Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/973431-5ae4-4521-9454-c8eb08ce9089/1/hi0YC7IdH6Z6d3YOsc_nfai7K7Y.roa
File:                     hi0YC7IdH6Z6d3YOsc_nfai7K7Y.roa (raw, json)
Hash identifier:          B4unnEaHFiR3fW0gwbSwsWm95UOF2faY9g12yuUAF10=
Subject key identifier:   86:2D:18:0B:B2:1D:1F:A6:7A:77:76:0E:B1:CF:E7:7D:A8:BB:2B:B6
Certificate issuer:       /CN=be37c70f1c67eca1775a709c9235d6a2f55516b8
Certificate serial:       018CC4255ECA579BB76CA8CBDA5F7BEC8A28
Authority key identifier: BE:37:C7:0F:1C:67:EC:A1:77:5A:70:9C:92:35:D6:A2:F5:55:16:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vjfHDxxn7KF3WnCckjXWovVVFrg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/973431-5ae4-4521-9454-c8eb08ce9089/1/hi0YC7IdH6Z6d3YOsc_nfai7K7Y.roa
Signing time:             Mon 01 Jan 2024 08:30:32 +0000
ROA not before:           Mon 01 Jan 2024 08:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16019
IP address blocks:        185.95.118.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/973431-5ae4-4521-9454-c8eb08ce9089/1/vjfHDxxn7KF3WnCckjXWovVVFrg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/973431-5ae4-4521-9454-c8eb08ce9089/1/vjfHDxxn7KF3WnCckjXWovVVFrg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vjfHDxxn7KF3WnCckjXWovVVFrg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:02:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5e:ca:57:9b:b7:6c:a8:cb:da:5f:7b:ec:8a:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be37c70f1c67eca1775a709c9235d6a2f55516b8
        Validity
            Not Before: Jan  1 08:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=862d180bb21d1fa67a77760eb1cfe77da8bb2bb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:1d:b0:dd:2a:a5:46:c5:b8:fb:7c:0d:48:0c:
                    28:13:46:fc:0f:05:fc:36:39:11:d0:38:2b:12:fb:
                    24:a6:10:cf:1f:92:c4:2c:ad:9c:da:e8:c8:10:e6:
                    b7:5c:7c:25:95:6d:53:6a:3b:9d:14:77:39:bd:22:
                    11:c7:b4:7d:20:45:74:81:52:a0:89:54:eb:ca:12:
                    44:ef:b9:97:d9:53:1f:71:ee:a3:58:ce:4c:61:bf:
                    df:03:50:eb:d4:c4:27:6d:5e:79:c8:9f:1d:c9:e7:
                    f0:fc:07:10:9a:f2:4c:de:01:61:72:22:35:cf:11:
                    a4:05:95:5b:99:03:11:f0:8f:a6:d8:25:eb:cf:d3:
                    1e:3b:63:bd:b1:ec:1a:ab:0b:ea:b6:8e:06:62:5f:
                    12:14:24:97:80:ae:d3:98:c6:23:34:f0:77:d1:ae:
                    66:2a:70:2b:9c:7d:02:1e:82:28:37:89:ff:3c:ff:
                    d2:79:f7:c3:7f:2e:31:0c:bb:c3:6d:fb:b9:14:1e:
                    53:8d:af:ca:b8:1b:04:ac:66:e2:54:01:b8:9d:30:
                    60:e5:4c:5a:02:fd:50:01:06:8b:ec:7e:b1:87:c0:
                    db:99:89:70:b9:17:8d:ab:59:cf:55:5a:8b:3f:8e:
                    10:09:03:6c:28:bd:5d:b6:ca:e4:18:fb:35:46:69:
                    fb:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:2D:18:0B:B2:1D:1F:A6:7A:77:76:0E:B1:CF:E7:7D:A8:BB:2B:B6
            X509v3 Authority Key Identifier:
                keyid:BE:37:C7:0F:1C:67:EC:A1:77:5A:70:9C:92:35:D6:A2:F5:55:16:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vjfHDxxn7KF3WnCckjXWovVVFrg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/973431-5ae4-4521-9454-c8eb08ce9089/1/hi0YC7IdH6Z6d3YOsc_nfai7K7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/973431-5ae4-4521-9454-c8eb08ce9089/1/vjfHDxxn7KF3WnCckjXWovVVFrg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.95.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a5:9f:0c:bf:ca:04:a8:1b:d4:51:cf:0e:33:26:9b:88:e6:0a:
         ae:ca:d8:0b:58:91:c9:43:65:68:47:54:b2:2a:ba:a4:83:0c:
         e7:d1:ef:aa:58:df:1b:67:f5:8a:3d:d5:ec:2f:2d:86:1f:50:
         db:f0:59:d6:2a:68:1c:a6:17:91:99:41:4f:b1:4a:c6:6d:3a:
         15:66:76:d3:40:82:f0:0a:99:1e:26:88:43:ba:87:df:83:06:
         33:8c:e4:c1:de:c2:58:5d:e3:48:8d:a2:f0:31:ff:a2:3e:82:
         74:80:36:fc:a9:25:af:54:25:0a:fb:50:fd:c5:c9:c4:6f:ea:
         25:80:2e:74:97:74:ae:64:42:59:04:f6:5f:ca:fe:36:72:20:
         25:1c:b0:6b:fa:1a:13:fd:33:8f:ed:7a:33:8b:6d:1c:92:79:
         6b:1a:73:b4:46:fd:76:20:17:bf:c5:c7:22:22:ca:fb:c2:d2:
         92:4a:3f:eb:cb:03:0a:8f:b7:e4:89:09:75:6f:80:b3:7b:59:
         29:48:ce:cf:82:a6:d9:78:0e:7b:a3:74:7a:c7:aa:3e:bf:59:
         15:01:7e:1c:95:4c:94:02:e1:32:d8:cd:94:18:22:81:30:34:
         04:0b:1d:08:72:a1:88:ea:c0:d8:14:9e:f8:a1:3b:35:92:d4:
         d6:0b:15:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJV7KV5u3bKjL2l977IooMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlMzdjNzBmMWM2N2VjYTE3NzVhNzA5YzkyMzVkNmEyZjU1
NTE2YjgwHhcNMjQwMTAxMDgzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjJkMTgwYmIyMWQxZmE2N2E3Nzc2MGViMWNmZTc3ZGE4YmIyYmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyR2w3SqlRsW4+3wNSAwoE0b8DwX8
NjkR0DgrEvskphDPH5LELK2c2ujIEOa3XHwllW1TajudFHc5vSIRx7R9IEV0gVKg
iVTryhJE77mX2VMfce6jWM5MYb/fA1Dr1MQnbV55yJ8dyefw/AcQmvJM3gFhciI1
zxGkBZVbmQMR8I+m2CXrz9MeO2O9sewaqwvqto4GYl8SFCSXgK7TmMYjNPB30a5m
KnArnH0CHoIoN4n/PP/SeffDfy4xDLvDbfu5FB5Tja/KuBsErGbiVAG4nTBg5Uxa
Av1QAQaL7H6xh8DbmYlwuReNq1nPVVqLP44QCQNsKL1dtsrkGPs1Rmn7RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIYtGAuyHR+mend2DrHP532ouyu2MB8GA1UdIwQY
MBaAFL43xw8cZ+yhd1pwnJI11qL1VRa4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmpmSER4eG43S0YzV25DY2tqWFdvdlZWRnJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS85NzM0MzEtNWFlNC00NTIxLTk0NTQt
YzhlYjA4Y2U5MDg5LzEvaGkwWUM3SWRINlo2ZDNZT3NjX25mYWk3SzdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS85NzM0MzEtNWFlNC00NTIxLTk0NTQtYzhlYjA4Y2U5MDg5
LzEvdmpmSER4eG43S0YzV25DY2tqWFdvdlZWRnJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuV92MA0G
CSqGSIb3DQEBCwUAA4IBAQClnwy/ygSoG9RRzw4zJpuI5gquytgLWJHJQ2VoR1Sy
Krqkgwzn0e+qWN8bZ/WKPdXsLy2GH1Db8FnWKmgcpheRmUFPsUrGbToVZnbTQILw
CpkeJohDuoffgwYzjOTB3sJYXeNIjaLwMf+iPoJ0gDb8qSWvVCUK+1D9xcnEb+ol
gC50l3SuZEJZBPZfyv42ciAlHLBr+hoT/TOP7Xozi20cknlrGnO0Rv12IBe/xcci
Isr7wtKSSj/rywMKj7fkiQl1b4Cze1kpSM7PgqbZeA57o3R6x6o+v1kVAX4clUyU
AuEy2M2UGCKBMDQECx0IcqGI6sDYFJ74oTs1ktTWCxWp
-----END CERTIFICATE-----