Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/c8b1e5-7b95-4ca7-b2ba-222fe348268a/1/em3_nfUh6VStVBLQ6d_ULoh4XsE.roa
File:                     em3_nfUh6VStVBLQ6d_ULoh4XsE.roa (raw, json)
Hash identifier:          N/r/Zfyub7BV5tqoQCcynZdSZvWhnWLPHvWverjfAUc=
Subject key identifier:   7A:6D:FF:9D:F5:21:E9:54:AD:54:12:D0:E9:DF:D4:2E:88:78:5E:C1
Certificate issuer:       /CN=332293d0399160788b31e438760dc3bd1ed882eb
Certificate serial:       018FF1995105F7B3C37F973E092D4E86F61C
Authority key identifier: 33:22:93:D0:39:91:60:78:8B:31:E4:38:76:0D:C3:BD:1E:D8:82:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MyKT0DmRYHiLMeQ4dg3DvR7Ygus.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/c8b1e5-7b95-4ca7-b2ba-222fe348268a/1/em3_nfUh6VStVBLQ6d_ULoh4XsE.roa
Signing time:             Fri 07 Jun 2024 07:28:27 +0000
ROA not before:           Fri 07 Jun 2024 07:28:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196681
IP address blocks:        95.215.192.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/c8b1e5-7b95-4ca7-b2ba-222fe348268a/1/MyKT0DmRYHiLMeQ4dg3DvR7Ygus.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/c8b1e5-7b95-4ca7-b2ba-222fe348268a/1/MyKT0DmRYHiLMeQ4dg3DvR7Ygus.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MyKT0DmRYHiLMeQ4dg3DvR7Ygus.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 15:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:f1:99:51:05:f7:b3:c3:7f:97:3e:09:2d:4e:86:f6:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=332293d0399160788b31e438760dc3bd1ed882eb
        Validity
            Not Before: Jun  7 07:28:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a6dff9df521e954ad5412d0e9dfd42e88785ec1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:a9:bf:56:f4:c6:c7:ce:83:40:42:66:a3:dc:
                    87:d9:dc:cd:f2:5f:c1:2d:e7:e5:06:b3:81:62:96:
                    2c:c2:a1:37:3d:40:90:22:79:88:15:c2:5c:46:f0:
                    8e:84:c6:3a:23:47:a3:a6:e3:27:27:c4:9b:df:4a:
                    6f:bd:30:07:c9:1c:94:2e:a4:30:f1:96:02:fe:98:
                    78:d8:b4:39:a5:a7:ad:c4:fb:85:c3:37:aa:c0:07:
                    85:ff:8e:f7:1d:08:5c:79:10:64:cf:04:3a:14:d7:
                    95:11:8e:6a:c1:68:a4:98:01:57:dc:95:65:5d:3f:
                    bc:5e:0f:5e:06:84:2b:bb:8a:81:6e:17:3e:df:77:
                    8b:6b:1f:9a:22:87:0c:27:dd:2e:75:ff:56:db:ea:
                    60:ce:74:ff:66:ec:96:79:c0:6b:9a:cd:96:a4:0f:
                    8b:20:4d:89:a4:b7:65:01:2c:eb:99:7d:9d:82:c9:
                    3e:e9:37:ed:5a:2f:da:9c:aa:22:05:32:c3:80:ba:
                    3a:15:5c:c9:c2:70:8c:08:22:d3:47:da:33:d5:2a:
                    fa:d6:97:e1:77:25:bb:a7:46:06:46:0d:8a:45:3d:
                    6b:fa:0a:2a:94:76:de:1a:fc:7f:5c:3e:14:e1:fb:
                    60:06:64:2b:80:bc:f1:92:db:e8:3f:86:9f:4f:a5:
                    9f:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:6D:FF:9D:F5:21:E9:54:AD:54:12:D0:E9:DF:D4:2E:88:78:5E:C1
            X509v3 Authority Key Identifier:
                keyid:33:22:93:D0:39:91:60:78:8B:31:E4:38:76:0D:C3:BD:1E:D8:82:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MyKT0DmRYHiLMeQ4dg3DvR7Ygus.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/c8b1e5-7b95-4ca7-b2ba-222fe348268a/1/em3_nfUh6VStVBLQ6d_ULoh4XsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/c8b1e5-7b95-4ca7-b2ba-222fe348268a/1/MyKT0DmRYHiLMeQ4dg3DvR7Ygus.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.215.192.0/21

    Signature Algorithm: sha256WithRSAEncryption
         12:8c:2d:8c:61:34:da:3f:1e:69:19:f1:f2:65:96:97:87:23:
         79:75:de:b6:9b:7e:de:b8:75:fa:26:ba:05:a7:5d:f5:9e:17:
         86:5e:a3:1f:44:69:90:53:b9:8d:b0:f7:d2:4a:c8:56:6e:31:
         d6:7d:8a:6d:4d:18:6e:fe:fb:4c:ec:b2:c9:73:51:c7:38:60:
         35:5f:93:7e:6b:36:c8:b3:e2:00:7d:48:fc:d9:5f:23:a5:18:
         0a:21:a0:47:3e:5f:9f:73:0b:88:8a:61:1d:70:aa:3e:c3:69:
         9f:d7:90:10:ff:d5:b6:38:0e:e6:8e:af:2e:a1:40:1d:67:2f:
         c0:03:2c:61:a5:db:23:2d:dc:5d:12:bb:28:eb:f2:71:32:ee:
         b0:43:85:b6:37:fd:19:36:6c:80:ab:57:41:ad:43:2a:e0:41:
         71:8d:ba:92:e0:6e:c2:dc:5f:66:a9:f1:fb:84:fc:7e:1e:68:
         7c:e3:5b:ae:01:ed:6e:9c:75:4e:14:9a:0e:cc:61:d4:fc:43:
         fe:f6:e7:93:cc:2f:78:67:a8:7b:76:18:35:d7:71:cd:cd:de:
         48:fb:ef:af:81:35:73:ba:e1:ca:58:4d:fc:26:f2:cd:5e:04:
         5e:3f:2e:10:59:16:7f:fb:e6:55:65:e2:78:9a:53:a1:90:53:
         66:c4:c3:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/xmVEF97PDf5c+CS1OhvYcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMjI5M2QwMzk5MTYwNzg4YjMxZTQzODc2MGRjM2JkMWVk
ODgyZWIwHhcNMjQwNjA3MDcyODI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTZkZmY5ZGY1MjFlOTU0YWQ1NDEyZDBlOWRmZDQyZTg4Nzg1ZWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKm/VvTGx86DQEJmo9yH2dzN8l/B
LeflBrOBYpYswqE3PUCQInmIFcJcRvCOhMY6I0ejpuMnJ8Sb30pvvTAHyRyULqQw
8ZYC/ph42LQ5paetxPuFwzeqwAeF/473HQhceRBkzwQ6FNeVEY5qwWikmAFX3JVl
XT+8Xg9eBoQru4qBbhc+33eLax+aIocMJ90udf9W2+pgznT/ZuyWecBrms2WpA+L
IE2JpLdlASzrmX2dgsk+6TftWi/anKoiBTLDgLo6FVzJwnCMCCLTR9oz1Sr61pfh
dyW7p0YGRg2KRT1r+goqlHbeGvx/XD4U4ftgBmQrgLzxktvoP4afT6WfBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHpt/531IelUrVQS0Onf1C6IeF7BMB8GA1UdIwQY
MBaAFDMik9A5kWB4izHkOHYNw70e2ILrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXlLVDBEbVJZSGlMTWVRNGRnM0R2UjdZZ3VzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9jOGIxZTUtN2I5NS00Y2E3LWIyYmEt
MjIyZmUzNDgyNjhhLzEvZW0zX25mVWg2VlN0VkJMUTZkX1VMb2g0WHNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9jOGIxZTUtN2I5NS00Y2E3LWIyYmEtMjIyZmUzNDgyNjhh
LzEvTXlLVDBEbVJZSGlMTWVRNGRnM0R2UjdZZ3VzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDX9fAMA0G
CSqGSIb3DQEBCwUAA4IBAQASjC2MYTTaPx5pGfHyZZaXhyN5dd62m37euHX6JroF
p131nheGXqMfRGmQU7mNsPfSSshWbjHWfYptTRhu/vtM7LLJc1HHOGA1X5N+azbI
s+IAfUj82V8jpRgKIaBHPl+fcwuIimEdcKo+w2mf15AQ/9W2OA7mjq8uoUAdZy/A
AyxhpdsjLdxdErso6/JxMu6wQ4W2N/0ZNmyAq1dBrUMq4EFxjbqS4G7C3F9mqfH7
hPx+Hmh841uuAe1unHVOFJoOzGHU/EP+9ueTzC94Z6h7dhg113HNzd5I+++vgTVz
uuHKWE38JvLNXgRePy4QWRZ/++ZVZeJ4mlOhkFNmxMMW
-----END CERTIFICATE-----