Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/aT0MHlzm8GC7MGbx1ZD1NTAxTkU.roa
File:                     aT0MHlzm8GC7MGbx1ZD1NTAxTkU.roa (raw, json)
Hash identifier:          IjSrwSY+qtD2r0d/O7WBoA+TmWxvw9RM5yFY/RtHBCU=
Subject key identifier:   69:3D:0C:1E:5C:E6:F0:60:BB:30:66:F1:D5:90:F5:35:30:31:4E:45
Certificate issuer:       /CN=557b0ac10b8642a27dd3d74ed6cb5ee045e67b97
Certificate serial:       0191BCA913A8349F2F9BD2E775B1E9761915
Authority key identifier: 55:7B:0A:C1:0B:86:42:A2:7D:D3:D7:4E:D6:CB:5E:E0:45:E6:7B:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/aT0MHlzm8GC7MGbx1ZD1NTAxTkU.roa
Signing time:             Wed 04 Sep 2024 10:51:22 +0000
ROA not before:           Wed 04 Sep 2024 10:51:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214378
IP address blocks:        95.169.209.0/24 maxlen: 24
                          2a01:4a40:101::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:bc:a9:13:a8:34:9f:2f:9b:d2:e7:75:b1:e9:76:19:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=557b0ac10b8642a27dd3d74ed6cb5ee045e67b97
        Validity
            Not Before: Sep  4 10:51:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=693d0c1e5ce6f060bb3066f1d590f53530314e45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:d8:d3:b4:fd:9a:33:77:e2:b6:3d:c3:05:3e:
                    6d:92:e1:a3:1b:b3:21:3e:bc:90:79:bd:06:a3:b2:
                    c1:62:a2:34:47:94:7f:76:1b:5c:c9:c3:96:31:b4:
                    69:34:58:dd:77:e5:fe:02:8d:e6:14:4c:29:79:f8:
                    08:c3:3e:ab:a8:ac:45:d9:39:36:0c:87:7f:9f:20:
                    88:17:28:e5:40:43:65:5a:df:0f:fd:1d:b5:51:ee:
                    13:3a:f8:8c:24:28:1e:81:5f:2a:2e:81:55:ea:b0:
                    54:77:ed:d5:8b:af:d6:11:a4:e8:5b:ac:06:3e:db:
                    f1:7a:e1:34:19:2a:87:a4:99:87:56:39:44:2f:86:
                    8f:11:49:05:9c:a2:41:79:6d:3b:20:17:5c:7e:35:
                    f4:c7:09:61:60:a0:fa:28:6b:35:f6:0a:4e:89:a8:
                    31:5c:ce:15:2d:b6:9e:a4:8c:6c:2d:88:23:61:c3:
                    d3:aa:20:b9:91:e6:50:26:cd:45:20:91:f2:93:b6:
                    21:b8:f3:78:e1:ef:93:66:91:85:93:f1:ae:16:1a:
                    09:d8:6a:a3:0c:1e:6c:2a:44:f5:8f:59:09:c3:98:
                    8d:a4:60:9c:59:ba:8c:47:9a:50:d1:24:ba:87:ee:
                    2a:7c:77:a1:01:38:76:1d:7e:22:66:c4:ab:8f:3c:
                    c3:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:3D:0C:1E:5C:E6:F0:60:BB:30:66:F1:D5:90:F5:35:30:31:4E:45
            X509v3 Authority Key Identifier:
                keyid:55:7B:0A:C1:0B:86:42:A2:7D:D3:D7:4E:D6:CB:5E:E0:45:E6:7B:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/aT0MHlzm8GC7MGbx1ZD1NTAxTkU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.169.209.0/24
                IPv6:
                  2a01:4a40:101::/48

    Signature Algorithm: sha256WithRSAEncryption
         76:3f:42:b6:84:0f:e7:5d:09:29:ba:1e:ea:7e:bc:d8:2b:5a:
         52:08:50:92:a2:0b:91:a7:14:f5:c5:99:a5:f9:78:34:bf:7d:
         bd:bb:2e:34:d9:a7:96:7a:51:96:95:45:ae:26:eb:d1:45:7f:
         d7:7c:4b:42:fe:86:46:57:ff:a3:17:ae:a1:98:ea:ce:88:1c:
         62:98:e8:bd:6c:47:83:9e:2b:d9:bd:8a:8e:68:ab:a1:e4:f4:
         61:e3:c5:1c:9b:70:8b:d9:21:fe:f0:e2:06:cb:68:92:11:af:
         20:52:38:b9:9e:50:8b:d4:1d:00:c6:e1:22:2e:f4:1e:cb:7d:
         93:44:7b:fb:4b:52:95:9d:6f:4a:0e:e3:81:60:ae:2d:a3:99:
         93:91:cc:e6:1d:33:67:f3:92:42:65:fd:0a:e7:e5:f0:22:b3:
         a9:29:28:60:11:7d:df:ae:71:ec:7d:9d:61:70:b9:8b:38:99:
         e9:d3:1d:27:f6:09:d9:37:72:fb:53:ee:0a:c3:f6:23:dc:3f:
         69:fb:89:bd:e7:e9:0b:ed:09:fa:a3:81:ac:43:9f:53:d4:e7:
         68:2a:4f:e3:74:ca:6d:f4:a9:f1:ab:71:5d:0d:1e:d4:aa:ea:
         cc:05:5a:24:e4:04:57:33:0f:45:41:e4:9b:35:af:33:43:80:
         20:15:0b:eb
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZG8qROoNJ8vm9LndbHpdhkVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1N2IwYWMxMGI4NjQyYTI3ZGQzZDc0ZWQ2Y2I1ZWUwNDVl
NjdiOTcwHhcNMjQwOTA0MTA1MTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTNkMGMxZTVjZTZmMDYwYmIzMDY2ZjFkNTkwZjUzNTMwMzE0ZTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNjTtP2aM3fitj3DBT5tkuGjG7Mh
PryQeb0Go7LBYqI0R5R/dhtcycOWMbRpNFjdd+X+Ao3mFEwpefgIwz6rqKxF2Tk2
DId/nyCIFyjlQENlWt8P/R21Ue4TOviMJCgegV8qLoFV6rBUd+3Vi6/WEaToW6wG
PtvxeuE0GSqHpJmHVjlEL4aPEUkFnKJBeW07IBdcfjX0xwlhYKD6KGs19gpOiagx
XM4VLbaepIxsLYgjYcPTqiC5keZQJs1FIJHyk7YhuPN44e+TZpGFk/GuFhoJ2Gqj
DB5sKkT1j1kJw5iNpGCcWbqMR5pQ0SS6h+4qfHehATh2HX4iZsSrjzzDSQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGk9DB5c5vBguzBm8dWQ9TUwMU5FMB8GA1UdIwQY
MBaAFFV7CsELhkKifdPXTtbLXuBF5nuXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlhzS3dRdUdRcUo5MDlkTzFzdGU0RVhtZTVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi81ZTVjMzAtOGFhNC00N2U4LWJkOGYt
ZmJlMWEwZDBhYTk4LzEvYVQwTUhsem04R0M3TUdieDFaRDFOVEF4VGtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi81ZTVjMzAtOGFhNC00N2U4LWJkOGYtZmJlMWEwZDBhYTk4
LzEvVlhzS3dRdUdRcUo5MDlkTzFzdGU0RVhtZTVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAX6nRMA8E
AgACMAkDBwAqAUpAAQEwDQYJKoZIhvcNAQELBQADggEBAHY/QraED+ddCSm6Hup+
vNgrWlIIUJKiC5GnFPXFmaX5eDS/fb27LjTZp5Z6UZaVRa4m69FFf9d8S0L+hkZX
/6MXrqGY6s6IHGKY6L1sR4OeK9m9io5oq6Hk9GHjxRybcIvZIf7w4gbLaJIRryBS
OLmeUIvUHQDG4SIu9B7LfZNEe/tLUpWdb0oO44Fgri2jmZORzOYdM2fzkkJl/Qrn
5fAis6kpKGARfd+ucex9nWFwuYs4menTHSf2Cdk3cvtT7grD9iPcP2n7ib3n6Qvt
CfqjgaxDn1PU52gqT+N0ym30qfGrcV0NHtSq6swFWiTkBFczD0VB5Js1rzNDgCAV
C+s=
-----END CERTIFICATE-----