Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/avb9lztGhuvuTBjxBp4BHmeVoNU.roa
File:                     avb9lztGhuvuTBjxBp4BHmeVoNU.roa (raw, json)
Hash identifier:          lOmioj9EeF4IiOxixfKZsf0/djnV35yCHs+p25AHxaM=
Subject key identifier:   6A:F6:FD:97:3B:46:86:EB:EE:4C:18:F1:06:9E:01:1E:67:95:A0:D5
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A5007F9D20F960B83A414FB85EB52
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/avb9lztGhuvuTBjxBp4BHmeVoNU.roa
Signing time:             Tue 02 Jan 2024 12:33:39 +0000
ROA not before:           Tue 02 Jan 2024 12:33:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209918
IP address blocks:        95.47.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:50:07:f9:d2:0f:96:0b:83:a4:14:fb:85:eb:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6af6fd973b4686ebee4c18f1069e011e6795a0d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:cc:41:f7:3f:6a:11:f8:1d:4f:2a:23:72:21:
                    81:6e:50:43:36:87:c9:10:09:70:27:9a:84:9d:c4:
                    ad:9a:48:57:bc:b9:8c:64:f6:70:14:7a:d7:49:00:
                    b6:b6:3b:68:f8:57:f9:f1:92:92:49:01:54:6e:fd:
                    fd:97:66:83:0e:c1:86:a1:6f:1a:7b:2e:57:8e:c1:
                    10:31:bf:2c:9f:7f:30:0c:38:60:e4:3b:66:1c:5b:
                    3b:60:e6:93:1c:9e:93:6a:48:f7:87:c0:7d:45:15:
                    0c:5b:20:73:ae:eb:64:e9:ec:f8:4f:62:0a:e3:6f:
                    f1:09:ea:01:e0:a0:d5:0c:4d:1e:10:a9:5b:34:33:
                    e2:f1:d9:8a:e5:38:2e:62:4c:8b:4c:9b:8e:d1:2a:
                    62:b3:7b:20:e2:2b:25:9a:1d:7f:de:ce:b5:c0:71:
                    e9:77:58:ce:21:c4:b1:1c:7d:a0:ca:ec:a5:d5:1c:
                    7a:2e:81:3d:04:81:22:96:e5:4b:53:36:9a:20:d0:
                    fb:83:d8:f0:eb:e0:8e:ae:57:6d:54:0e:e4:46:80:
                    99:09:21:bb:7f:8f:ac:65:b9:dd:3f:fd:78:98:96:
                    aa:a6:cd:f4:a0:f0:67:15:92:f2:a3:94:b6:16:2f:
                    47:cd:ac:d7:09:01:32:2f:8b:87:79:7c:1a:e1:fd:
                    aa:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:F6:FD:97:3B:46:86:EB:EE:4C:18:F1:06:9E:01:1E:67:95:A0:D5
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/avb9lztGhuvuTBjxBp4BHmeVoNU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.47.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:6c:d1:b8:bf:c1:20:32:82:47:11:12:58:b0:d2:1d:a3:b2:
         04:2b:96:1e:f6:c0:a4:1b:e6:13:f7:0a:60:6b:56:d1:5c:39:
         20:57:5f:c9:94:2b:3b:61:a2:24:33:f4:a1:56:bd:00:81:b9:
         fa:91:ef:09:93:2c:a8:3f:3d:5c:36:c4:7b:f1:a1:54:ce:7f:
         86:90:a6:da:4d:ff:f8:35:ae:05:ad:6a:32:20:81:b0:43:8d:
         35:75:df:84:74:fd:2e:94:ef:d9:ad:49:ca:c6:30:ca:15:d3:
         92:6a:47:28:c8:94:16:ad:af:d8:40:de:3e:7a:86:e2:52:c0:
         d8:4e:0e:d3:c1:32:58:ae:8a:a1:f1:8c:ec:d7:65:a1:4c:5b:
         c0:37:2a:e0:b7:f5:f2:6c:f4:6f:e5:bd:20:8c:7c:1e:f9:4d:
         45:8c:45:e9:bf:bd:31:a8:61:e5:de:23:f9:64:29:e0:78:29:
         cc:2d:e7:0f:cf:cc:a1:dc:29:e8:e6:a0:61:7f:90:7a:41:6f:
         0d:fe:fc:1d:be:8d:fa:69:3d:b8:26:09:c5:b3:65:3e:ee:89:
         df:89:b0:69:dd:6f:9a:cb:ab:f3:ee:4d:43:a8:e2:1e:8e:35:
         0f:87:e8:98:5f:82:66:62:b8:91:47:6b:18:ab:d3:84:51:e5:
         12:a2:65:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKlAH+dIPlguDpBT7hetSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWY2ZmQ5NzNiNDY4NmViZWU0YzE4ZjEwNjllMDExZTY3OTVhMGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoMxB9z9qEfgdTyojciGBblBDNofJ
EAlwJ5qEncStmkhXvLmMZPZwFHrXSQC2tjto+Ff58ZKSSQFUbv39l2aDDsGGoW8a
ey5XjsEQMb8sn38wDDhg5DtmHFs7YOaTHJ6Takj3h8B9RRUMWyBzrutk6ez4T2IK
42/xCeoB4KDVDE0eEKlbNDPi8dmK5TguYkyLTJuO0Spis3sg4islmh1/3s61wHHp
d1jOIcSxHH2gyuyl1Rx6LoE9BIEiluVLUzaaIND7g9jw6+COrldtVA7kRoCZCSG7
f4+sZbndP/14mJaqps30oPBnFZLyo5S2Fi9HzazXCQEyL4uHeXwa4f2qOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGr2/Zc7Robr7kwY8QaeAR5nlaDVMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvYXZiOWx6dEdodXZ1VEJqeEJwNEJIbWVWb05VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXy/oMA0G
CSqGSIb3DQEBCwUAA4IBAQBvbNG4v8EgMoJHERJYsNIdo7IEK5Ye9sCkG+YT9wpg
a1bRXDkgV1/JlCs7YaIkM/ShVr0Agbn6ke8JkyyoPz1cNsR78aFUzn+GkKbaTf/4
Na4FrWoyIIGwQ401dd+EdP0ulO/ZrUnKxjDKFdOSakcoyJQWra/YQN4+eobiUsDY
Tg7TwTJYroqh8Yzs12WhTFvANyrgt/XybPRv5b0gjHwe+U1FjEXpv70xqGHl3iP5
ZCngeCnMLecPz8yh3Cno5qBhf5B6QW8N/vwdvo36aT24JgnFs2U+7onfibBp3W+a
y6vz7k1DqOIejjUPh+iYX4JmYriRR2sYq9OEUeUSomUs
-----END CERTIFICATE-----