Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/L-ot-e2lRM7FRNjpFZnVOagiu7M.roa
File:                     L-ot-e2lRM7FRNjpFZnVOagiu7M.roa (raw, json)
Hash identifier:          KvA/0tofwHydf3CL1x8FocFS1dZlgoy3nzjn+UEoSOA=
Subject key identifier:   2F:EA:2D:F9:ED:A5:44:CE:C5:44:D8:E9:15:99:D5:39:A8:22:BB:B3
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       018E8FFC1153CB19310E1708B8ED48B8F22E
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/L-ot-e2lRM7FRNjpFZnVOagiu7M.roa
Signing time:             Sat 30 Mar 2024 15:30:45 +0000
ROA not before:           Sat 30 Mar 2024 15:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     134143
IP address blocks:        95.82.0.0/21 maxlen: 24
                          95.82.32.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:8f:fc:11:53:cb:19:31:0e:17:08:b8:ed:48:b8:f2:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Mar 30 15:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2fea2df9eda544cec544d8e91599d539a822bbb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:b3:e1:3e:e7:10:ab:c8:c0:d9:45:0a:9f:60:
                    eb:db:47:65:c9:e1:bf:a4:6f:94:b1:90:bc:67:41:
                    0f:a5:b2:eb:69:c7:cd:46:f1:d9:98:74:d3:97:b5:
                    a2:84:02:2b:55:08:40:39:f2:9a:71:30:c9:5e:94:
                    58:27:f2:29:fc:0d:ac:9c:a1:62:58:dc:5e:63:cc:
                    13:59:78:18:86:b0:83:90:c1:5d:6b:cf:11:7f:f1:
                    83:47:66:5d:8c:e3:9d:3d:8d:47:ca:25:04:a3:4d:
                    a0:f0:df:58:bc:24:2f:20:18:d1:8b:a7:a1:b1:35:
                    6a:c6:62:7e:52:e3:e6:5d:8e:50:65:9a:69:44:29:
                    b7:04:44:2a:f3:de:7c:8e:e0:b0:8a:04:81:83:9c:
                    83:83:94:16:fd:0b:05:1c:76:98:7a:d2:c4:3e:53:
                    80:1d:cf:10:e7:a9:2c:34:5f:61:be:89:69:20:68:
                    35:57:36:80:4f:ca:01:62:52:f8:ce:93:12:3d:ca:
                    b6:7e:7d:2b:6c:78:c1:7c:87:25:3c:f5:59:a1:33:
                    00:68:0b:4f:bd:7e:b5:c3:64:05:16:8b:b4:a6:b3:
                    4c:89:19:c0:68:60:59:73:61:d8:09:e6:ef:cb:9c:
                    18:09:93:37:68:b1:35:6d:26:10:e5:0b:ac:7c:ec:
                    6e:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:EA:2D:F9:ED:A5:44:CE:C5:44:D8:E9:15:99:D5:39:A8:22:BB:B3
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/L-ot-e2lRM7FRNjpFZnVOagiu7M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.82.0.0/21
                  95.82.32.0/21

    Signature Algorithm: sha256WithRSAEncryption
         b7:35:3e:19:c1:36:1a:16:c5:cb:5e:3c:3b:9b:7c:ae:b2:fb:
         f8:a7:d0:29:b6:1a:ac:2c:00:a2:76:a5:8e:54:60:c2:b2:21:
         f0:6e:43:36:98:ec:83:c2:5d:69:90:f7:f5:18:a7:46:a9:38:
         0d:b0:6b:66:eb:de:27:9b:84:1e:55:11:25:39:07:14:0b:d9:
         e4:82:12:54:4f:57:4c:45:fc:c1:e7:44:dc:22:01:8d:c3:9b:
         24:6c:e5:a2:85:74:44:a9:d3:8b:6f:90:2f:b6:a2:a0:13:6b:
         0a:a4:b4:2a:dd:5f:3d:40:d8:20:7e:df:b1:86:77:cd:b0:c3:
         15:6f:29:d8:d7:53:c5:80:a0:fa:bf:fb:12:73:84:94:bd:dc:
         da:d8:98:4d:05:69:60:06:f2:1f:33:db:89:70:5c:62:f3:52:
         e5:1f:f4:b8:9c:cd:74:e6:fe:cc:9b:4d:05:33:92:ad:d7:48:
         ea:d8:4c:46:59:dd:fb:8c:01:9f:72:ef:89:37:4b:59:d2:de:
         da:c4:82:d8:ac:b5:ed:51:b0:c1:49:47:25:f4:bd:68:09:5a:
         ad:61:66:ba:9a:32:71:4c:71:ed:ca:f8:dc:64:f6:77:62:e6:
         d1:94:7c:58:0b:ed:13:e0:c1:38:a2:39:31:83:21:35:c0:b0:
         5a:0f:bc:4f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6P/BFTyxkxDhcIuO1IuPIuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwMzMwMTUzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmVhMmRmOWVkYTU0NGNlYzU0NGQ4ZTkxNTk5ZDUzOWE4MjJiYmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbPhPucQq8jA2UUKn2Dr20dlyeG/
pG+UsZC8Z0EPpbLracfNRvHZmHTTl7WihAIrVQhAOfKacTDJXpRYJ/Ip/A2snKFi
WNxeY8wTWXgYhrCDkMFda88Rf/GDR2ZdjOOdPY1HyiUEo02g8N9YvCQvIBjRi6eh
sTVqxmJ+UuPmXY5QZZppRCm3BEQq8958juCwigSBg5yDg5QW/QsFHHaYetLEPlOA
Hc8Q56ksNF9hvolpIGg1VzaAT8oBYlL4zpMSPcq2fn0rbHjBfIclPPVZoTMAaAtP
vX61w2QFFou0prNMiRnAaGBZc2HYCebvy5wYCZM3aLE1bSYQ5QusfOxuvwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC/qLfntpUTOxUTY6RWZ1TmoIruzMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvTC1vdC1lMmxSTTdGUk5qcEZablZPYWdpdTdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDX1IAAwQD
X1IgMA0GCSqGSIb3DQEBCwUAA4IBAQC3NT4ZwTYaFsXLXjw7m3yusvv4p9Apthqs
LACidqWOVGDCsiHwbkM2mOyDwl1pkPf1GKdGqTgNsGtm694nm4QeVRElOQcUC9nk
ghJUT1dMRfzB50TcIgGNw5skbOWihXREqdOLb5AvtqKgE2sKpLQq3V89QNggft+x
hnfNsMMVbynY11PFgKD6v/sSc4SUvdza2JhNBWlgBvIfM9uJcFxi81LlH/S4nM10
5v7Mm00FM5Kt10jq2ExGWd37jAGfcu+JN0tZ0t7axILYrLXtUbDBSUcl9L1oCVqt
YWa6mjJxTHHtyvjcZPZ3YubRlHxYC+0T4ME4ojkxgyE1wLBaD7xP
-----END CERTIFICATE-----