Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/Oljtf5Fg2WVMn-R2DXL5lNktpPs.roa
File:                     Oljtf5Fg2WVMn-R2DXL5lNktpPs.roa (raw, json)
Hash identifier:          tpJVx1aC6+JO9Vj3S1WbKoU+wy8Xi1mjBfD+QyeQ5D4=
Subject key identifier:   3A:58:ED:7F:91:60:D9:65:4C:9F:E4:76:0D:72:F9:94:D9:2D:A4:FB
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       018CC94AAE6CEBF1FC9B7A889AC8F9293126
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/Oljtf5Fg2WVMn-R2DXL5lNktpPs.roa
Signing time:             Tue 02 Jan 2024 08:29:23 +0000
ROA not before:           Tue 02 Jan 2024 08:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211936
IP address blocks:        95.178.8.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 02:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:ae:6c:eb:f1:fc:9b:7a:88:9a:c8:f9:29:31:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Jan  2 08:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a58ed7f9160d9654c9fe4760d72f994d92da4fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:94:5b:f2:d8:f3:67:67:97:84:db:60:82:fa:
                    98:16:f6:d8:89:36:f0:11:71:71:c7:11:f4:f8:43:
                    00:a5:df:86:70:2e:e7:16:3a:ae:ff:4a:1d:d1:c1:
                    28:55:51:fe:f3:d8:41:d2:86:3b:b7:b0:cd:61:7f:
                    ee:ce:8b:17:fb:79:10:5a:37:dc:2e:72:38:24:e6:
                    df:ca:7d:91:cf:e8:15:0b:64:c7:fa:c7:b9:86:e0:
                    c8:6e:50:dc:66:98:46:1a:ca:56:5d:0f:d3:88:28:
                    46:ea:43:e4:8b:c8:99:26:3b:e0:16:ce:1a:91:bb:
                    b3:d3:ac:4c:c0:ee:2a:52:32:22:87:c9:1d:41:74:
                    32:a7:ae:f6:7d:93:4c:53:81:5a:a3:1e:76:7f:9b:
                    8e:b8:fc:fe:8a:8a:d0:70:78:a0:a3:5d:1d:dd:da:
                    6d:1d:6c:df:3c:c2:f3:4b:88:86:82:b2:ff:29:19:
                    f0:52:84:ad:6f:ee:16:4e:08:76:b9:45:d3:8c:bd:
                    b7:62:53:70:54:b0:1b:b2:ad:fb:a3:a2:c6:a0:de:
                    f5:f6:a5:9d:50:6d:62:25:4e:8c:7f:27:45:31:b7:
                    00:5d:60:75:53:ce:7a:4a:75:de:18:71:7a:58:13:
                    d7:f5:db:9c:75:a4:6b:25:72:1f:37:80:2e:4a:fe:
                    11:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:58:ED:7F:91:60:D9:65:4C:9F:E4:76:0D:72:F9:94:D9:2D:A4:FB
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/Oljtf5Fg2WVMn-R2DXL5lNktpPs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.178.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         87:90:d9:08:0c:41:8e:e0:44:97:ad:16:4b:08:6a:df:cf:c9:
         c4:a8:a8:82:50:be:ad:c9:a1:33:43:c2:52:af:65:df:a2:d9:
         c8:d9:47:64:72:e1:a1:f7:20:31:5f:dc:c8:f9:5f:26:c3:50:
         8a:76:f7:47:7a:09:f7:0f:38:53:e8:00:8d:43:54:aa:71:8c:
         b2:83:16:50:40:68:fa:af:59:b3:54:3a:7d:99:7d:b3:ce:c3:
         3b:d8:8e:21:94:f2:69:8e:4a:4f:f2:d5:0f:3e:01:fa:99:0d:
         21:93:d2:75:e1:4b:f4:d1:8e:c9:2b:03:6e:a3:bc:79:0e:40:
         32:2b:a6:8b:bc:c9:8e:be:fd:63:44:0e:92:03:7a:37:8d:d0:
         29:bd:6a:44:2c:00:66:ae:bd:fb:44:18:51:16:67:ca:89:e9:
         02:c7:1e:08:db:fa:70:26:5d:11:c9:20:07:c2:ff:d0:88:f5:
         7a:bf:13:37:5e:d3:62:fb:0a:9d:1c:cd:79:75:00:bd:af:52:
         f7:22:29:0e:9e:3c:7c:6c:92:31:45:52:88:65:cc:4f:d2:7c:
         ab:f9:98:18:2c:e0:b9:b3:4d:03:07:23:5f:49:fa:dc:a3:e3:
         07:be:8b:22:cd:e9:d9:c4:cc:9a:fe:33:ec:af:8b:35:1c:74:
         cc:6c:f9:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJSq5s6/H8m3qImsj5KTEmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjQwMTAyMDgyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTU4ZWQ3ZjkxNjBkOTY1NGM5ZmU0NzYwZDcyZjk5NGQ5MmRhNGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmJRb8tjzZ2eXhNtggvqYFvbYiTbw
EXFxxxH0+EMApd+GcC7nFjqu/0od0cEoVVH+89hB0oY7t7DNYX/uzosX+3kQWjfc
LnI4JObfyn2Rz+gVC2TH+se5huDIblDcZphGGspWXQ/TiChG6kPki8iZJjvgFs4a
kbuz06xMwO4qUjIih8kdQXQyp672fZNMU4Faox52f5uOuPz+iorQcHigo10d3dpt
HWzfPMLzS4iGgrL/KRnwUoStb+4WTgh2uUXTjL23YlNwVLAbsq37o6LGoN719qWd
UG1iJU6MfydFMbcAXWB1U856SnXeGHF6WBPX9ducdaRrJXIfN4AuSv4R9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDpY7X+RYNllTJ/kdg1y+ZTZLaT7MB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvT2xqdGY1RmcyV1ZNbi1SMkRYTDVsTmt0cFBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDX7IIMA0G
CSqGSIb3DQEBCwUAA4IBAQCHkNkIDEGO4ESXrRZLCGrfz8nEqKiCUL6tyaEzQ8JS
r2XfotnI2UdkcuGh9yAxX9zI+V8mw1CKdvdHegn3DzhT6ACNQ1SqcYyygxZQQGj6
r1mzVDp9mX2zzsM72I4hlPJpjkpP8tUPPgH6mQ0hk9J14Uv00Y7JKwNuo7x5DkAy
K6aLvMmOvv1jRA6SA3o3jdApvWpELABmrr37RBhRFmfKiekCxx4I2/pwJl0RySAH
wv/QiPV6vxM3XtNi+wqdHM15dQC9r1L3IikOnjx8bJIxRVKIZcxP0nyr+ZgYLOC5
s00DByNfSfrco+MHvosizenZxMya/jPsr4s1HHTMbPmS
-----END CERTIFICATE-----