Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/ccfa17-30f5-451a-8e29-6cca66fd3c99/1/AYPoypTkH57UiHH4hVS80pzMy0o.roa
File:                     AYPoypTkH57UiHH4hVS80pzMy0o.roa (raw, json)
Hash identifier:          VvPmbrHkmciiesdi9jFE8wM5Lkm7gyQpsFXWZlDJ1Bo=
Subject key identifier:   01:83:E8:CA:94:E4:1F:9E:D4:88:71:F8:85:54:BC:D2:9C:CC:CB:4A
Certificate issuer:       /CN=ffde817beae4c0a2d57f7fc3f08c627d56540e7e
Certificate serial:       018D32DA1CFF471BAE2348AC3599A21710A3
Authority key identifier: FF:DE:81:7B:EA:E4:C0:A2:D5:7F:7F:C3:F0:8C:62:7D:56:54:0E:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_96Be-rkwKLVf3_D8IxifVZUDn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/ccfa17-30f5-451a-8e29-6cca66fd3c99/1/AYPoypTkH57UiHH4hVS80pzMy0o.roa
Signing time:             Mon 22 Jan 2024 20:26:11 +0000
ROA not before:           Mon 22 Jan 2024 20:26:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201856
IP address blocks:        95.141.254.0/24 maxlen: 24
                          2a13:4d80::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/ccfa17-30f5-451a-8e29-6cca66fd3c99/1/_96Be-rkwKLVf3_D8IxifVZUDn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/ccfa17-30f5-451a-8e29-6cca66fd3c99/1/_96Be-rkwKLVf3_D8IxifVZUDn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_96Be-rkwKLVf3_D8IxifVZUDn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 17:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:32:da:1c:ff:47:1b:ae:23:48:ac:35:99:a2:17:10:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffde817beae4c0a2d57f7fc3f08c627d56540e7e
        Validity
            Not Before: Jan 22 20:26:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0183e8ca94e41f9ed48871f88554bcd29ccccb4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:fb:09:8c:bb:6d:fb:55:e1:04:b7:87:c0:43:
                    35:1c:5b:e9:26:d2:b9:1d:94:6b:86:34:4f:6e:d6:
                    ae:38:ec:43:57:ba:87:ca:f3:29:02:bf:32:95:05:
                    cc:0c:73:aa:80:6b:5e:b9:a4:16:5e:87:09:11:e1:
                    e9:ee:de:89:99:82:e4:2d:29:e2:54:ea:c0:a3:96:
                    49:99:a0:e8:26:98:f2:e9:9a:58:f2:65:ee:30:fc:
                    7b:67:bc:3c:08:55:25:a2:7c:80:0f:2b:1a:9c:4f:
                    99:7f:4a:5e:c9:99:ec:a1:a1:26:d9:f3:41:ee:12:
                    73:91:eb:83:a8:43:ae:2c:cb:ab:a9:b7:7e:de:0f:
                    e5:ba:63:a4:d9:78:de:3b:e3:40:a0:6a:56:f4:78:
                    5e:2d:6d:e4:a4:43:19:84:f8:e9:6c:55:98:df:30:
                    11:bc:f2:78:fc:e8:f6:b4:0f:4d:13:2d:67:75:f7:
                    aa:c9:5b:d4:db:cd:75:54:0a:87:6a:50:23:31:3d:
                    9d:17:e0:ab:d5:cb:ab:a7:74:a0:af:80:f9:05:89:
                    27:e4:74:8b:4c:ee:35:27:41:60:48:9d:49:82:37:
                    95:ab:61:05:3d:96:a1:56:a3:80:c0:79:d5:ad:a9:
                    34:72:fd:69:98:da:3d:0e:c3:3e:90:5e:f1:54:d4:
                    6e:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:83:E8:CA:94:E4:1F:9E:D4:88:71:F8:85:54:BC:D2:9C:CC:CB:4A
            X509v3 Authority Key Identifier:
                keyid:FF:DE:81:7B:EA:E4:C0:A2:D5:7F:7F:C3:F0:8C:62:7D:56:54:0E:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_96Be-rkwKLVf3_D8IxifVZUDn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/ccfa17-30f5-451a-8e29-6cca66fd3c99/1/AYPoypTkH57UiHH4hVS80pzMy0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/ccfa17-30f5-451a-8e29-6cca66fd3c99/1/_96Be-rkwKLVf3_D8IxifVZUDn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.141.254.0/24
                IPv6:
                  2a13:4d80::/32

    Signature Algorithm: sha256WithRSAEncryption
         a3:0a:c6:e7:52:d9:26:43:a3:9e:96:f5:e9:86:f2:c8:3d:25:
         74:1d:72:60:53:b9:da:4f:97:92:2b:0a:c5:aa:b6:35:06:6f:
         34:50:7a:23:5c:70:0e:92:71:cd:12:07:99:9e:ac:9e:b1:d4:
         3d:20:96:de:6d:d4:de:17:11:ef:07:6e:9d:79:87:61:de:33:
         d3:ab:00:cf:af:e9:94:f9:65:46:ab:6a:34:14:a7:24:0f:3c:
         8d:26:3c:8b:31:de:74:19:90:1f:d7:06:65:1e:9d:9d:c4:99:
         8c:76:11:96:1f:db:db:7d:3b:7a:ac:40:bc:ae:01:8a:79:e2:
         f7:4a:d4:12:65:12:0d:58:2b:b9:89:c3:90:96:16:ad:46:34:
         44:92:ff:e8:b3:a4:62:be:08:d0:8f:51:da:ca:92:be:e7:f4:
         85:6b:4e:92:6a:f1:fa:e6:14:75:34:74:6d:bd:18:23:9e:1b:
         57:55:be:aa:31:50:74:d5:b5:eb:9f:8a:01:5c:6b:87:6f:18:
         1d:05:e6:f6:d4:12:a7:60:b8:53:eb:e9:b7:d2:ca:00:08:95:
         11:ed:1b:37:00:47:f1:1a:77:49:f3:cd:d6:bf:af:7a:a4:63:
         b6:35:41:4e:63:30:ef:71:de:19:4b:8c:38:bd:03:33:cf:ae:
         82:40:b3:1d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY0y2hz/RxuuI0isNZmiFxCjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmZGU4MTdiZWFlNGMwYTJkNTdmN2ZjM2YwOGM2MjdkNTY1
NDBlN2UwHhcNMjQwMTIyMjAyNjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTgzZThjYTk0ZTQxZjllZDQ4ODcxZjg4NTU0YmNkMjljY2NjYjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvsJjLtt+1XhBLeHwEM1HFvpJtK5
HZRrhjRPbtauOOxDV7qHyvMpAr8ylQXMDHOqgGteuaQWXocJEeHp7t6JmYLkLSni
VOrAo5ZJmaDoJpjy6ZpY8mXuMPx7Z7w8CFUlonyADysanE+Zf0peyZnsoaEm2fNB
7hJzkeuDqEOuLMurqbd+3g/lumOk2XjeO+NAoGpW9HheLW3kpEMZhPjpbFWY3zAR
vPJ4/Oj2tA9NEy1ndfeqyVvU2811VAqHalAjMT2dF+Cr1curp3Sgr4D5BYkn5HSL
TO41J0FgSJ1JgjeVq2EFPZahVqOAwHnVrak0cv1pmNo9DsM+kF7xVNRu8QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAGD6MqU5B+e1Ihx+IVUvNKczMtKMB8GA1UdIwQY
MBaAFP/egXvq5MCi1X9/w/CMYn1WVA5+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzk2QmUtcmt3S0xWZjNfRDhJeGlmVlpVRG40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jY2ZhMTctMzBmNS00NTFhLThlMjkt
NmNjYTY2ZmQzYzk5LzEvQVlQb3lwVGtINTdVaUhINGhWUzgwcHpNeTBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jY2ZhMTctMzBmNS00NTFhLThlMjktNmNjYTY2ZmQzYzk5
LzEvXzk2QmUtcmt3S0xWZjNfRDhJeGlmVlpVRG40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAX43+MA0E
AgACMAcDBQAqE02AMA0GCSqGSIb3DQEBCwUAA4IBAQCjCsbnUtkmQ6OelvXphvLI
PSV0HXJgU7naT5eSKwrFqrY1Bm80UHojXHAOknHNEgeZnqyesdQ9IJbebdTeFxHv
B26deYdh3jPTqwDPr+mU+WVGq2o0FKckDzyNJjyLMd50GZAf1wZlHp2dxJmMdhGW
H9vbfTt6rEC8rgGKeeL3StQSZRINWCu5icOQlhatRjREkv/os6RivgjQj1HaypK+
5/SFa06SavH65hR1NHRtvRgjnhtXVb6qMVB01bXrn4oBXGuHbxgdBeb21BKnYLhT
6+m30soACJUR7Rs3AEfxGndJ883Wv696pGO2NUFOYzDvcd4ZS4w4vQMzz66CQLMd
-----END CERTIFICATE-----