Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/b8f5e6-c951-4ddb-b4f5-a881ec8228b5/1/aLIu7a6bKKtM4WIsfSlNFDO-6ak.roa
File:                     aLIu7a6bKKtM4WIsfSlNFDO-6ak.roa (raw, json)
Hash identifier:          uP34G2gswMwuvMflEof4c6CmJWWeFjAhP6WENsiHgxI=
Subject key identifier:   68:B2:2E:ED:AE:9B:28:AB:4C:E1:62:2C:7D:29:4D:14:33:BE:E9:A9
Certificate issuer:       /CN=5ccdeca171e422c79c938c2732a90d48a8c53c06
Certificate serial:       018CC3B722F226C933DC4FB6B477A521B7D4
Authority key identifier: 5C:CD:EC:A1:71:E4:22:C7:9C:93:8C:27:32:A9:0D:48:A8:C5:3C:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XM3soXHkIseck4wnMqkNSKjFPAY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/b8f5e6-c951-4ddb-b4f5-a881ec8228b5/1/aLIu7a6bKKtM4WIsfSlNFDO-6ak.roa
Signing time:             Mon 01 Jan 2024 06:30:08 +0000
ROA not before:           Mon 01 Jan 2024 06:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        95.140.160.0/24 maxlen: 24
                          95.140.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/b8f5e6-c951-4ddb-b4f5-a881ec8228b5/1/XM3soXHkIseck4wnMqkNSKjFPAY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/b8f5e6-c951-4ddb-b4f5-a881ec8228b5/1/XM3soXHkIseck4wnMqkNSKjFPAY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XM3soXHkIseck4wnMqkNSKjFPAY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:22:f2:26:c9:33:dc:4f:b6:b4:77:a5:21:b7:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ccdeca171e422c79c938c2732a90d48a8c53c06
        Validity
            Not Before: Jan  1 06:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68b22eedae9b28ab4ce1622c7d294d1433bee9a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:38:af:09:eb:44:f6:88:f4:f4:e4:53:f7:a7:
                    98:cd:7a:13:de:a5:00:24:c0:28:16:33:b0:b5:d0:
                    bc:17:00:34:fc:40:c8:ff:34:a1:09:14:1e:4a:bc:
                    87:6d:a7:31:12:0c:b9:01:3c:68:9d:7b:ea:bd:22:
                    2a:8a:de:88:41:9d:cf:e0:b4:4c:49:78:71:f2:33:
                    ab:7d:96:b5:23:ef:19:f8:1e:0d:80:e3:7b:4c:e2:
                    4f:1f:69:bd:fc:38:b7:c9:6a:fe:04:de:05:00:cd:
                    44:fa:aa:af:4d:2e:12:3f:55:58:a9:26:b1:0e:52:
                    ea:f8:13:51:77:61:c0:b2:4f:35:61:43:c3:1b:87:
                    f6:ff:07:3d:a8:9a:a3:94:c5:73:a0:21:16:80:dc:
                    cc:14:20:be:0d:aa:49:59:f0:bc:7f:c8:bc:5c:da:
                    87:86:96:8c:a2:fb:b1:57:77:f2:04:ad:b3:89:62:
                    fe:97:2f:3a:19:c6:72:15:d0:0f:c8:00:23:ea:4d:
                    60:41:03:94:0e:67:0f:12:56:9c:c6:db:40:11:23:
                    9c:2a:a6:1d:3b:92:e5:8d:8f:9d:fc:1d:8b:49:c0:
                    2f:65:f2:3e:b0:35:50:43:13:4b:2f:69:46:e2:04:
                    b5:77:d5:a0:69:70:24:a5:59:38:ab:62:f9:7c:d3:
                    64:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:B2:2E:ED:AE:9B:28:AB:4C:E1:62:2C:7D:29:4D:14:33:BE:E9:A9
            X509v3 Authority Key Identifier:
                keyid:5C:CD:EC:A1:71:E4:22:C7:9C:93:8C:27:32:A9:0D:48:A8:C5:3C:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XM3soXHkIseck4wnMqkNSKjFPAY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/b8f5e6-c951-4ddb-b4f5-a881ec8228b5/1/aLIu7a6bKKtM4WIsfSlNFDO-6ak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/b8f5e6-c951-4ddb-b4f5-a881ec8228b5/1/XM3soXHkIseck4wnMqkNSKjFPAY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.140.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0a:b6:6c:cd:56:73:14:54:87:ec:13:0e:87:e0:5a:f3:a2:ac:
         5c:01:28:f1:1b:13:10:5c:5d:6a:97:e2:7f:c3:bc:d8:1f:6f:
         ea:ba:7c:dc:40:95:71:8f:9d:fc:ef:ed:24:32:bd:ad:74:b5:
         33:da:3d:03:e6:32:1e:e2:ff:63:3d:da:70:91:73:f5:4d:4f:
         fd:69:20:f1:a8:4a:fc:ee:02:13:63:cc:b8:ef:1b:5c:ad:fd:
         32:72:8e:e8:4e:2b:08:ea:eb:23:a0:4f:aa:fc:dc:ab:83:fd:
         47:a6:5c:ac:ec:48:f5:25:91:75:ab:5a:a9:b6:fb:f6:89:9f:
         e3:c5:4d:37:fe:5c:fd:dd:00:e4:da:8e:b6:cf:36:04:49:84:
         4d:35:ce:90:ab:0a:4f:06:47:1f:18:51:50:a2:20:93:d5:60:
         ad:4a:34:e7:19:7a:56:1a:bc:e3:c4:47:40:0a:08:64:8f:fa:
         58:8a:d3:7e:1f:71:04:1e:38:51:3b:0f:d4:26:fb:af:2d:1c:
         91:32:fa:4f:44:fa:ce:9f:e3:29:32:c3:6e:c5:c3:ad:88:a7:
         96:5a:2a:92:2c:62:0d:3b:74:5d:c2:ed:4c:64:5d:25:56:3e:
         4a:d0:42:a2:f0:ed:48:e8:ae:a8:d9:ad:95:92:f0:54:78:e8:
         f8:56:ae:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtyLyJskz3E+2tHelIbfUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjY2RlY2ExNzFlNDIyYzc5YzkzOGMyNzMyYTkwZDQ4YThj
NTNjMDYwHhcNMjQwMTAxMDYzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGIyMmVlZGFlOWIyOGFiNGNlMTYyMmM3ZDI5NGQxNDMzYmVlOWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnjivCetE9oj09ORT96eYzXoT3qUA
JMAoFjOwtdC8FwA0/EDI/zShCRQeSryHbacxEgy5ATxonXvqvSIqit6IQZ3P4LRM
SXhx8jOrfZa1I+8Z+B4NgON7TOJPH2m9/Di3yWr+BN4FAM1E+qqvTS4SP1VYqSax
DlLq+BNRd2HAsk81YUPDG4f2/wc9qJqjlMVzoCEWgNzMFCC+DapJWfC8f8i8XNqH
hpaMovuxV3fyBK2ziWL+ly86GcZyFdAPyAAj6k1gQQOUDmcPElacxttAESOcKqYd
O5LljY+d/B2LScAvZfI+sDVQQxNLL2lG4gS1d9WgaXAkpVk4q2L5fNNkuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGiyLu2umyirTOFiLH0pTRQzvumpMB8GA1UdIwQY
MBaAFFzN7KFx5CLHnJOMJzKpDUioxTwGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWE0zc29YSGtJc2VjazR3bk1xa05TS2pGUEFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9iOGY1ZTYtYzk1MS00ZGRiLWI0ZjUt
YTg4MWVjODIyOGI1LzEvYUxJdTdhNmJLS3RNNFdJc2ZTbE5GRE8tNmFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9iOGY1ZTYtYzk1MS00ZGRiLWI0ZjUtYTg4MWVjODIyOGI1
LzEvWE0zc29YSGtJc2VjazR3bk1xa05TS2pGUEFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBX4ygMA0G
CSqGSIb3DQEBCwUAA4IBAQAKtmzNVnMUVIfsEw6H4FrzoqxcASjxGxMQXF1ql+J/
w7zYH2/qunzcQJVxj5387+0kMr2tdLUz2j0D5jIe4v9jPdpwkXP1TU/9aSDxqEr8
7gITY8y47xtcrf0yco7oTisI6usjoE+q/Nyrg/1Hplys7Ej1JZF1q1qptvv2iZ/j
xU03/lz93QDk2o62zzYESYRNNc6QqwpPBkcfGFFQoiCT1WCtSjTnGXpWGrzjxEdA
Cghkj/pYitN+H3EEHjhROw/UJvuvLRyRMvpPRPrOn+MpMsNuxcOtiKeWWiqSLGIN
O3Rdwu1MZF0lVj5K0EKi8O1I6K6o2a2VkvBUeOj4Vq7H
-----END CERTIFICATE-----