Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/ndxWdPiO_rhBP4lvoQZ7pYzxJgc.roa
File:                     ndxWdPiO_rhBP4lvoQZ7pYzxJgc.roa (raw, json)
Hash identifier:          x4DhvVUuySwr4JAPlz3teBozLvaDUq3H1hCYiorfAJ4=
Subject key identifier:   9D:DC:56:74:F8:8E:FE:B8:41:3F:89:6F:A1:06:7B:A5:8C:F1:26:07
Certificate issuer:       /CN=0bf543e23e29fb03748d0939726f30fe9affa19e
Certificate serial:       018CC7956C12E0136A27644E40C52E2FF233
Authority key identifier: 0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/ndxWdPiO_rhBP4lvoQZ7pYzxJgc.roa
Signing time:             Tue 02 Jan 2024 00:31:47 +0000
ROA not before:           Tue 02 Jan 2024 00:31:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210117
IP address blocks:        188.95.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:6c:12:e0:13:6a:27:64:4e:40:c5:2e:2f:f2:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bf543e23e29fb03748d0939726f30fe9affa19e
        Validity
            Not Before: Jan  2 00:31:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ddc5674f88efeb8413f896fa1067ba58cf12607
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:fe:34:7b:8e:5a:d1:d1:25:68:bf:dc:bf:8b:
                    12:48:b2:70:b5:19:36:a6:79:04:68:cf:cf:77:f4:
                    77:d9:ac:95:ce:eb:b6:6e:4a:e0:fb:38:9b:2b:55:
                    15:5b:39:9f:cb:39:b1:f1:25:c7:c7:16:5e:42:5b:
                    31:ec:41:26:48:70:47:20:40:a3:8f:cd:b6:3b:4a:
                    51:68:71:75:55:0e:18:8e:e0:99:e0:7a:c8:f6:bf:
                    33:76:6f:de:15:6e:16:f2:c0:98:ec:10:c3:28:fa:
                    58:a2:a2:e1:0a:5a:d6:8b:db:68:51:31:10:7f:b9:
                    89:3d:7a:f5:e5:93:43:cc:28:19:88:b8:31:b0:25:
                    ce:90:42:7b:44:a5:0c:94:a2:e8:9b:bd:32:59:cd:
                    bb:a7:f8:b3:d5:ff:92:7b:79:83:81:61:70:54:e2:
                    88:a2:54:0a:66:15:0a:09:cc:f9:88:b0:d4:6c:23:
                    2b:0d:7a:57:e6:6b:07:c4:ea:08:8d:99:f4:48:c4:
                    b0:23:1c:db:8e:93:bb:b5:0c:59:31:35:dc:e4:43:
                    48:75:1b:6e:6f:2f:89:04:ba:9a:80:41:44:9e:3e:
                    b5:3a:22:b2:82:ba:5c:a8:d5:07:b0:e9:0e:59:9e:
                    68:17:e6:d0:c8:b0:b3:9c:64:0a:b6:33:9a:2d:55:
                    6c:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:DC:56:74:F8:8E:FE:B8:41:3F:89:6F:A1:06:7B:A5:8C:F1:26:07
            X509v3 Authority Key Identifier:
                keyid:0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/ndxWdPiO_rhBP4lvoQZ7pYzxJgc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.95.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:4a:82:cb:25:30:d4:eb:44:a6:aa:d9:2f:18:f7:ac:07:cf:
         f3:c6:33:42:04:7f:24:41:6b:b3:4f:39:8a:dc:b1:e6:f1:54:
         49:21:95:a7:5e:33:e6:1a:90:2e:b9:7d:c1:7c:17:d9:01:7f:
         d1:5a:3c:37:5c:54:53:ad:f3:79:b4:14:a8:e2:cb:95:b7:30:
         b2:2e:ba:d3:7c:d7:27:bb:e4:76:6f:34:75:8d:26:51:8f:3b:
         7a:08:4b:3d:cb:e8:59:db:97:a0:d6:96:33:99:19:19:44:15:
         9f:a2:86:7f:66:74:de:e3:85:8b:d0:a4:fe:e3:12:7c:ae:b2:
         5f:20:97:88:8f:5e:9c:c7:6c:bf:db:01:e5:6b:b4:9e:4e:33:
         c3:2c:01:26:c4:3d:90:db:f4:5e:a2:28:ec:a8:9d:76:31:b4:
         ab:b2:9b:ad:29:8d:73:6d:af:56:eb:c6:63:1b:fa:26:04:1e:
         01:4c:c1:ab:d5:d4:92:d2:93:56:02:25:eb:e3:19:9a:2a:07:
         98:38:58:51:58:5b:c3:16:72:aa:a6:e2:90:6d:03:35:10:e0:
         5a:19:02:8c:df:f2:1c:18:75:22:df:af:0d:9a:34:69:cd:f7:
         07:06:03:16:0a:87:ea:99:60:ff:35:72:97:e2:a7:e4:ee:96:
         f6:03:36:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlWwS4BNqJ2ROQMUuL/IzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiZjU0M2UyM2UyOWZiMDM3NDhkMDkzOTcyNmYzMGZlOWFm
ZmExOWUwHhcNMjQwMTAyMDAzMTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGRjNTY3NGY4OGVmZWI4NDEzZjg5NmZhMTA2N2JhNThjZjEyNjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9/40e45a0dElaL/cv4sSSLJwtRk2
pnkEaM/Pd/R32ayVzuu2bkrg+zibK1UVWzmfyzmx8SXHxxZeQlsx7EEmSHBHIECj
j822O0pRaHF1VQ4YjuCZ4HrI9r8zdm/eFW4W8sCY7BDDKPpYoqLhClrWi9toUTEQ
f7mJPXr15ZNDzCgZiLgxsCXOkEJ7RKUMlKLom70yWc27p/iz1f+Se3mDgWFwVOKI
olQKZhUKCcz5iLDUbCMrDXpX5msHxOoIjZn0SMSwIxzbjpO7tQxZMTXc5ENIdRtu
by+JBLqagEFEnj61OiKygrpcqNUHsOkOWZ5oF+bQyLCznGQKtjOaLVVs/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ3cVnT4jv64QT+Jb6EGe6WM8SYHMB8GA1UdIwQY
MBaAFAv1Q+I+KfsDdI0JOXJvMP6a/6GeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMt
YTM1ZmM0MzhkNGNhLzEvbmR4V2RQaU9fcmhCUDRsdm9RWjdwWXp4SmdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMtYTM1ZmM0MzhkNGNh
LzEvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvF+WMA0G
CSqGSIb3DQEBCwUAA4IBAQB8SoLLJTDU60SmqtkvGPesB8/zxjNCBH8kQWuzTzmK
3LHm8VRJIZWnXjPmGpAuuX3BfBfZAX/RWjw3XFRTrfN5tBSo4suVtzCyLrrTfNcn
u+R2bzR1jSZRjzt6CEs9y+hZ25eg1pYzmRkZRBWfooZ/ZnTe44WL0KT+4xJ8rrJf
IJeIj16cx2y/2wHla7SeTjPDLAEmxD2Q2/ReoijsqJ12MbSrsputKY1zba9W68Zj
G/omBB4BTMGr1dSS0pNWAiXr4xmaKgeYOFhRWFvDFnKqpuKQbQM1EOBaGQKM3/Ic
GHUi368NmjRpzfcHBgMWCofqmWD/NXKX4qfk7pb2Azaq
-----END CERTIFICATE-----