Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/vsReOO8tBFjruuoyhiZf8FwacBA.roa
File:                     vsReOO8tBFjruuoyhiZf8FwacBA.roa (raw, json)
Hash identifier:          +0fblfxRsZqAfSQtuaHOOU86PtE/ccNN0R9t/+co4Kw=
Subject key identifier:   BE:C4:5E:38:EF:2D:04:58:EB:BA:EA:32:86:26:5F:F0:5C:1A:70:10
Certificate issuer:       /CN=363769f8644a5a718ae62b058dd1fb62cb5a3c20
Certificate serial:       018CC87154AFAC698FA0025387AF704205E9
Authority key identifier: 36:37:69:F8:64:4A:5A:71:8A:E6:2B:05:8D:D1:FB:62:CB:5A:3C:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/vsReOO8tBFjruuoyhiZf8FwacBA.roa
Signing time:             Tue 02 Jan 2024 04:31:59 +0000
ROA not before:           Tue 02 Jan 2024 04:31:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216127
IP address blocks:        95.181.151.0/24 maxlen: 24
                          95.181.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:54:af:ac:69:8f:a0:02:53:87:af:70:42:05:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=363769f8644a5a718ae62b058dd1fb62cb5a3c20
        Validity
            Not Before: Jan  2 04:31:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bec45e38ef2d0458ebbaea3286265ff05c1a7010
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:fe:57:b5:be:26:22:ea:6c:bf:de:61:2a:67:
                    c4:d5:f0:73:47:42:65:89:06:8b:d8:98:ca:4a:44:
                    29:17:aa:1d:b5:65:b6:dc:5f:da:50:a1:b1:57:6c:
                    9c:44:eb:f3:69:d3:57:5e:0b:3d:e5:fa:9f:51:2f:
                    32:94:f2:dc:ba:14:0f:1b:71:ae:8e:61:88:a5:b6:
                    ae:83:54:4e:84:d6:36:35:2f:d7:a7:91:6c:54:0f:
                    e7:dc:8f:87:ca:4d:c7:6d:d9:10:ab:1b:6e:c4:36:
                    b6:78:89:62:5a:a9:90:f3:91:44:bd:1c:99:a4:b5:
                    fa:62:7c:72:66:1d:d0:70:43:cf:87:cf:98:87:87:
                    a9:36:79:d4:0b:cb:ca:44:c1:4b:c2:d3:e9:4f:b1:
                    c1:a8:bd:63:0d:f0:fb:39:c0:04:57:57:06:0c:ae:
                    b1:ac:5e:d8:07:36:69:ce:d1:17:5c:bb:3e:7a:55:
                    99:34:96:7f:5a:fa:be:32:3f:43:8e:55:c2:45:d8:
                    a7:89:3a:5a:ba:e5:28:c5:77:35:40:33:2f:9f:8e:
                    b3:af:26:cb:9e:3c:7f:d8:48:c5:f3:a8:78:13:da:
                    3f:f3:b6:db:ff:24:65:d6:63:f1:12:0f:76:08:51:
                    7a:42:65:e9:3e:88:aa:b0:d7:2b:35:0c:89:4c:61:
                    a2:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:C4:5E:38:EF:2D:04:58:EB:BA:EA:32:86:26:5F:F0:5C:1A:70:10
            X509v3 Authority Key Identifier:
                keyid:36:37:69:F8:64:4A:5A:71:8A:E6:2B:05:8D:D1:FB:62:CB:5A:3C:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/vsReOO8tBFjruuoyhiZf8FwacBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.181.151.0/24
                  95.181.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:80:33:93:77:89:90:bd:c8:9e:41:8c:be:3d:83:f2:3a:fa:
         99:e9:35:d8:03:8b:31:93:63:fc:23:5f:a7:fe:18:52:42:db:
         d1:47:b8:60:eb:c0:45:86:ab:80:68:24:e8:ff:f8:5d:fe:6b:
         80:ec:db:8b:1e:a4:52:db:b9:4f:29:58:37:70:4b:1a:e2:95:
         bc:6e:23:2a:d7:e6:97:27:51:90:49:c0:b8:b8:08:ff:a3:ab:
         14:19:35:56:8d:9c:78:f9:25:67:e5:7e:c6:25:c2:b3:70:c9:
         d9:0f:c8:9e:ac:97:35:cf:b7:c9:a5:84:bd:4f:bd:8c:81:c2:
         e6:6c:36:e8:34:2c:69:8c:60:b7:55:de:cf:6b:4c:dc:b3:17:
         0c:74:bd:7c:01:45:08:e2:fb:52:6f:d9:77:d0:1f:2b:a3:c4:
         67:5e:cc:fa:1c:9a:74:4e:5b:c5:bb:ae:5a:79:83:40:a3:dd:
         65:cc:bc:e8:55:46:bd:b4:2f:77:6b:f8:39:f0:75:40:5d:86:
         82:53:eb:97:f0:66:be:15:50:cc:9a:c0:da:a4:f5:75:40:72:
         3e:90:36:a7:29:fd:c7:4d:8e:8a:df:e5:f2:9e:2c:2a:db:dd:
         6b:77:2f:fe:fa:5f:4a:5e:d6:05:c1:e3:5e:28:69:e0:e0:9f:
         6b:3c:54:d0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIcVSvrGmPoAJTh69wQgXpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2Mzc2OWY4NjQ0YTVhNzE4YWU2MmIwNThkZDFmYjYyY2I1
YTNjMjAwHhcNMjQwMTAyMDQzMTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWM0NWUzOGVmMmQwNDU4ZWJiYWVhMzI4NjI2NWZmMDVjMWE3MDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuv5Xtb4mIupsv95hKmfE1fBzR0Jl
iQaL2JjKSkQpF6odtWW23F/aUKGxV2ycROvzadNXXgs95fqfUS8ylPLcuhQPG3Gu
jmGIpbaug1ROhNY2NS/Xp5FsVA/n3I+Hyk3HbdkQqxtuxDa2eIliWqmQ85FEvRyZ
pLX6YnxyZh3QcEPPh8+Yh4epNnnUC8vKRMFLwtPpT7HBqL1jDfD7OcAEV1cGDK6x
rF7YBzZpztEXXLs+elWZNJZ/Wvq+Mj9DjlXCRdiniTpauuUoxXc1QDMvn46zrybL
njx/2EjF86h4E9o/87bb/yRl1mPxEg92CFF6QmXpPoiqsNcrNQyJTGGijwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL7EXjjvLQRY67rqMoYmX/BcGnAQMB8GA1UdIwQY
MBaAFDY3afhkSlpxiuYrBY3R+2LLWjwgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmpkcC1HUktXbkdLNWlzRmpkSDdZc3RhUENBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8wZjhmZWEtZjAwYS00NDE1LWIzOTYt
Mzk5ZmM5NjkzYjIyLzEvdnNSZU9POHRCRmpydXVveWhpWmY4RndhY0JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8wZjhmZWEtZjAwYS00NDE1LWIzOTYtMzk5ZmM5NjkzYjIy
LzEvTmpkcC1HUktXbkdLNWlzRmpkSDdZc3RhUENBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAX7WXAwQA
X7WhMA0GCSqGSIb3DQEBCwUAA4IBAQAkgDOTd4mQvcieQYy+PYPyOvqZ6TXYA4sx
k2P8I1+n/hhSQtvRR7hg68BFhquAaCTo//hd/muA7NuLHqRS27lPKVg3cEsa4pW8
biMq1+aXJ1GQScC4uAj/o6sUGTVWjZx4+SVn5X7GJcKzcMnZD8ierJc1z7fJpYS9
T72MgcLmbDboNCxpjGC3Vd7Pa0zcsxcMdL18AUUI4vtSb9l30B8ro8RnXsz6HJp0
TlvFu65aeYNAo91lzLzoVUa9tC93a/g58HVAXYaCU+uX8Ga+FVDMmsDapPV1QHI+
kDanKf3HTY6K3+Xyniwq291rdy/++l9KXtYFweNeKGng4J9rPFTQ
-----END CERTIFICATE-----