Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/9WB6JcAwbl12U6AmKltelOCPsF8.roa
File:                     9WB6JcAwbl12U6AmKltelOCPsF8.roa (raw, json)
Hash identifier:          It0+X2owicgN/2g1+4wtQpm3G7pdmPxOFZlW2wNcp+s=
Subject key identifier:   F5:60:7A:25:C0:30:6E:5D:76:53:A0:26:2A:5B:5E:94:E0:8F:B0:5F
Certificate issuer:       /CN=3ad734cf90c773428806b968209515b914831a9d
Certificate serial:       018CC8026705B6F0FA53F44C9619145F1702
Authority key identifier: 3A:D7:34:CF:90:C7:73:42:88:06:B9:68:20:95:15:B9:14:83:1A:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/9WB6JcAwbl12U6AmKltelOCPsF8.roa
Signing time:             Tue 02 Jan 2024 02:30:49 +0000
ROA not before:           Tue 02 Jan 2024 02:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        188.95.69.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:67:05:b6:f0:fa:53:f4:4c:96:19:14:5f:17:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ad734cf90c773428806b968209515b914831a9d
        Validity
            Not Before: Jan  2 02:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5607a25c0306e5d7653a0262a5b5e94e08fb05f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:b2:fc:ff:04:9a:66:0b:ec:7d:ed:c6:14:3e:
                    72:da:84:7f:93:98:e4:b9:03:bc:44:b1:d7:56:2a:
                    91:48:e3:ec:30:91:f8:2b:57:c6:6f:96:56:f6:58:
                    7d:44:4d:95:f0:ed:f1:e6:76:48:c3:f1:61:3d:10:
                    01:44:7d:f1:26:23:51:c9:94:47:34:54:85:d7:61:
                    fb:06:ab:8b:7a:37:87:81:a2:18:37:e9:77:46:f1:
                    7a:62:b7:81:15:72:40:45:1e:63:5d:77:5b:45:73:
                    3b:26:c1:fc:64:90:52:09:2a:a3:bb:97:e7:1e:a2:
                    8e:f0:59:16:5d:95:0c:55:27:6f:b2:73:e2:dc:34:
                    2f:cc:5f:0c:78:c6:bd:ed:e0:29:1b:cc:84:f8:b0:
                    59:1e:89:3a:af:60:15:e1:12:8a:4e:cb:00:a7:81:
                    a4:76:29:58:fb:7a:9e:70:d3:68:22:d4:ec:4e:04:
                    dd:ee:20:dd:2d:0e:64:ea:b7:ff:44:bd:5a:1c:99:
                    11:6c:34:dd:a7:14:c1:d1:e3:24:c3:66:d5:89:0d:
                    1a:a9:35:a6:52:41:7d:33:99:7a:1d:6f:ba:74:88:
                    08:b8:9d:71:dc:a7:79:4e:62:e7:5a:c2:c1:2c:f4:
                    0a:c1:7e:c7:c1:7d:20:af:5f:d0:35:11:54:eb:a6:
                    57:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:60:7A:25:C0:30:6E:5D:76:53:A0:26:2A:5B:5E:94:E0:8F:B0:5F
            X509v3 Authority Key Identifier:
                keyid:3A:D7:34:CF:90:C7:73:42:88:06:B9:68:20:95:15:B9:14:83:1A:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/9WB6JcAwbl12U6AmKltelOCPsF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.95.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:57:a3:f2:3a:9b:d5:08:20:9c:d9:96:4a:14:d2:4d:b8:e3:
         2a:f8:ec:16:75:76:72:eb:06:9b:ee:46:3b:20:37:62:0e:bd:
         f8:23:4a:9b:8a:bf:81:c8:2d:0c:ae:8b:d7:27:53:d3:50:8c:
         67:96:98:60:68:70:46:bd:70:c4:1f:8b:c6:f6:53:47:74:5d:
         fb:81:a9:57:47:2f:29:ee:f7:c4:b6:4f:0d:29:99:20:a0:1f:
         8a:cf:e0:6d:f3:16:d9:87:ae:4f:89:ad:40:4d:66:3a:f7:52:
         08:c8:03:b1:de:4e:ca:e6:28:20:41:3c:48:42:12:f9:18:75:
         90:c1:b3:20:fa:38:48:ea:58:38:f7:06:d0:1c:25:34:67:42:
         66:9d:df:43:77:27:25:7e:eb:76:4b:b6:3c:cc:4f:b5:5d:fc:
         42:36:da:4d:0d:9f:89:3d:db:c2:df:f6:fb:e2:dc:44:cd:a2:
         61:5d:41:f0:2d:8a:a9:4f:a5:63:37:cb:0e:93:89:8f:e6:4f:
         d6:1e:ce:d0:cd:6a:27:cc:14:b8:1d:1d:55:d1:6e:86:fc:3c:
         b2:20:68:fb:24:7a:6e:24:4f:86:1a:8f:2f:d3:0f:b0:69:c6:
         db:7a:bf:db:2d:c7:14:62:b3:6f:b3:5f:30:05:10:07:47:bd:
         0a:5c:36:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAmcFtvD6U/RMlhkUXxcCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZDczNGNmOTBjNzczNDI4ODA2Yjk2ODIwOTUxNWI5MTQ4
MzFhOWQwHhcNMjQwMTAyMDIzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTYwN2EyNWMwMzA2ZTVkNzY1M2EwMjYyYTViNWU5NGUwOGZiMDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqbL8/wSaZgvsfe3GFD5y2oR/k5jk
uQO8RLHXViqRSOPsMJH4K1fGb5ZW9lh9RE2V8O3x5nZIw/FhPRABRH3xJiNRyZRH
NFSF12H7BquLejeHgaIYN+l3RvF6YreBFXJARR5jXXdbRXM7JsH8ZJBSCSqju5fn
HqKO8FkWXZUMVSdvsnPi3DQvzF8MeMa97eApG8yE+LBZHok6r2AV4RKKTssAp4Gk
dilY+3qecNNoItTsTgTd7iDdLQ5k6rf/RL1aHJkRbDTdpxTB0eMkw2bViQ0aqTWm
UkF9M5l6HW+6dIgIuJ1x3Kd5TmLnWsLBLPQKwX7HwX0gr1/QNRFU66ZX8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPVgeiXAMG5ddlOgJipbXpTgj7BfMB8GA1UdIwQY
MBaAFDrXNM+Qx3NCiAa5aCCVFbkUgxqdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3RjMHo1REhjMEtJQnJsb0lKVVZ1UlNER3AwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lYmYzODEtMDBjOC00ODBkLWE2NmMt
NzZhMWQ0ZDgzMTk3LzEvOVdCNkpjQXdibDEyVTZBbUtsdGVsT0NQc0Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lYmYzODEtMDBjOC00ODBkLWE2NmMtNzZhMWQ0ZDgzMTk3
LzEvT3RjMHo1REhjMEtJQnJsb0lKVVZ1UlNER3AwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvF9FMA0G
CSqGSIb3DQEBCwUAA4IBAQBpV6PyOpvVCCCc2ZZKFNJNuOMq+OwWdXZy6wab7kY7
IDdiDr34I0qbir+ByC0MrovXJ1PTUIxnlphgaHBGvXDEH4vG9lNHdF37galXRy8p
7vfEtk8NKZkgoB+Kz+Bt8xbZh65Pia1ATWY691IIyAOx3k7K5iggQTxIQhL5GHWQ
wbMg+jhI6lg49wbQHCU0Z0Jmnd9Ddyclfut2S7Y8zE+1XfxCNtpNDZ+JPdvC3/b7
4txEzaJhXUHwLYqpT6VjN8sOk4mP5k/WHs7QzWonzBS4HR1V0W6G/DyyIGj7JHpu
JE+GGo8v0w+wacbber/bLccUYrNvs18wBRAHR70KXDb7
-----END CERTIFICATE-----