Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/b0675b-e3bc-4dfc-bcca-23cd347d9719/1/SmE0ct24B_cDKs24GwkperH--_A.roa
File:                     SmE0ct24B_cDKs24GwkperH--_A.roa (raw, json)
Hash identifier:          c01TX6DFeZ14KFBu3sw8YP35+xZQJ3gtUGMLH5R0j/8=
Subject key identifier:   4A:61:34:72:DD:B8:07:F7:03:2A:CD:B8:1B:09:29:7A:B1:FE:FB:F0
Certificate issuer:       /CN=6137b5dbaaba28ae28c8e9a9780fb70c24fc9190
Certificate serial:       018CC2DAB6FB0FF1A02278513D60946F7CB6
Authority key identifier: 61:37:B5:DB:AA:BA:28:AE:28:C8:E9:A9:78:0F:B7:0C:24:FC:91:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YTe126q6KK4oyOmpeA-3DCT8kZA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/b0675b-e3bc-4dfc-bcca-23cd347d9719/1/SmE0ct24B_cDKs24GwkperH--_A.roa
Signing time:             Mon 01 Jan 2024 02:29:22 +0000
ROA not before:           Mon 01 Jan 2024 02:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207979
IP address blocks:        95.215.118.0/23 maxlen: 23
                          95.215.116.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/b0675b-e3bc-4dfc-bcca-23cd347d9719/1/YTe126q6KK4oyOmpeA-3DCT8kZA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/b0675b-e3bc-4dfc-bcca-23cd347d9719/1/YTe126q6KK4oyOmpeA-3DCT8kZA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YTe126q6KK4oyOmpeA-3DCT8kZA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 22:02:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:b6:fb:0f:f1:a0:22:78:51:3d:60:94:6f:7c:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6137b5dbaaba28ae28c8e9a9780fb70c24fc9190
        Validity
            Not Before: Jan  1 02:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a613472ddb807f7032acdb81b09297ab1fefbf0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:3e:8f:f0:62:96:45:e2:47:ec:71:57:cc:b8:
                    ec:65:28:b7:6e:ad:5a:7b:55:cd:73:f5:b1:f3:c1:
                    56:37:13:77:19:23:ed:ce:2f:56:4e:0c:4f:91:98:
                    32:7c:ab:13:88:f4:11:f1:02:1b:35:c7:d7:76:bf:
                    96:42:24:0c:22:fc:3e:92:a9:15:4d:20:b6:86:96:
                    c6:09:86:30:7b:3c:9f:86:05:a2:7a:5b:46:fb:d9:
                    e2:94:b1:87:9c:f9:e9:8b:fb:76:8c:46:7f:9c:f9:
                    89:48:2a:f4:02:ab:c7:eb:4f:a2:31:79:a9:4e:4e:
                    e2:af:d8:b1:f0:48:5a:4d:7d:08:59:74:67:3a:7e:
                    6c:63:fa:55:ef:80:31:1f:5a:ae:2e:14:b1:7c:29:
                    88:fd:ec:63:81:a3:1c:f8:73:65:1f:04:3a:dc:df:
                    1a:06:40:d3:7e:c8:a9:53:80:36:fa:5b:b6:7f:36:
                    8f:6c:e0:69:f0:d9:1a:25:01:8e:c2:01:26:8c:87:
                    80:16:b8:e4:23:b1:cb:7f:80:66:78:98:ec:7a:a1:
                    39:8b:05:b6:b1:15:06:07:15:76:7c:d9:29:d7:71:
                    55:b0:65:9e:58:3d:0b:fc:3e:5c:53:b4:4a:93:8f:
                    73:65:04:10:1a:f3:83:95:7e:d7:17:8d:fa:b1:21:
                    5b:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:61:34:72:DD:B8:07:F7:03:2A:CD:B8:1B:09:29:7A:B1:FE:FB:F0
            X509v3 Authority Key Identifier:
                keyid:61:37:B5:DB:AA:BA:28:AE:28:C8:E9:A9:78:0F:B7:0C:24:FC:91:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YTe126q6KK4oyOmpeA-3DCT8kZA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/b0675b-e3bc-4dfc-bcca-23cd347d9719/1/SmE0ct24B_cDKs24GwkperH--_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/b0675b-e3bc-4dfc-bcca-23cd347d9719/1/YTe126q6KK4oyOmpeA-3DCT8kZA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.215.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5d:de:bc:7e:ef:cf:1d:d4:47:74:5b:08:4c:f0:94:fc:3e:57:
         4d:89:d4:c4:21:d9:d9:26:d4:56:18:ba:7d:bc:2b:4a:5e:84:
         b7:e1:98:34:20:66:a5:2b:4c:76:65:b0:5d:c5:72:50:fa:05:
         7b:75:b2:a8:33:99:98:df:90:da:85:d6:58:99:4b:b5:71:7b:
         15:8e:1b:57:a4:3f:4d:3e:65:ce:4a:a5:51:88:ee:79:38:fd:
         c2:3b:62:05:b0:c2:b4:a9:ed:a1:be:3a:74:51:f6:15:5a:7c:
         27:ba:3c:57:d9:1b:46:23:2a:19:94:25:fc:fd:1a:4d:06:3b:
         9c:46:5e:af:89:bc:22:0f:55:e2:34:e5:f9:57:97:7f:c9:16:
         59:29:62:1c:b0:69:9c:49:6a:1b:4e:6c:4f:73:5a:90:4b:3d:
         ac:08:db:b4:ab:ec:21:b7:71:84:3d:85:6d:1d:c4:3e:f5:70:
         7a:d7:5f:ff:d5:17:c6:10:66:08:45:55:e4:da:78:79:a5:5a:
         78:2d:c0:69:bb:a5:15:9d:bd:ae:42:02:fd:74:fb:48:58:d9:
         3a:10:e1:97:ed:30:7a:04:4f:02:2a:28:0c:2a:29:dc:13:c4:
         99:02:8f:8c:94:fb:5d:5e:06:ec:0d:ff:37:16:1c:b8:43:29:
         54:4e:fe:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2rb7D/GgInhRPWCUb3y2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxMzdiNWRiYWFiYTI4YWUyOGM4ZTlhOTc4MGZiNzBjMjRm
YzkxOTAwHhcNMjQwMTAxMDIyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTYxMzQ3MmRkYjgwN2Y3MDMyYWNkYjgxYjA5Mjk3YWIxZmVmYmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmz6P8GKWReJH7HFXzLjsZSi3bq1a
e1XNc/Wx88FWNxN3GSPtzi9WTgxPkZgyfKsTiPQR8QIbNcfXdr+WQiQMIvw+kqkV
TSC2hpbGCYYwezyfhgWieltG+9nilLGHnPnpi/t2jEZ/nPmJSCr0AqvH60+iMXmp
Tk7ir9ix8EhaTX0IWXRnOn5sY/pV74AxH1quLhSxfCmI/exjgaMc+HNlHwQ63N8a
BkDTfsipU4A2+lu2fzaPbOBp8NkaJQGOwgEmjIeAFrjkI7HLf4BmeJjseqE5iwW2
sRUGBxV2fNkp13FVsGWeWD0L/D5cU7RKk49zZQQQGvODlX7XF436sSFbYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEphNHLduAf3AyrNuBsJKXqx/vvwMB8GA1UdIwQY
MBaAFGE3tduquiiuKMjpqXgPtwwk/JGQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVRlMTI2cTZLSzRveU9tcGVBLTNEQ1Q4a1pBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC9iMDY3NWItZTNiYy00ZGZjLWJjY2Et
MjNjZDM0N2Q5NzE5LzEvU21FMGN0MjRCX2NES3MyNEd3a3BlckgtLV9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC9iMDY3NWItZTNiYy00ZGZjLWJjY2EtMjNjZDM0N2Q5NzE5
LzEvWVRlMTI2cTZLSzRveU9tcGVBLTNEQ1Q4a1pBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCX9d0MA0G
CSqGSIb3DQEBCwUAA4IBAQBd3rx+788d1Ed0WwhM8JT8PldNidTEIdnZJtRWGLp9
vCtKXoS34Zg0IGalK0x2ZbBdxXJQ+gV7dbKoM5mY35DahdZYmUu1cXsVjhtXpD9N
PmXOSqVRiO55OP3CO2IFsMK0qe2hvjp0UfYVWnwnujxX2RtGIyoZlCX8/RpNBjuc
Rl6vibwiD1XiNOX5V5d/yRZZKWIcsGmcSWobTmxPc1qQSz2sCNu0q+wht3GEPYVt
HcQ+9XB611//1RfGEGYIRVXk2nh5pVp4LcBpu6UVnb2uQgL9dPtIWNk6EOGX7TB6
BE8CKigMKincE8SZAo+MlPtdXgbsDf83Fhy4QylUTv72
-----END CERTIFICATE-----