Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/AUGVZdI9nMYdLwbcCI1h8qcqFi8.roa
File:                     AUGVZdI9nMYdLwbcCI1h8qcqFi8.roa (raw, json)
Hash identifier:          WPbQ52iQyIkOquBBqXhhtrcxqBeahJFeUkn3yluZpLU=
Subject key identifier:   01:41:95:65:D2:3D:9C:C6:1D:2F:06:DC:08:8D:61:F2:A7:2A:16:2F
Certificate issuer:       /CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
Certificate serial:       018CC42456220996E92C51D02B00E62B9087
Authority key identifier: 62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/AUGVZdI9nMYdLwbcCI1h8qcqFi8.roa
Signing time:             Mon 01 Jan 2024 08:29:24 +0000
ROA not before:           Mon 01 Jan 2024 08:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52000
IP address blocks:        95.161.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:56:22:09:96:e9:2c:51:d0:2b:00:e6:2b:90:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
        Validity
            Not Before: Jan  1 08:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01419565d23d9cc61d2f06dc088d61f2a72a162f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:52:f7:d8:10:5a:a2:f3:fd:7c:76:97:94:c8:
                    54:4c:93:68:08:35:31:ce:45:36:d4:86:cb:ff:b9:
                    fe:5e:76:63:d9:43:e4:63:f1:63:96:b2:31:bf:ab:
                    9b:af:56:e1:3e:fa:de:17:57:5f:4d:d6:25:77:2b:
                    7a:da:57:8f:d4:d4:13:e4:9e:c6:0c:07:cb:14:0e:
                    d9:b5:8c:3a:e4:0a:67:9c:c1:aa:29:d2:b2:29:75:
                    02:7b:c5:6b:8a:75:67:98:77:8f:ad:39:22:bf:ab:
                    9c:36:ea:02:4e:67:65:06:49:76:22:43:e5:c7:c1:
                    75:d9:fc:5c:85:29:e1:c8:2d:de:b2:8a:a8:43:f3:
                    2e:a6:68:c9:cc:26:10:1e:c8:08:13:5f:94:d9:e5:
                    51:08:dd:5b:b7:11:c0:23:76:75:eb:05:17:0f:0f:
                    08:35:d3:58:32:c5:15:26:47:22:1c:88:e8:f2:67:
                    70:a6:4f:50:eb:d3:78:cb:70:46:3a:30:87:7d:7f:
                    d3:b9:d0:d3:df:3c:d3:24:b3:c3:9c:08:6f:5b:47:
                    48:c0:32:c7:26:d8:e2:c9:a6:44:23:0d:ac:cc:c8:
                    06:8f:69:f5:d9:76:a4:02:a3:7a:0e:37:b8:c0:86:
                    fd:d0:06:ee:b9:5f:fd:86:6c:96:3a:18:71:92:47:
                    54:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:41:95:65:D2:3D:9C:C6:1D:2F:06:DC:08:8D:61:F2:A7:2A:16:2F
            X509v3 Authority Key Identifier:
                keyid:62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/AUGVZdI9nMYdLwbcCI1h8qcqFi8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.161.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cb:b9:1f:b6:31:28:3e:34:a4:e7:b1:02:b0:86:34:86:a4:ce:
         79:34:b5:0e:29:a1:d8:bf:7c:59:3b:1f:66:da:49:25:7f:0d:
         dd:17:10:e7:a8:e2:9e:2a:c1:42:24:47:9b:84:22:59:02:57:
         c7:3b:e5:e4:1e:b3:64:e7:a7:ad:21:53:6e:66:76:c0:33:5a:
         d2:54:b4:67:2c:d6:b4:d9:2e:5a:1b:0e:d7:9d:ac:27:4d:f9:
         d6:58:a1:f3:79:82:92:66:a1:66:79:d4:96:a6:0e:28:1d:a5:
         fa:42:09:87:b6:aa:da:17:de:0c:20:c9:08:cc:52:e4:bd:fc:
         76:4b:47:3a:5d:8b:36:86:05:c0:e5:3c:bc:79:6f:e9:5f:29:
         98:ec:81:58:08:6c:d1:6f:d2:0e:6c:39:b7:4c:73:10:a8:00:
         cc:ce:46:be:3f:cb:b6:60:f6:48:17:2a:22:82:56:0f:b5:38:
         a0:c8:61:33:0c:48:5f:07:a2:bd:0f:d5:61:da:3a:a4:e9:62:
         2d:98:53:9a:2f:2e:8e:3f:59:dc:34:c2:da:bf:69:3a:ab:25:
         bd:82:13:52:5d:bb:0a:e0:ec:a1:1e:14:81:a1:ce:d2:a8:61:
         a1:f4:14:e3:69:03:e2:d4:b7:0a:4f:e7:a4:ab:f6:1b:79:4e:
         7e:17:b9:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJFYiCZbpLFHQKwDmK5CHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjhlN2UwMWZhZGE0OWMxYTUyZmExM2YzNjI2YzQxYjQx
YTUxYjgwHhcNMjQwMTAxMDgyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTQxOTU2NWQyM2Q5Y2M2MWQyZjA2ZGMwODhkNjFmMmE3MmExNjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgFL32BBaovP9fHaXlMhUTJNoCDUx
zkU21IbL/7n+XnZj2UPkY/FjlrIxv6ubr1bhPvreF1dfTdYldyt62leP1NQT5J7G
DAfLFA7ZtYw65ApnnMGqKdKyKXUCe8VrinVnmHePrTkiv6ucNuoCTmdlBkl2IkPl
x8F12fxchSnhyC3esoqoQ/MupmjJzCYQHsgIE1+U2eVRCN1btxHAI3Z16wUXDw8I
NdNYMsUVJkciHIjo8mdwpk9Q69N4y3BGOjCHfX/TudDT3zzTJLPDnAhvW0dIwDLH
JtjiyaZEIw2szMgGj2n12XakAqN6Dje4wIb90AbuuV/9hmyWOhhxkkdUYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAFBlWXSPZzGHS8G3AiNYfKnKhYvMB8GA1UdIwQY
MBaAFGIo5+AfraScGlL6E/NibEG0GlG4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUt
NzY3NDE2NTI1MTBkLzEvQVVHVlpkSTluTVlkTHdiY0NJMWg4cWNxRmk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUtNzY3NDE2NTI1MTBk
LzEvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6FRMA0G
CSqGSIb3DQEBCwUAA4IBAQDLuR+2MSg+NKTnsQKwhjSGpM55NLUOKaHYv3xZOx9m
2kklfw3dFxDnqOKeKsFCJEebhCJZAlfHO+XkHrNk56etIVNuZnbAM1rSVLRnLNa0
2S5aGw7XnawnTfnWWKHzeYKSZqFmedSWpg4oHaX6QgmHtqraF94MIMkIzFLkvfx2
S0c6XYs2hgXA5Ty8eW/pXymY7IFYCGzRb9IObDm3THMQqADMzka+P8u2YPZIFyoi
glYPtTigyGEzDEhfB6K9D9Vh2jqk6WItmFOaLy6OP1ncNMLav2k6qyW9ghNSXbsK
4OyhHhSBoc7SqGGh9BTjaQPi1LcKT+ekq/YbeU5+F7mK
-----END CERTIFICATE-----