Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/cHxthKhH65PUUA1ghBJl9g65CWY.roa
File:                     cHxthKhH65PUUA1ghBJl9g65CWY.roa (raw, json)
Hash identifier:          NppRqB0DnaIrPY5Nxr3YCqSHcXO9iorEbWIIdD76qHo=
Subject key identifier:   70:7C:6D:84:A8:47:EB:93:D4:50:0D:60:84:12:65:F6:0E:B9:09:66
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       018CC64AE10F71BD57BBEB3B378964AF27B7
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/cHxthKhH65PUUA1ghBJl9g65CWY.roa
Signing time:             Mon 01 Jan 2024 18:30:45 +0000
ROA not before:           Mon 01 Jan 2024 18:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397044
IP address blocks:        95.164.228.0/22 maxlen: 24
                          95.164.232.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:e1:0f:71:bd:57:bb:eb:3b:37:89:64:af:27:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Jan  1 18:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=707c6d84a847eb93d4500d60841265f60eb90966
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:f0:74:ac:21:08:b2:66:7d:70:ba:3a:47:c0:
                    3a:1e:5b:42:21:05:62:cc:c5:10:00:78:d7:29:f9:
                    0a:b7:45:2f:56:c7:c6:1e:cb:0c:3a:23:6d:f1:a4:
                    4a:c6:2f:83:12:24:30:e5:da:8c:57:11:ed:65:39:
                    f2:a0:6b:53:5d:2c:44:2f:21:d5:79:f4:6f:ba:95:
                    47:5b:b9:ec:00:04:dc:81:c9:3e:28:90:65:15:d1:
                    ed:fb:53:90:f1:2b:fc:e1:c7:16:3c:84:7d:42:48:
                    05:eb:24:73:c0:61:e3:95:03:7e:9a:f4:4a:10:51:
                    de:d0:34:ba:2d:32:ef:30:64:98:0b:de:b8:28:33:
                    e6:93:3f:f0:2f:6f:e5:39:d0:0c:56:c5:2a:93:ef:
                    91:02:04:cb:e0:c2:c9:34:f7:28:74:0b:44:1a:fe:
                    52:11:76:87:09:66:32:3d:32:4e:9f:94:24:c0:a5:
                    4c:0d:31:bd:f5:bf:32:bb:ab:0f:fc:c9:37:12:0e:
                    a9:7e:5f:a2:b7:ae:1d:a6:29:7c:60:a2:8a:ba:d8:
                    bc:48:8f:2c:fb:b1:5c:e1:4d:64:4d:88:41:fe:61:
                    d6:f6:84:2b:c8:c2:27:92:79:29:56:0f:7d:37:a6:
                    95:03:82:57:c9:83:eb:e0:30:14:0e:d4:b2:6c:86:
                    3b:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:7C:6D:84:A8:47:EB:93:D4:50:0D:60:84:12:65:F6:0E:B9:09:66
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/cHxthKhH65PUUA1ghBJl9g65CWY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.164.228.0-95.164.235.255

    Signature Algorithm: sha256WithRSAEncryption
         0d:b9:ed:be:4c:66:10:b8:a4:4c:ea:6e:ca:6e:b1:9b:57:aa:
         11:65:5f:d7:4b:8c:35:db:18:98:e1:bd:73:28:97:05:eb:3e:
         bc:57:3b:e3:52:1c:1f:ae:14:73:96:b6:ed:a0:47:59:7e:76:
         41:21:b9:39:14:e8:84:a3:2f:ef:7a:63:94:6b:8f:60:bd:e6:
         56:15:a4:5f:1c:73:a6:73:83:c6:a4:0d:71:de:d1:e6:74:9d:
         53:88:5a:76:25:a8:b8:fa:9a:da:52:97:70:9a:fa:0c:2e:7e:
         72:0b:a6:8a:0e:0f:65:6f:94:6d:b3:07:65:0e:fe:5e:f7:78:
         1b:7c:6d:3b:91:78:00:b9:df:43:88:04:3e:e4:15:c0:7b:f5:
         6b:0c:a2:9c:96:7f:c7:05:e3:1b:01:67:bf:69:40:b1:52:cb:
         62:91:bc:7f:41:09:81:67:0d:c9:d5:21:76:61:08:ff:88:37:
         9c:38:5b:1b:02:d7:8d:ba:f3:74:db:62:0b:d8:3d:af:be:34:
         15:b1:f6:36:25:7b:e5:e4:d4:7f:93:9e:6e:bc:c5:a7:14:7a:
         18:99:9f:74:19:03:23:0c:47:de:83:ae:64:85:c8:32:9c:dc:
         51:0f:07:30:c8:5e:d1:b8:67:b8:a7:af:3a:4d:51:6d:42:78:
         89:d8:1a:d9
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzGSuEPcb1Xu+s7N4lkrye3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjQwMTAxMTgzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDdjNmQ4NGE4NDdlYjkzZDQ1MDBkNjA4NDEyNjVmNjBlYjkwOTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/B0rCEIsmZ9cLo6R8A6HltCIQVi
zMUQAHjXKfkKt0UvVsfGHssMOiNt8aRKxi+DEiQw5dqMVxHtZTnyoGtTXSxELyHV
efRvupVHW7nsAATcgck+KJBlFdHt+1OQ8Sv84ccWPIR9QkgF6yRzwGHjlQN+mvRK
EFHe0DS6LTLvMGSYC964KDPmkz/wL2/lOdAMVsUqk++RAgTL4MLJNPcodAtEGv5S
EXaHCWYyPTJOn5QkwKVMDTG99b8yu6sP/Mk3Eg6pfl+it64dpil8YKKKuti8SI8s
+7Fc4U1kTYhB/mHW9oQryMInknkpVg99N6aVA4JXyYPr4DAUDtSybIY74wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHB8bYSoR+uT1FANYIQSZfYOuQlmMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvY0h4dGhLaEg2NVBVVUExZ2hCSmw5ZzY1Q1dZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAJfpOQD
BAJfpOgwDQYJKoZIhvcNAQELBQADggEBAA257b5MZhC4pEzqbspusZtXqhFlX9dL
jDXbGJjhvXMolwXrPrxXO+NSHB+uFHOWtu2gR1l+dkEhuTkU6ISjL+96Y5Rrj2C9
5lYVpF8cc6Zzg8akDXHe0eZ0nVOIWnYlqLj6mtpSl3Ca+gwufnILpooOD2VvlG2z
B2UO/l73eBt8bTuReAC530OIBD7kFcB79WsMopyWf8cF4xsBZ79pQLFSy2KRvH9B
CYFnDcnVIXZhCP+IN5w4WxsC142683TbYgvYPa++NBWx9jYle+Xk1H+Tnm68xacU
ehiZn3QZAyMMR96DrmSFyDKc3FEPBzDIXtG4Z7inrzpNUW1CeInYGtk=
-----END CERTIFICATE-----