Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/9a0eb2-e994-4719-a166-5d6dd0ba52cf/1/kR1zvHVVOCJnJbI_VoKEpFHRfSs.roa
File:                     kR1zvHVVOCJnJbI_VoKEpFHRfSs.roa (raw, json)
Hash identifier:          4pm4Ljyf9IDfRPrF198bmqdKyLRDjCE2jqUwpDjV3Ak=
Subject key identifier:   91:1D:73:BC:75:55:38:22:67:25:B2:3F:56:82:84:A4:51:D1:7D:2B
Certificate issuer:       /CN=97cca0952db8aa9fe5e5703c6f189a06a57f4bb1
Certificate serial:       018CC94ADF23490943D5D74AD73EC4291BFC
Authority key identifier: 97:CC:A0:95:2D:B8:AA:9F:E5:E5:70:3C:6F:18:9A:06:A5:7F:4B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l8yglS24qp_l5XA8bxiaBqV_S7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/9a0eb2-e994-4719-a166-5d6dd0ba52cf/1/kR1zvHVVOCJnJbI_VoKEpFHRfSs.roa
Signing time:             Tue 02 Jan 2024 08:29:36 +0000
ROA not before:           Tue 02 Jan 2024 08:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48960
IP address blocks:        95.173.200.0/24 maxlen: 24
                          2a02:a48::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/9a0eb2-e994-4719-a166-5d6dd0ba52cf/1/l8yglS24qp_l5XA8bxiaBqV_S7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/9a0eb2-e994-4719-a166-5d6dd0ba52cf/1/l8yglS24qp_l5XA8bxiaBqV_S7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l8yglS24qp_l5XA8bxiaBqV_S7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:df:23:49:09:43:d5:d7:4a:d7:3e:c4:29:1b:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97cca0952db8aa9fe5e5703c6f189a06a57f4bb1
        Validity
            Not Before: Jan  2 08:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=911d73bc755538226725b23f568284a451d17d2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:49:83:a8:dc:3e:43:10:bc:e4:13:4e:ac:9d:
                    b8:0e:c2:70:c9:13:91:8e:75:f3:d5:ec:d8:14:88:
                    29:65:a0:59:e2:3e:35:55:18:11:f0:86:98:d4:37:
                    2e:c4:f3:23:f8:22:67:7e:af:ad:f1:b4:bc:48:7b:
                    bd:d4:5a:f6:ef:a8:45:b7:cd:d5:ad:59:03:53:ee:
                    a4:52:dc:13:e1:3c:dd:ab:d5:63:ec:f4:eb:c1:03:
                    49:ee:47:ce:d2:e1:f0:99:8c:2e:44:65:2c:a4:2a:
                    45:fc:06:63:b4:b1:65:60:44:a3:4c:67:7c:8b:64:
                    41:12:db:74:dc:86:97:e8:37:04:c7:f8:f1:8f:47:
                    cc:78:58:ef:2d:fe:69:f6:10:c7:07:cd:5f:d6:10:
                    10:d4:a2:1e:13:8c:30:78:c7:e4:03:10:99:fc:69:
                    9b:04:45:2c:e3:1f:b2:46:73:a5:64:fb:5c:1b:2a:
                    08:b3:5e:56:03:b2:31:b1:98:26:af:70:15:65:8d:
                    40:eb:a0:bb:5d:1e:87:e5:66:73:08:f6:8d:6f:0b:
                    84:2d:fb:56:0a:62:c7:f7:52:2e:a8:cb:26:3b:ac:
                    6e:d0:a0:fb:60:00:5c:e3:a0:69:2b:5e:c4:71:a7:
                    b0:71:09:d0:f0:35:14:18:de:61:af:b7:b7:de:13:
                    48:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:1D:73:BC:75:55:38:22:67:25:B2:3F:56:82:84:A4:51:D1:7D:2B
            X509v3 Authority Key Identifier:
                keyid:97:CC:A0:95:2D:B8:AA:9F:E5:E5:70:3C:6F:18:9A:06:A5:7F:4B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l8yglS24qp_l5XA8bxiaBqV_S7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/9a0eb2-e994-4719-a166-5d6dd0ba52cf/1/kR1zvHVVOCJnJbI_VoKEpFHRfSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/9a0eb2-e994-4719-a166-5d6dd0ba52cf/1/l8yglS24qp_l5XA8bxiaBqV_S7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.173.200.0/24
                IPv6:
                  2a02:a48::/32

    Signature Algorithm: sha256WithRSAEncryption
         00:a5:dd:51:d0:ef:42:4a:44:36:7a:f4:5c:62:94:30:01:20:
         79:3b:29:10:d7:ac:76:f4:31:ae:d3:7c:a8:c6:b3:0a:72:0b:
         29:da:38:5d:32:fa:75:72:46:51:a8:f7:77:92:eb:9e:36:ae:
         65:f5:86:24:40:c8:ed:b7:90:60:37:6e:ee:22:5e:10:e1:a4:
         83:33:64:05:e8:77:93:69:3a:62:e5:4c:c3:5a:40:65:d8:65:
         0d:34:c3:a0:48:41:6c:ed:e8:76:0e:eb:df:e8:88:63:b3:5c:
         c9:2f:f5:01:3c:e3:16:67:d2:ef:f6:9b:c9:1f:c5:dc:3f:ef:
         e1:1e:4f:e8:11:11:3a:81:0d:f0:1d:84:6b:26:4e:33:09:cc:
         e3:57:52:ae:a0:ef:21:a0:2b:bb:3e:fc:7a:0d:9f:87:4c:9e:
         53:3a:90:83:6d:35:44:e4:5f:4b:39:37:0f:d5:f8:60:7a:b0:
         c8:74:87:88:5d:c8:84:8e:dd:ac:48:d6:ce:82:49:38:68:ae:
         d6:b6:e6:fc:0d:70:32:9a:f5:01:3b:79:2b:95:27:bb:c9:4a:
         f9:d1:f9:99:19:67:2e:aa:8c:0c:63:0c:4f:a8:d4:5e:ea:e6:
         84:21:51:3e:7e:fe:d7:6b:0e:dc:f0:96:3e:98:1d:97:47:d9:
         2f:07:82:d1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJSt8jSQlD1ddK1z7EKRv8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3Y2NhMDk1MmRiOGFhOWZlNWU1NzAzYzZmMTg5YTA2YTU3
ZjRiYjEwHhcNMjQwMTAyMDgyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTFkNzNiYzc1NTUzODIyNjcyNWIyM2Y1NjgyODRhNDUxZDE3ZDJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAokmDqNw+QxC85BNOrJ24DsJwyROR
jnXz1ezYFIgpZaBZ4j41VRgR8IaY1DcuxPMj+CJnfq+t8bS8SHu91Fr276hFt83V
rVkDU+6kUtwT4Tzdq9Vj7PTrwQNJ7kfO0uHwmYwuRGUspCpF/AZjtLFlYESjTGd8
i2RBEtt03IaX6DcEx/jxj0fMeFjvLf5p9hDHB81f1hAQ1KIeE4wweMfkAxCZ/Gmb
BEUs4x+yRnOlZPtcGyoIs15WA7IxsZgmr3AVZY1A66C7XR6H5WZzCPaNbwuELftW
CmLH91IuqMsmO6xu0KD7YABc46BpK17EcaewcQnQ8DUUGN5hr7e33hNI/wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJEdc7x1VTgiZyWyP1aChKRR0X0rMB8GA1UdIwQY
MBaAFJfMoJUtuKqf5eVwPG8Ymgalf0uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDh5Z2xTMjRxcF9sNVhBOGJ4aWFCcVZfUzdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy85YTBlYjItZTk5NC00NzE5LWExNjYt
NWQ2ZGQwYmE1MmNmLzEva1IxenZIVlZPQ0puSmJJX1ZvS0VwRkhSZlNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy85YTBlYjItZTk5NC00NzE5LWExNjYtNWQ2ZGQwYmE1MmNm
LzEvbDh5Z2xTMjRxcF9sNVhBOGJ4aWFCcVZfUzdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAX63IMA0E
AgACMAcDBQAqAgpIMA0GCSqGSIb3DQEBCwUAA4IBAQAApd1R0O9CSkQ2evRcYpQw
ASB5OykQ16x29DGu03yoxrMKcgsp2jhdMvp1ckZRqPd3kuueNq5l9YYkQMjtt5Bg
N27uIl4Q4aSDM2QF6HeTaTpi5UzDWkBl2GUNNMOgSEFs7eh2Duvf6Ihjs1zJL/UB
POMWZ9Lv9pvJH8XcP+/hHk/oERE6gQ3wHYRrJk4zCczjV1KuoO8hoCu7Pvx6DZ+H
TJ5TOpCDbTVE5F9LOTcP1fhgerDIdIeIXciEjt2sSNbOgkk4aK7Wtub8DXAymvUB
O3krlSe7yUr50fmZGWcuqowMYwxPqNRe6uaEIVE+fv7Xaw7c8JY+mB2XR9kvB4LR
-----END CERTIFICATE-----