Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/4M1daRof_ldgpJSWZdHdw0YkhgA.roa
File:                     4M1daRof_ldgpJSWZdHdw0YkhgA.roa (raw, json)
Hash identifier:          40lY8vinKSMccGtSVYApyRs22azmbtJEtswoPCR5F0Q=
Subject key identifier:   E0:CD:5D:69:1A:1F:FE:57:60:A4:94:96:65:D1:DD:C3:46:24:86:00
Certificate issuer:       /CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
Certificate serial:       018CC4245B207475BE420F0AAFAFD648C925
Authority key identifier: 62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/4M1daRof_ldgpJSWZdHdw0YkhgA.roa
Signing time:             Mon 01 Jan 2024 08:29:26 +0000
ROA not before:           Mon 01 Jan 2024 08:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207911
IP address blocks:        95.161.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:5b:20:74:75:be:42:0f:0a:af:af:d6:48:c9:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
        Validity
            Not Before: Jan  1 08:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0cd5d691a1ffe5760a4949665d1ddc346248600
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ea:cc:36:08:a4:6a:df:78:9a:56:b8:ab:2a:
                    de:68:19:37:5e:dc:3c:fd:a9:05:6a:f9:e1:ea:70:
                    7e:75:47:6c:10:c5:fb:f4:fd:4f:28:c6:79:68:3d:
                    b3:cf:c4:1f:e3:a0:6b:a8:c8:cf:52:0d:b6:1f:a6:
                    ac:68:b3:eb:62:55:0e:b8:6e:c4:a2:8f:1b:6f:28:
                    07:be:91:85:30:7b:d8:00:e1:0e:82:31:e5:b1:a4:
                    d3:21:06:a0:89:92:77:1a:16:2d:c4:55:ea:c5:31:
                    29:d2:85:8c:4a:78:8e:50:ca:9d:68:8b:79:25:d1:
                    51:c1:4d:4e:18:f7:53:c3:98:4e:44:dd:01:4e:63:
                    8a:a5:9f:d0:6b:9c:47:2d:58:4c:cb:a3:8b:c6:e4:
                    67:32:2d:e6:77:ed:d2:ea:7c:ae:70:15:e8:c2:f9:
                    0b:79:03:bb:31:85:e9:db:10:05:32:a0:f1:0c:28:
                    a2:1e:ce:46:2b:ef:d6:4e:ca:0c:08:d0:c4:67:c5:
                    1b:7d:5a:b3:d8:cf:64:5c:25:8f:a2:0a:83:bc:31:
                    8b:20:47:a9:45:a1:09:f9:d0:a1:52:2c:df:57:3f:
                    0f:dd:7e:5e:2e:3e:c5:13:96:fe:27:b2:bd:68:b1:
                    d4:16:3b:0f:9b:a8:2a:ce:c1:02:dd:87:28:2d:02:
                    50:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:CD:5D:69:1A:1F:FE:57:60:A4:94:96:65:D1:DD:C3:46:24:86:00
            X509v3 Authority Key Identifier:
                keyid:62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/4M1daRof_ldgpJSWZdHdw0YkhgA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.161.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:91:e7:07:0c:2b:d4:c2:eb:81:64:eb:a3:11:26:2c:f5:47:
         5c:8c:c1:d4:fb:55:24:f4:89:ea:0f:bb:9e:ae:19:4d:3b:37:
         42:07:fb:c4:bc:59:4c:52:4f:86:03:aa:36:4c:0f:1a:d6:ca:
         8c:c7:4d:b8:3e:2a:a8:6e:e9:ce:13:ce:36:2f:d2:2e:c3:0e:
         d5:05:43:26:60:29:92:a9:84:7d:38:25:70:dc:2a:fe:49:80:
         df:4a:8f:1e:5b:a4:32:4d:b3:61:d9:ca:ba:ec:54:23:d7:b4:
         13:25:9d:5e:62:7d:2f:6d:ed:be:f5:11:a8:11:36:c6:97:6b:
         70:76:b5:8f:16:53:4c:c0:b3:18:58:ab:d1:82:fc:36:47:ad:
         15:61:93:b2:5d:05:5a:72:0b:d1:49:c0:d3:59:26:a4:1d:07:
         13:e3:65:64:a3:88:e7:a6:fe:69:72:ef:40:e6:2b:b6:05:90:
         ad:73:02:92:09:f9:81:c1:bc:4a:8f:aa:29:24:02:a7:56:15:
         bb:1b:93:49:67:8b:df:ff:f8:b0:42:5d:53:5b:81:65:9f:96:
         01:33:44:db:98:4f:78:61:f2:a1:b7:8d:e9:6c:b9:9e:39:2b:
         cf:a5:87:29:bb:9c:15:91:1c:8a:82:55:0a:b5:88:be:fa:80:
         d0:57:bb:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJFsgdHW+Qg8Kr6/WSMklMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjhlN2UwMWZhZGE0OWMxYTUyZmExM2YzNjI2YzQxYjQx
YTUxYjgwHhcNMjQwMTAxMDgyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGNkNWQ2OTFhMWZmZTU3NjBhNDk0OTY2NWQxZGRjMzQ2MjQ4NjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnerMNgikat94mla4qyreaBk3Xtw8
/akFavnh6nB+dUdsEMX79P1PKMZ5aD2zz8Qf46BrqMjPUg22H6asaLPrYlUOuG7E
oo8bbygHvpGFMHvYAOEOgjHlsaTTIQagiZJ3GhYtxFXqxTEp0oWMSniOUMqdaIt5
JdFRwU1OGPdTw5hORN0BTmOKpZ/Qa5xHLVhMy6OLxuRnMi3md+3S6nyucBXowvkL
eQO7MYXp2xAFMqDxDCiiHs5GK+/WTsoMCNDEZ8UbfVqz2M9kXCWPogqDvDGLIEep
RaEJ+dChUizfVz8P3X5eLj7FE5b+J7K9aLHUFjsPm6gqzsEC3YcoLQJQbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFODNXWkaH/5XYKSUlmXR3cNGJIYAMB8GA1UdIwQY
MBaAFGIo5+AfraScGlL6E/NibEG0GlG4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUt
NzY3NDE2NTI1MTBkLzEvNE0xZGFSb2ZfbGRncEpTV1pkSGR3MFlraGdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUtNzY3NDE2NTI1MTBk
LzEvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6HwMA0G
CSqGSIb3DQEBCwUAA4IBAQCakecHDCvUwuuBZOujESYs9UdcjMHU+1Uk9InqD7ue
rhlNOzdCB/vEvFlMUk+GA6o2TA8a1sqMx024PiqobunOE842L9Iuww7VBUMmYCmS
qYR9OCVw3Cr+SYDfSo8eW6QyTbNh2cq67FQj17QTJZ1eYn0vbe2+9RGoETbGl2tw
drWPFlNMwLMYWKvRgvw2R60VYZOyXQVacgvRScDTWSakHQcT42Vko4jnpv5pcu9A
5iu2BZCtcwKSCfmBwbxKj6opJAKnVhW7G5NJZ4vf//iwQl1TW4Fln5YBM0TbmE94
YfKht43pbLmeOSvPpYcpu5wVkRyKglUKtYi++oDQV7sn
-----END CERTIFICATE-----