Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/ga5LrO9UNQFsjdc_cmiURK1G_fg.roa
File:                     ga5LrO9UNQFsjdc_cmiURK1G_fg.roa (raw, json)
Hash identifier:          zsOHN7UBk8InPTQvVoCuULc2RtrJ9VgupGAtXGmINIA=
Subject key identifier:   81:AE:4B:AC:EF:54:35:01:6C:8D:D7:3F:72:68:94:44:AD:46:FD:F8
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       018CC64AD3546D4E82E448A5294191328CC9
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/ga5LrO9UNQFsjdc_cmiURK1G_fg.roa
Signing time:             Mon 01 Jan 2024 18:30:41 +0000
ROA not before:           Mon 01 Jan 2024 18:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6461
IP address blocks:        95.164.24.0/21 maxlen: 24
                          95.164.96.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:d3:54:6d:4e:82:e4:48:a5:29:41:91:32:8c:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Jan  1 18:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81ae4bacef5435016c8dd73f72689444ad46fdf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:77:38:c3:fe:a6:7d:ac:b0:3d:2f:b5:cd:9c:
                    ca:cb:0b:ca:18:0d:a4:bc:e6:56:13:3e:7f:ae:2e:
                    a2:66:f3:5a:10:56:04:f3:3a:cf:3b:00:4a:fe:15:
                    77:fd:70:9b:97:af:37:c9:ea:ed:ff:9c:de:ba:6a:
                    97:46:7d:d7:cd:cb:84:59:6b:a2:32:7d:71:66:6a:
                    73:05:db:93:97:5c:54:2e:a6:5a:23:2f:54:4f:87:
                    20:29:ef:a4:96:10:8f:49:89:3d:32:08:52:d5:1c:
                    e1:20:12:e6:03:b4:3a:3b:1e:ea:a9:74:8a:f6:e1:
                    5a:51:05:4d:80:ee:52:16:3b:0e:c5:23:b0:c5:a9:
                    ad:cf:2b:92:56:67:49:31:ee:a8:e9:27:26:d0:b5:
                    5b:bc:44:b0:ad:95:34:f9:0a:43:9d:e1:16:1b:41:
                    f3:6f:15:42:00:92:21:de:e2:7b:7e:b9:d3:43:48:
                    ac:2a:0a:95:7d:8c:59:d3:54:47:40:a4:95:71:60:
                    10:44:7e:3e:5b:10:e0:25:79:4a:66:3a:f7:5a:98:
                    6d:18:08:f4:59:3e:18:e4:1f:33:f6:60:5b:ed:5a:
                    0d:c7:d1:9a:be:b9:5a:d1:40:1a:b3:44:f1:6f:1c:
                    df:31:19:88:28:bb:a8:88:64:49:48:22:a4:2a:58:
                    ed:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:AE:4B:AC:EF:54:35:01:6C:8D:D7:3F:72:68:94:44:AD:46:FD:F8
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/ga5LrO9UNQFsjdc_cmiURK1G_fg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.164.24.0/21
                  95.164.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         59:2d:e0:c9:f2:e7:e1:6b:73:2b:77:1b:a8:f9:e1:60:cd:f4:
         91:cf:11:ab:e4:02:41:bc:f7:4d:93:bd:5c:2b:1d:bc:de:85:
         22:bf:44:73:28:34:8a:43:05:52:e3:0f:b8:d2:61:fd:93:cd:
         a4:f0:6b:76:18:89:3f:67:27:c0:fc:ae:12:90:a2:34:4b:0e:
         07:64:7d:62:90:37:89:8a:ac:98:30:9f:3b:b8:ad:a0:bb:0e:
         e8:54:a7:da:7d:65:2b:51:fa:70:3e:69:1a:0f:7a:6a:36:36:
         8e:3a:ab:e7:d2:8d:3e:c8:3e:30:a2:2f:7d:24:cf:3a:ba:be:
         e8:cd:3e:57:89:bb:b4:7b:56:50:20:88:2c:c1:d3:97:d7:69:
         0d:21:47:ac:d2:8e:f5:fa:7c:83:9d:82:17:42:09:19:87:4a:
         1c:48:fc:53:29:65:01:1d:34:45:2a:b3:e3:53:b9:59:81:51:
         c4:27:6e:7d:91:10:33:42:1c:ce:72:2c:04:b4:0f:66:2d:ac:
         e9:74:8f:05:10:54:bf:29:c6:26:93:61:ed:54:68:f2:ce:9e:
         e0:57:8f:7c:ea:1f:a7:ae:9a:4b:95:2c:63:88:65:ac:4c:6d:
         87:db:6f:27:00:59:da:4f:32:67:5f:b0:63:d4:3c:12:7f:2a:
         be:19:96:c3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGStNUbU6C5EilKUGRMozJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjQwMTAxMTgzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWFlNGJhY2VmNTQzNTAxNmM4ZGQ3M2Y3MjY4OTQ0NGFkNDZmZGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlXc4w/6mfaywPS+1zZzKywvKGA2k
vOZWEz5/ri6iZvNaEFYE8zrPOwBK/hV3/XCbl683yert/5zeumqXRn3XzcuEWWui
Mn1xZmpzBduTl1xULqZaIy9UT4cgKe+klhCPSYk9MghS1RzhIBLmA7Q6Ox7qqXSK
9uFaUQVNgO5SFjsOxSOwxamtzyuSVmdJMe6o6Scm0LVbvESwrZU0+QpDneEWG0Hz
bxVCAJIh3uJ7frnTQ0isKgqVfYxZ01RHQKSVcWAQRH4+WxDgJXlKZjr3WphtGAj0
WT4Y5B8z9mBb7VoNx9Gavrla0UAas0TxbxzfMRmIKLuoiGRJSCKkKljtrQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIGuS6zvVDUBbI3XP3JolEStRv34MB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvZ2E1THJPOVVOUUZzamRjX2NtaVVSSzFHX2ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDX6QYAwQE
X6RgMA0GCSqGSIb3DQEBCwUAA4IBAQBZLeDJ8ufha3Mrdxuo+eFgzfSRzxGr5AJB
vPdNk71cKx283oUiv0RzKDSKQwVS4w+40mH9k82k8Gt2GIk/ZyfA/K4SkKI0Sw4H
ZH1ikDeJiqyYMJ87uK2guw7oVKfafWUrUfpwPmkaD3pqNjaOOqvn0o0+yD4woi99
JM86ur7ozT5Xibu0e1ZQIIgswdOX12kNIUes0o71+nyDnYIXQgkZh0ocSPxTKWUB
HTRFKrPjU7lZgVHEJ259kRAzQhzOciwEtA9mLazpdI8FEFS/KcYmk2HtVGjyzp7g
V4986h+nrppLlSxjiGWsTG2H228nAFnaTzJnX7Bj1DwSfyq+GZbD
-----END CERTIFICATE-----