Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/24c4f6-21ee-4b6b-a945-98f8ccd5db8d/1/g7ud6GuVt_GLZvrocFUtj2nC6qY.roa
File:                     g7ud6GuVt_GLZvrocFUtj2nC6qY.roa (raw, json)
Hash identifier:          NOfRh2/ILJhtHEZxhViyR3OWtQm2Br3txJmogChoXNk=
Subject key identifier:   83:BB:9D:E8:6B:95:B7:F1:8B:66:FA:E8:70:55:2D:8F:69:C2:EA:A6
Certificate issuer:       /CN=1527455ea7fce17cfd0431985258d13e06bfa735
Certificate serial:       018CC801B4B5B6AB34D1BF82F634C6EB1000
Authority key identifier: 15:27:45:5E:A7:FC:E1:7C:FD:04:31:98:52:58:D1:3E:06:BF:A7:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FSdFXqf84Xz9BDGYUljRPga_pzU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/24c4f6-21ee-4b6b-a945-98f8ccd5db8d/1/g7ud6GuVt_GLZvrocFUtj2nC6qY.roa
Signing time:             Tue 02 Jan 2024 02:30:04 +0000
ROA not before:           Tue 02 Jan 2024 02:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.95.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/24c4f6-21ee-4b6b-a945-98f8ccd5db8d/1/FSdFXqf84Xz9BDGYUljRPga_pzU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/24c4f6-21ee-4b6b-a945-98f8ccd5db8d/1/FSdFXqf84Xz9BDGYUljRPga_pzU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FSdFXqf84Xz9BDGYUljRPga_pzU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:b4:b5:b6:ab:34:d1:bf:82:f6:34:c6:eb:10:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1527455ea7fce17cfd0431985258d13e06bfa735
        Validity
            Not Before: Jan  2 02:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83bb9de86b95b7f18b66fae870552d8f69c2eaa6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:81:bc:c0:82:69:43:3f:e4:ec:4b:d1:b1:d4:
                    63:02:2c:25:f3:62:eb:b6:27:65:5a:d7:13:c4:5c:
                    a2:29:7e:1b:35:6e:00:81:35:62:41:85:5a:8f:35:
                    96:c5:bb:a4:d8:cd:95:47:cd:67:32:88:c9:0a:90:
                    ed:db:80:0f:6f:72:d1:ef:a5:89:02:cd:54:25:a0:
                    94:e9:a5:ad:39:64:9a:ba:04:76:67:d7:7d:c2:c2:
                    b2:58:d6:7a:ab:ef:3b:1a:ca:ae:12:43:67:3d:2f:
                    37:d0:9a:91:f9:d1:72:88:83:87:76:f4:1f:48:9c:
                    f1:c5:0f:d5:87:b5:f1:bd:b1:15:ab:4c:dd:84:75:
                    9e:fe:59:89:06:4a:0f:f7:b6:f8:79:aa:a5:1b:f0:
                    8e:f4:8b:3e:82:b3:82:27:60:a0:b3:d8:10:46:0e:
                    fd:97:7f:7c:80:e2:4e:bf:66:27:3b:4f:c1:a0:07:
                    78:4f:02:5f:7b:99:4f:a9:7a:74:f2:e5:02:b5:4e:
                    23:d7:77:5b:26:dc:3e:9e:98:f1:be:f2:3e:8b:08:
                    a8:ac:73:1b:03:2a:48:4b:29:14:2a:ea:d1:64:b4:
                    42:48:53:dc:a4:bc:81:af:65:23:08:c4:5a:ea:41:
                    3b:e6:28:81:96:7e:10:18:12:39:df:05:ae:de:73:
                    e1:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:BB:9D:E8:6B:95:B7:F1:8B:66:FA:E8:70:55:2D:8F:69:C2:EA:A6
            X509v3 Authority Key Identifier:
                keyid:15:27:45:5E:A7:FC:E1:7C:FD:04:31:98:52:58:D1:3E:06:BF:A7:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FSdFXqf84Xz9BDGYUljRPga_pzU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/24c4f6-21ee-4b6b-a945-98f8ccd5db8d/1/g7ud6GuVt_GLZvrocFUtj2nC6qY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/24c4f6-21ee-4b6b-a945-98f8ccd5db8d/1/FSdFXqf84Xz9BDGYUljRPga_pzU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.95.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:20:e7:9b:52:da:88:3e:cb:4a:5b:1e:2f:0f:e0:ed:d2:4c:
         8c:ef:8a:f0:a0:c0:b5:3d:bc:03:04:a1:9d:42:26:4b:24:c1:
         8d:2c:63:fd:80:da:02:54:24:a5:95:27:0d:1e:5d:23:70:d1:
         1e:ba:dd:3d:fa:c0:87:f2:82:e6:ff:bb:45:8a:69:56:ce:83:
         23:97:3c:2a:4a:fa:dd:cd:77:0a:9b:54:a1:ed:d7:27:95:87:
         2e:f3:08:7d:1d:45:38:3a:25:56:00:0a:2f:9c:7a:ed:09:d7:
         c2:5c:b3:5d:af:90:ab:0a:0a:1a:1f:a2:1f:de:95:e6:90:38:
         5d:d3:0c:0a:52:f8:8c:90:c3:57:69:64:95:b3:80:7e:c3:d8:
         6d:97:aa:a6:45:b4:ab:14:51:b2:f7:8b:42:72:3e:63:d1:51:
         f5:bd:f4:d2:73:c1:56:52:80:a2:e1:03:ca:6f:af:f7:bb:aa:
         e8:2d:d0:c8:fa:35:fa:6c:60:aa:f5:b1:04:21:f8:45:78:50:
         28:73:ae:e8:8f:1c:2a:cc:35:e9:e3:94:a1:bd:e5:22:f1:0c:
         b7:21:42:b0:1b:cf:b3:c9:42:8f:67:fb:ad:3b:9f:c9:fa:9b:
         62:be:25:be:6a:d6:03:a4:e7:db:0e:c0:cb:0d:d8:08:8b:4f:
         15:cd:88:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAbS1tqs00b+C9jTG6xAAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1Mjc0NTVlYTdmY2UxN2NmZDA0MzE5ODUyNThkMTNlMDZi
ZmE3MzUwHhcNMjQwMTAyMDIzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2JiOWRlODZiOTViN2YxOGI2NmZhZTg3MDU1MmQ4ZjY5YzJlYWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4G8wIJpQz/k7EvRsdRjAiwl82Lr
tidlWtcTxFyiKX4bNW4AgTViQYVajzWWxbuk2M2VR81nMojJCpDt24APb3LR76WJ
As1UJaCU6aWtOWSaugR2Z9d9wsKyWNZ6q+87GsquEkNnPS830JqR+dFyiIOHdvQf
SJzxxQ/Vh7XxvbEVq0zdhHWe/lmJBkoP97b4eaqlG/CO9Is+grOCJ2Cgs9gQRg79
l398gOJOv2YnO0/BoAd4TwJfe5lPqXp08uUCtU4j13dbJtw+npjxvvI+iwiorHMb
AypISykUKurRZLRCSFPcpLyBr2UjCMRa6kE75iiBln4QGBI53wWu3nPh+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIO7nehrlbfxi2b66HBVLY9pwuqmMB8GA1UdIwQY
MBaAFBUnRV6n/OF8/QQxmFJY0T4Gv6c1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlNkRlhxZjg0WHo5QkRHWVVsalJQZ2FfcHpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy8yNGM0ZjYtMjFlZS00YjZiLWE5NDUt
OThmOGNjZDVkYjhkLzEvZzd1ZDZHdVZ0X0dMWnZyb2NGVXRqMm5DNnFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy8yNGM0ZjYtMjFlZS00YjZiLWE5NDUtOThmOGNjZDVkYjhk
LzEvRlNkRlhxZjg0WHo5QkRHWVVsalJQZ2FfcHpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV+uMA0G
CSqGSIb3DQEBCwUAA4IBAQA/IOebUtqIPstKWx4vD+Dt0kyM74rwoMC1PbwDBKGd
QiZLJMGNLGP9gNoCVCSllScNHl0jcNEeut09+sCH8oLm/7tFimlWzoMjlzwqSvrd
zXcKm1Sh7dcnlYcu8wh9HUU4OiVWAAovnHrtCdfCXLNdr5CrCgoaH6If3pXmkDhd
0wwKUviMkMNXaWSVs4B+w9htl6qmRbSrFFGy94tCcj5j0VH1vfTSc8FWUoCi4QPK
b6/3u6roLdDI+jX6bGCq9bEEIfhFeFAoc67ojxwqzDXp45ShveUi8Qy3IUKwG8+z
yUKPZ/utO5/J+ptiviW+atYDpOfbDsDLDdgIi08VzYiO
-----END CERTIFICATE-----