Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/9O7pgTAAYGBvXE-dc9Xvy4bho3c.roa
File:                     9O7pgTAAYGBvXE-dc9Xvy4bho3c.roa (raw, json)
Hash identifier:          ucObeVeLvD0eo3HQCNWe3AzytyWoQDXoM4Zn0TXDQI8=
Subject key identifier:   F4:EE:E9:81:30:00:60:60:6F:5C:4F:9D:73:D5:EF:CB:86:E1:A3:77
Certificate issuer:       /CN=557b0ac10b8642a27dd3d74ed6cb5ee045e67b97
Certificate serial:       018CC492C2E13B243884A63E0791FFF67B21
Authority key identifier: 55:7B:0A:C1:0B:86:42:A2:7D:D3:D7:4E:D6:CB:5E:E0:45:E6:7B:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/9O7pgTAAYGBvXE-dc9Xvy4bho3c.roa
Signing time:             Mon 01 Jan 2024 10:30:01 +0000
ROA not before:           Mon 01 Jan 2024 10:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60441
IP address blocks:        95.169.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:c2:e1:3b:24:38:84:a6:3e:07:91:ff:f6:7b:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=557b0ac10b8642a27dd3d74ed6cb5ee045e67b97
        Validity
            Not Before: Jan  1 10:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4eee981300060606f5c4f9d73d5efcb86e1a377
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:9b:78:ea:27:13:46:ee:99:c0:a6:de:4e:97:
                    10:41:bb:ab:77:a8:38:a3:b8:c8:2a:c8:fa:e3:44:
                    6b:2d:fa:cf:a7:01:aa:f1:13:cb:2a:7b:bb:16:dc:
                    15:d2:23:41:e8:70:5b:9f:cf:82:6f:7a:b0:c1:26:
                    29:8c:0d:97:80:82:36:51:a8:41:04:a1:5f:bb:5e:
                    f7:77:9a:bb:8b:66:d8:b3:96:2d:18:8b:07:de:58:
                    77:10:08:cf:18:0a:e3:29:35:37:a4:f6:92:fe:54:
                    75:ac:fd:5c:af:c2:99:2b:c3:58:01:6a:88:5f:01:
                    60:7b:e8:44:18:25:d7:1f:ad:79:de:1c:b0:f0:27:
                    86:22:ce:7b:8e:48:e5:02:fe:ae:ba:45:6d:af:8b:
                    2e:6c:0c:fc:da:ec:67:48:14:33:a7:25:97:5e:a6:
                    20:1e:49:30:05:80:dc:8b:8e:1b:be:94:b1:fb:82:
                    fe:51:84:16:06:1d:eb:f0:33:c4:74:6e:17:d8:ba:
                    c4:7b:ac:51:b4:10:a4:7b:bb:e1:d0:3d:59:43:e9:
                    f0:e2:4a:0b:df:2a:e9:a7:55:5c:89:f3:aa:c8:a1:
                    18:74:ee:bd:95:6e:ee:d2:50:54:d4:2f:f1:ca:f2:
                    02:ba:8b:1c:54:ab:66:71:56:ee:3b:42:16:36:53:
                    1d:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:EE:E9:81:30:00:60:60:6F:5C:4F:9D:73:D5:EF:CB:86:E1:A3:77
            X509v3 Authority Key Identifier:
                keyid:55:7B:0A:C1:0B:86:42:A2:7D:D3:D7:4E:D6:CB:5E:E0:45:E6:7B:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/9O7pgTAAYGBvXE-dc9Xvy4bho3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.169.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:d1:4a:38:5b:79:e2:3e:18:73:79:6a:58:69:59:50:a2:9d:
         4b:df:5e:ab:0c:e0:8e:a1:a8:cc:76:f7:96:8c:f8:94:55:ee:
         5a:f2:59:2c:f3:71:57:6e:71:71:fa:33:44:49:00:86:9c:aa:
         7a:77:e5:e4:f7:b6:0f:9f:ca:84:fc:3e:ff:cb:38:38:23:10:
         ff:b6:99:99:34:69:1b:14:68:7e:d9:84:1c:2c:64:21:fa:3c:
         a4:cb:7a:6e:d5:e1:fe:7a:46:a4:bb:25:d3:36:ef:45:f7:6d:
         80:29:4f:cc:3e:50:eb:2e:d9:7e:d2:62:c8:a6:ad:ba:10:15:
         3d:0e:07:6e:67:ca:57:c2:66:55:c2:84:d5:02:84:d0:97:5f:
         d9:ab:85:fd:9c:d9:4c:c5:d0:99:9a:12:3f:68:6c:2c:44:dc:
         92:9b:ea:4e:e0:b9:fc:e0:94:3e:d1:9e:ef:cd:c1:18:d0:57:
         5f:38:d2:a0:33:32:97:03:cc:f3:fc:d8:c5:42:06:5f:17:35:
         2e:00:78:2e:f5:57:e3:a1:d5:fd:bd:12:e8:9a:b4:01:2f:f9:
         0a:7e:c0:11:61:2f:be:57:e6:01:af:b7:8a:31:80:d1:bb:01:
         49:07:05:17:42:b4:03:3a:1e:d6:5a:4e:54:0d:79:13:e8:62:
         47:d9:91:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEksLhOyQ4hKY+B5H/9nshMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1N2IwYWMxMGI4NjQyYTI3ZGQzZDc0ZWQ2Y2I1ZWUwNDVl
NjdiOTcwHhcNMjQwMTAxMTAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGVlZTk4MTMwMDA2MDYwNmY1YzRmOWQ3M2Q1ZWZjYjg2ZTFhMzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZt46icTRu6ZwKbeTpcQQburd6g4
o7jIKsj640RrLfrPpwGq8RPLKnu7FtwV0iNB6HBbn8+Cb3qwwSYpjA2XgII2UahB
BKFfu173d5q7i2bYs5YtGIsH3lh3EAjPGArjKTU3pPaS/lR1rP1cr8KZK8NYAWqI
XwFge+hEGCXXH6153hyw8CeGIs57jkjlAv6uukVtr4subAz82uxnSBQzpyWXXqYg
HkkwBYDci44bvpSx+4L+UYQWBh3r8DPEdG4X2LrEe6xRtBCke7vh0D1ZQ+nw4koL
3yrpp1VcifOqyKEYdO69lW7u0lBU1C/xyvICuoscVKtmcVbuO0IWNlMdaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPTu6YEwAGBgb1xPnXPV78uG4aN3MB8GA1UdIwQY
MBaAFFV7CsELhkKifdPXTtbLXuBF5nuXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlhzS3dRdUdRcUo5MDlkTzFzdGU0RVhtZTVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi81ZTVjMzAtOGFhNC00N2U4LWJkOGYt
ZmJlMWEwZDBhYTk4LzEvOU83cGdUQUFZR0J2WEUtZGM5WHZ5NGJobzNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi81ZTVjMzAtOGFhNC00N2U4LWJkOGYtZmJlMWEwZDBhYTk4
LzEvVlhzS3dRdUdRcUo5MDlkTzFzdGU0RVhtZTVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6nQMA0G
CSqGSIb3DQEBCwUAA4IBAQBI0Uo4W3niPhhzeWpYaVlQop1L316rDOCOoajMdveW
jPiUVe5a8lks83FXbnFx+jNESQCGnKp6d+Xk97YPn8qE/D7/yzg4IxD/tpmZNGkb
FGh+2YQcLGQh+jyky3pu1eH+ekakuyXTNu9F922AKU/MPlDrLtl+0mLIpq26EBU9
DgduZ8pXwmZVwoTVAoTQl1/Zq4X9nNlMxdCZmhI/aGwsRNySm+pO4Ln84JQ+0Z7v
zcEY0FdfONKgMzKXA8zz/NjFQgZfFzUuAHgu9VfjodX9vRLomrQBL/kKfsARYS++
V+YBr7eKMYDRuwFJBwUXQrQDOh7WWk5UDXkT6GJH2ZGF
-----END CERTIFICATE-----