Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/0dd4cb-1f72-40ed-a657-1c22eff72818/1/CjNRfnrOimFS9NKBh9O05bxrim4.roa
File:                     CjNRfnrOimFS9NKBh9O05bxrim4.roa (raw, json)
Hash identifier:          fGvtW9XFp/jI8ExSwmna6RGMboyu+ANyF725U16md9A=
Subject key identifier:   0A:33:51:7E:7A:CE:8A:61:52:F4:D2:81:87:D3:B4:E5:BC:6B:8A:6E
Certificate issuer:       /CN=99fee7cbd8e78d1f14a453a04b916f7c1581d204
Certificate serial:       018F28BD90CFEBD52FE16812ED1A41B81D4B
Authority key identifier: 99:FE:E7:CB:D8:E7:8D:1F:14:A4:53:A0:4B:91:6F:7C:15:81:D2:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mf7ny9jnjR8UpFOgS5FvfBWB0gQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/0dd4cb-1f72-40ed-a657-1c22eff72818/1/CjNRfnrOimFS9NKBh9O05bxrim4.roa
Signing time:             Mon 29 Apr 2024 07:24:23 +0000
ROA not before:           Mon 29 Apr 2024 07:24:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        45.95.114.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/0dd4cb-1f72-40ed-a657-1c22eff72818/1/mf7ny9jnjR8UpFOgS5FvfBWB0gQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/0dd4cb-1f72-40ed-a657-1c22eff72818/1/mf7ny9jnjR8UpFOgS5FvfBWB0gQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mf7ny9jnjR8UpFOgS5FvfBWB0gQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:28:bd:90:cf:eb:d5:2f:e1:68:12:ed:1a:41:b8:1d:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99fee7cbd8e78d1f14a453a04b916f7c1581d204
        Validity
            Not Before: Apr 29 07:24:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a33517e7ace8a6152f4d28187d3b4e5bc6b8a6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:e6:f0:29:b2:e2:c7:c6:30:97:37:4e:38:5d:
                    da:e6:bc:13:32:ca:9c:6a:d5:30:19:2c:36:ff:09:
                    91:03:c3:99:e4:66:b1:30:19:32:78:94:7f:7d:dc:
                    c5:d6:2e:a5:e3:11:0d:a2:62:00:f5:76:c4:81:11:
                    0b:c9:46:0e:e2:36:d4:aa:82:ab:77:ba:21:2e:de:
                    9c:a8:f7:34:67:09:36:67:4a:dd:aa:8f:a4:4d:2c:
                    a6:3f:ae:32:68:f8:89:f0:a0:f0:62:b0:9a:aa:70:
                    9f:33:f5:e2:0d:2f:73:11:d5:87:6e:91:55:6f:e4:
                    94:a0:de:b7:d3:ed:76:d7:fd:6a:66:12:43:dc:a4:
                    ad:a9:ce:de:0c:56:fb:36:77:4d:1c:d5:1f:60:85:
                    4e:63:ed:ce:51:0d:d7:f3:6e:3a:44:37:a3:7b:de:
                    87:71:30:54:1c:5f:19:37:70:4f:59:35:f4:e7:66:
                    31:8d:c1:6f:ec:6e:c7:dd:2e:8b:e3:ff:42:28:2a:
                    4f:61:78:51:9f:f5:99:91:77:ba:66:6c:1e:fa:96:
                    18:fe:d5:ed:a4:0f:10:56:db:1a:1c:20:74:ac:c3:
                    a6:08:d9:f7:f0:0a:77:54:91:d7:dc:20:ca:37:a0:
                    79:ae:17:14:3d:79:10:32:f4:fb:10:50:6d:b5:38:
                    86:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:33:51:7E:7A:CE:8A:61:52:F4:D2:81:87:D3:B4:E5:BC:6B:8A:6E
            X509v3 Authority Key Identifier:
                keyid:99:FE:E7:CB:D8:E7:8D:1F:14:A4:53:A0:4B:91:6F:7C:15:81:D2:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mf7ny9jnjR8UpFOgS5FvfBWB0gQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/0dd4cb-1f72-40ed-a657-1c22eff72818/1/CjNRfnrOimFS9NKBh9O05bxrim4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/0dd4cb-1f72-40ed-a657-1c22eff72818/1/mf7ny9jnjR8UpFOgS5FvfBWB0gQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d2:3c:eb:d2:77:24:a7:4b:72:02:34:fb:46:d0:8c:f5:d1:c3:
         46:d2:1e:e1:db:40:5c:42:ab:03:81:79:e6:11:a5:a6:fa:30:
         3b:fc:d4:ea:10:39:15:ab:13:47:22:a6:3a:be:5d:8a:ec:d9:
         07:60:7d:fd:4f:3c:2a:c4:59:11:6a:85:7c:43:5f:f2:c3:73:
         35:a7:47:f0:bc:e7:1f:39:e4:ba:ca:29:b5:3a:23:da:e9:d4:
         43:8c:8e:75:2a:6e:41:1f:61:c8:4d:62:b6:22:c9:ae:ed:98:
         c9:8c:ac:55:f3:eb:4b:1c:6f:85:d9:52:99:af:e1:20:0b:86:
         92:80:51:72:ab:15:be:3e:5f:56:20:da:d2:76:d7:b3:3e:cb:
         cb:27:4e:29:1f:ea:29:1e:01:44:56:0b:81:08:0b:2b:09:cd:
         b7:e1:fa:2f:d1:cd:c3:98:93:c4:18:d9:5b:72:6e:d1:1b:2e:
         9a:04:48:26:93:a5:24:c1:e4:94:00:d4:14:a3:41:03:99:80:
         2e:78:61:f8:9c:53:d8:46:ed:ff:0d:3b:f7:b7:35:d8:23:3c:
         10:a8:c7:25:44:e8:df:92:73:7b:d0:e2:b8:ae:6c:4a:82:50:
         26:18:e9:e6:c4:32:90:6b:35:c8:fc:ad:5a:65:e7:40:07:9a:
         fa:75:57:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8ovZDP69Uv4WgS7RpBuB1LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5ZmVlN2NiZDhlNzhkMWYxNGE0NTNhMDRiOTE2ZjdjMTU4
MWQyMDQwHhcNMjQwNDI5MDcyNDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTMzNTE3ZTdhY2U4YTYxNTJmNGQyODE4N2QzYjRlNWJjNmI4YTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+bwKbLix8YwlzdOOF3a5rwTMsqc
atUwGSw2/wmRA8OZ5GaxMBkyeJR/fdzF1i6l4xENomIA9XbEgRELyUYO4jbUqoKr
d7ohLt6cqPc0Zwk2Z0rdqo+kTSymP64yaPiJ8KDwYrCaqnCfM/XiDS9zEdWHbpFV
b+SUoN630+121/1qZhJD3KStqc7eDFb7NndNHNUfYIVOY+3OUQ3X8246RDeje96H
cTBUHF8ZN3BPWTX052YxjcFv7G7H3S6L4/9CKCpPYXhRn/WZkXe6Zmwe+pYY/tXt
pA8QVtsaHCB0rMOmCNn38Ap3VJHX3CDKN6B5rhcUPXkQMvT7EFBttTiGeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAozUX56zophUvTSgYfTtOW8a4puMB8GA1UdIwQY
MBaAFJn+58vY540fFKRToEuRb3wVgdIEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWY3bnk5am5qUjhVcEZPZ1M1RnZmQldCMGdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8wZGQ0Y2ItMWY3Mi00MGVkLWE2NTct
MWMyMmVmZjcyODE4LzEvQ2pOUmZuck9pbUZTOU5LQmg5TzA1YnhyaW00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8wZGQ0Y2ItMWY3Mi00MGVkLWE2NTctMWMyMmVmZjcyODE4
LzEvbWY3bnk5am5qUjhVcEZPZ1M1RnZmQldCMGdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV9yMA0G
CSqGSIb3DQEBCwUAA4IBAQDSPOvSdySnS3ICNPtG0Iz10cNG0h7h20BcQqsDgXnm
EaWm+jA7/NTqEDkVqxNHIqY6vl2K7NkHYH39TzwqxFkRaoV8Q1/yw3M1p0fwvOcf
OeS6yim1OiPa6dRDjI51Km5BH2HITWK2Ismu7ZjJjKxV8+tLHG+F2VKZr+EgC4aS
gFFyqxW+Pl9WINrSdtezPsvLJ04pH+opHgFEVguBCAsrCc234fov0c3DmJPEGNlb
cm7RGy6aBEgmk6UkweSUANQUo0EDmYAueGH4nFPYRu3/DTv3tzXYIzwQqMclROjf
knN70OK4rmxKglAmGOnmxDKQazXI/K1aZedAB5r6dVfb
-----END CERTIFICATE-----