Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/D77XlTSIxk6jgX8HNtooIFy0wkI.roa
File:                     D77XlTSIxk6jgX8HNtooIFy0wkI.roa (raw, json)
Hash identifier:          aaiWwe5wte4hCQLQoE1dap4hYcxhJi7uz82S/baqZZQ=
Subject key identifier:   0F:BE:D7:95:34:88:C6:4E:A3:81:7F:07:36:DA:28:20:5C:B4:C2:42
Certificate issuer:       /CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
Certificate serial:       018CC4245BAB16A53215AE0F4373142A9DB0
Authority key identifier: 62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/D77XlTSIxk6jgX8HNtooIFy0wkI.roa
Signing time:             Mon 01 Jan 2024 08:29:26 +0000
ROA not before:           Mon 01 Jan 2024 08:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212566
IP address blocks:        95.161.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 10:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:5b:ab:16:a5:32:15:ae:0f:43:73:14:2a:9d:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
        Validity
            Not Before: Jan  1 08:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0fbed7953488c64ea3817f0736da28205cb4c242
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:0e:24:e2:ca:d3:31:ed:cb:6c:05:32:ef:de:
                    d8:4e:01:07:e6:b2:5a:8d:f3:9a:91:8a:83:42:17:
                    8b:a1:39:29:ee:9d:a4:ac:54:18:af:e5:f1:08:0e:
                    81:58:2c:37:df:11:a7:98:80:7c:bd:e6:e6:e4:68:
                    5d:64:6b:87:8e:a7:1c:4f:e8:cf:20:cd:03:9e:36:
                    55:ac:69:78:0b:9f:4d:62:b3:bb:a6:9c:33:4b:3c:
                    1b:21:68:cd:3b:2b:28:a6:30:fc:7f:1a:22:77:5d:
                    6f:19:9a:0d:4f:6d:93:4b:8c:3b:9c:49:1d:d9:93:
                    ca:f6:b7:fd:2d:2f:43:a0:df:7e:c6:5a:f9:8a:47:
                    22:38:98:b2:38:6b:20:a6:ff:54:a8:54:53:ff:33:
                    31:2d:34:f1:b9:f8:4d:f5:10:6b:90:e0:17:41:f2:
                    1c:fd:92:18:06:fc:04:ff:16:aa:16:e8:80:99:d8:
                    3e:40:c1:1e:50:6d:d3:0c:b5:6b:d5:f4:22:5f:6a:
                    f6:2d:50:14:ff:7f:12:e9:7e:f1:17:92:1b:bc:f1:
                    b7:1a:c5:f9:52:76:1d:8b:34:21:a4:82:53:75:af:
                    4b:fb:92:a5:f9:b7:e4:39:95:11:9b:c2:61:b2:d1:
                    76:d3:56:79:17:5c:56:28:b7:8e:45:d3:71:a9:e9:
                    e9:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:BE:D7:95:34:88:C6:4E:A3:81:7F:07:36:DA:28:20:5C:B4:C2:42
            X509v3 Authority Key Identifier:
                keyid:62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/D77XlTSIxk6jgX8HNtooIFy0wkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.161.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:fa:8b:d2:cc:9d:84:d6:03:5d:d4:a1:d8:0c:59:78:58:b7:
         4c:7c:a4:db:3b:28:26:f4:2c:38:50:e1:55:b6:ba:95:0a:7f:
         c5:3e:7a:4d:bf:cb:c1:dd:9b:d3:b1:85:60:04:f2:14:9b:c2:
         76:25:0c:75:58:54:dc:b5:dc:9d:e7:d3:f6:04:ea:54:4d:f2:
         5a:9f:ea:8a:9b:60:bb:68:de:9a:30:b1:38:20:3c:b0:7c:10:
         b4:f1:f1:9a:dc:23:92:dd:5b:0b:c9:95:ce:15:3b:e9:e8:20:
         ce:8e:fc:58:b1:93:af:e0:96:cf:95:3e:94:d8:7c:f5:26:d9:
         b4:42:c3:83:c5:d2:ff:81:bd:ce:a9:48:c7:12:3b:7e:db:96:
         fe:d4:4c:8f:3f:99:6a:04:8c:d5:18:51:7a:7a:92:4f:e6:de:
         ec:2b:63:97:f1:33:00:08:56:fd:fc:ce:e8:f4:dc:33:b7:f6:
         11:91:a6:74:17:7e:3f:8a:29:31:69:d6:87:20:21:24:d3:86:
         49:f8:ea:c6:c0:7e:ee:e6:94:69:0d:53:f4:2f:f5:74:00:f4:
         d4:7a:5c:2f:70:a3:6b:35:85:5a:26:09:26:05:d1:ed:28:9a:
         04:f0:8f:43:8a:8d:3e:37:3a:fe:58:8d:99:87:4a:82:1c:fd:
         2c:3a:4c:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJFurFqUyFa4PQ3MUKp2wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjhlN2UwMWZhZGE0OWMxYTUyZmExM2YzNjI2YzQxYjQx
YTUxYjgwHhcNMjQwMTAxMDgyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmJlZDc5NTM0ODhjNjRlYTM4MTdmMDczNmRhMjgyMDVjYjRjMjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjg4k4srTMe3LbAUy797YTgEH5rJa
jfOakYqDQheLoTkp7p2krFQYr+XxCA6BWCw33xGnmIB8vebm5GhdZGuHjqccT+jP
IM0DnjZVrGl4C59NYrO7ppwzSzwbIWjNOysopjD8fxoid11vGZoNT22TS4w7nEkd
2ZPK9rf9LS9DoN9+xlr5ikciOJiyOGsgpv9UqFRT/zMxLTTxufhN9RBrkOAXQfIc
/ZIYBvwE/xaqFuiAmdg+QMEeUG3TDLVr1fQiX2r2LVAU/38S6X7xF5IbvPG3GsX5
UnYdizQhpIJTda9L+5Kl+bfkOZURm8JhstF201Z5F1xWKLeORdNxqenpZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA++15U0iMZOo4F/BzbaKCBctMJCMB8GA1UdIwQY
MBaAFGIo5+AfraScGlL6E/NibEG0GlG4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUt
NzY3NDE2NTI1MTBkLzEvRDc3WGxUU0l4azZqZ1g4SE50b29JRnkwd2tJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUtNzY3NDE2NTI1MTBk
LzEvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6FTMA0G
CSqGSIb3DQEBCwUAA4IBAQAc+ovSzJ2E1gNd1KHYDFl4WLdMfKTbOygm9Cw4UOFV
trqVCn/FPnpNv8vB3ZvTsYVgBPIUm8J2JQx1WFTctdyd59P2BOpUTfJan+qKm2C7
aN6aMLE4IDywfBC08fGa3COS3VsLyZXOFTvp6CDOjvxYsZOv4JbPlT6U2Hz1Jtm0
QsODxdL/gb3OqUjHEjt+25b+1EyPP5lqBIzVGFF6epJP5t7sK2OX8TMACFb9/M7o
9Nwzt/YRkaZ0F34/iikxadaHICEk04ZJ+OrGwH7u5pRpDVP0L/V0APTUelwvcKNr
NYVaJgkmBdHtKJoE8I9Dio0+Nzr+WI2Zh0qCHP0sOkyq
-----END CERTIFICATE-----