Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/3f133f-1c81-4a4b-a255-3e3646591aa0/1/9fqxxzfT7xnlLKQkGMOh4sYXs6c.roa
File:                     9fqxxzfT7xnlLKQkGMOh4sYXs6c.roa (raw, json)
Hash identifier:          jpzZ57ZTqptFND0dLUND3ZT28y2mItoT9DbmISDM5Mw=
Subject key identifier:   F5:FA:B1:C7:37:D3:EF:19:E5:2C:A4:24:18:C3:A1:E2:C6:17:B3:A7
Certificate issuer:       /CN=864abd435f899d570a8e5fb83bdad1153455dee0
Certificate serial:       018CC794926AA9D1B253F9417A8E883FE79D
Authority key identifier: 86:4A:BD:43:5F:89:9D:57:0A:8E:5F:B8:3B:DA:D1:15:34:55:DE:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hkq9Q1-JnVcKjl-4O9rRFTRV3uA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/3f133f-1c81-4a4b-a255-3e3646591aa0/1/9fqxxzfT7xnlLKQkGMOh4sYXs6c.roa
Signing time:             Tue 02 Jan 2024 00:30:51 +0000
ROA not before:           Tue 02 Jan 2024 00:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62372
IP address blocks:        95.87.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/3f133f-1c81-4a4b-a255-3e3646591aa0/1/hkq9Q1-JnVcKjl-4O9rRFTRV3uA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/3f133f-1c81-4a4b-a255-3e3646591aa0/1/hkq9Q1-JnVcKjl-4O9rRFTRV3uA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hkq9Q1-JnVcKjl-4O9rRFTRV3uA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 06:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:92:6a:a9:d1:b2:53:f9:41:7a:8e:88:3f:e7:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=864abd435f899d570a8e5fb83bdad1153455dee0
        Validity
            Not Before: Jan  2 00:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5fab1c737d3ef19e52ca42418c3a1e2c617b3a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:6b:7e:b5:c8:e7:7b:e9:4a:0f:78:0f:53:81:
                    c6:10:35:27:b9:05:fa:81:13:bf:d3:f7:90:89:4d:
                    2e:02:26:6a:83:12:86:3b:1d:aa:d3:4b:6c:c1:50:
                    31:68:4a:2c:84:e6:06:4a:58:6d:71:99:5a:4b:9f:
                    93:74:31:19:c0:5a:94:9d:49:6f:26:bd:bb:5e:b8:
                    c0:5d:c4:7a:6e:4e:3d:1f:06:06:1a:7f:cb:46:79:
                    9f:17:a2:ba:36:a5:df:8e:d8:d8:3c:7b:b2:68:e5:
                    48:0c:cc:fa:6e:28:2d:14:47:93:62:5f:30:ea:f5:
                    e2:28:5e:15:d9:c4:6a:9a:52:0e:b8:53:27:7b:72:
                    22:35:37:70:b1:2c:6a:d5:89:af:17:5f:0e:f9:22:
                    df:78:1f:24:5a:da:b4:ce:58:42:32:9f:e8:72:b3:
                    83:6b:46:cc:24:f6:24:b7:99:7f:e5:ac:a0:67:5a:
                    4e:51:87:b9:61:e5:ed:59:98:5c:41:9b:08:52:02:
                    6c:92:b8:73:a5:5d:f8:f9:b8:06:c7:32:c5:6e:89:
                    71:81:b1:36:8f:89:32:32:66:3b:ff:f6:46:c5:82:
                    59:fd:23:3e:ba:86:90:b9:04:d2:23:17:05:72:16:
                    6e:3c:1a:f6:4b:f4:a6:01:54:79:6b:2d:80:9f:dd:
                    36:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:FA:B1:C7:37:D3:EF:19:E5:2C:A4:24:18:C3:A1:E2:C6:17:B3:A7
            X509v3 Authority Key Identifier:
                keyid:86:4A:BD:43:5F:89:9D:57:0A:8E:5F:B8:3B:DA:D1:15:34:55:DE:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hkq9Q1-JnVcKjl-4O9rRFTRV3uA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/3f133f-1c81-4a4b-a255-3e3646591aa0/1/9fqxxzfT7xnlLKQkGMOh4sYXs6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/3f133f-1c81-4a4b-a255-3e3646591aa0/1/hkq9Q1-JnVcKjl-4O9rRFTRV3uA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.87.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:ce:f2:ce:78:f9:e8:32:d4:1d:58:82:f5:50:fd:06:95:28:
         20:84:35:0c:6f:64:b0:a4:70:15:7c:7b:9d:e7:c3:5f:41:92:
         55:9b:df:7e:bd:a7:e5:bd:a8:e8:c9:3a:73:b6:ec:4c:7f:f0:
         21:23:ef:32:56:30:53:ad:b8:0f:7d:2d:cf:30:0e:b5:05:af:
         03:53:ba:34:a6:34:ea:4a:8c:b3:05:11:40:2d:b4:61:85:99:
         b0:0d:5a:e9:c8:25:52:c0:e5:89:1d:5e:e2:c2:66:4d:26:f2:
         fc:b9:75:08:52:10:2d:76:f0:47:7c:34:16:8b:3e:93:c8:a9:
         79:8a:18:72:05:93:22:ef:55:42:e1:fb:1f:b1:5c:03:6f:a3:
         50:77:91:a9:dc:cf:07:71:59:d3:ca:5a:a6:b7:f2:20:b7:07:
         9d:0c:e3:21:04:89:1e:dd:ad:60:6c:da:51:0c:cf:1a:d7:03:
         3e:fd:74:d8:6f:a7:ca:32:88:9f:d3:2b:b4:a1:9a:d0:70:1b:
         55:6e:7c:ed:6c:33:a2:75:6c:aa:5a:20:7e:93:4c:c9:9f:ce:
         aa:41:91:45:0b:d3:5e:44:2a:0b:10:ff:16:92:f3:c4:6c:67:
         ad:7c:c3:a9:63:92:7a:e0:03:71:6d:44:75:60:65:2d:50:d7:
         5e:2a:eb:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlJJqqdGyU/lBeo6IP+edMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2NGFiZDQzNWY4OTlkNTcwYThlNWZiODNiZGFkMTE1MzQ1
NWRlZTAwHhcNMjQwMTAyMDAzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWZhYjFjNzM3ZDNlZjE5ZTUyY2E0MjQxOGMzYTFlMmM2MTdiM2E3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiWt+tcjne+lKD3gPU4HGEDUnuQX6
gRO/0/eQiU0uAiZqgxKGOx2q00tswVAxaEoshOYGSlhtcZlaS5+TdDEZwFqUnUlv
Jr27XrjAXcR6bk49HwYGGn/LRnmfF6K6NqXfjtjYPHuyaOVIDMz6bigtFEeTYl8w
6vXiKF4V2cRqmlIOuFMne3IiNTdwsSxq1YmvF18O+SLfeB8kWtq0zlhCMp/ocrOD
a0bMJPYkt5l/5aygZ1pOUYe5YeXtWZhcQZsIUgJskrhzpV34+bgGxzLFbolxgbE2
j4kyMmY7//ZGxYJZ/SM+uoaQuQTSIxcFchZuPBr2S/SmAVR5ay2An902hwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPX6scc30+8Z5SykJBjDoeLGF7OnMB8GA1UdIwQY
MBaAFIZKvUNfiZ1XCo5fuDva0RU0Vd7gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGtxOVExLUpuVmNLamwtNE85clJGVFJWM3VBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS8zZjEzM2YtMWM4MS00YTRiLWEyNTUt
M2UzNjQ2NTkxYWEwLzEvOWZxeHh6ZlQ3eG5sTEtRa0dNT2g0c1lYczZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS8zZjEzM2YtMWM4MS00YTRiLWEyNTUtM2UzNjQ2NTkxYWEw
LzEvaGtxOVExLUpuVmNLamwtNE85clJGVFJWM3VBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX1cBMA0G
CSqGSIb3DQEBCwUAA4IBAQBSzvLOePnoMtQdWIL1UP0GlSgghDUMb2SwpHAVfHud
58NfQZJVm99+vaflvajoyTpztuxMf/AhI+8yVjBTrbgPfS3PMA61Ba8DU7o0pjTq
SoyzBRFALbRhhZmwDVrpyCVSwOWJHV7iwmZNJvL8uXUIUhAtdvBHfDQWiz6TyKl5
ihhyBZMi71VC4fsfsVwDb6NQd5Gp3M8HcVnTylqmt/IgtwedDOMhBIke3a1gbNpR
DM8a1wM+/XTYb6fKMoif0yu0oZrQcBtVbnztbDOidWyqWiB+k0zJn86qQZFFC9Ne
RCoLEP8WkvPEbGetfMOpY5J64ANxbUR1YGUtUNdeKuuq
-----END CERTIFICATE-----