Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/yEuqipfqSpwLuDM43oOYdi78__0.roa
File:                     yEuqipfqSpwLuDM43oOYdi78__0.roa (raw, json)
Hash identifier:          CxRVS865YSoRAGiSxDOlORU6rxpnv/z5HlXmFqnVqtY=
Subject key identifier:   C8:4B:AA:8A:97:EA:4A:9C:0B:B8:33:38:DE:83:98:76:2E:FC:FF:FD
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       018CC5DC5330B793DD516DD318EB74F8D576
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/yEuqipfqSpwLuDM43oOYdi78__0.roa
Signing time:             Mon 01 Jan 2024 16:29:59 +0000
ROA not before:           Mon 01 Jan 2024 16:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216127
IP address blocks:        195.19.93.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:53:30:b7:93:dd:51:6d:d3:18:eb:74:f8:d5:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  1 16:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c84baa8a97ea4a9c0bb83338de8398762efcfffd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:14:d0:b2:97:df:ac:22:5a:b4:ad:8f:24:74:
                    cb:2b:20:95:6b:be:50:59:4d:01:08:a0:fe:4f:cd:
                    bb:4b:1d:45:7a:03:c4:3b:43:5d:fb:0f:b3:c5:bd:
                    de:8d:20:9c:84:3a:6e:e4:72:0d:e4:55:8a:42:2b:
                    2d:f2:99:c3:b7:e8:c6:c1:a4:81:9e:17:0d:b1:0d:
                    01:84:00:e1:6c:2b:9b:40:ae:a3:c0:29:59:2b:68:
                    62:73:f0:7d:05:5e:29:7f:88:dd:4e:24:0a:92:e9:
                    85:d7:b2:1e:d2:03:44:03:4f:27:63:92:bf:0f:d4:
                    26:85:9c:36:52:82:ee:00:c0:fd:b0:7d:a7:59:51:
                    df:15:29:69:ff:15:13:7f:e5:aa:b3:89:1b:e4:4d:
                    d9:8a:4c:85:d4:05:fe:f0:ef:ed:b2:c2:41:05:88:
                    7b:be:1a:bf:f7:e3:e9:75:60:43:22:39:03:b7:d4:
                    6f:81:90:4d:37:19:a7:6b:c5:26:cd:fe:50:54:dc:
                    41:1c:f6:4f:c5:3d:02:c7:a4:43:f6:4b:5f:d6:7f:
                    97:ef:71:b6:c6:9e:83:c0:a7:61:9b:9d:46:78:87:
                    18:f5:16:c1:60:ee:ab:f6:68:92:53:bc:08:02:f6:
                    88:f6:71:11:4e:88:ac:f7:7d:35:9f:da:6d:18:9c:
                    71:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:4B:AA:8A:97:EA:4A:9C:0B:B8:33:38:DE:83:98:76:2E:FC:FF:FD
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/yEuqipfqSpwLuDM43oOYdi78__0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.19.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:ad:a0:34:9d:9f:42:18:c0:68:da:e3:b9:13:d5:dc:72:0e:
         4b:4a:fe:04:b8:56:4b:c2:b9:4f:10:bf:ed:89:87:ca:84:46:
         27:f2:91:e5:93:44:63:2e:f5:f2:fe:71:17:52:66:a1:b5:da:
         62:fa:5f:52:45:ea:9a:ec:bb:5b:ac:f6:01:b1:1f:72:35:a0:
         7b:93:3c:f8:a2:59:14:a7:f5:97:47:e9:f1:67:de:35:39:15:
         3a:ef:62:96:42:44:a9:4e:0e:8c:b4:c3:34:b0:a6:16:d8:e6:
         d4:36:08:c7:66:99:5f:ce:9a:cc:f4:63:c3:58:e9:93:aa:8c:
         1b:44:77:da:5e:6c:f5:f3:ec:f2:3e:65:7f:6f:6a:40:ce:41:
         10:9e:d3:01:6e:ce:63:37:c2:a7:a8:88:49:33:78:6d:47:45:
         01:a6:fe:14:10:6e:f4:21:65:84:39:10:3d:17:f6:0a:43:53:
         52:69:aa:f3:72:51:ae:1a:9e:57:a8:26:1d:dd:7c:ba:9d:e6:
         ed:c0:a0:60:6b:e1:ed:07:25:dd:6d:0d:88:a0:be:89:1b:ea:
         fb:57:76:00:1d:d9:48:74:60:ac:90:e8:c1:82:e7:7d:6c:68:
         6b:a9:ef:a7:44:0a:44:1f:dd:ba:33:c6:01:f9:eb:f1:af:f1:
         7d:8b:a9:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3FMwt5PdUW3TGOt0+NV2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjQwMTAxMTYyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODRiYWE4YTk3ZWE0YTljMGJiODMzMzhkZTgzOTg3NjJlZmNmZmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjBTQspffrCJatK2PJHTLKyCVa75Q
WU0BCKD+T827Sx1FegPEO0Nd+w+zxb3ejSCchDpu5HIN5FWKQist8pnDt+jGwaSB
nhcNsQ0BhADhbCubQK6jwClZK2hic/B9BV4pf4jdTiQKkumF17Ie0gNEA08nY5K/
D9QmhZw2UoLuAMD9sH2nWVHfFSlp/xUTf+Wqs4kb5E3ZikyF1AX+8O/tssJBBYh7
vhq/9+PpdWBDIjkDt9RvgZBNNxmna8Umzf5QVNxBHPZPxT0Cx6RD9ktf1n+X73G2
xp6DwKdhm51GeIcY9RbBYO6r9miSU7wIAvaI9nERTois9301n9ptGJxxaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMhLqoqX6kqcC7gzON6DmHYu/P/9MB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEveUV1cWlwZnFTcHdMdURNNDNvT1lkaTc4X18wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxNdMA0G
CSqGSIb3DQEBCwUAA4IBAQCIraA0nZ9CGMBo2uO5E9Xccg5LSv4EuFZLwrlPEL/t
iYfKhEYn8pHlk0RjLvXy/nEXUmahtdpi+l9SReqa7LtbrPYBsR9yNaB7kzz4olkU
p/WXR+nxZ941ORU672KWQkSpTg6MtMM0sKYW2ObUNgjHZplfzprM9GPDWOmTqowb
RHfaXmz18+zyPmV/b2pAzkEQntMBbs5jN8KnqIhJM3htR0UBpv4UEG70IWWEORA9
F/YKQ1NSaarzclGuGp5XqCYd3Xy6nebtwKBga+HtByXdbQ2IoL6JG+r7V3YAHdlI
dGCskOjBgud9bGhrqe+nRApEH926M8YB+evxr/F9i6lL
-----END CERTIFICATE-----