Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/rdcJSKAKjyGfddmBsvJqJ4UE2Bs.roa
File:                     rdcJSKAKjyGfddmBsvJqJ4UE2Bs.roa (raw, json)
Hash identifier:          uBMk6Zx3zGUqMiYnk8dlCfgL2rlXoYS00WghZsBife8=
Subject key identifier:   AD:D7:09:48:A0:0A:8F:21:9F:75:D9:81:B2:F2:6A:27:85:04:D8:1B
Certificate issuer:       /CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
Certificate serial:       018CC5DBEA07035B3E7C1D3D579DE9A9BB05
Authority key identifier: 20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/rdcJSKAKjyGfddmBsvJqJ4UE2Bs.roa
Signing time:             Mon 01 Jan 2024 16:29:32 +0000
ROA not before:           Mon 01 Jan 2024 16:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198682
IP address blocks:        95.170.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:ea:07:03:5b:3e:7c:1d:3d:57:9d:e9:a9:bb:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
        Validity
            Not Before: Jan  1 16:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=add70948a00a8f219f75d981b2f26a278504d81b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:a4:da:6c:86:66:6c:ab:66:b9:36:f9:7c:c5:
                    c3:0d:85:d8:08:ac:4b:ac:55:fc:da:d4:6e:df:8b:
                    71:b9:76:18:86:29:5d:aa:9a:4b:8d:46:eb:66:66:
                    1f:18:cd:72:09:d1:9c:51:a3:f3:8a:41:77:fe:ce:
                    c5:c2:a0:e7:8c:e6:71:dc:99:43:1d:e1:66:4a:42:
                    9e:05:41:60:c8:76:1a:53:62:28:1f:39:9d:df:eb:
                    4a:bd:22:f7:ee:21:09:7c:0c:82:cf:2b:b9:34:7b:
                    47:35:2e:a7:23:d1:b8:20:cb:f0:81:7c:17:66:8c:
                    e6:45:48:e5:32:75:af:eb:23:e9:7c:8f:80:51:a0:
                    24:e7:c8:50:cd:ef:f1:d9:ce:68:e6:54:31:69:9e:
                    75:10:94:98:7e:18:72:c2:68:3d:9e:9b:2c:dc:0e:
                    0e:60:ff:e5:a2:1b:25:9d:66:46:45:df:ce:fd:16:
                    ea:e5:32:d8:8b:3f:05:11:21:f0:75:9d:15:cc:6f:
                    a2:34:8a:16:fd:3b:1c:82:65:0c:af:82:5f:29:a7:
                    e3:b0:8c:e2:e4:c0:05:19:5a:e1:36:9c:6d:82:08:
                    89:a8:53:35:10:ee:58:5e:8f:bd:5f:84:7e:31:a1:
                    8a:5e:ce:65:8f:be:8c:e5:ee:26:cb:be:ad:32:c3:
                    ca:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:D7:09:48:A0:0A:8F:21:9F:75:D9:81:B2:F2:6A:27:85:04:D8:1B
            X509v3 Authority Key Identifier:
                keyid:20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/rdcJSKAKjyGfddmBsvJqJ4UE2Bs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.170.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:25:bc:05:20:97:96:ca:e2:ff:f4:43:7b:47:57:22:8c:b5:
         b4:28:f5:2e:28:b1:ae:38:f1:b9:dc:25:09:4d:06:7d:d6:bf:
         ad:8a:ab:7f:35:2e:0c:2e:e9:f9:b6:a4:5f:f4:e5:4f:97:32:
         ed:60:5a:34:5c:8d:b3:43:d1:dc:c6:0f:a1:a3:8b:ef:0e:f0:
         0d:d3:b5:ef:b3:bc:3d:dd:16:70:99:25:50:9b:9f:9e:67:0c:
         b4:a1:6f:32:76:9d:69:5d:d0:7d:67:85:92:fa:c4:ca:20:fa:
         d7:c7:ab:b2:eb:3a:7d:90:61:4c:2d:b1:07:cd:53:ed:01:74:
         91:32:88:10:06:7e:8d:d9:a9:e2:6c:b9:93:4f:2e:c5:0e:27:
         d8:a5:0d:28:53:b5:46:76:86:17:a1:86:42:ba:cd:59:05:98:
         f4:38:48:69:71:38:df:2e:0f:e7:60:d6:c2:d8:14:f6:45:32:
         61:ed:bf:ec:3b:26:8e:2b:b4:15:31:87:e5:ff:9d:4e:dd:6f:
         33:e3:ca:83:ec:12:7f:15:c4:69:25:20:a6:8b:0f:47:c9:68:
         63:47:fa:71:b9:9e:4f:6f:98:93:44:31:95:f9:4c:e5:ac:19:
         19:9c:e5:f5:97:95:04:e5:81:e0:29:c6:d5:6d:5a:fb:73:3b:
         33:0b:ec:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2+oHA1s+fB09V53pqbsFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZTQyNWEzMmI2MmQzOTgxOGM0Y2JiMDA4MTA3NTY4NmZj
NGM4ZTgwHhcNMjQwMTAxMTYyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGQ3MDk0OGEwMGE4ZjIxOWY3NWQ5ODFiMmYyNmEyNzg1MDRkODFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6TabIZmbKtmuTb5fMXDDYXYCKxL
rFX82tRu34txuXYYhildqppLjUbrZmYfGM1yCdGcUaPzikF3/s7FwqDnjOZx3JlD
HeFmSkKeBUFgyHYaU2IoHzmd3+tKvSL37iEJfAyCzyu5NHtHNS6nI9G4IMvwgXwX
ZozmRUjlMnWv6yPpfI+AUaAk58hQze/x2c5o5lQxaZ51EJSYfhhywmg9npss3A4O
YP/lohslnWZGRd/O/Rbq5TLYiz8FESHwdZ0VzG+iNIoW/TscgmUMr4JfKafjsIzi
5MAFGVrhNpxtggiJqFM1EO5YXo+9X4R+MaGKXs5lj76M5e4my76tMsPKiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK3XCUigCo8hn3XZgbLyaieFBNgbMB8GA1UdIwQY
MBaAFCDkJaMrYtOYGMTLsAgQdWhvxMjoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGIt
ZWNkMjk2NWNiN2U3LzEvcmRjSlNLQUtqeUdmZGRtQnN2SnFKNFVFMkJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGItZWNkMjk2NWNiN2U3
LzEvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6oEMA0G
CSqGSIb3DQEBCwUAA4IBAQAYJbwFIJeWyuL/9EN7R1cijLW0KPUuKLGuOPG53CUJ
TQZ91r+tiqt/NS4MLun5tqRf9OVPlzLtYFo0XI2zQ9Hcxg+ho4vvDvAN07Xvs7w9
3RZwmSVQm5+eZwy0oW8ydp1pXdB9Z4WS+sTKIPrXx6uy6zp9kGFMLbEHzVPtAXSR
MogQBn6N2anibLmTTy7FDifYpQ0oU7VGdoYXoYZCus1ZBZj0OEhpcTjfLg/nYNbC
2BT2RTJh7b/sOyaOK7QVMYfl/51O3W8z48qD7BJ/FcRpJSCmiw9HyWhjR/pxuZ5P
b5iTRDGV+UzlrBkZnOX1l5UE5YHgKcbVbVr7czszC+xD
-----END CERTIFICATE-----