Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/b8ea5b-3dd4-4374-a793-c5e6d23f8b09/1/_aP2haFNCR6y5XVNwPdpXXf6Fo4.roa
File:                     _aP2haFNCR6y5XVNwPdpXXf6Fo4.roa (raw, json)
Hash identifier:          +gcmx3TcxVkmoH3OBw7LTOu3EScGlz0v1CXWypr0BRU=
Subject key identifier:   FD:A3:F6:85:A1:4D:09:1E:B2:E5:75:4D:C0:F7:69:5D:77:FA:16:8E
Certificate issuer:       /CN=e5a1b36552f9daccb92ac5c3b44b426d643749e2
Certificate serial:       018CC5DC0F5B4992FE766BA023AF4597EDF2
Authority key identifier: E5:A1:B3:65:52:F9:DA:CC:B9:2A:C5:C3:B4:4B:42:6D:64:37:49:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5aGzZVL52sy5KsXDtEtCbWQ3SeI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/b8ea5b-3dd4-4374-a793-c5e6d23f8b09/1/_aP2haFNCR6y5XVNwPdpXXf6Fo4.roa
Signing time:             Mon 01 Jan 2024 16:29:42 +0000
ROA not before:           Mon 01 Jan 2024 16:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62453
IP address blocks:        82.193.95.0/24 maxlen: 24
                          82.193.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/b8ea5b-3dd4-4374-a793-c5e6d23f8b09/1/5aGzZVL52sy5KsXDtEtCbWQ3SeI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/b8ea5b-3dd4-4374-a793-c5e6d23f8b09/1/5aGzZVL52sy5KsXDtEtCbWQ3SeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5aGzZVL52sy5KsXDtEtCbWQ3SeI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:0f:5b:49:92:fe:76:6b:a0:23:af:45:97:ed:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5a1b36552f9daccb92ac5c3b44b426d643749e2
        Validity
            Not Before: Jan  1 16:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fda3f685a14d091eb2e5754dc0f7695d77fa168e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:8b:18:6d:2b:10:7e:30:9b:18:3c:b5:77:00:
                    b0:30:83:d8:0e:49:85:05:6a:c3:91:0e:a0:35:9f:
                    66:f2:f7:5b:55:42:e6:2b:e6:4f:7f:1c:65:f9:a0:
                    cb:a2:ad:e8:33:eb:0e:8b:80:24:ba:37:a1:7d:73:
                    72:d4:35:8c:52:02:49:dc:30:36:d6:17:6e:0a:35:
                    b0:24:82:7a:ef:12:6b:25:e4:56:be:89:6d:d6:28:
                    d0:8c:12:c2:56:92:e8:24:4d:f2:75:f8:8d:9f:4b:
                    a2:31:74:bb:11:d0:ae:d1:37:9f:ae:14:f0:e2:7f:
                    ae:76:c1:68:09:98:34:bb:95:3c:00:1c:83:87:c1:
                    50:ff:2d:66:2e:c7:1c:59:cd:d3:fd:fc:03:22:b4:
                    43:fd:20:d1:6c:be:a2:5b:cc:48:0d:a1:ea:e0:7b:
                    9d:6e:4d:02:23:fb:6c:e2:06:21:bf:47:ee:aa:bb:
                    d8:72:bb:50:68:5c:96:de:54:26:56:6c:ff:40:c0:
                    e4:1e:bf:91:89:42:38:38:04:9e:d7:b0:c9:04:c3:
                    b4:83:8c:55:ad:9b:1c:33:d0:66:f2:dc:1b:b1:93:
                    44:1f:68:64:2d:19:d6:68:bb:49:a3:16:aa:7d:03:
                    a6:98:07:18:87:8e:64:71:b1:ee:41:fc:0f:90:b7:
                    c6:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:A3:F6:85:A1:4D:09:1E:B2:E5:75:4D:C0:F7:69:5D:77:FA:16:8E
            X509v3 Authority Key Identifier:
                keyid:E5:A1:B3:65:52:F9:DA:CC:B9:2A:C5:C3:B4:4B:42:6D:64:37:49:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5aGzZVL52sy5KsXDtEtCbWQ3SeI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b8ea5b-3dd4-4374-a793-c5e6d23f8b09/1/_aP2haFNCR6y5XVNwPdpXXf6Fo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b8ea5b-3dd4-4374-a793-c5e6d23f8b09/1/5aGzZVL52sy5KsXDtEtCbWQ3SeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.193.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         be:04:66:6b:d3:be:6e:43:fb:13:9c:e7:28:46:6a:7c:16:8d:
         68:bc:b4:da:d2:c5:eb:4a:77:84:0a:f6:a7:41:e8:44:0b:01:
         b6:ad:08:60:dc:ba:11:2a:95:f6:18:ba:ab:1f:ef:7a:ec:cc:
         90:af:55:a4:05:fc:3a:5f:08:98:f1:5a:58:ed:cc:52:8c:ff:
         27:ba:a0:1d:f1:39:8d:f6:bc:e6:83:9c:c9:65:57:08:e6:e3:
         96:cc:d3:5d:aa:d7:bb:5c:17:4e:c0:ef:2c:a3:47:58:af:8a:
         ca:8b:fd:ee:31:17:55:ed:57:6d:33:aa:c1:e5:07:87:f2:2b:
         5c:6d:1f:f6:75:9f:18:86:37:f7:ce:c5:d0:cf:33:5e:ac:b9:
         63:d9:01:08:29:fb:f6:91:e8:3d:e6:92:42:c4:aa:a9:93:0d:
         80:0c:f3:3e:ea:ce:4b:cc:fd:37:21:25:1b:81:8b:97:a7:55:
         cd:d9:fe:84:d0:b7:95:fd:eb:fc:e4:d2:91:38:c6:c3:ec:67:
         55:ab:a0:56:00:ae:92:7d:43:7f:a0:96:c7:a6:f0:00:42:8c:
         fb:55:8a:91:35:0e:14:f5:a2:83:2f:c3:3c:9c:a3:2f:81:9f:
         39:d0:76:cc:8a:f7:31:36:86:de:f7:ad:9d:fd:0c:76:03:66:
         1a:30:c3:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3A9bSZL+dmugI69Fl+3yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1YTFiMzY1NTJmOWRhY2NiOTJhYzVjM2I0NGI0MjZkNjQz
NzQ5ZTIwHhcNMjQwMTAxMTYyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGEzZjY4NWExNGQwOTFlYjJlNTc1NGRjMGY3Njk1ZDc3ZmExNjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn4sYbSsQfjCbGDy1dwCwMIPYDkmF
BWrDkQ6gNZ9m8vdbVULmK+ZPfxxl+aDLoq3oM+sOi4AkujehfXNy1DWMUgJJ3DA2
1hduCjWwJIJ67xJrJeRWvolt1ijQjBLCVpLoJE3ydfiNn0uiMXS7EdCu0TefrhTw
4n+udsFoCZg0u5U8AByDh8FQ/y1mLsccWc3T/fwDIrRD/SDRbL6iW8xIDaHq4Hud
bk0CI/ts4gYhv0fuqrvYcrtQaFyW3lQmVmz/QMDkHr+RiUI4OASe17DJBMO0g4xV
rZscM9Bm8twbsZNEH2hkLRnWaLtJoxaqfQOmmAcYh45kcbHuQfwPkLfGGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP2j9oWhTQkesuV1TcD3aV13+haOMB8GA1UdIwQY
MBaAFOWhs2VS+drMuSrFw7RLQm1kN0niMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWFHelpWTDUyc3k1S3NYRHRFdENiV1EzU2VJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9iOGVhNWItM2RkNC00Mzc0LWE3OTMt
YzVlNmQyM2Y4YjA5LzEvX2FQMmhhRk5DUjZ5NVhWTndQZHBYWGY2Rm80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9iOGVhNWItM2RkNC00Mzc0LWE3OTMtYzVlNmQyM2Y4YjA5
LzEvNWFHelpWTDUyc3k1S3NYRHRFdENiV1EzU2VJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUsFeMA0G
CSqGSIb3DQEBCwUAA4IBAQC+BGZr075uQ/sTnOcoRmp8Fo1ovLTa0sXrSneECvan
QehECwG2rQhg3LoRKpX2GLqrH+967MyQr1WkBfw6XwiY8VpY7cxSjP8nuqAd8TmN
9rzmg5zJZVcI5uOWzNNdqte7XBdOwO8so0dYr4rKi/3uMRdV7VdtM6rB5QeH8itc
bR/2dZ8Yhjf3zsXQzzNerLlj2QEIKfv2keg95pJCxKqpkw2ADPM+6s5LzP03ISUb
gYuXp1XN2f6E0LeV/ev85NKROMbD7GdVq6BWAK6SfUN/oJbHpvAAQoz7VYqRNQ4U
9aKDL8M8nKMvgZ850HbMivcxNobe962d/Qx2A2YaMMNU
-----END CERTIFICATE-----