Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/4a2e97-2570-478b-b9bc-5ebb6378009e/1/T4THamuG1AM3rZHQL9SadxFBHog.roa
File:                     T4THamuG1AM3rZHQL9SadxFBHog.roa (raw, json)
Hash identifier:          7QBYtaz1klDzyIgBZlJPw4UvO7IPyFQVOGxVoLUXvQI=
Subject key identifier:   4F:84:C7:6A:6B:86:D4:03:37:AD:91:D0:2F:D4:9A:77:11:41:1E:88
Certificate issuer:       /CN=e292c8c779b6ed6ede72a8cf11490ef6d7a9e921
Certificate serial:       018D9CDE113F8159E1BF9DC118EC9D9D5D9D
Authority key identifier: E2:92:C8:C7:79:B6:ED:6E:DE:72:A8:CF:11:49:0E:F6:D7:A9:E9:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4pLIx3m27W7ecqjPEUkO9tep6SE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/4a2e97-2570-478b-b9bc-5ebb6378009e/1/T4THamuG1AM3rZHQL9SadxFBHog.roa
Signing time:             Mon 12 Feb 2024 10:30:15 +0000
ROA not before:           Mon 12 Feb 2024 10:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215539
IP address blocks:        95.128.195.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/4a2e97-2570-478b-b9bc-5ebb6378009e/1/4pLIx3m27W7ecqjPEUkO9tep6SE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/4a2e97-2570-478b-b9bc-5ebb6378009e/1/4pLIx3m27W7ecqjPEUkO9tep6SE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4pLIx3m27W7ecqjPEUkO9tep6SE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:9c:de:11:3f:81:59:e1:bf:9d:c1:18:ec:9d:9d:5d:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e292c8c779b6ed6ede72a8cf11490ef6d7a9e921
        Validity
            Not Before: Feb 12 10:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f84c76a6b86d40337ad91d02fd49a7711411e88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:b9:1e:88:f6:be:f8:7b:76:09:a0:38:f9:b4:
                    31:a3:9a:b0:3e:ed:f4:33:ac:4d:ae:45:eb:85:fd:
                    f3:4f:62:42:1d:42:05:9a:37:8d:38:b2:b3:24:2a:
                    7d:24:aa:0a:74:33:79:a9:04:43:bf:18:d0:52:13:
                    ab:18:7e:d9:be:17:86:74:22:cd:34:ca:a6:2c:3c:
                    07:b6:1a:ed:df:2c:24:40:8a:8d:7f:45:28:0b:34:
                    4f:ef:d4:4d:18:2a:62:d1:c7:29:14:cb:c1:af:8c:
                    54:34:81:15:33:74:c1:53:84:50:6e:0d:4c:50:5f:
                    88:0a:3c:ea:e1:8d:d6:e3:42:cb:fd:3d:7b:3c:e5:
                    99:5f:85:90:d6:ac:a9:74:01:9d:84:98:fe:3f:d7:
                    69:c2:94:1c:f4:ad:1e:31:86:64:c0:4f:95:9f:c2:
                    75:e0:a0:e0:1f:e8:a0:43:f3:2a:84:cf:f6:cb:d1:
                    b5:8d:30:34:a3:25:7a:28:64:46:6f:65:a6:5d:a5:
                    e4:fe:5b:96:93:8f:b9:78:d9:3e:b1:43:47:53:ae:
                    e3:03:43:7e:7d:66:a5:0a:77:df:2d:02:12:a6:a7:
                    ff:2e:67:8d:8d:e7:8d:b0:2c:53:4c:8a:82:07:c3:
                    71:11:ee:0a:50:d6:1a:98:af:6b:b4:26:fc:36:94:
                    30:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:84:C7:6A:6B:86:D4:03:37:AD:91:D0:2F:D4:9A:77:11:41:1E:88
            X509v3 Authority Key Identifier:
                keyid:E2:92:C8:C7:79:B6:ED:6E:DE:72:A8:CF:11:49:0E:F6:D7:A9:E9:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4pLIx3m27W7ecqjPEUkO9tep6SE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/4a2e97-2570-478b-b9bc-5ebb6378009e/1/T4THamuG1AM3rZHQL9SadxFBHog.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/4a2e97-2570-478b-b9bc-5ebb6378009e/1/4pLIx3m27W7ecqjPEUkO9tep6SE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:24:ad:80:fb:5a:82:c8:b4:f9:9d:9e:7b:ac:59:58:00:87:
         69:0b:d7:01:74:9c:75:a8:97:d2:a6:b6:44:f5:20:ca:46:0b:
         70:0f:ba:b5:e2:49:cf:69:e9:fa:0f:3c:2e:88:ff:7b:d1:72:
         ab:2f:a7:ee:21:a4:ff:8b:65:4f:3a:df:2d:8e:bf:fe:f7:b1:
         5c:6c:6c:90:ee:fe:43:61:0b:bd:38:e8:38:b9:6e:22:17:37:
         63:ab:6d:1b:29:b6:83:65:01:07:3e:8e:0a:d4:25:eb:82:bd:
         67:91:6c:b2:ef:1e:9b:21:48:56:bc:0d:ae:5f:ea:77:7e:ff:
         ef:3b:c7:de:47:7f:a7:ee:a5:a7:8a:65:54:9a:69:19:9f:c8:
         1b:72:fb:5e:be:18:d1:83:eb:59:1c:f8:ef:7f:13:d4:65:69:
         f1:59:73:5c:01:6e:a3:4a:8a:95:82:1a:04:a1:2d:a4:27:c1:
         09:32:cb:3f:27:ac:44:05:aa:bf:e8:44:c7:d7:c3:2a:1b:0c:
         57:c9:5d:10:90:a9:a5:f6:03:1c:5a:7c:0f:de:63:7c:e4:33:
         ad:8c:79:91:4d:de:4e:ef:ba:0d:e3:4f:29:11:c5:df:eb:73:
         5c:39:f3:56:34:4a:57:4e:f6:ea:ae:c7:c7:31:da:09:39:4c:
         2a:d1:61:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2c3hE/gVnhv53BGOydnV2dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyOTJjOGM3NzliNmVkNmVkZTcyYThjZjExNDkwZWY2ZDdh
OWU5MjEwHhcNMjQwMjEyMTAzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Zjg0Yzc2YTZiODZkNDAzMzdhZDkxZDAyZmQ0OWE3NzExNDExZTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLkeiPa++Ht2CaA4+bQxo5qwPu30
M6xNrkXrhf3zT2JCHUIFmjeNOLKzJCp9JKoKdDN5qQRDvxjQUhOrGH7ZvheGdCLN
NMqmLDwHthrt3ywkQIqNf0UoCzRP79RNGCpi0ccpFMvBr4xUNIEVM3TBU4RQbg1M
UF+ICjzq4Y3W40LL/T17POWZX4WQ1qypdAGdhJj+P9dpwpQc9K0eMYZkwE+Vn8J1
4KDgH+igQ/MqhM/2y9G1jTA0oyV6KGRGb2WmXaXk/luWk4+5eNk+sUNHU67jA0N+
fWalCnffLQISpqf/LmeNjeeNsCxTTIqCB8NxEe4KUNYamK9rtCb8NpQw/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE+Ex2prhtQDN62R0C/UmncRQR6IMB8GA1UdIwQY
MBaAFOKSyMd5tu1u3nKozxFJDvbXqekhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHBMSXgzbTI3VzdlY3FqUEVVa085dGVwNlNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC80YTJlOTctMjU3MC00NzhiLWI5YmMt
NWViYjYzNzgwMDllLzEvVDRUSGFtdUcxQU0zclpIUUw5U2FkeEZCSG9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC80YTJlOTctMjU3MC00NzhiLWI5YmMtNWViYjYzNzgwMDll
LzEvNHBMSXgzbTI3VzdlY3FqUEVVa085dGVwNlNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4DDMA0G
CSqGSIb3DQEBCwUAA4IBAQCzJK2A+1qCyLT5nZ57rFlYAIdpC9cBdJx1qJfSprZE
9SDKRgtwD7q14knPaen6DzwuiP970XKrL6fuIaT/i2VPOt8tjr/+97FcbGyQ7v5D
YQu9OOg4uW4iFzdjq20bKbaDZQEHPo4K1CXrgr1nkWyy7x6bIUhWvA2uX+p3fv/v
O8feR3+n7qWnimVUmmkZn8gbcvtevhjRg+tZHPjvfxPUZWnxWXNcAW6jSoqVghoE
oS2kJ8EJMss/J6xEBaq/6ETH18MqGwxXyV0QkKml9gMcWnwP3mN85DOtjHmRTd5O
77oN408pEcXf63NcOfNWNEpXTvbqrsfHMdoJOUwq0WEL
-----END CERTIFICATE-----