Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/0b58ab-f707-4ab6-9ae8-0240e74476a7/1/C_XFzWcNyJfy8KgHGJCrh873SVw.roa
File:                     C_XFzWcNyJfy8KgHGJCrh873SVw.roa (raw, json)
Hash identifier:          unM60LPf0I8tTatRHAaGIbvbeOdCXCxQXVEcB75aF6A=
Subject key identifier:   0B:F5:C5:CD:67:0D:C8:97:F2:F0:A8:07:18:90:AB:87:CE:F7:49:5C
Certificate issuer:       /CN=4b8c7bd0c4486ba073ce2de53ba074d70e45b5e7
Certificate serial:       018CC50109716C942EA2E42701F7FD51151F
Authority key identifier: 4B:8C:7B:D0:C4:48:6B:A0:73:CE:2D:E5:3B:A0:74:D7:0E:45:B5:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S4x70MRIa6Bzzi3lO6B01w5Ftec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/0b58ab-f707-4ab6-9ae8-0240e74476a7/1/C_XFzWcNyJfy8KgHGJCrh873SVw.roa
Signing time:             Mon 01 Jan 2024 12:30:28 +0000
ROA not before:           Mon 01 Jan 2024 12:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35066
IP address blocks:        185.95.144.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/0b58ab-f707-4ab6-9ae8-0240e74476a7/1/S4x70MRIa6Bzzi3lO6B01w5Ftec.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/0b58ab-f707-4ab6-9ae8-0240e74476a7/1/S4x70MRIa6Bzzi3lO6B01w5Ftec.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S4x70MRIa6Bzzi3lO6B01w5Ftec.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:09:71:6c:94:2e:a2:e4:27:01:f7:fd:51:15:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b8c7bd0c4486ba073ce2de53ba074d70e45b5e7
        Validity
            Not Before: Jan  1 12:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0bf5c5cd670dc897f2f0a8071890ab87cef7495c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:f6:53:a4:b2:e5:a3:09:32:d9:b4:8e:86:63:
                    bd:05:05:58:33:68:62:4a:cb:71:f8:a9:2b:32:b0:
                    1c:de:86:f9:2c:67:7c:b6:47:20:fc:70:70:a7:65:
                    9e:fd:95:9b:6d:e2:e7:d2:9a:ba:01:7a:7f:33:71:
                    17:6a:bf:aa:3c:34:15:82:1c:49:4e:55:2e:f1:d8:
                    05:09:ab:9f:b6:62:9a:d6:2b:e4:6e:76:d6:8a:e4:
                    5e:40:00:04:5a:76:94:bb:58:3f:d7:8c:d6:a1:5e:
                    f3:97:77:78:e1:54:af:d7:8d:92:f0:3d:b5:e3:aa:
                    58:5f:81:35:91:c3:e0:3d:56:56:31:87:cb:8c:3d:
                    53:95:eb:fb:d8:a2:60:9a:79:94:df:96:50:33:ca:
                    81:2b:47:c3:2d:58:aa:28:61:43:7a:5a:85:74:f1:
                    07:ce:dd:13:d4:09:6d:dc:a1:e9:8f:b6:4b:a2:18:
                    ef:dc:78:0f:b2:a0:0e:16:28:db:1f:39:67:bd:f3:
                    35:2c:cf:76:1c:1f:93:06:88:8e:ef:32:45:08:2d:
                    25:f2:d8:80:63:4a:35:9c:e0:68:8b:d2:23:7c:82:
                    52:75:99:24:84:27:8b:61:50:f0:8f:f8:7c:24:20:
                    ac:c0:41:81:4a:a9:e5:24:07:72:75:e9:06:91:a3:
                    10:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:F5:C5:CD:67:0D:C8:97:F2:F0:A8:07:18:90:AB:87:CE:F7:49:5C
            X509v3 Authority Key Identifier:
                keyid:4B:8C:7B:D0:C4:48:6B:A0:73:CE:2D:E5:3B:A0:74:D7:0E:45:B5:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S4x70MRIa6Bzzi3lO6B01w5Ftec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/0b58ab-f707-4ab6-9ae8-0240e74476a7/1/C_XFzWcNyJfy8KgHGJCrh873SVw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/0b58ab-f707-4ab6-9ae8-0240e74476a7/1/S4x70MRIa6Bzzi3lO6B01w5Ftec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.95.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         86:1a:21:73:64:72:9d:5e:7a:20:2f:c5:12:2a:c7:24:42:9f:
         98:e3:85:a2:f6:a9:60:37:f0:a5:65:ac:e7:45:60:52:e1:2f:
         86:ab:32:66:42:9a:c2:dd:34:07:24:df:35:dc:b9:9b:6b:86:
         d0:2a:00:7d:34:0d:5d:95:7a:26:8e:60:6c:d4:14:cd:cb:97:
         d6:23:78:fa:8a:c0:8d:8f:ae:4d:30:a1:53:52:ad:ff:2b:e1:
         86:72:c2:76:66:1b:8d:0e:76:96:70:cb:f7:31:5d:b2:83:c8:
         4e:25:a9:3e:5f:be:c5:40:94:27:65:e1:13:26:dd:fe:66:89:
         05:95:7c:99:22:57:df:8b:1a:56:89:ee:63:99:85:64:e6:77:
         d3:10:07:c4:a2:29:27:3d:ee:44:c9:48:8e:bd:cb:c3:4d:8d:
         25:0d:be:70:86:c5:28:16:bf:a8:90:de:b6:5c:f3:dd:0a:8f:
         ab:4c:f3:fd:c5:1f:e7:2c:74:1c:ef:46:e9:99:24:4e:38:77:
         d6:db:5c:ec:5a:c6:ad:b9:68:bd:a4:07:50:f0:ae:74:2e:69:
         05:ad:1c:91:1a:66:21:17:24:90:0f:f0:ef:df:de:17:7b:80:
         8a:42:b3:80:d0:96:8e:ea:b3:c0:d2:52:7c:7e:71:4c:a1:bc:
         ff:f2:f2:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAQlxbJQuouQnAff9URUfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiOGM3YmQwYzQ0ODZiYTA3M2NlMmRlNTNiYTA3NGQ3MGU0
NWI1ZTcwHhcNMjQwMTAxMTIzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmY1YzVjZDY3MGRjODk3ZjJmMGE4MDcxODkwYWI4N2NlZjc0OTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/ZTpLLlowky2bSOhmO9BQVYM2hi
Sstx+KkrMrAc3ob5LGd8tkcg/HBwp2We/ZWbbeLn0pq6AXp/M3EXar+qPDQVghxJ
TlUu8dgFCauftmKa1ivkbnbWiuReQAAEWnaUu1g/14zWoV7zl3d44VSv142S8D21
46pYX4E1kcPgPVZWMYfLjD1Tlev72KJgmnmU35ZQM8qBK0fDLViqKGFDelqFdPEH
zt0T1Alt3KHpj7ZLohjv3HgPsqAOFijbHzlnvfM1LM92HB+TBoiO7zJFCC0l8tiA
Y0o1nOBoi9IjfIJSdZkkhCeLYVDwj/h8JCCswEGBSqnlJAdydekGkaMQnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAv1xc1nDciX8vCoBxiQq4fO90lcMB8GA1UdIwQY
MBaAFEuMe9DESGugc84t5TugdNcORbXnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzR4NzBNUklhNkJ6emkzbE82QjAxdzVGdGVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wYjU4YWItZjcwNy00YWI2LTlhZTgt
MDI0MGU3NDQ3NmE3LzEvQ19YRnpXY055SmZ5OEtnSEdKQ3JoODczU1Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wYjU4YWItZjcwNy00YWI2LTlhZTgtMDI0MGU3NDQ3NmE3
LzEvUzR4NzBNUklhNkJ6emkzbE82QjAxdzVGdGVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuV+QMA0G
CSqGSIb3DQEBCwUAA4IBAQCGGiFzZHKdXnogL8USKsckQp+Y44Wi9qlgN/ClZazn
RWBS4S+GqzJmQprC3TQHJN813Lmba4bQKgB9NA1dlXomjmBs1BTNy5fWI3j6isCN
j65NMKFTUq3/K+GGcsJ2ZhuNDnaWcMv3MV2yg8hOJak+X77FQJQnZeETJt3+ZokF
lXyZIlffixpWie5jmYVk5nfTEAfEoiknPe5EyUiOvcvDTY0lDb5whsUoFr+okN62
XPPdCo+rTPP9xR/nLHQc70bpmSROOHfW21zsWsatuWi9pAdQ8K50LmkFrRyRGmYh
FySQD/Dv394Xe4CKQrOA0JaO6rPA0lJ8fnFMobz/8vJX
-----END CERTIFICATE-----