Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/ghkXUdHFuSNqiviTyCJ27v3hvhY.roa
File:                     ghkXUdHFuSNqiviTyCJ27v3hvhY.roa (raw, json)
Hash identifier:          DL4dZnFRokRadt9hNd/GPJRlx06d0GtmFdESTd1Gzgw=
Subject key identifier:   82:19:17:51:D1:C5:B9:23:6A:8A:F8:93:C8:22:76:EE:FD:E1:BE:16
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       018CC3B68B39D20B1A3DAD6B8279677B6CFF
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/ghkXUdHFuSNqiviTyCJ27v3hvhY.roa
Signing time:             Mon 01 Jan 2024 06:29:29 +0000
ROA not before:           Mon 01 Jan 2024 06:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201389
IP address blocks:        95.85.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:8b:39:d2:0b:1a:3d:ad:6b:82:79:67:7b:6c:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: Jan  1 06:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82191751d1c5b9236a8af893c82276eefde1be16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:d9:d9:56:bc:e1:e3:f7:e4:0f:08:c5:93:33:
                    f2:c0:70:be:e5:fc:5b:f4:7b:78:52:0d:15:c5:48:
                    03:1f:c8:32:6d:07:87:62:f1:4d:ac:e4:9c:66:05:
                    0b:72:f7:5b:b4:59:9f:4d:05:a3:31:f5:bf:33:87:
                    bc:63:b2:49:6e:54:04:6b:ae:cc:c2:fc:a7:e1:56:
                    3c:9b:3a:b5:1f:d6:8d:65:22:a4:9c:47:b9:76:52:
                    7b:21:60:15:12:ef:ad:a2:7d:76:e8:73:3b:66:0e:
                    7b:56:7c:8f:fb:dd:a7:cb:85:31:5e:dc:f3:f5:b1:
                    f1:aa:5a:f4:5d:f2:8f:ab:23:b3:13:f7:b5:98:c6:
                    7e:fb:72:48:11:c8:5a:d2:f0:ab:00:08:18:1b:bc:
                    78:6a:ea:ef:43:5d:ef:e4:0b:8b:e9:bb:0a:35:aa:
                    ce:07:b4:ad:cd:80:ad:87:e3:a0:1e:1f:eb:f3:c9:
                    d9:04:d3:60:2d:77:3f:c8:53:fc:68:55:31:8a:fa:
                    f6:5d:55:c5:91:83:17:90:b9:38:17:83:d4:30:e5:
                    ad:87:a2:1c:9c:0e:de:ac:a9:61:ad:da:3c:db:51:
                    2c:8f:2c:44:5e:54:c5:20:fd:1a:cd:26:c6:f4:f3:
                    f2:85:35:08:2a:b6:0e:e2:5b:ac:b1:83:8f:f8:2c:
                    0f:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:19:17:51:D1:C5:B9:23:6A:8A:F8:93:C8:22:76:EE:FD:E1:BE:16
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/ghkXUdHFuSNqiviTyCJ27v3hvhY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.85.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:30:50:9f:94:51:73:a5:c4:59:84:86:d7:0f:9c:f9:07:99:
         b7:c6:01:43:de:08:dd:00:bd:15:5b:66:14:85:d9:9a:67:a8:
         eb:ef:2e:65:8f:9e:bc:6b:59:0a:de:07:d5:07:d4:6f:77:d7:
         a1:47:ce:81:f3:49:da:1a:a8:9b:93:d1:85:f6:88:40:e2:1f:
         04:3d:2d:7c:db:39:6e:5a:95:c6:42:27:07:a1:ee:78:0c:ee:
         20:48:8b:d9:57:35:07:ee:16:39:9a:f2:4a:be:98:20:ef:88:
         aa:1e:67:d9:95:e1:c3:80:63:e8:2e:11:27:45:83:b8:9c:3e:
         6a:b6:b9:bd:38:ba:a6:d2:7f:6d:a4:a2:bd:2d:22:06:37:66:
         98:6a:cb:dd:dc:98:ea:83:bb:bf:e7:5d:ed:65:4a:bd:5c:66:
         26:07:45:c1:43:4b:93:48:11:a5:0b:26:02:d7:fa:77:4b:91:
         c7:09:1c:05:56:da:b3:6f:58:0f:c4:9b:16:8d:d7:43:c4:53:
         5f:0b:85:da:99:98:73:78:36:eb:42:03:bf:30:69:47:eb:f6:
         15:ab:29:3b:1a:fe:af:b8:c6:2f:e5:ab:e2:f5:78:be:30:a5:
         6b:89:6d:da:9f:7c:36:19:ef:16:7e:e3:3d:4e:20:2e:5d:37:
         7d:9e:ca:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtos50gsaPa1rgnlne2z/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjQwMTAxMDYyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjE5MTc1MWQxYzViOTIzNmE4YWY4OTNjODIyNzZlZWZkZTFiZTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh9nZVrzh4/fkDwjFkzPywHC+5fxb
9Ht4Ug0VxUgDH8gybQeHYvFNrOScZgULcvdbtFmfTQWjMfW/M4e8Y7JJblQEa67M
wvyn4VY8mzq1H9aNZSKknEe5dlJ7IWAVEu+ton126HM7Zg57VnyP+92ny4UxXtzz
9bHxqlr0XfKPqyOzE/e1mMZ++3JIEcha0vCrAAgYG7x4aurvQ13v5AuL6bsKNarO
B7StzYCth+OgHh/r88nZBNNgLXc/yFP8aFUxivr2XVXFkYMXkLk4F4PUMOWth6Ic
nA7erKlhrdo821EsjyxEXlTFIP0azSbG9PPyhTUIKrYO4lussYOP+CwPdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIIZF1HRxbkjaor4k8gidu794b4WMB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvZ2hrWFVkSEZ1U05xaXZpVHlDSjI3djNodmhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX1VVMA0G
CSqGSIb3DQEBCwUAA4IBAQAGMFCflFFzpcRZhIbXD5z5B5m3xgFD3gjdAL0VW2YU
hdmaZ6jr7y5lj568a1kK3gfVB9Rvd9ehR86B80naGqibk9GF9ohA4h8EPS182zlu
WpXGQicHoe54DO4gSIvZVzUH7hY5mvJKvpgg74iqHmfZleHDgGPoLhEnRYO4nD5q
trm9OLqm0n9tpKK9LSIGN2aYasvd3Jjqg7u/513tZUq9XGYmB0XBQ0uTSBGlCyYC
1/p3S5HHCRwFVtqzb1gPxJsWjddDxFNfC4XamZhzeDbrQgO/MGlH6/YVqyk7Gv6v
uMYv5avi9Xi+MKVriW3an3w2Ge8WfuM9TiAuXTd9nspB
-----END CERTIFICATE-----