Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/rP9pakvx44En7j408-QN9rnJbx0.roa
File:                     rP9pakvx44En7j408-QN9rnJbx0.roa (raw, json)
Hash identifier:          HS083Rq0+0878mDqAZ27f4t0z4HSeEWNRWSlMZGySR4=
Subject key identifier:   AC:FF:69:6A:4B:F1:E3:81:27:EE:3E:34:F3:E4:0D:F6:B9:C9:6F:1D
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       018CC801DCDB1C3D9F9BA8F217B844AF6733
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/rP9pakvx44En7j408-QN9rnJbx0.roa
Signing time:             Tue 02 Jan 2024 02:30:14 +0000
ROA not before:           Tue 02 Jan 2024 02:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        188.95.70.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:dc:db:1c:3d:9f:9b:a8:f2:17:b8:44:af:67:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  2 02:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=acff696a4bf1e38127ee3e34f3e40df6b9c96f1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:66:5b:93:f5:17:66:a5:49:c4:12:31:7d:5c:
                    f3:b9:a8:30:50:30:3d:a4:d5:6c:52:3e:47:15:a7:
                    4f:d4:c8:48:72:9b:c3:31:8b:9d:25:8e:11:5a:8a:
                    e5:82:1a:a2:fd:12:72:f7:05:c1:9c:45:38:c2:1f:
                    50:8a:48:0e:ca:64:ac:0d:3b:ca:14:0d:8e:1d:49:
                    9b:cb:c9:e3:9c:2f:93:87:11:d4:b4:dd:93:5c:17:
                    6a:db:74:73:b3:2d:81:d9:24:39:5e:7b:36:b5:5b:
                    9b:a7:9f:77:c2:c5:b1:04:6d:a5:24:8c:21:61:82:
                    de:06:ff:ce:3c:14:fb:b3:73:20:60:1e:7a:6c:05:
                    f3:5f:cf:ef:99:6d:47:8f:7f:c1:01:16:b1:f0:ea:
                    79:68:86:4e:c8:d8:ad:c0:7a:2b:95:6e:1d:e7:a3:
                    1f:a4:09:c1:96:1c:55:40:3d:98:59:ad:03:2c:98:
                    cf:b3:1e:c9:1d:65:72:83:f7:1a:e7:da:35:9c:ef:
                    70:d4:a4:e7:41:4d:87:ab:e5:54:9f:e4:f8:8a:dc:
                    58:58:a7:4f:b7:18:1f:4c:78:fe:dc:8c:ce:d1:5d:
                    3c:cb:ca:1e:f9:ef:8e:f5:60:f6:09:23:f9:74:8f:
                    1b:19:b2:c7:48:7f:0e:e6:a7:19:19:c7:04:95:38:
                    92:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:FF:69:6A:4B:F1:E3:81:27:EE:3E:34:F3:E4:0D:F6:B9:C9:6F:1D
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/rP9pakvx44En7j408-QN9rnJbx0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.95.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:53:11:1b:f0:99:a3:0b:51:87:13:cb:ab:f8:86:b2:ca:80:
         3c:6c:95:b3:4a:d7:91:56:34:4f:d2:44:2e:7d:3c:c5:15:de:
         18:d5:f5:92:fc:05:a6:33:2d:ee:49:2f:4b:53:9e:17:b4:ee:
         08:ea:b8:62:5a:c7:f5:fc:35:a0:93:02:92:7e:66:9d:72:f7:
         c3:bb:3c:34:c6:36:e8:ea:3c:ca:78:8f:87:8f:c6:a8:f2:43:
         be:e7:63:af:79:a6:64:ee:79:59:f6:d2:84:48:16:e4:b3:fd:
         78:f9:53:80:b4:80:cc:7a:9b:37:7b:13:0c:49:ab:62:fc:a4:
         98:b3:39:a0:04:3c:88:8c:da:3e:e5:98:93:2e:3d:8b:ca:ca:
         0d:9a:bd:64:5b:c7:86:5d:ab:eb:1b:d7:cf:88:5b:72:6b:2f:
         f0:5c:74:24:c5:29:6b:cd:a1:4b:2c:27:ea:fe:bc:09:a2:1d:
         84:93:61:6d:82:cb:59:fb:a0:49:1b:81:d5:2b:8c:20:cb:d6:
         b3:65:f3:75:3c:8d:ed:21:4a:16:ee:d4:7e:af:94:7f:9d:85:
         92:a8:9d:9c:92:1f:37:86:4a:34:a8:63:4d:78:27:72:c1:66:
         3c:03:84:fb:13:76:29:0f:84:77:85:aa:5e:2e:9e:3c:7d:69:
         2b:87:42:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAdzbHD2fm6jyF7hEr2czMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjQwMTAyMDIzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2ZmNjk2YTRiZjFlMzgxMjdlZTNlMzRmM2U0MGRmNmI5Yzk2ZjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg2Zbk/UXZqVJxBIxfVzzuagwUDA9
pNVsUj5HFadP1MhIcpvDMYudJY4RWorlghqi/RJy9wXBnEU4wh9QikgOymSsDTvK
FA2OHUmby8njnC+ThxHUtN2TXBdq23Rzsy2B2SQ5Xns2tVubp593wsWxBG2lJIwh
YYLeBv/OPBT7s3MgYB56bAXzX8/vmW1Hj3/BARax8Op5aIZOyNitwHorlW4d56Mf
pAnBlhxVQD2YWa0DLJjPsx7JHWVyg/ca59o1nO9w1KTnQU2Hq+VUn+T4itxYWKdP
txgfTHj+3IzO0V08y8oe+e+O9WD2CSP5dI8bGbLHSH8O5qcZGccElTiSNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKz/aWpL8eOBJ+4+NPPkDfa5yW8dMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvclA5cGFrdng0NEVuN2o0MDgtUU45cm5KYngwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvF9GMA0G
CSqGSIb3DQEBCwUAA4IBAQBKUxEb8JmjC1GHE8ur+IayyoA8bJWzSteRVjRP0kQu
fTzFFd4Y1fWS/AWmMy3uSS9LU54XtO4I6rhiWsf1/DWgkwKSfmadcvfDuzw0xjbo
6jzKeI+Hj8ao8kO+52OveaZk7nlZ9tKESBbks/14+VOAtIDMeps3exMMSati/KSY
szmgBDyIjNo+5ZiTLj2LysoNmr1kW8eGXavrG9fPiFtyay/wXHQkxSlrzaFLLCfq
/rwJoh2Ek2FtgstZ+6BJG4HVK4wgy9azZfN1PI3tIUoW7tR+r5R/nYWSqJ2ckh83
hko0qGNNeCdywWY8A4T7E3YpD4R3hapeLp48fWkrh0I+
-----END CERTIFICATE-----