Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/lt8f4_OzN5S5VgiVeMwXs-OvlvY.roa
File:                     lt8f4_OzN5S5VgiVeMwXs-OvlvY.roa (raw, json)
Hash identifier:          7VBS4e4bUM0at7ZYHqkEIBK080ptDPwCBgWaHPzoPcs=
Subject key identifier:   96:DF:1F:E3:F3:B3:37:94:B9:56:08:95:78:CC:17:B3:E3:AF:96:F6
Certificate issuer:       /CN=363769f8644a5a718ae62b058dd1fb62cb5a3c20
Certificate serial:       018CC871535C36CBA556C978FF46933E88AC
Authority key identifier: 36:37:69:F8:64:4A:5A:71:8A:E6:2B:05:8D:D1:FB:62:CB:5A:3C:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/lt8f4_OzN5S5VgiVeMwXs-OvlvY.roa
Signing time:             Tue 02 Jan 2024 04:31:59 +0000
ROA not before:           Tue 02 Jan 2024 04:31:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210644
IP address blocks:        95.181.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 11:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:53:5c:36:cb:a5:56:c9:78:ff:46:93:3e:88:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=363769f8644a5a718ae62b058dd1fb62cb5a3c20
        Validity
            Not Before: Jan  2 04:31:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96df1fe3f3b33794b956089578cc17b3e3af96f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:99:ca:07:99:6e:84:6e:ad:52:7d:3e:61:e7:
                    6c:8e:58:12:20:c1:cc:62:fd:d0:bd:32:5c:8c:98:
                    e3:cd:35:a2:36:97:c2:fd:f3:5e:18:5d:70:9b:df:
                    68:ff:0e:fe:95:a3:9a:3d:0c:a1:c0:9b:64:d8:48:
                    04:a4:69:1d:d9:08:9b:b2:0b:b6:bc:b0:b1:02:28:
                    cd:03:a7:ac:66:c2:b4:e5:64:18:43:a9:c7:9b:6b:
                    d5:82:08:1b:53:3b:ae:d0:af:d6:36:b0:cb:ea:7b:
                    51:23:a2:41:e1:bb:88:9c:48:9a:49:45:83:a6:fd:
                    e9:bd:6e:6d:1c:da:c1:43:17:eb:4a:d9:ab:a3:62:
                    1f:05:f6:d4:03:4f:8b:4a:f3:dd:90:2a:ff:3d:b2:
                    c8:e1:f1:ea:19:c7:7d:da:73:39:01:8f:ee:d0:52:
                    16:5d:76:c4:00:0a:cc:24:25:56:b3:45:cd:5d:9d:
                    58:7a:d8:ee:77:b4:60:be:b6:d9:73:88:f6:1c:eb:
                    d9:ef:8a:9d:3e:9f:f5:aa:1f:ee:d1:76:d5:79:6f:
                    a1:05:3c:80:e2:95:e2:ce:7c:34:26:4a:89:65:08:
                    32:9c:0d:e8:2b:0b:a5:78:37:83:df:26:ce:4e:93:
                    78:9a:4f:67:4f:6c:65:05:4d:9a:93:dc:97:96:ad:
                    69:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:DF:1F:E3:F3:B3:37:94:B9:56:08:95:78:CC:17:B3:E3:AF:96:F6
            X509v3 Authority Key Identifier:
                keyid:36:37:69:F8:64:4A:5A:71:8A:E6:2B:05:8D:D1:FB:62:CB:5A:3C:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/lt8f4_OzN5S5VgiVeMwXs-OvlvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.181.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:ac:2d:ad:0a:47:cb:d5:9a:67:d3:ae:82:dd:94:e5:41:58:
         f1:87:23:b5:06:ae:67:c7:ad:57:18:bd:90:27:a9:38:b0:0e:
         a6:dd:b9:4d:62:7d:49:bf:ed:9d:1b:cd:03:72:f7:e5:fd:8a:
         63:0e:da:9d:8e:92:bd:cb:35:10:30:84:ee:0d:f0:96:e6:56:
         ce:1d:45:ab:24:07:65:b1:43:69:42:07:d6:80:a7:4e:6f:81:
         31:32:e2:9f:93:45:e5:d2:5a:25:23:74:67:1f:19:17:0f:ff:
         7b:e4:36:c2:9c:0b:13:2c:b8:4a:6f:12:24:db:53:76:88:d4:
         eb:be:9c:57:77:4c:e7:f3:7c:14:ff:1e:b9:8b:be:31:2f:25:
         03:0d:74:08:a3:08:cb:d6:a0:8b:26:cb:76:2a:7d:7e:fc:bf:
         fb:19:54:81:96:87:50:aa:bb:ec:22:e9:94:71:64:15:f9:e0:
         f0:13:48:69:f7:7d:89:3d:fb:04:19:88:1b:d3:91:89:52:c6:
         a6:cc:09:7b:70:b2:72:0d:27:33:88:32:e1:89:8e:5a:a2:bc:
         40:fb:4c:ff:c1:da:7b:74:68:fb:18:af:6a:ae:3f:c5:ef:4b:
         62:eb:67:19:da:bd:e8:70:64:1e:8a:87:1f:26:88:c0:f1:56:
         41:0a:10:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcVNcNsulVsl4/0aTPoisMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2Mzc2OWY4NjQ0YTVhNzE4YWU2MmIwNThkZDFmYjYyY2I1
YTNjMjAwHhcNMjQwMTAyMDQzMTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmRmMWZlM2YzYjMzNzk0Yjk1NjA4OTU3OGNjMTdiM2UzYWY5NmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk5nKB5luhG6tUn0+YedsjlgSIMHM
Yv3QvTJcjJjjzTWiNpfC/fNeGF1wm99o/w7+laOaPQyhwJtk2EgEpGkd2Qibsgu2
vLCxAijNA6esZsK05WQYQ6nHm2vVgggbUzuu0K/WNrDL6ntRI6JB4buInEiaSUWD
pv3pvW5tHNrBQxfrStmro2IfBfbUA0+LSvPdkCr/PbLI4fHqGcd92nM5AY/u0FIW
XXbEAArMJCVWs0XNXZ1Yetjud7RgvrbZc4j2HOvZ74qdPp/1qh/u0XbVeW+hBTyA
4pXiznw0JkqJZQgynA3oKwuleDeD3ybOTpN4mk9nT2xlBU2ak9yXlq1pbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJbfH+PzszeUuVYIlXjMF7Pjr5b2MB8GA1UdIwQY
MBaAFDY3afhkSlpxiuYrBY3R+2LLWjwgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmpkcC1HUktXbkdLNWlzRmpkSDdZc3RhUENBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8wZjhmZWEtZjAwYS00NDE1LWIzOTYt
Mzk5ZmM5NjkzYjIyLzEvbHQ4ZjRfT3pONVM1VmdpVmVNd1hzLU92bHZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8wZjhmZWEtZjAwYS00NDE1LWIzOTYtMzk5ZmM5NjkzYjIy
LzEvTmpkcC1HUktXbkdLNWlzRmpkSDdZc3RhUENBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX7WtMA0G
CSqGSIb3DQEBCwUAA4IBAQCJrC2tCkfL1Zpn066C3ZTlQVjxhyO1Bq5nx61XGL2Q
J6k4sA6m3blNYn1Jv+2dG80Dcvfl/YpjDtqdjpK9yzUQMITuDfCW5lbOHUWrJAdl
sUNpQgfWgKdOb4ExMuKfk0Xl0lolI3RnHxkXD/975DbCnAsTLLhKbxIk21N2iNTr
vpxXd0zn83wU/x65i74xLyUDDXQIowjL1qCLJst2Kn1+/L/7GVSBlodQqrvsIumU
cWQV+eDwE0hp932JPfsEGYgb05GJUsamzAl7cLJyDScziDLhiY5aorxA+0z/wdp7
dGj7GK9qrj/F70ti62cZ2r3ocGQeiocfJojA8VZBChAJ
-----END CERTIFICATE-----