Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/dd944d-8faa-4cce-aafe-c050f4c05f29/1/XZlZ_8GBedUKnRXCB745V57iRrU.roa
File:                     XZlZ_8GBedUKnRXCB745V57iRrU.roa (raw, json)
Hash identifier:          knTSN57tIEFuuC7/UZ1UfHk3hGF0A7sk13FH8GIHzV0=
Subject key identifier:   5D:99:59:FF:C1:81:79:D5:0A:9D:15:C2:07:BE:39:57:9E:E2:46:B5
Certificate issuer:       /CN=44422eaa3daedf6b902159eedbe94ca9b7d2284f
Certificate serial:       018D4AD17D5211DF36E1741AEEE4B6423D16
Authority key identifier: 44:42:2E:AA:3D:AE:DF:6B:90:21:59:EE:DB:E9:4C:A9:B7:D2:28:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/REIuqj2u32uQIVnu2-lMqbfSKE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/dd944d-8faa-4cce-aafe-c050f4c05f29/1/XZlZ_8GBedUKnRXCB745V57iRrU.roa
Signing time:             Sat 27 Jan 2024 12:07:39 +0000
ROA not before:           Sat 27 Jan 2024 12:07:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204105
IP address blocks:        95.215.59.0/24 maxlen: 24
                          2a13:c640::/30 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/dd944d-8faa-4cce-aafe-c050f4c05f29/1/REIuqj2u32uQIVnu2-lMqbfSKE8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/dd944d-8faa-4cce-aafe-c050f4c05f29/1/REIuqj2u32uQIVnu2-lMqbfSKE8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/REIuqj2u32uQIVnu2-lMqbfSKE8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:4a:d1:7d:52:11:df:36:e1:74:1a:ee:e4:b6:42:3d:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44422eaa3daedf6b902159eedbe94ca9b7d2284f
        Validity
            Not Before: Jan 27 12:07:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d9959ffc18179d50a9d15c207be39579ee246b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:d4:16:fe:9c:12:36:26:63:71:79:6e:93:64:
                    ca:01:5e:9a:54:98:7b:08:7a:3d:be:d4:d3:9e:41:
                    1c:04:f3:a8:ce:16:e2:cd:1e:a2:71:90:7b:b4:e2:
                    3f:d1:92:94:99:04:02:ef:d2:38:31:4d:a6:fd:9f:
                    27:d5:be:1f:db:b4:c8:5f:50:c1:eb:c5:42:42:48:
                    cb:7f:c3:88:03:5a:5b:27:da:0c:77:4a:86:37:5d:
                    93:55:13:db:c1:6f:84:ca:38:7e:d8:56:90:10:1e:
                    1e:12:66:32:3c:01:28:c6:88:e8:1a:2f:7f:80:3c:
                    74:b4:dc:10:00:a1:4e:2f:1d:49:13:9b:88:41:7e:
                    98:9e:e1:16:31:3d:48:8b:a6:da:50:9d:b8:1e:4e:
                    d9:0d:f7:6b:18:b7:e3:d3:8f:bd:f9:e1:fc:a8:f5:
                    9c:70:df:41:fd:eb:a8:b4:97:9e:d3:87:7e:cf:41:
                    48:69:dd:ad:db:9a:63:b5:5f:07:28:1e:28:31:76:
                    1f:95:2c:59:0d:c8:cc:da:48:40:dd:a4:50:21:e1:
                    3d:30:a2:0a:0d:0a:24:0c:8e:7d:03:66:84:f0:d8:
                    99:72:2e:7a:fb:60:43:49:2b:98:74:18:34:75:01:
                    c7:fb:de:46:b9:ce:e2:2e:14:e0:7b:d2:36:41:03:
                    70:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:99:59:FF:C1:81:79:D5:0A:9D:15:C2:07:BE:39:57:9E:E2:46:B5
            X509v3 Authority Key Identifier:
                keyid:44:42:2E:AA:3D:AE:DF:6B:90:21:59:EE:DB:E9:4C:A9:B7:D2:28:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/REIuqj2u32uQIVnu2-lMqbfSKE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/dd944d-8faa-4cce-aafe-c050f4c05f29/1/XZlZ_8GBedUKnRXCB745V57iRrU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/dd944d-8faa-4cce-aafe-c050f4c05f29/1/REIuqj2u32uQIVnu2-lMqbfSKE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.215.59.0/24
                IPv6:
                  2a13:c640::/30

    Signature Algorithm: sha256WithRSAEncryption
         6a:53:87:e3:9f:8d:04:13:10:87:c5:2f:a6:0a:53:ca:85:5b:
         58:ec:29:e3:3b:29:28:ae:50:87:8d:a0:fc:e0:75:7b:ec:e9:
         44:2d:93:54:ba:82:ec:b1:11:dd:c1:74:7c:8c:c9:8a:00:ee:
         e2:b0:c0:be:be:2e:10:14:9d:30:ee:35:db:64:1b:3d:50:f3:
         36:5c:78:4d:97:6e:24:c4:72:3f:1b:8d:1d:bf:a9:54:5f:10:
         bd:ec:e5:5f:43:d7:bd:54:da:d4:6a:a3:6f:58:66:e5:b3:10:
         08:fa:c3:89:bb:e2:54:09:6f:59:f5:6a:0d:1f:8d:f5:04:78:
         68:c2:6d:51:f0:96:55:0f:0c:6d:6a:42:3f:5f:6f:a3:1c:45:
         45:3c:75:b3:1a:4f:4e:b0:d8:0d:e3:16:cf:fe:e7:80:16:3f:
         41:b3:1f:13:90:f0:d0:d9:e9:9d:f4:47:0c:2d:a8:d2:4c:9a:
         8d:89:e1:d5:ad:2f:b5:fd:f3:a2:81:06:71:cf:56:be:77:da:
         a9:8a:ea:ad:f6:e2:19:73:c8:1d:d9:7e:5b:bc:02:e1:21:02:
         96:52:79:93:0e:25:63:e1:1b:8e:97:e4:63:3b:99:73:0d:d0:
         16:36:3b:e9:62:91:8b:4a:c9:a3:37:6d:9b:0f:cd:5c:b5:8d:
         0d:bb:ee:13
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY1K0X1SEd824XQa7uS2Qj0WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NDIyZWFhM2RhZWRmNmI5MDIxNTllZWRiZTk0Y2E5Yjdk
MjI4NGYwHhcNMjQwMTI3MTIwNzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDk5NTlmZmMxODE3OWQ1MGE5ZDE1YzIwN2JlMzk1NzllZTI0NmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjdQW/pwSNiZjcXluk2TKAV6aVJh7
CHo9vtTTnkEcBPOozhbizR6icZB7tOI/0ZKUmQQC79I4MU2m/Z8n1b4f27TIX1DB
68VCQkjLf8OIA1pbJ9oMd0qGN12TVRPbwW+Eyjh+2FaQEB4eEmYyPAEoxojoGi9/
gDx0tNwQAKFOLx1JE5uIQX6YnuEWMT1Ii6baUJ24Hk7ZDfdrGLfj04+9+eH8qPWc
cN9B/euotJee04d+z0FIad2t25pjtV8HKB4oMXYflSxZDcjM2khA3aRQIeE9MKIK
DQokDI59A2aE8NiZci56+2BDSSuYdBg0dQHH+95Guc7iLhTge9I2QQNwlQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFF2ZWf/BgXnVCp0Vwge+OVee4ka1MB8GA1UdIwQY
MBaAFERCLqo9rt9rkCFZ7tvpTKm30ihPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkVJdXFqMnUzMnVRSVZudTItbE1xYmZTS0U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9kZDk0NGQtOGZhYS00Y2NlLWFhZmUt
YzA1MGY0YzA1ZjI5LzEvWFpsWl84R0JlZFVLblJYQ0I3NDVWNTdpUnJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9kZDk0NGQtOGZhYS00Y2NlLWFhZmUtYzA1MGY0YzA1ZjI5
LzEvUkVJdXFqMnUzMnVRSVZudTItbE1xYmZTS0U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAX9c7MA0E
AgACMAcDBQIqE8ZAMA0GCSqGSIb3DQEBCwUAA4IBAQBqU4fjn40EExCHxS+mClPK
hVtY7CnjOykorlCHjaD84HV77OlELZNUuoLssRHdwXR8jMmKAO7isMC+vi4QFJ0w
7jXbZBs9UPM2XHhNl24kxHI/G40dv6lUXxC97OVfQ9e9VNrUaqNvWGblsxAI+sOJ
u+JUCW9Z9WoNH431BHhowm1R8JZVDwxtakI/X2+jHEVFPHWzGk9OsNgN4xbP/ueA
Fj9Bsx8TkPDQ2emd9EcMLajSTJqNieHVrS+1/fOigQZxz1a+d9qpiuqt9uIZc8gd
2X5bvALhIQKWUnmTDiVj4RuOl+RjO5lzDdAWNjvpYpGLSsmjN22bD81ctY0Nu+4T
-----END CERTIFICATE-----