:66:af:04:5c:7a:f1:5d:56:
         b0:a3:93:4d:dc:1c:e8:29:ac:63:ad:07:5a:e5:62:16:6b:09:
         68:d2:45:9e:a0:c0:3c:e3:1a:71:ab:e2:ca:98:ba:0e:7b:bb:
         fa:41:ea:e1:cb:62:9b:37:5b:71:27:7d:92:df:96:1f:14:81:
         9a:2e:d2:fb:64:db:2a:cb:34:dc:0f:bf:3b:06:fa:44:2a:bc:
         4a:78:3b:93
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6k1oIHL/niBHy0+EvliH5qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjQwNDAzMTY0MTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTliNDcyMmE5MjhlYTQ4YmRjZWIxOTY3MGEzYzNlZDU4OGQ3YmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmCZWd0EKDbBF5LqhfXCo+eQUitcS
o2RlzPLd3s847oI/jEg7n/U+I2uKGyc2udoZl3pl5TPFz2YPuI7SGZc1L2W1tuQ1
L+1u0TivJ64bH2+XY2KW4o0tRMMwzldNAp5a4iZIhJHdQwNJCVhBNR1BvKOz7pJI
Mg2arp3tkzbDw+XJyGYDadM5Lrksass5Fn8cuiBgRlV91OXC5WhfAAGqzghQTBdY
PIn435vpq7hykxPvWpWdKwM0MgG1kl8TIBdvJWdgRbmLgnxL1rpsU/rabzBYMoZd
VgRBicemooS0lavtVd2xyTrNFwKJkUh99aqFH7XZGZ1oPpOzII9CQR58FwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMqbRyKpKOpIvc6xlnCjw+1YjXvWMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEveXB0SElxa282a2k5enJHV2NLUEQ3VmlOZTlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXrFxAwQA
XrF2MA0GCSqGSIb3DQEBCwUAA4IBAQA5fU3jjK+zpkKpPV1FLCldnO6xnCWCKW48
VXuAnQdq9WPHQaKvl1g45CsE5v/Y44V1RC1RULZm2Tii727E8tadeJO2I+0j9KCS
Dd2fIZSA5dR9AnaaO9fefsMimNvu7XlyGmaidkXh8+vEaNwZNXdzRd23T52lfynX
ZrsiBJiwB70grQ45VDCEIUhjIwiOBbOb2I4R6GEmpZ7pvC3HIyFjAZwOn5bX/Hgr
l3RaZq8EXHrxXVawo5NN3BzoKaxjrQda5WIWawlo0kWeoMA84xpxq+LKmLoOe7v6
Qerhy2KbN1txJ32S35YfFIGaLtL7ZNsqyzTcD787BvpEKrxKeDuT
-----END CERTIFICATE-----