Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/AA76tAX11u6Tvej1TTsjMVmYjXA.roa
File:                     AA76tAX11u6Tvej1TTsjMVmYjXA.roa (raw, json)
Hash identifier:          O0FK00lUKts0QfDT9deeGxe+OudU5RHCjpSHoUxUxq8=
Subject key identifier:   00:0E:FA:B4:05:F5:D6:EE:93:BD:E8:F5:4D:3B:23:31:59:98:8D:70
Certificate issuer:       /CN=557b0ac10b8642a27dd3d74ed6cb5ee045e67b97
Certificate serial:       018CC492C291879AECCE559C0DD3745918F9
Authority key identifier: 55:7B:0A:C1:0B:86:42:A2:7D:D3:D7:4E:D6:CB:5E:E0:45:E6:7B:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/AA76tAX11u6Tvej1TTsjMVmYjXA.roa
Signing time:             Mon 01 Jan 2024 10:30:01 +0000
ROA not before:           Mon 01 Jan 2024 10:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49188
IP address blocks:        95.169.197.0/24 maxlen: 24
                          95.169.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:c2:91:87:9a:ec:ce:55:9c:0d:d3:74:59:18:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=557b0ac10b8642a27dd3d74ed6cb5ee045e67b97
        Validity
            Not Before: Jan  1 10:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=000efab405f5d6ee93bde8f54d3b233159988d70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:4d:74:ee:b2:8c:25:02:30:71:3f:ba:86:21:
                    7c:20:cc:4d:71:5c:78:f2:22:b2:4b:18:ca:be:34:
                    28:87:28:00:42:83:5f:5c:8a:34:55:90:ab:fe:2b:
                    c9:75:fc:f1:86:ed:37:4a:ba:c7:a1:71:ff:a5:8d:
                    d3:45:c3:f1:05:64:58:85:c7:6e:c2:69:29:23:d3:
                    56:46:30:3a:59:d0:ef:2f:3e:0d:88:15:c1:2b:9a:
                    6e:93:d5:39:06:4b:5b:d9:46:89:aa:af:06:ae:c9:
                    ea:b4:e4:46:30:ff:3f:b2:10:33:20:63:c5:2b:b1:
                    3b:8d:0f:86:db:e5:b1:6d:ff:cc:ae:52:17:ac:0e:
                    89:ac:d9:3e:bf:e1:ca:cd:55:55:66:ea:5b:03:75:
                    d5:bc:06:e7:70:64:e9:f9:ba:6d:b5:96:d8:ea:04:
                    cf:85:9b:b1:fe:ba:fb:b2:f0:9c:d9:e2:55:a6:ea:
                    a0:42:e1:34:5d:a8:a0:fa:c9:71:61:88:79:08:33:
                    e5:ca:7f:c3:70:69:0d:f3:19:c6:36:86:1c:16:5c:
                    9e:c4:b7:c9:2e:7b:8c:83:25:ad:78:3d:99:e6:38:
                    39:90:f2:f9:3f:e8:18:be:f3:c9:d0:5d:cd:be:76:
                    bc:8b:9b:84:7c:a8:82:d0:04:b5:67:0e:3a:08:4a:
                    b2:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:0E:FA:B4:05:F5:D6:EE:93:BD:E8:F5:4D:3B:23:31:59:98:8D:70
            X509v3 Authority Key Identifier:
                keyid:55:7B:0A:C1:0B:86:42:A2:7D:D3:D7:4E:D6:CB:5E:E0:45:E6:7B:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/AA76tAX11u6Tvej1TTsjMVmYjXA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.169.197.0-95.169.198.255

    Signature Algorithm: sha256WithRSAEncryption
         2d:16:89:df:10:dd:63:ba:21:3b:2d:64:98:8d:54:79:ac:c7:
         cb:f5:30:c5:55:fb:ce:69:a5:78:fe:98:b8:10:82:a2:cc:58:
         b9:80:db:f7:6c:5d:41:74:95:22:fe:e0:68:99:df:c0:c1:6b:
         2a:44:e2:37:7a:8a:0f:ff:d6:b8:fa:70:bf:9f:7d:ef:7b:c0:
         d4:08:4c:75:02:1a:04:b8:49:c2:17:24:aa:98:55:5f:11:4c:
         5d:04:8a:ee:ae:b5:21:3b:c8:8b:c2:95:42:a5:84:79:ce:3e:
         58:8d:13:68:32:ae:30:52:17:a7:cf:6e:d0:23:60:be:c2:61:
         c0:4b:a3:1e:4a:85:45:4c:68:fa:fd:53:3e:e8:31:54:e0:a7:
         5b:f3:ca:10:8a:43:fe:df:9e:06:5f:16:e3:6d:20:9b:3b:db:
         d0:60:a1:b9:ec:51:38:51:17:f1:93:ef:27:9b:e4:3d:fc:e6:
         9e:c0:46:92:d1:23:52:71:7b:ee:30:ee:6c:fe:01:7c:25:84:
         16:3b:37:e0:07:18:ac:b0:f7:62:66:d1:af:ea:13:25:ba:73:
         db:37:6e:c8:05:de:89:8e:5f:66:4b:38:a8:84:56:bc:eb:cc:
         70:46:f7:74:2e:e1:0f:29:bc:8f:e9:3f:f8:01:5e:8f:a4:58:
         b5:79:a0:cd
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzEksKRh5rszlWcDdN0WRj5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1N2IwYWMxMGI4NjQyYTI3ZGQzZDc0ZWQ2Y2I1ZWUwNDVl
NjdiOTcwHhcNMjQwMTAxMTAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDBlZmFiNDA1ZjVkNmVlOTNiZGU4ZjU0ZDNiMjMzMTU5OTg4ZDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtE107rKMJQIwcT+6hiF8IMxNcVx4
8iKySxjKvjQohygAQoNfXIo0VZCr/ivJdfzxhu03SrrHoXH/pY3TRcPxBWRYhcdu
wmkpI9NWRjA6WdDvLz4NiBXBK5puk9U5Bktb2UaJqq8GrsnqtORGMP8/shAzIGPF
K7E7jQ+G2+Wxbf/MrlIXrA6JrNk+v+HKzVVVZupbA3XVvAbncGTp+bpttZbY6gTP
hZux/rr7svCc2eJVpuqgQuE0Xaig+slxYYh5CDPlyn/DcGkN8xnGNoYcFlyexLfJ
LnuMgyWteD2Z5jg5kPL5P+gYvvPJ0F3Nvna8i5uEfKiC0AS1Zw46CEqyJwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFAAO+rQF9dbuk73o9U07IzFZmI1wMB8GA1UdIwQY
MBaAFFV7CsELhkKifdPXTtbLXuBF5nuXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlhzS3dRdUdRcUo5MDlkTzFzdGU0RVhtZTVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi81ZTVjMzAtOGFhNC00N2U4LWJkOGYt
ZmJlMWEwZDBhYTk4LzEvQUE3NnRBWDExdTZUdmVqMVRUc2pNVm1ZalhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi81ZTVjMzAtOGFhNC00N2U4LWJkOGYtZmJlMWEwZDBhYTk4
LzEvVlhzS3dRdUdRcUo5MDlkTzFzdGU0RVhtZTVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABfqcUD
BABfqcYwDQYJKoZIhvcNAQELBQADggEBAC0Wid8Q3WO6ITstZJiNVHmsx8v1MMVV
+85ppXj+mLgQgqLMWLmA2/dsXUF0lSL+4GiZ38DBaypE4jd6ig//1rj6cL+ffe97
wNQITHUCGgS4ScIXJKqYVV8RTF0Eiu6utSE7yIvClUKlhHnOPliNE2gyrjBSF6fP
btAjYL7CYcBLox5KhUVMaPr9Uz7oMVTgp1vzyhCKQ/7fngZfFuNtIJs729Bgobns
UThRF/GT7yeb5D385p7ARpLRI1Jxe+4w7mz+AXwlhBY7N+AHGKyw92Jm0a/qEyW6
c9s3bsgF3omOX2ZLOKiEVrzrzHBG93Qu4Q8pvI/pP/gBXo+kWLV5oM0=
-----END CERTIFICATE-----