Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/a15f96-ec18-4644-89b3-acc22bb4dced/1/IPs7VT4Pwxwtx2NuyC4F7reGECg.roa
File:                     IPs7VT4Pwxwtx2NuyC4F7reGECg.roa (raw, json)
Hash identifier:          XNDS88cbCg/rwYgYHbmZxdcA8Bx2lfjS+1K5TUmrIzE=
Subject key identifier:   20:FB:3B:55:3E:0F:C3:1C:2D:C7:63:6E:C8:2E:05:EE:B7:86:10:28
Certificate issuer:       /CN=272ed090acf7c829a22bbfbe2b0e998cd20ad826
Certificate serial:       018CC8DE69B30755CAE808BD597134037068
Authority key identifier: 27:2E:D0:90:AC:F7:C8:29:A2:2B:BF:BE:2B:0E:99:8C:D2:0A:D8:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jy7QkKz3yCmiK7--Kw6ZjNIK2CY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/a15f96-ec18-4644-89b3-acc22bb4dced/1/IPs7VT4Pwxwtx2NuyC4F7reGECg.roa
Signing time:             Tue 02 Jan 2024 06:31:08 +0000
ROA not before:           Tue 02 Jan 2024 06:31:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64413
IP address blocks:        95.81.84.0/22 maxlen: 24
                          95.81.92.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/a15f96-ec18-4644-89b3-acc22bb4dced/1/Jy7QkKz3yCmiK7--Kw6ZjNIK2CY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/a15f96-ec18-4644-89b3-acc22bb4dced/1/Jy7QkKz3yCmiK7--Kw6ZjNIK2CY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jy7QkKz3yCmiK7--Kw6ZjNIK2CY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:69:b3:07:55:ca:e8:08:bd:59:71:34:03:70:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=272ed090acf7c829a22bbfbe2b0e998cd20ad826
        Validity
            Not Before: Jan  2 06:31:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20fb3b553e0fc31c2dc7636ec82e05eeb7861028
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:b5:32:77:6c:5c:04:16:08:7a:f4:4c:d6:74:
                    e0:92:71:0d:b6:e1:f6:8c:2f:1b:2b:44:b5:9c:57:
                    07:28:b8:93:76:50:b4:19:c3:35:e1:1d:ba:af:77:
                    cd:b1:fc:81:91:b1:ac:e4:9a:4d:49:f7:1a:34:df:
                    fe:46:c5:5e:e8:89:e4:73:1a:21:e9:7c:24:de:e6:
                    5f:48:06:57:2c:1d:5b:2f:1f:f0:72:80:3b:d9:10:
                    c2:92:ca:ca:8b:04:0f:a4:ab:3e:b0:67:7d:a5:f3:
                    8a:da:ae:97:97:ae:96:8d:00:3a:8e:dd:2a:44:53:
                    3a:e6:e2:02:30:db:19:f8:0a:a4:f1:1d:fa:8e:7d:
                    bd:1e:4b:70:b8:c6:e3:ac:e0:69:10:26:d5:31:71:
                    df:b8:7b:7f:5b:f6:e5:4f:f8:3e:f0:43:4a:15:13:
                    af:8b:3d:ba:40:80:c4:05:9f:43:45:3b:de:af:51:
                    bf:e1:24:94:e8:5d:37:32:bd:c0:1b:7d:88:7c:bb:
                    2a:76:76:ec:2d:4f:19:2a:b4:6e:1d:cd:a5:d5:d1:
                    97:7f:03:2b:04:ad:7b:59:b7:64:6d:d8:af:b4:6a:
                    5f:fd:83:69:2a:d2:ab:47:b2:e4:1d:ae:e8:ed:7f:
                    34:55:d9:92:30:b4:d7:b6:61:99:20:31:7f:fa:19:
                    47:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:FB:3B:55:3E:0F:C3:1C:2D:C7:63:6E:C8:2E:05:EE:B7:86:10:28
            X509v3 Authority Key Identifier:
                keyid:27:2E:D0:90:AC:F7:C8:29:A2:2B:BF:BE:2B:0E:99:8C:D2:0A:D8:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jy7QkKz3yCmiK7--Kw6ZjNIK2CY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/a15f96-ec18-4644-89b3-acc22bb4dced/1/IPs7VT4Pwxwtx2NuyC4F7reGECg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/a15f96-ec18-4644-89b3-acc22bb4dced/1/Jy7QkKz3yCmiK7--Kw6ZjNIK2CY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.81.84.0/22
                  95.81.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:4f:0d:25:7a:99:1f:e3:4a:8e:b8:ef:96:ae:f9:72:af:6b:
         53:70:33:6c:47:af:01:10:eb:0d:b2:f1:41:6c:6d:40:41:97:
         6b:ef:3b:d8:35:db:20:df:6c:25:6e:79:51:43:8a:db:3c:29:
         2d:97:76:4b:f3:e8:25:e1:1a:2f:c1:d9:6b:b8:3f:43:e9:98:
         7d:bc:8b:80:50:3d:2c:6d:af:78:d3:de:d6:08:ee:0c:eb:54:
         e7:64:15:31:14:ea:ff:a3:be:26:84:da:a4:62:59:29:9c:df:
         a2:cd:f6:40:29:d6:f1:e9:a4:d2:ef:7e:d0:6e:b5:6d:e1:ab:
         b7:81:c3:3c:7d:b1:7e:c3:68:19:49:88:7f:75:2d:e7:5c:75:
         e3:d7:21:1f:10:50:20:82:41:8e:5f:fd:9b:a9:0d:56:e9:70:
         0a:71:3c:c9:9d:ab:fd:96:9a:90:dc:5b:11:ba:bc:3f:68:77:
         72:fe:b0:d9:73:47:f2:95:a9:d8:e0:2b:e7:45:d9:46:ff:1e:
         8e:26:98:3d:01:a4:2a:1d:41:9a:b6:c1:de:22:b3:59:78:c0:
         02:0b:cd:9b:25:00:e2:56:9a:6a:e1:7c:dd:80:2f:ca:35:85:
         e5:c7:c3:e8:fb:58:97:a9:37:cc:ab:2b:91:8f:be:cb:73:a1:
         0d:30:a1:b6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3mmzB1XK6Ai9WXE0A3BoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3MmVkMDkwYWNmN2M4MjlhMjJiYmZiZTJiMGU5OThjZDIw
YWQ4MjYwHhcNMjQwMTAyMDYzMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGZiM2I1NTNlMGZjMzFjMmRjNzYzNmVjODJlMDVlZWI3ODYxMDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7Uyd2xcBBYIevRM1nTgknENtuH2
jC8bK0S1nFcHKLiTdlC0GcM14R26r3fNsfyBkbGs5JpNSfcaNN/+RsVe6Inkcxoh
6Xwk3uZfSAZXLB1bLx/wcoA72RDCksrKiwQPpKs+sGd9pfOK2q6Xl66WjQA6jt0q
RFM65uICMNsZ+Aqk8R36jn29HktwuMbjrOBpECbVMXHfuHt/W/blT/g+8ENKFROv
iz26QIDEBZ9DRTver1G/4SSU6F03Mr3AG32IfLsqdnbsLU8ZKrRuHc2l1dGXfwMr
BK17WbdkbdivtGpf/YNpKtKrR7LkHa7o7X80VdmSMLTXtmGZIDF/+hlHSwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCD7O1U+D8McLcdjbsguBe63hhAoMB8GA1UdIwQY
MBaAFCcu0JCs98gpoiu/visOmYzSCtgmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnk3UWtLejN5Q21pSzctLUt3NlpqTklLMkNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My9hMTVmOTYtZWMxOC00NjQ0LTg5YjMt
YWNjMjJiYjRkY2VkLzEvSVBzN1ZUNFB3eHd0eDJOdXlDNEY3cmVHRUNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My9hMTVmOTYtZWMxOC00NjQ0LTg5YjMtYWNjMjJiYjRkY2Vk
LzEvSnk3UWtLejN5Q21pSzctLUt3NlpqTklLMkNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCX1FUAwQC
X1FcMA0GCSqGSIb3DQEBCwUAA4IBAQAJTw0lepkf40qOuO+Wrvlyr2tTcDNsR68B
EOsNsvFBbG1AQZdr7zvYNdsg32wlbnlRQ4rbPCktl3ZL8+gl4RovwdlruD9D6Zh9
vIuAUD0sba94097WCO4M61TnZBUxFOr/o74mhNqkYlkpnN+izfZAKdbx6aTS737Q
brVt4au3gcM8fbF+w2gZSYh/dS3nXHXj1yEfEFAggkGOX/2bqQ1W6XAKcTzJnav9
lpqQ3FsRurw/aHdy/rDZc0fylanY4CvnRdlG/x6OJpg9AaQqHUGatsHeIrNZeMAC
C82bJQDiVppq4XzdgC/KNYXlx8Po+1iXqTfMqyuRj77Lc6ENMKG2
-----END CERTIFICATE-----