Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/048df6-bccd-4885-8f43-4dc2071a5bf1/1/2P3Hvw50g9AQsDZqlpKhx3SFw9Q.roa
File:                     2P3Hvw50g9AQsDZqlpKhx3SFw9Q.roa (raw, json)
Hash identifier:          1MM4SYInG3syN8PT9l0jTHeFavAMZkW5oJvD1JA+t2o=
Subject key identifier:   D8:FD:C7:BF:0E:74:83:D0:10:B0:36:6A:96:92:A1:C7:74:85:C3:D4
Certificate issuer:       /CN=9944078b40772b172c7046e7446204980ceae139
Certificate serial:       018CC5DCBF8CCBDFE09C5285136907F6D476
Authority key identifier: 99:44:07:8B:40:77:2B:17:2C:70:46:E7:44:62:04:98:0C:EA:E1:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mUQHi0B3KxcscEbnRGIEmAzq4Tk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/048df6-bccd-4885-8f43-4dc2071a5bf1/1/2P3Hvw50g9AQsDZqlpKhx3SFw9Q.roa
Signing time:             Mon 01 Jan 2024 16:30:27 +0000
ROA not before:           Mon 01 Jan 2024 16:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43210
IP address blocks:        195.95.179.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/048df6-bccd-4885-8f43-4dc2071a5bf1/1/mUQHi0B3KxcscEbnRGIEmAzq4Tk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/048df6-bccd-4885-8f43-4dc2071a5bf1/1/mUQHi0B3KxcscEbnRGIEmAzq4Tk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mUQHi0B3KxcscEbnRGIEmAzq4Tk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:bf:8c:cb:df:e0:9c:52:85:13:69:07:f6:d4:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9944078b40772b172c7046e7446204980ceae139
        Validity
            Not Before: Jan  1 16:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d8fdc7bf0e7483d010b0366a9692a1c77485c3d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:71:c9:06:88:2a:df:18:76:d4:36:ff:d4:8b:
                    c7:68:d0:e7:79:ec:05:d9:79:0b:c4:71:91:a1:c2:
                    a9:51:05:ad:bf:59:c9:86:d0:32:40:fa:74:6c:07:
                    7a:df:21:dc:f5:cb:48:c1:a3:af:75:2b:85:10:7d:
                    46:9c:d5:a7:1b:91:a1:44:ce:fe:35:f3:f7:7f:99:
                    d3:c4:0f:a8:b3:cf:98:23:e2:1a:95:c1:ae:79:69:
                    d7:9b:e1:84:e4:f8:3d:4b:2f:cd:c2:59:9e:12:6d:
                    72:fc:2b:23:b8:19:d9:0b:d0:91:d8:b6:2d:51:61:
                    c8:85:2e:e1:91:21:ee:4b:5e:63:27:ed:3b:e6:f1:
                    35:e0:30:60:b9:83:0d:3a:69:26:8f:66:1b:2c:b6:
                    b4:41:3b:98:34:d2:3c:c5:1b:7f:39:4c:00:18:e3:
                    57:3f:12:28:e4:28:60:23:af:b3:c3:5b:60:b4:76:
                    f9:e1:57:18:7c:cc:1c:30:94:ce:1b:53:ae:07:c2:
                    7f:47:92:d0:d5:77:f9:15:3a:d6:6d:f6:d8:da:8f:
                    8f:71:60:a3:c9:34:e8:32:46:70:e0:a4:76:a8:1b:
                    68:e0:52:aa:5b:5b:d3:a3:b2:9b:1e:79:05:59:73:
                    b9:03:7d:a8:e4:04:04:9f:42:63:47:93:82:da:66:
                    ac:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:FD:C7:BF:0E:74:83:D0:10:B0:36:6A:96:92:A1:C7:74:85:C3:D4
            X509v3 Authority Key Identifier:
                keyid:99:44:07:8B:40:77:2B:17:2C:70:46:E7:44:62:04:98:0C:EA:E1:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mUQHi0B3KxcscEbnRGIEmAzq4Tk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/048df6-bccd-4885-8f43-4dc2071a5bf1/1/2P3Hvw50g9AQsDZqlpKhx3SFw9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/048df6-bccd-4885-8f43-4dc2071a5bf1/1/mUQHi0B3KxcscEbnRGIEmAzq4Tk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:74:b6:2d:28:34:d4:07:39:e3:5b:74:2e:5a:da:b8:ce:27:
         b0:c9:57:c9:fe:2b:35:b4:80:7a:70:99:33:fd:a6:59:e4:2c:
         08:97:7a:3a:bd:35:b9:1b:cb:9c:c8:34:37:d6:76:06:85:e3:
         bd:62:6a:d4:f2:52:a9:87:39:58:6d:92:e3:bf:c7:f7:15:be:
         0c:82:35:dd:da:1f:3f:d3:b2:51:3a:5c:4f:36:29:b5:fb:9b:
         b0:36:e0:06:e5:02:0d:16:61:a2:bf:bc:6b:24:46:64:17:97:
         2b:70:97:f8:98:a8:2a:3c:b6:17:02:58:94:c3:5e:b6:41:ed:
         1d:8a:e2:f3:f6:e3:9f:6c:3c:a0:4e:12:a6:59:4c:db:b4:ca:
         24:34:e8:e5:4e:0a:86:98:f1:91:12:1c:de:20:df:1a:0c:4c:
         5f:34:90:fa:e4:b7:b7:36:88:e7:08:f4:f3:22:57:11:9b:a9:
         1a:3d:77:8e:fe:9e:8b:9a:3f:4c:49:5d:d2:9d:5c:47:3b:d0:
         6b:e2:71:1b:c4:fc:d0:11:1c:70:e6:5b:f7:62:f7:da:5d:dd:
         98:c5:68:a5:d6:77:80:31:b6:bb:1d:f4:a5:f8:56:00:ac:43:
         69:8f:b9:8a:ff:db:4d:21:4a:8b:e4:d9:e3:47:03:a2:85:8c:
         42:bb:61:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3L+My9/gnFKFE2kH9tR2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5NDQwNzhiNDA3NzJiMTcyYzcwNDZlNzQ0NjIwNDk4MGNl
YWUxMzkwHhcNMjQwMTAxMTYzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGZkYzdiZjBlNzQ4M2QwMTBiMDM2NmE5NjkyYTFjNzc0ODVjM2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAonHJBogq3xh21Db/1IvHaNDneewF
2XkLxHGRocKpUQWtv1nJhtAyQPp0bAd63yHc9ctIwaOvdSuFEH1GnNWnG5GhRM7+
NfP3f5nTxA+os8+YI+IalcGueWnXm+GE5Pg9Sy/NwlmeEm1y/CsjuBnZC9CR2LYt
UWHIhS7hkSHuS15jJ+075vE14DBguYMNOmkmj2YbLLa0QTuYNNI8xRt/OUwAGONX
PxIo5ChgI6+zw1tgtHb54VcYfMwcMJTOG1OuB8J/R5LQ1Xf5FTrWbfbY2o+PcWCj
yTToMkZw4KR2qBto4FKqW1vTo7KbHnkFWXO5A32o5AQEn0JjR5OC2masxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNj9x78OdIPQELA2apaSocd0hcPUMB8GA1UdIwQY
MBaAFJlEB4tAdysXLHBG50RiBJgM6uE5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVVRSGkwQjNLeGNzY0ViblJHSUVtQXpxNFRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8wNDhkZjYtYmNjZC00ODg1LThmNDMt
NGRjMjA3MWE1YmYxLzEvMlAzSHZ3NTBnOUFRc0RacWxwS2h4M1NGdzlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8wNDhkZjYtYmNjZC00ODg1LThmNDMtNGRjMjA3MWE1YmYx
LzEvbVVRSGkwQjNLeGNzY0ViblJHSUVtQXpxNFRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1+zMA0G
CSqGSIb3DQEBCwUAA4IBAQCtdLYtKDTUBznjW3QuWtq4ziewyVfJ/is1tIB6cJkz
/aZZ5CwIl3o6vTW5G8ucyDQ31nYGheO9YmrU8lKphzlYbZLjv8f3Fb4MgjXd2h8/
07JROlxPNim1+5uwNuAG5QINFmGiv7xrJEZkF5crcJf4mKgqPLYXAliUw162Qe0d
iuLz9uOfbDygThKmWUzbtMokNOjlTgqGmPGREhzeIN8aDExfNJD65Le3NojnCPTz
IlcRm6kaPXeO/p6Lmj9MSV3SnVxHO9Br4nEbxPzQERxw5lv3YvfaXd2YxWil1neA
Mba7HfSl+FYArENpj7mK/9tNIUqL5NnjRwOihYxCu2Ht
-----END CERTIFICATE-----