Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/EXY0W7zjnl4ZnmcpfQbpT9Qaldo.roa
File:                     EXY0W7zjnl4ZnmcpfQbpT9Qaldo.roa (raw, json)
Hash identifier:          UIHuq6LFuPeunIe8Sm8ddLzeDOBsXsv40aWJCMQtPwM=
Subject key identifier:   11:76:34:5B:BC:E3:9E:5E:19:9E:67:29:7D:06:E9:4F:D4:1A:95:DA
Certificate issuer:       /CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
Certificate serial:       018CC4245B5B10061830A936BB61824C48F4
Authority key identifier: 62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/EXY0W7zjnl4ZnmcpfQbpT9Qaldo.roa
Signing time:             Mon 01 Jan 2024 08:29:26 +0000
ROA not before:           Mon 01 Jan 2024 08:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211613
IP address blocks:        95.161.92.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:5b:5b:10:06:18:30:a9:36:bb:61:82:4c:48:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
        Validity
            Not Before: Jan  1 08:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1176345bbce39e5e199e67297d06e94fd41a95da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:4d:2c:0d:3b:ed:75:37:46:e0:f8:18:bf:5c:
                    5c:da:69:ad:6a:04:ee:bf:03:ce:61:88:bb:ae:07:
                    4e:e4:a5:ee:b0:37:75:b2:8a:dc:17:76:fc:83:5d:
                    4c:0c:9c:ce:93:20:33:54:fa:d4:34:c5:98:46:c2:
                    50:ed:bd:95:7e:90:4b:54:a8:b8:c5:72:4e:b1:90:
                    e7:9b:f7:5a:fe:ee:3c:5c:44:02:2d:e0:05:13:86:
                    c8:71:87:a4:b7:c4:b0:85:50:ad:0f:15:c6:9f:aa:
                    03:a3:79:cf:21:d7:e3:ea:57:48:0a:3f:4f:55:9b:
                    d8:57:03:a7:5f:02:67:a5:27:5c:9d:d8:2d:50:ee:
                    6b:5c:4f:13:9e:e2:b9:14:a0:5c:85:93:3f:7a:f4:
                    2f:5f:ab:4a:fd:8e:dd:83:b8:6a:4a:82:ea:a8:8d:
                    1a:31:3a:24:c8:d6:60:f2:c1:70:9b:ba:dc:b6:e5:
                    3f:ec:c2:41:3f:d5:3a:5a:6b:e9:b8:3a:0d:d1:ad:
                    2c:5f:a4:d1:59:3e:fb:06:f2:9e:e6:dc:9e:9e:9d:
                    8a:28:bc:fe:3b:71:a8:44:91:83:ee:01:37:fd:33:
                    9a:f5:c7:f9:8c:c2:a1:78:a6:96:60:bc:61:28:ca:
                    68:ad:8b:04:8a:26:55:4e:c6:72:ce:c6:52:32:f8:
                    c4:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:76:34:5B:BC:E3:9E:5E:19:9E:67:29:7D:06:E9:4F:D4:1A:95:DA
            X509v3 Authority Key Identifier:
                keyid:62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/EXY0W7zjnl4ZnmcpfQbpT9Qaldo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.161.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a5:cc:55:9d:cf:01:09:c1:0f:a5:da:15:8b:19:25:ac:b5:86:
         01:db:62:c4:86:12:a5:8a:67:53:75:ec:66:09:14:fa:51:88:
         65:7d:e6:da:de:9a:0e:47:a9:b8:c1:61:72:b1:9b:d6:74:89:
         12:48:36:bf:09:3c:0e:19:2a:bf:fc:df:ff:6b:5a:d1:e9:da:
         b0:69:d4:70:53:4a:91:ac:26:be:29:49:2f:c3:ea:b6:a7:ee:
         ca:82:96:4f:b8:49:99:c9:c2:46:9a:b0:07:04:5f:d6:fa:75:
         db:92:a6:18:14:e3:a8:4d:39:25:97:d9:c7:fe:e2:68:f4:73:
         b4:71:67:a6:7f:a8:d7:b0:f3:8f:53:29:7f:ba:a1:dd:40:cd:
         a7:7c:41:2a:cb:42:fc:80:4f:d3:5c:d5:c7:2e:bf:ae:a3:19:
         5c:2c:f0:7e:54:fc:af:43:a8:c1:6b:0b:7e:52:ff:f8:68:ba:
         25:36:87:00:98:c4:14:09:b3:21:96:e5:2d:51:99:e8:52:4a:
         a3:4a:a1:f8:e9:db:0a:71:ae:0c:c0:f6:f0:38:99:7a:6f:13:
         03:a2:a9:e8:fa:12:cf:68:64:64:19:b4:dc:6e:eb:ad:ff:0b:
         6a:c0:9e:ed:a6:2b:bf:b3:04:5a:b8:42:7b:8a:25:a2:73:b8:
         3b:40:73:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJFtbEAYYMKk2u2GCTEj0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjhlN2UwMWZhZGE0OWMxYTUyZmExM2YzNjI2YzQxYjQx
YTUxYjgwHhcNMjQwMTAxMDgyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTc2MzQ1YmJjZTM5ZTVlMTk5ZTY3Mjk3ZDA2ZTk0ZmQ0MWE5NWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA200sDTvtdTdG4PgYv1xc2mmtagTu
vwPOYYi7rgdO5KXusDd1sorcF3b8g11MDJzOkyAzVPrUNMWYRsJQ7b2VfpBLVKi4
xXJOsZDnm/da/u48XEQCLeAFE4bIcYekt8SwhVCtDxXGn6oDo3nPIdfj6ldICj9P
VZvYVwOnXwJnpSdcndgtUO5rXE8TnuK5FKBchZM/evQvX6tK/Y7dg7hqSoLqqI0a
MTokyNZg8sFwm7rctuU/7MJBP9U6WmvpuDoN0a0sX6TRWT77BvKe5tyenp2KKLz+
O3GoRJGD7gE3/TOa9cf5jMKheKaWYLxhKMporYsEiiZVTsZyzsZSMvjE4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBF2NFu8455eGZ5nKX0G6U/UGpXaMB8GA1UdIwQY
MBaAFGIo5+AfraScGlL6E/NibEG0GlG4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUt
NzY3NDE2NTI1MTBkLzEvRVhZMFc3empubDRabm1jcGZRYnBUOVFhbGRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUtNzY3NDE2NTI1MTBk
LzEvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBX6FcMA0G
CSqGSIb3DQEBCwUAA4IBAQClzFWdzwEJwQ+l2hWLGSWstYYB22LEhhKlimdTdexm
CRT6UYhlfeba3poOR6m4wWFysZvWdIkSSDa/CTwOGSq//N//a1rR6dqwadRwU0qR
rCa+KUkvw+q2p+7KgpZPuEmZycJGmrAHBF/W+nXbkqYYFOOoTTkll9nH/uJo9HO0
cWemf6jXsPOPUyl/uqHdQM2nfEEqy0L8gE/TXNXHLr+uoxlcLPB+VPyvQ6jBawt+
Uv/4aLolNocAmMQUCbMhluUtUZnoUkqjSqH46dsKca4MwPbwOJl6bxMDoqno+hLP
aGRkGbTcbuut/wtqwJ7tpiu/swRauEJ7iiWic7g7QHN+
-----END CERTIFICATE-----