Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/Enaqa17PZwuDr1kwKUiPy6HDfvI.roa
File:                     Enaqa17PZwuDr1kwKUiPy6HDfvI.roa (raw, json)
Hash identifier:          gZQeeuAYCk2RYOu+rVu1YOfBsxTdg984wcOSNfMg0WI=
Subject key identifier:   12:76:AA:6B:5E:CF:67:0B:83:AF:59:30:29:48:8F:CB:A1:C3:7E:F2
Certificate issuer:       /CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Certificate serial:       018CC6B8174EF82EDBD75A49B2AC46E39F8B
Authority key identifier: AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/Enaqa17PZwuDr1kwKUiPy6HDfvI.roa
Signing time:             Mon 01 Jan 2024 20:30:02 +0000
ROA not before:           Mon 01 Jan 2024 20:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44386
IP address blocks:        195.34.20.0/23 maxlen: 23
                          195.34.20.0/24 maxlen: 24
                          195.34.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 13:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:17:4e:f8:2e:db:d7:5a:49:b2:ac:46:e3:9f:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aefe1c859409ac5de7414c48f86739913be6b7e5
        Validity
            Not Before: Jan  1 20:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1276aa6b5ecf670b83af593029488fcba1c37ef2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:72:b9:e1:ef:2c:c4:83:58:40:14:c5:b5:c1:
                    7a:c1:a3:77:3d:d0:4d:a1:6d:dc:d7:2b:23:e3:98:
                    93:57:d7:a4:84:df:4e:1d:2c:4c:f1:a6:0a:dd:51:
                    ad:39:a0:94:45:8f:15:81:f7:67:78:a4:1d:27:5c:
                    24:24:a9:75:00:8d:5f:32:f6:85:1a:0e:7b:45:b0:
                    e6:8e:2e:dd:d1:f8:db:83:82:09:91:ab:21:7e:c1:
                    84:3f:5c:4d:00:2b:06:b0:34:7c:9d:d8:2c:1e:24:
                    50:bb:bc:17:77:42:d0:17:09:56:90:d9:a0:28:fb:
                    ec:d4:5c:0d:de:50:e9:07:65:74:89:d0:33:2f:34:
                    70:d2:43:f9:36:76:9f:92:10:db:f4:f5:4b:b1:bd:
                    aa:38:25:c1:09:89:11:b5:87:fc:43:1d:40:5d:09:
                    36:83:6e:ef:20:c3:e8:4b:f2:9b:22:65:24:a8:00:
                    97:4b:be:34:c9:92:ed:d2:29:91:d0:2c:c5:07:af:
                    b6:50:78:12:d6:90:fe:52:12:26:6e:4c:a4:06:8c:
                    cf:ed:a4:da:4a:fc:3d:20:ef:20:51:db:32:8e:3e:
                    2b:c9:22:55:0c:11:cc:99:95:87:dd:09:34:50:63:
                    e7:c2:77:8b:b8:a4:45:8c:f5:35:2c:d0:35:17:58:
                    c6:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:76:AA:6B:5E:CF:67:0B:83:AF:59:30:29:48:8F:CB:A1:C3:7E:F2
            X509v3 Authority Key Identifier:
                keyid:AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/Enaqa17PZwuDr1kwKUiPy6HDfvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.34.20.0/23

    Signature Algorithm: sha256WithRSAEncryption
         47:ab:14:ee:31:25:40:30:41:2c:1c:f9:1e:6a:bf:0c:aa:e4:
         22:75:8a:5e:20:94:4b:11:95:31:89:84:30:a1:38:20:10:78:
         ff:68:cb:08:5a:a4:9d:89:28:a8:47:4d:08:c0:4a:2e:1e:d9:
         a8:c2:6f:c2:53:f3:81:ee:f2:88:be:80:dd:93:48:7c:1f:ba:
         fb:5f:ec:ca:51:d9:25:cf:70:a7:03:6d:bc:33:3a:51:e0:55:
         a2:91:e4:5f:44:35:7a:66:06:4d:45:9d:4b:0f:4d:ac:f6:ce:
         7a:28:58:57:2b:60:20:4c:4f:fa:e6:1c:a2:9f:65:97:21:3b:
         7c:99:19:5d:15:dd:49:46:f5:52:ce:05:e2:31:59:72:c5:06:
         5b:87:86:38:2f:d8:1b:10:99:36:f0:3f:7f:74:df:ee:9b:37:
         a6:b1:2f:9b:3d:0b:db:a4:7b:97:9a:ed:df:04:11:3a:79:11:
         6a:a4:bc:99:15:2e:c0:69:b0:4d:f7:33:2c:10:33:c7:1e:ba:
         67:4e:63:07:60:5d:b9:9a:5f:51:11:53:e7:26:de:73:c4:2c:
         df:e3:a4:b1:2b:2d:97:49:94:d1:a9:b4:93:47:a6:50:7c:8b:
         0c:8e:49:76:f3:a9:4a:28:f8:d5:c5:a8:34:2a:1b:23:f3:d1:
         bf:fb:9b:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuBdO+C7b11pJsqxG45+LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZmUxYzg1OTQwOWFjNWRlNzQxNGM0OGY4NjczOTkxM2Jl
NmI3ZTUwHhcNMjQwMTAxMjAzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjc2YWE2YjVlY2Y2NzBiODNhZjU5MzAyOTQ4OGZjYmExYzM3ZWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXK54e8sxINYQBTFtcF6waN3PdBN
oW3c1ysj45iTV9ekhN9OHSxM8aYK3VGtOaCURY8VgfdneKQdJ1wkJKl1AI1fMvaF
Gg57RbDmji7d0fjbg4IJkashfsGEP1xNACsGsDR8ndgsHiRQu7wXd0LQFwlWkNmg
KPvs1FwN3lDpB2V0idAzLzRw0kP5NnafkhDb9PVLsb2qOCXBCYkRtYf8Qx1AXQk2
g27vIMPoS/KbImUkqACXS740yZLt0imR0CzFB6+2UHgS1pD+UhImbkykBozP7aTa
Svw9IO8gUdsyjj4rySJVDBHMmZWH3Qk0UGPnwneLuKRFjPU1LNA1F1jGjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBJ2qmtez2cLg69ZMClIj8uhw37yMB8GA1UdIwQY
MBaAFK7+HIWUCaxd50FMSPhnOZE75rflMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEt
NDI4NDU4Njc5Y2U0LzEvRW5hcWExN1Bad3VEcjFrd0tVaVB5NkhEZnZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEtNDI4NDU4Njc5Y2U0
LzEvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwyIUMA0G
CSqGSIb3DQEBCwUAA4IBAQBHqxTuMSVAMEEsHPkear8MquQidYpeIJRLEZUxiYQw
oTggEHj/aMsIWqSdiSioR00IwEouHtmowm/CU/OB7vKIvoDdk0h8H7r7X+zKUdkl
z3CnA228MzpR4FWikeRfRDV6ZgZNRZ1LD02s9s56KFhXK2AgTE/65hyin2WXITt8
mRldFd1JRvVSzgXiMVlyxQZbh4Y4L9gbEJk28D9/dN/umzemsS+bPQvbpHuXmu3f
BBE6eRFqpLyZFS7AabBN9zMsEDPHHrpnTmMHYF25ml9REVPnJt5zxCzf46SxKy2X
SZTRqbSTR6ZQfIsMjkl286lKKPjVxag0Khsj89G/+5tg
-----END CERTIFICATE-----