Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/f04a57-5ee9-4b6a-9da2-bd9a3b55f125/1/s9ObDJjyPHq1zOz-e4O4ptl9ubQ.roa
File:                     s9ObDJjyPHq1zOz-e4O4ptl9ubQ.roa (raw, json)
Hash identifier:          Ql+TOQD4NGBNyf3IKxbEE4gdXK37sylGmJ8nxPsXu8g=
Subject key identifier:   B3:D3:9B:0C:98:F2:3C:7A:B5:CC:EC:FE:7B:83:B8:A6:D9:7D:B9:B4
Certificate issuer:       /CN=558dcc5d7e6887c941ae3b28ce3cbf2fb4f20603
Certificate serial:       018CC9BCB18355DCF00B5152CC3AC540BC91
Authority key identifier: 55:8D:CC:5D:7E:68:87:C9:41:AE:3B:28:CE:3C:BF:2F:B4:F2:06:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VY3MXX5oh8lBrjsozjy_L7TyBgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/f04a57-5ee9-4b6a-9da2-bd9a3b55f125/1/s9ObDJjyPHq1zOz-e4O4ptl9ubQ.roa
Signing time:             Tue 02 Jan 2024 10:33:55 +0000
ROA not before:           Tue 02 Jan 2024 10:33:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209681
IP address blocks:        95.214.68.0/22 maxlen: 24
                          2a09:d980::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/f04a57-5ee9-4b6a-9da2-bd9a3b55f125/1/VY3MXX5oh8lBrjsozjy_L7TyBgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/f04a57-5ee9-4b6a-9da2-bd9a3b55f125/1/VY3MXX5oh8lBrjsozjy_L7TyBgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VY3MXX5oh8lBrjsozjy_L7TyBgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 04:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:b1:83:55:dc:f0:0b:51:52:cc:3a:c5:40:bc:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=558dcc5d7e6887c941ae3b28ce3cbf2fb4f20603
        Validity
            Not Before: Jan  2 10:33:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3d39b0c98f23c7ab5ccecfe7b83b8a6d97db9b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:c8:40:1e:da:3a:ca:21:81:a0:8c:fb:5f:3b:
                    55:fc:64:fd:fa:08:76:80:37:7b:ed:26:b6:c3:10:
                    99:45:1c:c1:ad:d4:7e:58:d0:67:4c:fb:e5:f1:9a:
                    03:21:3c:b2:d9:72:d5:a6:bc:a0:a1:2b:ea:79:97:
                    98:c6:ad:6a:95:b8:73:02:08:76:1f:61:f4:12:9e:
                    a3:8d:ab:8d:40:40:3a:c4:e7:3d:64:66:50:0a:25:
                    f6:c0:32:1c:e2:1f:0c:45:f4:48:3e:ce:42:bd:b6:
                    2c:be:fb:23:cb:6f:90:d4:aa:ce:c5:d5:07:24:e2:
                    5a:89:99:96:6c:54:08:a2:f4:da:73:e6:47:eb:c2:
                    41:22:f7:1c:c0:73:0f:9c:dc:90:b6:0a:6b:98:8f:
                    f8:6e:da:eb:47:c2:dc:0b:f6:06:99:5d:f2:6b:55:
                    ec:14:8d:39:47:18:e8:f6:32:5d:1b:3a:8e:b7:9d:
                    d8:dc:2a:b3:4c:ac:e8:ff:62:df:7c:db:2c:8e:78:
                    a3:d0:dd:a8:c3:b8:d5:a4:ee:64:8d:cf:10:3c:99:
                    69:40:4b:cb:28:5a:60:b0:3c:00:df:b2:44:ad:a8:
                    a8:48:b3:3f:16:d6:ef:6a:64:1f:2f:e9:0c:76:7f:
                    60:02:da:84:d0:ea:c0:6f:b0:2b:3b:73:d5:c9:6f:
                    97:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:D3:9B:0C:98:F2:3C:7A:B5:CC:EC:FE:7B:83:B8:A6:D9:7D:B9:B4
            X509v3 Authority Key Identifier:
                keyid:55:8D:CC:5D:7E:68:87:C9:41:AE:3B:28:CE:3C:BF:2F:B4:F2:06:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VY3MXX5oh8lBrjsozjy_L7TyBgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/f04a57-5ee9-4b6a-9da2-bd9a3b55f125/1/s9ObDJjyPHq1zOz-e4O4ptl9ubQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/f04a57-5ee9-4b6a-9da2-bd9a3b55f125/1/VY3MXX5oh8lBrjsozjy_L7TyBgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.214.68.0/22
                IPv6:
                  2a09:d980::/29

    Signature Algorithm: sha256WithRSAEncryption
         49:df:0d:90:d9:50:26:c2:03:58:cf:cb:fb:23:d1:ff:42:e3:
         3f:e0:2b:cd:d9:73:a0:ee:c9:72:6b:8e:e3:03:5c:b6:92:5f:
         3b:4e:f6:5f:f6:36:8b:d7:c5:18:78:15:b2:ad:8e:6f:0d:77:
         e0:91:cd:f8:d1:72:b4:4f:a2:70:b6:08:64:9a:48:ac:fd:cf:
         9d:3e:ad:a4:5a:65:b4:51:3c:6c:2e:1d:cb:f3:9a:47:ee:53:
         4e:b8:e6:37:2a:84:86:26:03:2c:cf:d2:64:f5:d7:8a:80:52:
         b5:c2:74:95:7d:0b:6c:47:93:11:9f:ec:0c:ab:b5:35:b3:ec:
         37:af:36:74:33:a5:18:c4:7a:93:33:84:16:91:33:1a:ea:15:
         b6:48:82:b1:ef:fc:38:dd:3e:73:5f:f4:6f:94:1f:fe:23:91:
         38:24:85:6a:af:66:ad:6a:be:92:15:4f:11:ad:7a:8c:92:cd:
         40:59:c5:3e:aa:88:63:c2:82:a1:77:14:e7:b2:98:a4:9c:1c:
         94:c9:e2:24:76:a5:7c:5f:df:83:b3:f5:b1:e1:4e:68:f6:21:
         ee:61:88:6f:47:15:1e:19:4a:39:b6:4f:a1:f1:15:d2:9a:34:
         01:34:c0:77:59:6a:47:59:83:3e:cc:ac:31:8b:c8:0c:f1:b5:
         18:51:c8:fa
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJvLGDVdzwC1FSzDrFQLyRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1OGRjYzVkN2U2ODg3Yzk0MWFlM2IyOGNlM2NiZjJmYjRm
MjA2MDMwHhcNMjQwMTAyMTAzMzU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2QzOWIwYzk4ZjIzYzdhYjVjY2VjZmU3YjgzYjhhNmQ5N2RiOWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmshAHto6yiGBoIz7XztV/GT9+gh2
gDd77Sa2wxCZRRzBrdR+WNBnTPvl8ZoDITyy2XLVprygoSvqeZeYxq1qlbhzAgh2
H2H0Ep6jjauNQEA6xOc9ZGZQCiX2wDIc4h8MRfRIPs5CvbYsvvsjy2+Q1KrOxdUH
JOJaiZmWbFQIovTac+ZH68JBIvccwHMPnNyQtgprmI/4btrrR8LcC/YGmV3ya1Xs
FI05Rxjo9jJdGzqOt53Y3CqzTKzo/2LffNssjnij0N2ow7jVpO5kjc8QPJlpQEvL
KFpgsDwA37JEraioSLM/FtbvamQfL+kMdn9gAtqE0OrAb7ArO3PVyW+XZQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLPTmwyY8jx6tczs/nuDuKbZfbm0MB8GA1UdIwQY
MBaAFFWNzF1+aIfJQa47KM48vy+08gYDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlkzTVhYNW9oOGxCcmpzb3pqeV9MN1R5QmdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9mMDRhNTctNWVlOS00YjZhLTlkYTIt
YmQ5YTNiNTVmMTI1LzEvczlPYkRKanlQSHExek96LWU0TzRwdGw5dWJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9mMDRhNTctNWVlOS00YjZhLTlkYTItYmQ5YTNiNTVmMTI1
LzEvVlkzTVhYNW9oOGxCcmpzb3pqeV9MN1R5QmdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCX9ZEMA0E
AgACMAcDBQMqCdmAMA0GCSqGSIb3DQEBCwUAA4IBAQBJ3w2Q2VAmwgNYz8v7I9H/
QuM/4CvN2XOg7slya47jA1y2kl87TvZf9jaL18UYeBWyrY5vDXfgkc340XK0T6Jw
tghkmkis/c+dPq2kWmW0UTxsLh3L85pH7lNOuOY3KoSGJgMsz9Jk9deKgFK1wnSV
fQtsR5MRn+wMq7U1s+w3rzZ0M6UYxHqTM4QWkTMa6hW2SIKx7/w43T5zX/RvlB/+
I5E4JIVqr2atar6SFU8RrXqMks1AWcU+qohjwoKhdxTnspiknByUyeIkdqV8X9+D
s/Wx4U5o9iHuYYhvRxUeGUo5tk+h8RXSmjQBNMB3WWpHWYM+zKwxi8gM8bUYUcj6
-----END CERTIFICATE-----