Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/001-tZetvmGKdo-SShjNpt2aGEI.roa
File:                     001-tZetvmGKdo-SShjNpt2aGEI.roa (raw, json)
Hash identifier:          h4Io8H2hqpwLQER0WiwijMoVYS+KsM61BzmnzICk/jA=
Subject key identifier:   D3:4D:7E:B5:97:AD:BE:61:8A:76:8F:92:4A:18:CD:A6:DD:9A:18:42
Certificate issuer:       /CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
Certificate serial:       018CC5DBE9A90821616FFC9EAEA558B3AE6A
Authority key identifier: 20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/001-tZetvmGKdo-SShjNpt2aGEI.roa
Signing time:             Mon 01 Jan 2024 16:29:32 +0000
ROA not before:           Mon 01 Jan 2024 16:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25540
IP address blocks:        95.170.12.0/22 maxlen: 22
                          95.170.16.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 07:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:e9:a9:08:21:61:6f:fc:9e:ae:a5:58:b3:ae:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
        Validity
            Not Before: Jan  1 16:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d34d7eb597adbe618a768f924a18cda6dd9a1842
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:60:bc:b4:34:56:58:37:9b:54:35:3a:df:b3:
                    d3:37:b9:88:99:47:96:a7:a5:3a:1e:9b:f9:69:2f:
                    a7:ff:b2:b2:f2:39:63:87:c8:f4:06:b0:ae:55:c8:
                    3f:18:09:6a:03:68:4c:4b:4e:b2:83:12:fe:21:45:
                    19:1d:e7:5a:58:7a:0a:9c:83:93:c5:ef:c9:66:e1:
                    e3:1e:f3:e0:fb:3d:9e:2f:2e:7a:cf:60:3e:e6:e4:
                    75:ba:5c:5c:a3:2b:88:8e:49:49:4c:dd:a4:85:a2:
                    30:27:97:c4:46:bd:b8:c2:31:44:62:33:28:9e:65:
                    ed:63:8d:4b:48:75:d9:f1:b5:e8:12:08:16:f1:0e:
                    a7:9c:ac:45:90:15:44:c1:56:22:fb:5c:67:ab:f7:
                    10:1b:f1:cb:03:f6:a8:0a:b9:e7:d5:52:c8:65:51:
                    0d:17:66:43:c9:32:90:ec:8a:47:57:8c:1d:18:03:
                    79:59:bc:a0:2c:e9:2c:cd:7d:c7:ef:aa:54:2a:00:
                    74:d8:eb:12:f9:f2:91:1d:ac:9d:df:b8:1a:dc:30:
                    dc:c1:47:d4:e4:f1:e1:2f:64:63:75:8a:b2:19:e3:
                    5d:8e:d3:a8:34:d2:7c:00:5c:73:ca:9b:af:b0:ec:
                    1b:db:fc:34:a9:15:10:f9:11:41:57:51:ef:76:9b:
                    33:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:4D:7E:B5:97:AD:BE:61:8A:76:8F:92:4A:18:CD:A6:DD:9A:18:42
            X509v3 Authority Key Identifier:
                keyid:20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/001-tZetvmGKdo-SShjNpt2aGEI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.170.12.0-95.170.31.255

    Signature Algorithm: sha256WithRSAEncryption
         4d:5d:0b:38:5c:32:49:88:22:51:ec:5f:7e:c6:39:eb:80:62:
         74:ec:63:8c:ba:ef:51:2e:9f:a6:a9:90:ad:83:23:29:4d:54:
         71:04:7a:7a:1e:7c:96:3c:63:1b:2e:99:b9:a2:7b:7f:90:5c:
         ae:0e:e7:2d:4f:e4:d8:05:28:80:9f:2c:3a:30:85:0f:83:cb:
         60:87:4a:11:3d:33:78:cb:95:92:7d:2f:d6:50:7e:31:34:a7:
         c0:96:66:fc:98:09:b4:76:e7:70:58:8f:5e:46:92:b5:ad:65:
         f6:10:a3:0a:5f:cd:d6:15:47:2b:d7:ab:dd:71:5c:5a:dd:ab:
         5f:2e:f7:d7:e4:2c:3d:f9:a2:7b:1d:da:40:55:88:6a:0c:d5:
         12:81:35:0b:8b:6e:b9:03:fe:2a:bf:94:fb:fa:88:17:32:0f:
         da:fb:28:ec:ac:ca:98:36:20:cb:98:85:dc:05:ee:e5:cc:d1:
         1c:24:08:1c:f5:b3:22:46:3f:fc:d4:2a:47:67:82:4a:fd:4b:
         f3:86:7d:52:88:35:3d:1a:23:7c:42:9c:72:d9:be:ee:ac:6d:
         3e:b8:73:f5:81:af:19:5f:20:6d:ae:ba:56:c0:45:66:60:1b:
         e1:0a:27:26:15:fb:26:b9:ab:d4:3d:76:b9:f4:4b:33:86:df:
         59:fa:95:37
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzF2+mpCCFhb/yerqVYs65qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZTQyNWEzMmI2MmQzOTgxOGM0Y2JiMDA4MTA3NTY4NmZj
NGM4ZTgwHhcNMjQwMTAxMTYyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzRkN2ViNTk3YWRiZTYxOGE3NjhmOTI0YTE4Y2RhNmRkOWExODQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWC8tDRWWDebVDU637PTN7mImUeW
p6U6Hpv5aS+n/7Ky8jljh8j0BrCuVcg/GAlqA2hMS06ygxL+IUUZHedaWHoKnIOT
xe/JZuHjHvPg+z2eLy56z2A+5uR1ulxcoyuIjklJTN2khaIwJ5fERr24wjFEYjMo
nmXtY41LSHXZ8bXoEggW8Q6nnKxFkBVEwVYi+1xnq/cQG/HLA/aoCrnn1VLIZVEN
F2ZDyTKQ7IpHV4wdGAN5WbygLOkszX3H76pUKgB02OsS+fKRHayd37ga3DDcwUfU
5PHhL2RjdYqyGeNdjtOoNNJ8AFxzypuvsOwb2/w0qRUQ+RFBV1HvdpszqwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNNNfrWXrb5hinaPkkoYzabdmhhCMB8GA1UdIwQY
MBaAFCDkJaMrYtOYGMTLsAgQdWhvxMjoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGIt
ZWNkMjk2NWNiN2U3LzEvMDAxLXRaZXR2bUdLZG8tU1Noak5wdDJhR0VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGItZWNkMjk2NWNiN2U3
LzEvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAJfqgwD
BAVfqgAwDQYJKoZIhvcNAQELBQADggEBAE1dCzhcMkmIIlHsX37GOeuAYnTsY4y6
71Eun6apkK2DIylNVHEEenoefJY8Yxsumbmie3+QXK4O5y1P5NgFKICfLDowhQ+D
y2CHShE9M3jLlZJ9L9ZQfjE0p8CWZvyYCbR253BYj15GkrWtZfYQowpfzdYVRyvX
q91xXFrdq18u99fkLD35onsd2kBViGoM1RKBNQuLbrkD/iq/lPv6iBcyD9r7KOys
ypg2IMuYhdwF7uXM0RwkCBz1syJGP/zUKkdngkr9S/OGfVKINT0aI3xCnHLZvu6s
bT64c/WBrxlfIG2uulbARWZgG+EKJyYV+ya5q9Q9drn0SzOG31n6lTc=
-----END CERTIFICATE-----