Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/L7FFdoaCel3lnz7OVmdEcreqAqo.roa
File:                     L7FFdoaCel3lnz7OVmdEcreqAqo.roa (raw, json)
Hash identifier:          ObHXuST+excf8VAEkygq15/6fxqeavbqPqP57FSMoK0=
Subject key identifier:   2F:B1:45:76:86:82:7A:5D:E5:9F:3E:CE:56:67:44:72:B7:AA:02:AA
Certificate issuer:       /CN=557b0ac10b8642a27dd3d74ed6cb5ee045e67b97
Certificate serial:       018CC492C1DFC9469FC713506F17F212E413
Authority key identifier: 55:7B:0A:C1:0B:86:42:A2:7D:D3:D7:4E:D6:CB:5E:E0:45:E6:7B:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/L7FFdoaCel3lnz7OVmdEcreqAqo.roa
Signing time:             Mon 01 Jan 2024 10:30:01 +0000
ROA not before:           Mon 01 Jan 2024 10:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44100
IP address blocks:        95.169.206.0/24 maxlen: 24
                          95.169.207.0/24 maxlen: 24
                          95.169.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:c1:df:c9:46:9f:c7:13:50:6f:17:f2:12:e4:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=557b0ac10b8642a27dd3d74ed6cb5ee045e67b97
        Validity
            Not Before: Jan  1 10:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2fb1457686827a5de59f3ece56674472b7aa02aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:04:eb:86:2b:85:ae:28:42:27:a4:d0:3e:2e:
                    7c:ee:5d:fc:55:4d:ff:3d:0e:b4:3f:d8:73:11:85:
                    c8:21:9f:9b:18:3d:e1:c4:1c:31:87:eb:c9:28:a5:
                    b5:2f:10:59:f5:4d:30:7c:7a:23:01:54:b3:cc:cd:
                    b5:50:c2:5e:6a:8f:7c:7d:74:e9:a9:82:6e:4a:cc:
                    ea:98:25:1e:3b:09:8c:0d:d1:1e:f8:76:31:1b:52:
                    0d:f9:6e:27:4a:47:bb:8f:40:86:0e:f3:d1:c4:74:
                    18:46:1f:ac:e7:aa:8c:62:d3:e4:73:cb:ff:b5:3e:
                    00:7f:2c:8d:1f:5c:70:9d:5c:b8:31:37:65:32:60:
                    7a:b2:bf:ff:c7:9c:ba:5e:9b:85:88:22:b8:ac:d2:
                    b0:8a:09:56:47:c1:69:0d:e0:20:b1:67:14:c2:b6:
                    50:04:0f:a2:cd:f2:e4:e7:e1:7f:62:a3:2e:ae:e3:
                    16:10:ad:b0:0b:aa:24:9c:62:3d:f6:ed:4f:c9:c2:
                    d7:da:93:db:94:7a:c9:9c:c1:d8:90:60:8b:51:4d:
                    8e:f1:46:60:f1:ae:a1:f0:3e:ee:bb:6e:62:fe:96:
                    74:16:b8:37:98:34:8e:e9:e8:a0:9a:ed:82:24:3a:
                    a5:cd:c9:7b:1c:9d:d0:6b:bf:73:cc:f4:6d:22:6c:
                    da:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:B1:45:76:86:82:7A:5D:E5:9F:3E:CE:56:67:44:72:B7:AA:02:AA
            X509v3 Authority Key Identifier:
                keyid:55:7B:0A:C1:0B:86:42:A2:7D:D3:D7:4E:D6:CB:5E:E0:45:E6:7B:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/L7FFdoaCel3lnz7OVmdEcreqAqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.169.206.0/23
                  95.169.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:d7:c5:61:75:ec:10:14:ad:53:83:ad:0a:75:e5:0c:d4:d1:
         b4:82:8f:00:ec:c9:90:30:57:8a:26:c1:d9:f5:c4:ae:87:bc:
         35:28:b0:9a:1d:8f:94:13:4e:23:af:d6:2f:56:ee:5a:7b:2c:
         09:d9:f9:93:30:d0:7d:66:a5:32:4c:e4:c3:30:28:3d:40:c9:
         51:9d:e8:c5:d7:30:71:be:5b:8c:28:d8:1c:9e:7d:b3:4b:d7:
         ea:c8:7f:e9:b3:f3:74:ce:ca:1a:96:ce:df:f0:f4:e0:92:1d:
         af:b7:e8:ad:65:d6:92:56:66:ac:15:08:6e:a6:31:d7:fa:ba:
         17:c4:0a:20:4c:82:b4:89:89:7f:c6:01:75:89:e9:e0:d9:6f:
         b2:45:df:e3:d3:ed:fe:3f:2d:bf:e0:15:1f:de:16:bb:58:75:
         be:7e:b2:b0:d1:a7:de:4f:f8:d8:68:1f:77:e1:07:84:db:ce:
         74:96:5d:05:11:47:9a:50:bf:88:8b:35:e8:c6:85:ea:4a:18:
         b7:8a:ab:73:eb:09:87:5b:31:17:ce:23:8b:d9:92:ad:d4:72:
         61:d8:c5:8c:3c:bd:00:b1:c6:d4:f4:a6:c2:e4:73:e5:31:9c:
         6e:0e:af:ea:df:97:b4:7e:39:81:ac:e8:46:79:60:22:70:db:
         77:d6:c1:d1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEksHfyUafxxNQbxfyEuQTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1N2IwYWMxMGI4NjQyYTI3ZGQzZDc0ZWQ2Y2I1ZWUwNDVl
NjdiOTcwHhcNMjQwMTAxMTAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmIxNDU3Njg2ODI3YTVkZTU5ZjNlY2U1NjY3NDQ3MmI3YWEwMmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjgTrhiuFrihCJ6TQPi587l38VU3/
PQ60P9hzEYXIIZ+bGD3hxBwxh+vJKKW1LxBZ9U0wfHojAVSzzM21UMJeao98fXTp
qYJuSszqmCUeOwmMDdEe+HYxG1IN+W4nSke7j0CGDvPRxHQYRh+s56qMYtPkc8v/
tT4AfyyNH1xwnVy4MTdlMmB6sr//x5y6XpuFiCK4rNKwiglWR8FpDeAgsWcUwrZQ
BA+izfLk5+F/YqMuruMWEK2wC6oknGI99u1PycLX2pPblHrJnMHYkGCLUU2O8UZg
8a6h8D7uu25i/pZ0Frg3mDSO6eigmu2CJDqlzcl7HJ3Qa79zzPRtImzacwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC+xRXaGgnpd5Z8+zlZnRHK3qgKqMB8GA1UdIwQY
MBaAFFV7CsELhkKifdPXTtbLXuBF5nuXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlhzS3dRdUdRcUo5MDlkTzFzdGU0RVhtZTVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi81ZTVjMzAtOGFhNC00N2U4LWJkOGYt
ZmJlMWEwZDBhYTk4LzEvTDdGRmRvYUNlbDNsbno3T1ZtZEVjcmVxQXFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi81ZTVjMzAtOGFhNC00N2U4LWJkOGYtZmJlMWEwZDBhYTk4
LzEvVlhzS3dRdUdRcUo5MDlkTzFzdGU0RVhtZTVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBX6nOAwQA
X6ndMA0GCSqGSIb3DQEBCwUAA4IBAQBG18VhdewQFK1Tg60KdeUM1NG0go8A7MmQ
MFeKJsHZ9cSuh7w1KLCaHY+UE04jr9YvVu5aeywJ2fmTMNB9ZqUyTOTDMCg9QMlR
nejF1zBxvluMKNgcnn2zS9fqyH/ps/N0zsoals7f8PTgkh2vt+itZdaSVmasFQhu
pjHX+roXxAogTIK0iYl/xgF1ieng2W+yRd/j0+3+Py2/4BUf3ha7WHW+frKw0afe
T/jYaB934QeE2850ll0FEUeaUL+IizXoxoXqShi3iqtz6wmHWzEXziOL2ZKt1HJh
2MWMPL0AscbU9KbC5HPlMZxuDq/q35e0fjmBrOhGeWAicNt31sHR
-----END CERTIFICATE-----