Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/vwmTvfYtBIX7VPbpiNh22HQ_sJs.roa
File:                     vwmTvfYtBIX7VPbpiNh22HQ_sJs.roa (raw, json)
Hash identifier:          NDO4+RrdByS/4Tnx9h24/o5frS/RtD8nA8SpDKE5vus=
Subject key identifier:   BF:09:93:BD:F6:2D:04:85:FB:54:F6:E9:88:D8:76:D8:74:3F:B0:9B
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       018CC64AD722B9D64B4E9B12EDF9F9961356
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/vwmTvfYtBIX7VPbpiNh22HQ_sJs.roa
Signing time:             Mon 01 Jan 2024 18:30:42 +0000
ROA not before:           Mon 01 Jan 2024 18:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     54903
IP address blocks:        95.164.140.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:d7:22:b9:d6:4b:4e:9b:12:ed:f9:f9:96:13:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Jan  1 18:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf0993bdf62d0485fb54f6e988d876d8743fb09b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:f3:4b:38:64:fb:35:67:9a:78:7e:62:fb:24:
                    b3:f7:0a:84:d1:69:39:db:71:ce:08:0e:87:d4:5f:
                    ca:d6:55:26:0e:ad:86:aa:d4:47:82:40:c5:01:25:
                    bf:71:ee:9f:0a:ec:8d:2f:cd:16:ff:70:b2:97:75:
                    29:fe:88:32:d5:5a:3a:0c:f9:a6:e8:17:fc:ea:25:
                    c7:cc:72:bf:df:76:b0:b0:ec:32:27:68:cb:3b:df:
                    a8:02:7c:09:ec:3d:90:a9:c3:8d:03:df:16:ad:45:
                    8a:a6:c7:74:c9:45:06:bf:58:72:06:ff:c6:24:3a:
                    4f:66:94:5a:43:4a:97:1a:c6:52:23:04:c3:3e:f1:
                    65:c7:9a:df:5a:25:2a:bc:fb:86:f9:0c:14:51:72:
                    df:aa:56:9f:5f:dc:70:8c:74:06:70:ee:d1:be:25:
                    db:e1:e2:2b:15:c6:50:20:fd:96:f0:a7:fd:d8:df:
                    f6:23:25:ed:4d:8e:45:df:49:db:36:a7:c5:b1:82:
                    4c:12:a8:3b:45:23:3c:4f:b5:43:ad:0a:bb:c0:1b:
                    fc:43:9e:cc:ca:67:47:3d:20:19:ad:31:9c:9e:db:
                    f2:be:fe:c2:f0:a4:e7:60:c9:0e:79:86:64:15:5f:
                    a0:b7:93:54:d0:86:21:c1:fb:54:0a:5f:46:13:12:
                    28:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:09:93:BD:F6:2D:04:85:FB:54:F6:E9:88:D8:76:D8:74:3F:B0:9B
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/vwmTvfYtBIX7VPbpiNh22HQ_sJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.164.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6c:f8:e9:d4:f3:1e:95:65:9a:f1:97:f3:73:3a:70:e5:56:36:
         47:24:96:c9:29:e3:5e:35:30:43:5e:39:16:71:8f:0b:05:a2:
         86:06:5a:5a:75:41:88:54:9c:1c:13:b8:75:4f:96:54:f0:85:
         ec:de:e1:89:b8:45:4c:c9:2d:9e:c9:d0:b6:4b:e0:c2:d4:e3:
         7d:be:e0:58:18:70:c8:e0:11:e2:84:24:32:af:df:cd:bb:be:
         bf:53:94:64:a2:05:bc:2c:5f:34:9b:5f:e5:50:e5:e3:31:cb:
         ab:cb:8c:ba:49:64:19:a0:de:d9:14:a3:b2:9d:8a:77:14:04:
         52:cd:14:3a:c3:6c:4c:26:22:7e:83:24:15:31:bf:24:66:43:
         f9:98:03:e0:46:fd:c5:bf:e8:4a:df:96:cf:1e:75:4c:ce:b9:
         76:7d:1c:26:60:ca:7d:49:b4:25:69:0c:59:14:e6:b1:67:7f:
         8e:85:c5:4e:ce:6d:d9:34:3c:ae:8c:62:76:bb:50:b8:fa:25:
         47:a6:71:10:f3:71:84:19:97:57:44:f0:12:6b:3e:63:75:fa:
         c3:f1:1c:7c:01:67:4d:73:66:69:d8:c0:05:f0:4f:a9:25:c7:
         f2:f3:49:81:64:01:11:b4:d1:a5:7a:a9:20:8a:e1:00:25:c0:
         76:54:2f:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGStciudZLTpsS7fn5lhNWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjQwMTAxMTgzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjA5OTNiZGY2MmQwNDg1ZmI1NGY2ZTk4OGQ4NzZkODc0M2ZiMDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjfNLOGT7NWeaeH5i+ySz9wqE0Wk5
23HOCA6H1F/K1lUmDq2GqtRHgkDFASW/ce6fCuyNL80W/3Cyl3Up/ogy1Vo6DPmm
6Bf86iXHzHK/33awsOwyJ2jLO9+oAnwJ7D2QqcONA98WrUWKpsd0yUUGv1hyBv/G
JDpPZpRaQ0qXGsZSIwTDPvFlx5rfWiUqvPuG+QwUUXLfqlafX9xwjHQGcO7RviXb
4eIrFcZQIP2W8Kf92N/2IyXtTY5F30nbNqfFsYJMEqg7RSM8T7VDrQq7wBv8Q57M
ymdHPSAZrTGcntvyvv7C8KTnYMkOeYZkFV+gt5NU0IYhwftUCl9GExIoyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL8Jk732LQSF+1T26YjYdth0P7CbMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvdndtVHZmWXRCSVg3VlBicGlOaDIySFFfc0pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCX6SMMA0G
CSqGSIb3DQEBCwUAA4IBAQBs+OnU8x6VZZrxl/NzOnDlVjZHJJbJKeNeNTBDXjkW
cY8LBaKGBlpadUGIVJwcE7h1T5ZU8IXs3uGJuEVMyS2eydC2S+DC1ON9vuBYGHDI
4BHihCQyr9/Nu76/U5RkogW8LF80m1/lUOXjMcury4y6SWQZoN7ZFKOynYp3FARS
zRQ6w2xMJiJ+gyQVMb8kZkP5mAPgRv3Fv+hK35bPHnVMzrl2fRwmYMp9SbQlaQxZ
FOaxZ3+OhcVOzm3ZNDyujGJ2u1C4+iVHpnEQ83GEGZdXRPASaz5jdfrD8Rx8AWdN
c2Zp2MAF8E+pJcfy80mBZAERtNGleqkgiuEAJcB2VC9P
-----END CERTIFICATE-----