Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/720394-cf71-40a3-a538-ed01ed7c129b/1/ezsEL5nprOuDt81XUVdVe1J_NG8.roa
File:                     ezsEL5nprOuDt81XUVdVe1J_NG8.roa (raw, json)
Hash identifier:          7KgQGSe0A+GryXp7ocq4PyPeRNldZCCrMPErxmMYff4=
Subject key identifier:   7B:3B:04:2F:99:E9:AC:EB:83:B7:CD:57:51:57:55:7B:52:7F:34:6F
Certificate issuer:       /CN=c255989d579c4b5eade852f97f62e9bf2cfbde3c
Certificate serial:       018CC42522C7D054A73A6C51B7AE1D528148
Authority key identifier: C2:55:98:9D:57:9C:4B:5E:AD:E8:52:F9:7F:62:E9:BF:2C:FB:DE:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wlWYnVecS16t6FL5f2Lpvyz73jw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/720394-cf71-40a3-a538-ed01ed7c129b/1/ezsEL5nprOuDt81XUVdVe1J_NG8.roa
Signing time:             Mon 01 Jan 2024 08:30:17 +0000
ROA not before:           Mon 01 Jan 2024 08:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        188.95.140.0/24 maxlen: 24
                          188.95.141.0/24 maxlen: 24
                          188.95.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/720394-cf71-40a3-a538-ed01ed7c129b/1/wlWYnVecS16t6FL5f2Lpvyz73jw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/720394-cf71-40a3-a538-ed01ed7c129b/1/wlWYnVecS16t6FL5f2Lpvyz73jw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wlWYnVecS16t6FL5f2Lpvyz73jw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:22:c7:d0:54:a7:3a:6c:51:b7:ae:1d:52:81:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c255989d579c4b5eade852f97f62e9bf2cfbde3c
        Validity
            Not Before: Jan  1 08:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b3b042f99e9aceb83b7cd575157557b527f346f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:62:54:87:e2:07:ea:de:38:fb:c6:f5:cf:88:
                    51:12:ac:04:a2:96:48:35:b5:1b:99:d2:a1:6d:4f:
                    85:d5:03:75:df:7a:c5:e1:ba:eb:4f:c5:ad:c1:f9:
                    09:a8:eb:39:1d:72:f7:e4:7d:80:fa:5b:db:d8:0f:
                    ff:8b:4e:86:f0:21:dc:60:41:54:f4:5e:9e:a4:8d:
                    8c:b3:ae:1a:42:df:73:be:5f:08:20:9f:a6:ad:9a:
                    3b:a0:f3:bb:4e:ed:45:fc:b6:44:c7:2b:16:ba:d6:
                    3f:2c:82:42:26:43:c8:bf:8b:ce:84:7d:3a:21:f4:
                    ec:69:ab:ee:73:c7:0e:91:91:b7:8c:3c:cc:82:cb:
                    f3:6b:c1:21:dd:ca:83:2f:20:d1:af:e5:8f:e5:f2:
                    fa:6c:ed:0c:ed:ee:5f:d3:2a:f3:00:1e:b4:f3:aa:
                    d3:a2:62:dd:de:1d:d9:32:c5:1b:6d:6b:dd:80:24:
                    87:a1:d2:46:88:c9:70:8e:d4:80:2b:ad:ff:21:ad:
                    eb:b9:04:71:e2:b1:f7:3d:72:51:cf:78:f0:a8:08:
                    fd:da:eb:40:b7:70:af:61:86:b8:b1:35:e1:19:b5:
                    2b:25:ed:8e:9e:da:25:61:ff:a9:e6:9c:1e:33:09:
                    0c:79:7a:0c:4f:99:7d:33:8d:9e:48:de:bb:e5:27:
                    7c:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:3B:04:2F:99:E9:AC:EB:83:B7:CD:57:51:57:55:7B:52:7F:34:6F
            X509v3 Authority Key Identifier:
                keyid:C2:55:98:9D:57:9C:4B:5E:AD:E8:52:F9:7F:62:E9:BF:2C:FB:DE:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wlWYnVecS16t6FL5f2Lpvyz73jw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/720394-cf71-40a3-a538-ed01ed7c129b/1/ezsEL5nprOuDt81XUVdVe1J_NG8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/720394-cf71-40a3-a538-ed01ed7c129b/1/wlWYnVecS16t6FL5f2Lpvyz73jw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.95.140.0-188.95.142.255

    Signature Algorithm: sha256WithRSAEncryption
         74:ba:2f:9c:5a:94:88:f8:66:2e:63:63:6d:05:50:58:31:cc:
         b5:76:0b:05:23:80:f8:d8:41:95:9e:f4:dd:df:37:33:50:4e:
         25:05:27:c8:00:5d:31:5f:e8:ee:09:82:08:b1:63:10:12:52:
         42:94:07:54:82:51:a4:ae:f6:a5:39:f2:4a:20:e0:2b:3d:86:
         9b:94:79:60:ae:83:f0:81:d9:9b:27:3a:18:29:07:80:e3:d6:
         53:9c:6b:89:f7:ba:a5:06:34:51:5c:71:e0:6a:f3:79:e8:eb:
         3c:6b:ce:62:b8:3a:52:21:04:43:27:1e:b1:a7:6a:3f:c5:1c:
         0f:cc:41:38:c9:3d:1a:1a:b8:a5:8c:07:41:39:cf:1a:e9:24:
         9d:1a:76:9c:67:bc:d4:7e:0d:c9:1b:f8:06:1e:44:00:30:90:
         91:63:33:5f:1e:1f:9f:37:6f:7d:da:e4:fe:f1:05:d2:d7:cf:
         be:b0:ad:4c:0b:9b:13:c2:81:c9:67:e1:6f:37:5c:6b:a8:72:
         86:4f:17:7e:55:d6:22:c9:ec:f6:81:00:af:8d:80:13:9e:ba:
         82:91:df:f0:6a:32:27:0d:bd:4a:3c:b0:64:ca:fb:c6:96:4e:
         91:2a:cc:70:8b:46:1e:f8:c0:2f:7a:71:ef:a0:d3:6c:ce:9a:
         58:92:02:78
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzEJSLH0FSnOmxRt64dUoFIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNTU5ODlkNTc5YzRiNWVhZGU4NTJmOTdmNjJlOWJmMmNm
YmRlM2MwHhcNMjQwMTAxMDgzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjNiMDQyZjk5ZTlhY2ViODNiN2NkNTc1MTU3NTU3YjUyN2YzNDZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2JUh+IH6t44+8b1z4hREqwEopZI
NbUbmdKhbU+F1QN133rF4brrT8WtwfkJqOs5HXL35H2A+lvb2A//i06G8CHcYEFU
9F6epI2Ms64aQt9zvl8IIJ+mrZo7oPO7Tu1F/LZExysWutY/LIJCJkPIv4vOhH06
IfTsaavuc8cOkZG3jDzMgsvza8Eh3cqDLyDRr+WP5fL6bO0M7e5f0yrzAB6086rT
omLd3h3ZMsUbbWvdgCSHodJGiMlwjtSAK63/Ia3ruQRx4rH3PXJRz3jwqAj92utA
t3CvYYa4sTXhGbUrJe2OntolYf+p5pweMwkMeXoMT5l9M42eSN675Sd8DQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHs7BC+Z6azrg7fNV1FXVXtSfzRvMB8GA1UdIwQY
MBaAFMJVmJ1XnEterehS+X9i6b8s+948MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2xXWW5WZWNTMTZ0NkZMNWYyTHB2eXo3M2p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS83MjAzOTQtY2Y3MS00MGEzLWE1Mzgt
ZWQwMWVkN2MxMjliLzEvZXpzRUw1bnByT3VEdDgxWFVWZFZlMUpfTkc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS83MjAzOTQtY2Y3MS00MGEzLWE1MzgtZWQwMWVkN2MxMjli
LzEvd2xXWW5WZWNTMTZ0NkZMNWYyTHB2eXo3M2p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAK8X4wD
BAC8X44wDQYJKoZIhvcNAQELBQADggEBAHS6L5xalIj4Zi5jY20FUFgxzLV2CwUj
gPjYQZWe9N3fNzNQTiUFJ8gAXTFf6O4JggixYxASUkKUB1SCUaSu9qU58kog4Cs9
hpuUeWCug/CB2ZsnOhgpB4Dj1lOca4n3uqUGNFFcceBq83no6zxrzmK4OlIhBEMn
HrGnaj/FHA/MQTjJPRoauKWMB0E5zxrpJJ0adpxnvNR+Dckb+AYeRAAwkJFjM18e
H583b33a5P7xBdLXz76wrUwLmxPCgcln4W83XGuocoZPF35V1iLJ7PaBAK+NgBOe
uoKR3/BqMicNvUo8sGTK+8aWTpEqzHCLRh74wC96ce+g02zOmliSAng=
-----END CERTIFICATE-----