Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/2fVx4hJNWrwAF_U4VuBLbABcDY0.roa
File:                     2fVx4hJNWrwAF_U4VuBLbABcDY0.roa (raw, json)
Hash identifier:          ZwYjSt/Eq3/lZII0RHTosem/7VtaY1708kcfiNbrRoM=
Subject key identifier:   D9:F5:71:E2:12:4D:5A:BC:00:17:F5:38:56:E0:4B:6C:00:5C:0D:8D
Certificate issuer:       /CN=95b30111b0b720a209f788c8b90f60380b465c2e
Certificate serial:       018CC26CFADEF3C047178A9C1479A890C2B3
Authority key identifier: 95:B3:01:11:B0:B7:20:A2:09:F7:88:C8:B9:0F:60:38:0B:46:5C:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/2fVx4hJNWrwAF_U4VuBLbABcDY0.roa
Signing time:             Mon 01 Jan 2024 00:29:31 +0000
ROA not before:           Mon 01 Jan 2024 00:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207185
IP address blocks:        185.157.4.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:fa:de:f3:c0:47:17:8a:9c:14:79:a8:90:c2:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95b30111b0b720a209f788c8b90f60380b465c2e
        Validity
            Not Before: Jan  1 00:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d9f571e2124d5abc0017f53856e04b6c005c0d8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:cc:6c:8e:7c:57:fe:f8:95:54:2c:96:d3:c4:
                    fd:d9:ab:25:1f:4c:cc:a4:94:3a:6b:23:98:4c:2e:
                    93:9e:1d:e4:40:78:05:a2:19:c5:09:e2:c7:91:c2:
                    2e:96:84:30:fb:47:e7:85:cc:c5:82:b8:a1:09:96:
                    2c:d7:5a:ee:d6:0d:7f:cf:fd:7d:d7:f8:90:3e:04:
                    d9:9b:71:f2:ac:d1:37:a4:dd:12:82:2b:c3:84:e7:
                    f7:33:3c:03:05:8e:2d:14:ae:88:5a:6d:76:03:76:
                    33:b8:f9:4e:a3:be:60:38:66:f4:af:8d:e0:f2:ba:
                    4b:30:0b:6e:60:f5:c7:71:0e:ce:b9:73:88:3f:4b:
                    0d:d4:cb:83:cb:5f:ff:32:9c:f8:18:97:34:e2:a2:
                    61:23:7b:ff:66:a0:28:8a:8b:46:84:63:27:89:89:
                    cb:b6:9d:6d:56:d6:e7:9b:92:6b:d0:3e:00:a7:8e:
                    7c:16:c8:b9:f4:99:e3:6c:26:e3:f4:64:54:84:96:
                    79:08:fe:c6:a1:16:42:47:de:6c:9c:b8:0f:1d:1a:
                    78:60:84:90:9f:e4:7e:aa:12:a8:ce:59:c8:44:07:
                    bf:23:66:de:b0:3f:7f:0e:b4:06:86:43:0d:4a:f2:
                    5c:22:27:91:8b:20:fe:91:4e:72:06:37:4b:43:ac:
                    e7:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:F5:71:E2:12:4D:5A:BC:00:17:F5:38:56:E0:4B:6C:00:5C:0D:8D
            X509v3 Authority Key Identifier:
                keyid:95:B3:01:11:B0:B7:20:A2:09:F7:88:C8:B9:0F:60:38:0B:46:5C:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/2fVx4hJNWrwAF_U4VuBLbABcDY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.157.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3e:98:88:29:db:25:b3:02:ad:02:fa:af:d9:7c:7c:f1:45:43:
         be:2d:02:25:57:63:ff:0e:6d:31:f7:99:53:e4:34:8c:d8:cf:
         4b:5f:ff:d4:c4:6d:ec:ac:1c:6a:6d:46:38:fa:dd:e3:1e:e2:
         86:f7:c8:bc:fa:08:35:3b:cc:98:28:2f:42:af:0b:66:7b:c5:
         63:e9:2e:30:3f:27:c9:e3:ea:1e:2f:46:a6:25:4b:b7:49:26:
         da:e6:fb:aa:66:33:0d:81:e0:45:42:d5:c1:40:cf:c8:d7:78:
         9b:95:e7:ba:67:ea:30:c3:15:ce:c3:5d:0d:bc:b7:8a:b8:0a:
         2e:cb:e6:b2:e2:d1:c3:b7:c5:44:e4:b1:55:83:03:40:96:7e:
         0b:45:88:af:3b:15:14:63:53:6a:57:36:01:23:61:10:ce:d6:
         9c:3b:1b:ae:3e:ef:14:bc:de:88:32:be:fa:ba:af:b3:da:de:
         c4:2b:a0:59:fd:e5:ce:66:13:56:02:8c:8f:26:8d:c4:dd:07:
         52:1b:db:47:f3:3a:76:d0:c6:22:b7:b7:af:95:54:b1:35:3b:
         46:b6:ea:82:62:b4:15:aa:b7:d0:07:5f:06:be:58:50:33:51:
         42:91:02:ee:95:a0:5a:73:c2:c5:84:63:8e:10:15:4b:6b:ab:
         af:c2:f7:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbPre88BHF4qcFHmokMKzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1YjMwMTExYjBiNzIwYTIwOWY3ODhjOGI5MGY2MDM4MGI0
NjVjMmUwHhcNMjQwMTAxMDAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWY1NzFlMjEyNGQ1YWJjMDAxN2Y1Mzg1NmUwNGI2YzAwNWMwZDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAocxsjnxX/viVVCyW08T92aslH0zM
pJQ6ayOYTC6Tnh3kQHgFohnFCeLHkcIuloQw+0fnhczFgrihCZYs11ru1g1/z/19
1/iQPgTZm3HyrNE3pN0SgivDhOf3MzwDBY4tFK6IWm12A3YzuPlOo75gOGb0r43g
8rpLMAtuYPXHcQ7OuXOIP0sN1MuDy1//Mpz4GJc04qJhI3v/ZqAoiotGhGMniYnL
tp1tVtbnm5Jr0D4Ap458Fsi59JnjbCbj9GRUhJZ5CP7GoRZCR95snLgPHRp4YISQ
n+R+qhKozlnIRAe/I2besD9/DrQGhkMNSvJcIieRiyD+kU5yBjdLQ6znFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNn1ceISTVq8ABf1OFbgS2wAXA2NMB8GA1UdIwQY
MBaAFJWzARGwtyCiCfeIyLkPYDgLRlwuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGJNQkViQzNJS0lKOTRqSXVROWdPQXRHWEM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wM2JmMjgtYzU1ZC00YzdhLTkxYmIt
OTE2NDZiZjAxNTNkLzEvMmZWeDRoSk5XcndBRl9VNFZ1QkxiQUJjRFkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wM2JmMjgtYzU1ZC00YzdhLTkxYmItOTE2NDZiZjAxNTNk
LzEvbGJNQkViQzNJS0lKOTRqSXVROWdPQXRHWEM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZ0EMA0G
CSqGSIb3DQEBCwUAA4IBAQA+mIgp2yWzAq0C+q/ZfHzxRUO+LQIlV2P/Dm0x95lT
5DSM2M9LX//UxG3srBxqbUY4+t3jHuKG98i8+gg1O8yYKC9Crwtme8Vj6S4wPyfJ
4+oeL0amJUu3SSba5vuqZjMNgeBFQtXBQM/I13iblee6Z+owwxXOw10NvLeKuAou
y+ay4tHDt8VE5LFVgwNAln4LRYivOxUUY1NqVzYBI2EQztacOxuuPu8UvN6IMr76
uq+z2t7EK6BZ/eXOZhNWAoyPJo3E3QdSG9tH8zp20MYit7evlVSxNTtGtuqCYrQV
qrfQB18GvlhQM1FCkQLulaBac8LFhGOOEBVLa6uvwveH
-----END CERTIFICATE-----