Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/320ef9-3541-4321-80ff-f85c60be340d/1/ROQYepZ-v8BpizZNFAuq8_5LQQQ.roa
File:                     ROQYepZ-v8BpizZNFAuq8_5LQQQ.roa (raw, json)
Hash identifier:          HeZYedzCsaQGPpqIJoKwPmM/qKpN9HSnrP+Nc4cnPow=
Subject key identifier:   44:E4:18:7A:96:7E:BF:C0:69:8B:36:4D:14:0B:AA:F3:FE:4B:41:04
Certificate issuer:       /CN=95699316424960711c2e8ecb536bdd02bc724fad
Certificate serial:       018FB8201A20FB2930F0380A356D19C84FFF
Authority key identifier: 95:69:93:16:42:49:60:71:1C:2E:8E:CB:53:6B:DD:02:BC:72:4F:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lWmTFkJJYHEcLo7LU2vdArxyT60.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/320ef9-3541-4321-80ff-f85c60be340d/1/ROQYepZ-v8BpizZNFAuq8_5LQQQ.roa
Signing time:             Mon 27 May 2024 03:37:42 +0000
ROA not before:           Mon 27 May 2024 03:37:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215094
IP address blocks:        95.141.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/320ef9-3541-4321-80ff-f85c60be340d/1/lWmTFkJJYHEcLo7LU2vdArxyT60.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/320ef9-3541-4321-80ff-f85c60be340d/1/lWmTFkJJYHEcLo7LU2vdArxyT60.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lWmTFkJJYHEcLo7LU2vdArxyT60.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:19:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:b8:20:1a:20:fb:29:30:f0:38:0a:35:6d:19:c8:4f:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95699316424960711c2e8ecb536bdd02bc724fad
        Validity
            Not Before: May 27 03:37:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44e4187a967ebfc0698b364d140baaf3fe4b4104
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:b6:ac:13:4b:3a:d0:06:16:dd:9f:11:22:83:
                    d3:be:ef:4f:9a:76:9c:bc:c8:05:df:47:75:8c:80:
                    19:cc:a9:29:e3:58:c2:57:a0:a3:6a:be:5d:81:df:
                    4f:3f:e8:a9:34:f1:46:56:db:a4:d9:13:69:39:47:
                    88:4c:2b:79:8a:2f:21:59:7e:44:40:ec:4c:af:d5:
                    ed:26:32:cb:2f:37:91:6e:60:ba:19:ce:d5:a7:a6:
                    98:38:c2:dd:e8:52:52:af:83:c3:ec:c7:4b:88:03:
                    40:cd:7f:9d:fe:cc:2c:f2:47:78:70:b2:8e:94:d4:
                    03:d8:e6:8f:99:70:10:0f:0d:f4:b0:3f:4b:0a:17:
                    fd:0b:a7:be:bc:5a:10:c6:1c:ca:8c:bf:e6:8d:8a:
                    14:e4:27:12:74:29:3f:50:67:18:5a:3f:56:43:d5:
                    56:56:c9:af:bd:8f:52:52:3b:30:ab:f5:a8:3f:3f:
                    ea:13:db:30:79:c6:53:35:e5:97:6f:0b:9f:78:43:
                    af:09:08:3a:aa:1e:eb:46:73:7f:26:c4:52:50:20:
                    df:5d:62:43:37:49:0b:fe:e5:61:d1:27:97:24:30:
                    bc:49:d1:ce:58:3d:5e:ac:94:99:01:16:a9:71:cc:
                    88:e2:80:ac:75:16:d4:cc:25:53:e3:94:66:88:b0:
                    71:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:E4:18:7A:96:7E:BF:C0:69:8B:36:4D:14:0B:AA:F3:FE:4B:41:04
            X509v3 Authority Key Identifier:
                keyid:95:69:93:16:42:49:60:71:1C:2E:8E:CB:53:6B:DD:02:BC:72:4F:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lWmTFkJJYHEcLo7LU2vdArxyT60.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/320ef9-3541-4321-80ff-f85c60be340d/1/ROQYepZ-v8BpizZNFAuq8_5LQQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/320ef9-3541-4321-80ff-f85c60be340d/1/lWmTFkJJYHEcLo7LU2vdArxyT60.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.141.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:89:29:af:87:80:4d:ea:dc:37:c7:96:55:02:c9:5d:2a:a4:
         54:5c:8a:12:bb:46:12:e1:bd:20:d1:f8:53:f5:ff:17:d3:45:
         9d:be:35:f4:99:41:68:db:56:dd:2d:13:39:d3:d3:4e:a5:4a:
         de:95:a5:1e:b1:65:84:70:c7:71:58:30:87:1a:c8:39:34:2a:
         16:a0:30:a6:73:6e:26:44:6f:06:ce:78:c5:32:45:60:fb:00:
         2b:60:1e:69:7f:57:ac:e8:05:5e:38:ae:74:d4:f2:33:ea:da:
         08:5e:56:9d:0d:73:c6:7c:44:b0:4d:24:99:76:7a:0f:2a:19:
         72:a1:d8:46:38:bb:19:b3:db:60:ef:67:40:ad:0a:03:ad:37:
         d5:25:55:1e:cf:d8:a0:3f:bc:4f:fe:98:96:4d:9e:0b:98:e1:
         67:c1:5b:8c:34:75:29:45:df:46:b8:a8:03:b5:99:93:46:e3:
         06:81:b8:ad:27:34:fb:ae:ec:28:ef:ea:90:dd:21:e5:6e:17:
         96:90:f3:89:12:c0:3e:92:e0:ab:85:28:f8:67:bf:13:46:39:
         79:ee:b7:2b:04:6c:9b:b6:9f:4c:f3:a1:aa:e3:9d:9b:15:3e:
         f9:15:a3:53:c1:ae:db:19:d2:0b:a9:dc:85:24:7b:49:09:aa:
         ff:7e:9a:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+4IBog+ykw8DgKNW0ZyE//MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1Njk5MzE2NDI0OTYwNzExYzJlOGVjYjUzNmJkZDAyYmM3
MjRmYWQwHhcNMjQwNTI3MDMzNzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGU0MTg3YTk2N2ViZmMwNjk4YjM2NGQxNDBiYWFmM2ZlNGI0MTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAurasE0s60AYW3Z8RIoPTvu9Pmnac
vMgF30d1jIAZzKkp41jCV6Cjar5dgd9PP+ipNPFGVtuk2RNpOUeITCt5ii8hWX5E
QOxMr9XtJjLLLzeRbmC6Gc7Vp6aYOMLd6FJSr4PD7MdLiANAzX+d/sws8kd4cLKO
lNQD2OaPmXAQDw30sD9LChf9C6e+vFoQxhzKjL/mjYoU5CcSdCk/UGcYWj9WQ9VW
VsmvvY9SUjswq/WoPz/qE9swecZTNeWXbwufeEOvCQg6qh7rRnN/JsRSUCDfXWJD
N0kL/uVh0SeXJDC8SdHOWD1erJSZARapccyI4oCsdRbUzCVT45RmiLBxcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFETkGHqWfr/AaYs2TRQLqvP+S0EEMB8GA1UdIwQY
MBaAFJVpkxZCSWBxHC6Oy1Nr3QK8ck+tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFdtVEZrSkpZSEVjTG83TFUydmRBcnh5VDYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS8zMjBlZjktMzU0MS00MzIxLTgwZmYt
Zjg1YzYwYmUzNDBkLzEvUk9RWWVwWi12OEJwaXpaTkZBdXE4XzVMUVFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS8zMjBlZjktMzU0MS00MzIxLTgwZmYtZjg1YzYwYmUzNDBk
LzEvbFdtVEZrSkpZSEVjTG83TFUydmRBcnh5VDYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX438MA0G
CSqGSIb3DQEBCwUAA4IBAQBWiSmvh4BN6tw3x5ZVAsldKqRUXIoSu0YS4b0g0fhT
9f8X00WdvjX0mUFo21bdLRM509NOpUrelaUesWWEcMdxWDCHGsg5NCoWoDCmc24m
RG8GznjFMkVg+wArYB5pf1es6AVeOK501PIz6toIXladDXPGfESwTSSZdnoPKhly
odhGOLsZs9tg72dArQoDrTfVJVUez9igP7xP/piWTZ4LmOFnwVuMNHUpRd9GuKgD
tZmTRuMGgbitJzT7ruwo7+qQ3SHlbheWkPOJEsA+kuCrhSj4Z78TRjl57rcrBGyb
tp9M86Gq452bFT75FaNTwa7bGdILqdyFJHtJCar/fpqy
-----END CERTIFICATE-----