Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/7L1qf7FGz5w6H8BIhdbYjU4axpA.roa
File:                     7L1qf7FGz5w6H8BIhdbYjU4axpA.roa (raw, json)
Hash identifier:          El94++tx2p4Wj2ny9DWOkJOGpdT23If/cjHav6fMmDI=
Subject key identifier:   EC:BD:6A:7F:B1:46:CF:9C:3A:1F:C0:48:85:D6:D8:8D:4E:1A:C6:90
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       018CC64AE16053B8A1D3CE7F74D42A93D54E
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/7L1qf7FGz5w6H8BIhdbYjU4axpA.roa
Signing time:             Mon 01 Jan 2024 18:30:45 +0000
ROA not before:           Mon 01 Jan 2024 18:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     399150
IP address blocks:        95.164.224.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 06:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:e1:60:53:b8:a1:d3:ce:7f:74:d4:2a:93:d5:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Jan  1 18:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ecbd6a7fb146cf9c3a1fc04885d6d88d4e1ac690
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:4c:e1:7e:fb:b4:5c:96:c3:75:d3:cd:29:46:
                    b4:2d:21:61:53:f9:26:ff:33:eb:a1:24:b2:05:49:
                    32:66:e3:e6:9c:b5:57:28:14:46:fe:9d:c7:54:dd:
                    f3:20:d3:05:7d:56:d2:9f:13:41:cc:09:96:9d:a7:
                    b7:4c:fa:34:43:7f:60:96:85:0c:11:f9:1c:88:1d:
                    ed:5b:d4:d6:22:23:f6:7d:be:b7:a2:56:0e:d8:e1:
                    50:72:1c:0e:64:05:0d:19:f3:93:f4:04:d0:d6:e3:
                    40:1d:fd:0c:34:d8:9f:bf:f3:c2:25:a8:75:17:e0:
                    7c:99:5d:26:00:11:e7:36:71:16:dc:d6:05:15:46:
                    33:a0:71:f5:9f:5d:7b:83:e0:e7:e1:43:e5:4c:29:
                    f4:09:d8:e5:9f:b2:ac:74:b1:85:9c:f5:50:1e:99:
                    54:0b:33:9f:b9:61:e2:4d:45:23:2f:eb:03:08:8b:
                    c9:e0:8f:fa:41:84:c4:d8:21:5d:4b:75:39:1c:ec:
                    34:92:d8:cc:cd:b4:2b:5d:65:d0:72:f2:2e:74:ff:
                    37:a9:17:09:ba:e2:ef:33:30:c1:43:6d:b1:98:bf:
                    71:86:6a:f9:73:5b:be:f2:1e:6a:b9:32:73:03:6f:
                    f3:b7:88:0c:fb:f7:25:ff:49:cf:42:20:5e:db:7e:
                    48:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:BD:6A:7F:B1:46:CF:9C:3A:1F:C0:48:85:D6:D8:8D:4E:1A:C6:90
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/7L1qf7FGz5w6H8BIhdbYjU4axpA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.164.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         20:35:54:91:07:43:c6:6c:c5:0d:00:27:77:ea:2d:5f:e9:91:
         33:08:1b:d7:cc:60:f7:33:20:62:45:12:ae:a6:c1:81:8b:54:
         95:36:dd:fb:22:14:38:4e:61:d1:31:49:3c:b2:86:a4:b5:46:
         2a:6d:a4:09:57:22:20:6c:05:d5:6b:98:e4:5a:c1:26:e7:46:
         95:2c:39:b8:44:cf:69:ee:81:91:fb:9b:73:cf:88:53:9c:ab:
         6a:db:a4:0d:f4:6e:47:f6:d9:ed:fc:02:14:62:f7:81:78:21:
         63:dc:c6:c2:bb:48:23:dc:4d:7f:7b:5c:9b:43:85:f0:61:a5:
         f4:e9:5f:0a:32:d4:9a:a2:74:c5:52:25:d0:c2:95:09:3d:ac:
         20:1c:69:19:60:7a:aa:a5:03:68:0f:32:ad:ee:8e:c3:65:80:
         bc:b7:d8:ce:af:81:12:80:27:9c:04:54:c5:33:af:cd:d5:c3:
         fc:58:25:6d:d3:26:1b:c6:e9:07:cd:60:18:11:e7:ec:22:73:
         a5:2c:8f:95:ca:94:e5:41:ca:72:50:73:49:07:5c:63:81:7f:
         a1:c8:ca:3e:d3:2e:84:f5:c0:f2:55:27:15:22:d2:2f:04:1a:
         de:cd:fc:dc:58:82:fe:8e:3d:2b:0f:46:e5:01:e8:70:40:9d:
         bd:86:5e:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSuFgU7ih085/dNQqk9VOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjQwMTAxMTgzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2JkNmE3ZmIxNDZjZjljM2ExZmMwNDg4NWQ2ZDg4ZDRlMWFjNjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsEzhfvu0XJbDddPNKUa0LSFhU/km
/zProSSyBUkyZuPmnLVXKBRG/p3HVN3zINMFfVbSnxNBzAmWnae3TPo0Q39gloUM
EfkciB3tW9TWIiP2fb63olYO2OFQchwOZAUNGfOT9ATQ1uNAHf0MNNifv/PCJah1
F+B8mV0mABHnNnEW3NYFFUYzoHH1n117g+Dn4UPlTCn0Cdjln7KsdLGFnPVQHplU
CzOfuWHiTUUjL+sDCIvJ4I/6QYTE2CFdS3U5HOw0ktjMzbQrXWXQcvIudP83qRcJ
uuLvMzDBQ22xmL9xhmr5c1u+8h5quTJzA2/zt4gM+/cl/0nPQiBe235IiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOy9an+xRs+cOh/ASIXW2I1OGsaQMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvN0wxcWY3Rkd6NXc2SDhCSWhkYllqVTRheHBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCX6TgMA0G
CSqGSIb3DQEBCwUAA4IBAQAgNVSRB0PGbMUNACd36i1f6ZEzCBvXzGD3MyBiRRKu
psGBi1SVNt37IhQ4TmHRMUk8soaktUYqbaQJVyIgbAXVa5jkWsEm50aVLDm4RM9p
7oGR+5tzz4hTnKtq26QN9G5H9tnt/AIUYveBeCFj3MbCu0gj3E1/e1ybQ4XwYaX0
6V8KMtSaonTFUiXQwpUJPawgHGkZYHqqpQNoDzKt7o7DZYC8t9jOr4ESgCecBFTF
M6/N1cP8WCVt0yYbxukHzWAYEefsInOlLI+VypTlQcpyUHNJB1xjgX+hyMo+0y6E
9cDyVScVItIvBBrezfzcWIL+jj0rD0blAehwQJ29hl6r
-----END CERTIFICATE-----