Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/e08d0e-ee4c-4ae1-9e0b-1278a42e092a/1/r6k8WLzFWcZznz9PYhoJk3Hh3js.roa
File:                     r6k8WLzFWcZznz9PYhoJk3Hh3js.roa (raw, json)
Hash identifier:          br8Jk66fn5kJ+GpmhWhatee5ugL+AoR4N4bljyZrSDA=
Subject key identifier:   AF:A9:3C:58:BC:C5:59:C6:73:9F:3F:4F:62:1A:09:93:71:E1:DE:3B
Certificate issuer:       /CN=1c5c72ee422c61667e3056de6b3ffce034305175
Certificate serial:       018CC3B67B2862740770F8DFAFBE0486D8DF
Authority key identifier: 1C:5C:72:EE:42:2C:61:66:7E:30:56:DE:6B:3F:FC:E0:34:30:51:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HFxy7kIsYWZ-MFbeaz_84DQwUXU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/e08d0e-ee4c-4ae1-9e0b-1278a42e092a/1/r6k8WLzFWcZznz9PYhoJk3Hh3js.roa
Signing time:             Mon 01 Jan 2024 06:29:25 +0000
ROA not before:           Mon 01 Jan 2024 06:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210894
IP address blocks:        95.66.198.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/e08d0e-ee4c-4ae1-9e0b-1278a42e092a/1/HFxy7kIsYWZ-MFbeaz_84DQwUXU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/e08d0e-ee4c-4ae1-9e0b-1278a42e092a/1/HFxy7kIsYWZ-MFbeaz_84DQwUXU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HFxy7kIsYWZ-MFbeaz_84DQwUXU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 12:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:7b:28:62:74:07:70:f8:df:af:be:04:86:d8:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c5c72ee422c61667e3056de6b3ffce034305175
        Validity
            Not Before: Jan  1 06:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=afa93c58bcc559c6739f3f4f621a099371e1de3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:37:72:7b:2d:e8:f4:99:dd:5d:44:52:90:85:
                    b7:8f:0b:70:83:50:8a:7f:2f:84:df:d4:14:89:0a:
                    a7:7b:64:69:64:36:c7:5d:90:f4:55:5a:1d:ee:ae:
                    45:45:4a:14:7e:b0:c7:23:06:1c:38:44:ef:5a:c3:
                    fb:36:71:a2:89:e5:9d:f7:79:73:da:5b:d6:03:16:
                    20:ec:82:29:25:35:5c:c2:66:46:94:96:2d:bc:7c:
                    9d:01:00:fa:e2:4d:83:8f:be:37:91:e9:3a:7d:f0:
                    b2:2b:3e:f2:80:85:14:8e:6b:9d:f1:7e:f8:08:40:
                    8e:1c:7b:8f:a4:a1:97:2a:f4:45:1a:bd:bf:f2:b8:
                    62:e7:a7:19:a5:37:ac:3d:20:cf:b7:f9:e9:b5:70:
                    99:63:69:fe:e9:39:52:25:22:d7:bd:31:0b:02:d0:
                    e7:23:3c:82:d3:32:32:24:de:a6:a1:ad:7b:28:9d:
                    90:62:7e:39:2a:03:3f:77:bc:3c:9a:ae:68:aa:b5:
                    46:79:96:d2:c1:6a:ec:c7:bc:5d:f2:f4:9c:24:bf:
                    f7:5d:f1:53:c0:7d:f2:67:bd:89:19:f8:e1:72:23:
                    0c:a7:52:5d:c5:c8:ad:4e:ee:bf:4f:06:ca:b8:e0:
                    ad:a8:36:64:82:af:01:ae:9c:7b:13:ca:6d:ce:ac:
                    34:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:A9:3C:58:BC:C5:59:C6:73:9F:3F:4F:62:1A:09:93:71:E1:DE:3B
            X509v3 Authority Key Identifier:
                keyid:1C:5C:72:EE:42:2C:61:66:7E:30:56:DE:6B:3F:FC:E0:34:30:51:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HFxy7kIsYWZ-MFbeaz_84DQwUXU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/e08d0e-ee4c-4ae1-9e0b-1278a42e092a/1/r6k8WLzFWcZznz9PYhoJk3Hh3js.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/e08d0e-ee4c-4ae1-9e0b-1278a42e092a/1/HFxy7kIsYWZ-MFbeaz_84DQwUXU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.66.198.0/23

    Signature Algorithm: sha256WithRSAEncryption
         d1:87:04:71:e0:e3:1e:fd:1c:b0:11:37:14:3a:05:f6:da:2d:
         38:81:1e:3b:e6:02:3b:84:d1:3c:4c:a1:44:d7:62:a5:44:29:
         29:01:2e:fe:6b:88:58:d0:96:91:e8:f7:db:3f:b2:e4:ad:b4:
         22:8c:d4:7f:5f:5d:c6:e4:a4:eb:39:94:1e:c2:ef:b4:5b:2f:
         5f:d4:40:d9:69:d6:ae:b5:b5:7d:39:fd:2b:4e:ac:04:93:35:
         84:a1:6b:af:f3:29:fc:16:f0:ff:40:30:b6:9e:92:b0:62:66:
         e3:b2:f2:9a:1d:00:d4:dc:58:d5:ee:3f:57:94:d2:01:16:91:
         9c:cc:5a:19:9a:d1:e4:8b:e2:dc:cb:ce:1c:0c:b0:72:0d:64:
         52:0e:cc:2a:d5:61:12:59:e7:21:77:6f:97:4a:22:73:2f:4b:
         81:9a:14:29:87:4a:27:4e:87:a4:7b:77:d7:8e:ec:b5:81:01:
         73:6f:0b:17:33:8a:84:c7:4b:ca:34:fb:ba:9d:80:48:68:bf:
         c9:6e:e5:88:bf:4d:d7:c3:aa:0b:5b:74:e3:74:73:51:2f:a7:
         5c:1e:81:27:1b:1f:99:18:0a:80:93:21:48:b1:cd:a2:69:ea:
         b5:ab:a6:11:7f:ec:a1:4b:f6:68:14:17:15:6d:85:bd:9b:51:
         d2:8a:df:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtnsoYnQHcPjfr74EhtjfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjNWM3MmVlNDIyYzYxNjY3ZTMwNTZkZTZiM2ZmY2UwMzQz
MDUxNzUwHhcNMjQwMTAxMDYyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmE5M2M1OGJjYzU1OWM2NzM5ZjNmNGY2MjFhMDk5MzcxZTFkZTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkjdyey3o9JndXURSkIW3jwtwg1CK
fy+E39QUiQqne2RpZDbHXZD0VVod7q5FRUoUfrDHIwYcOETvWsP7NnGiieWd93lz
2lvWAxYg7IIpJTVcwmZGlJYtvHydAQD64k2Dj743kek6ffCyKz7ygIUUjmud8X74
CECOHHuPpKGXKvRFGr2/8rhi56cZpTesPSDPt/nptXCZY2n+6TlSJSLXvTELAtDn
IzyC0zIyJN6moa17KJ2QYn45KgM/d7w8mq5oqrVGeZbSwWrsx7xd8vScJL/3XfFT
wH3yZ72JGfjhciMMp1JdxcitTu6/TwbKuOCtqDZkgq8Brpx7E8ptzqw0xQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK+pPFi8xVnGc58/T2IaCZNx4d47MB8GA1UdIwQY
MBaAFBxccu5CLGFmfjBW3ms//OA0MFF1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEZ4eTdrSXNZV1otTUZiZWF6Xzg0RFF3VVhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9lMDhkMGUtZWU0Yy00YWUxLTllMGIt
MTI3OGE0MmUwOTJhLzEvcjZrOFdMekZXY1p6bno5UFlob0prM0hoM2pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9lMDhkMGUtZWU0Yy00YWUxLTllMGItMTI3OGE0MmUwOTJh
LzEvSEZ4eTdrSXNZV1otTUZiZWF6Xzg0RFF3VVhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBX0LGMA0G
CSqGSIb3DQEBCwUAA4IBAQDRhwRx4OMe/RywETcUOgX22i04gR475gI7hNE8TKFE
12KlRCkpAS7+a4hY0JaR6PfbP7LkrbQijNR/X13G5KTrOZQewu+0Wy9f1EDZadau
tbV9Of0rTqwEkzWEoWuv8yn8FvD/QDC2npKwYmbjsvKaHQDU3FjV7j9XlNIBFpGc
zFoZmtHki+Lcy84cDLByDWRSDswq1WESWechd2+XSiJzL0uBmhQph0onToeke3fX
juy1gQFzbwsXM4qEx0vKNPu6nYBIaL/JbuWIv03Xw6oLW3TjdHNRL6dcHoEnGx+Z
GAqAkyFIsc2iaeq1q6YRf+yhS/ZoFBcVbYW9m1HSit9S
-----END CERTIFICATE-----