Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/ac770e-41da-4d36-97e2-1618d5eeaae8/1/ceqO2cp_eoJpGqFPIAy-cuqNyfY.roa
File:                     ceqO2cp_eoJpGqFPIAy-cuqNyfY.roa (raw, json)
Hash identifier:          hU48x9U8QEoSWMeEZVv6RFNcL/p4PgTUtwXUhm4+xu8=
Subject key identifier:   71:EA:8E:D9:CA:7F:7A:82:69:1A:A1:4F:20:0C:BE:72:EA:8D:C9:F6
Certificate issuer:       /CN=8e7fb5f52847f2170e67fcc25adf0b5d686ffafc
Certificate serial:       018DC727A980EDD5F9A7B62BE0C1497A25E7
Authority key identifier: 8E:7F:B5:F5:28:47:F2:17:0E:67:FC:C2:5A:DF:0B:5D:68:6F:FA:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jn-19ShH8hcOZ_zCWt8LXWhv-vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/ac770e-41da-4d36-97e2-1618d5eeaae8/1/ceqO2cp_eoJpGqFPIAy-cuqNyfY.roa
Signing time:             Tue 20 Feb 2024 15:34:41 +0000
ROA not before:           Tue 20 Feb 2024 15:34:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49055
IP address blocks:        95.215.208.0/22 maxlen: 22
                          95.215.208.0/23 maxlen: 23
                          95.215.210.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/ac770e-41da-4d36-97e2-1618d5eeaae8/1/jn-19ShH8hcOZ_zCWt8LXWhv-vw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/ac770e-41da-4d36-97e2-1618d5eeaae8/1/jn-19ShH8hcOZ_zCWt8LXWhv-vw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jn-19ShH8hcOZ_zCWt8LXWhv-vw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 16:02:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c7:27:a9:80:ed:d5:f9:a7:b6:2b:e0:c1:49:7a:25:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e7fb5f52847f2170e67fcc25adf0b5d686ffafc
        Validity
            Not Before: Feb 20 15:34:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71ea8ed9ca7f7a82691aa14f200cbe72ea8dc9f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:1d:c9:11:dd:02:0d:13:d8:93:02:25:4b:60:
                    19:64:db:a5:75:7e:fb:e7:49:1f:d8:9f:94:7a:99:
                    f8:a4:7c:40:51:c8:b3:bf:61:f2:6e:81:f1:bc:17:
                    3c:f8:34:26:0a:52:73:04:a8:f5:1b:57:68:3a:be:
                    7d:b2:cf:6c:a0:03:51:7c:37:3f:1b:ff:2d:51:a5:
                    ff:70:35:6c:ee:d6:21:f8:27:12:02:08:ea:f2:98:
                    d7:fd:c4:ad:04:5a:af:79:0a:b6:f3:44:67:b1:05:
                    3e:28:58:28:dd:aa:16:d6:13:38:fa:68:6a:d8:5e:
                    44:26:5a:9d:38:2f:0a:ee:ea:1f:b3:a6:21:11:9e:
                    f7:67:9d:c6:4b:0a:08:c4:4b:6d:56:ea:84:02:1e:
                    c0:3e:ae:6f:0f:05:e9:d8:88:ac:03:ca:b1:62:66:
                    b2:ba:2a:70:51:d2:47:fb:9e:67:a0:65:91:ba:ed:
                    c1:95:69:5d:fd:c7:36:fc:b3:b2:12:d7:23:2c:0e:
                    e3:4e:08:84:09:88:08:fd:5c:c0:7f:4e:46:f6:d4:
                    2f:d7:dc:6f:d1:a6:fa:65:e0:9b:64:a2:a9:1d:c2:
                    47:e1:20:cb:dd:4e:d7:da:dc:4b:e7:d4:ee:c2:83:
                    6e:0d:29:94:f2:44:5f:9c:da:88:1a:26:67:b0:06:
                    4a:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:EA:8E:D9:CA:7F:7A:82:69:1A:A1:4F:20:0C:BE:72:EA:8D:C9:F6
            X509v3 Authority Key Identifier:
                keyid:8E:7F:B5:F5:28:47:F2:17:0E:67:FC:C2:5A:DF:0B:5D:68:6F:FA:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jn-19ShH8hcOZ_zCWt8LXWhv-vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/ac770e-41da-4d36-97e2-1618d5eeaae8/1/ceqO2cp_eoJpGqFPIAy-cuqNyfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/ac770e-41da-4d36-97e2-1618d5eeaae8/1/jn-19ShH8hcOZ_zCWt8LXWhv-vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.215.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         73:11:ca:3e:14:77:dc:55:98:b5:73:2d:65:df:d5:5d:50:21:
         7c:d9:05:f8:97:ab:47:3b:56:8b:8d:be:45:4a:a1:5c:03:07:
         ba:e7:49:4e:52:9f:ae:d6:60:82:fb:38:0d:df:5e:d5:7f:40:
         34:f3:ad:b0:ba:29:4f:6a:15:c7:06:73:00:9f:6e:af:fa:e6:
         8f:33:1a:80:e9:b8:90:16:46:06:ba:c9:94:d2:87:35:a3:93:
         44:b5:af:e0:60:e5:9c:f7:e8:7b:f6:03:ed:8e:f3:13:e6:55:
         04:2a:6e:d9:d7:65:7f:4d:a7:1c:fd:4c:ab:7e:db:17:19:dc:
         2d:5a:d6:43:df:4a:57:08:1a:dd:65:10:42:a5:fa:d6:66:40:
         eb:62:57:75:b3:21:db:32:e3:d9:38:ff:91:72:bd:e6:52:03:
         84:27:74:b9:e3:30:b7:66:e4:a4:80:4c:b0:d0:77:67:d3:af:
         73:e9:2a:f1:04:98:42:59:a2:49:97:95:df:4d:5b:79:2f:36:
         d8:f8:05:c3:36:03:17:9b:99:0f:7d:19:56:7f:3f:13:e5:f3:
         ec:80:06:4e:74:4b:80:69:71:ad:ef:d4:54:28:59:d7:a0:ee:
         08:eb:f2:fd:52:c0:4e:6a:fc:1a:67:72:1c:66:47:67:21:98:
         40:cd:ee:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3HJ6mA7dX5p7Yr4MFJeiXnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlN2ZiNWY1Mjg0N2YyMTcwZTY3ZmNjMjVhZGYwYjVkNjg2
ZmZhZmMwHhcNMjQwMjIwMTUzNDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWVhOGVkOWNhN2Y3YTgyNjkxYWExNGYyMDBjYmU3MmVhOGRjOWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAth3JEd0CDRPYkwIlS2AZZNuldX77
50kf2J+Uepn4pHxAUcizv2HyboHxvBc8+DQmClJzBKj1G1doOr59ss9soANRfDc/
G/8tUaX/cDVs7tYh+CcSAgjq8pjX/cStBFqveQq280RnsQU+KFgo3aoW1hM4+mhq
2F5EJlqdOC8K7uofs6YhEZ73Z53GSwoIxEttVuqEAh7APq5vDwXp2IisA8qxYmay
uipwUdJH+55noGWRuu3BlWld/cc2/LOyEtcjLA7jTgiECYgI/VzAf05G9tQv19xv
0ab6ZeCbZKKpHcJH4SDL3U7X2txL59TuwoNuDSmU8kRfnNqIGiZnsAZKDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHHqjtnKf3qCaRqhTyAMvnLqjcn2MB8GA1UdIwQY
MBaAFI5/tfUoR/IXDmf8wlrfC11ob/r8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvam4tMTlTaEg4aGNPWl96Q1d0OExYV2h2LXZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9hYzc3MGUtNDFkYS00ZDM2LTk3ZTIt
MTYxOGQ1ZWVhYWU4LzEvY2VxTzJjcF9lb0pwR3FGUElBeS1jdXFOeWZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9hYzc3MGUtNDFkYS00ZDM2LTk3ZTItMTYxOGQ1ZWVhYWU4
LzEvam4tMTlTaEg4aGNPWl96Q1d0OExYV2h2LXZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCX9fQMA0G
CSqGSIb3DQEBCwUAA4IBAQBzEco+FHfcVZi1cy1l39VdUCF82QX4l6tHO1aLjb5F
SqFcAwe650lOUp+u1mCC+zgN317Vf0A0862wuilPahXHBnMAn26v+uaPMxqA6biQ
FkYGusmU0oc1o5NEta/gYOWc9+h79gPtjvMT5lUEKm7Z12V/Tacc/UyrftsXGdwt
WtZD30pXCBrdZRBCpfrWZkDrYld1syHbMuPZOP+Rcr3mUgOEJ3S54zC3ZuSkgEyw
0Hdn069z6SrxBJhCWaJJl5XfTVt5LzbY+AXDNgMXm5kPfRlWfz8T5fPsgAZOdEuA
aXGt79RUKFnXoO4I6/L9UsBOavwaZ3IcZkdnIZhAze4V
-----END CERTIFICATE-----