Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/a15f96-ec18-4644-89b3-acc22bb4dced/1/qRvi2tndNuj0sdoW3bUOccSFSXA.roa
File:                     qRvi2tndNuj0sdoW3bUOccSFSXA.roa (raw, json)
Hash identifier:          RJJu/Sw2JhaKLsOJZRvGg49dw/b9iib6v3c5z/1tk2Y=
Subject key identifier:   A9:1B:E2:DA:D9:DD:36:E8:F4:B1:DA:16:DD:B5:0E:71:C4:85:49:70
Certificate issuer:       /CN=272ed090acf7c829a22bbfbe2b0e998cd20ad826
Certificate serial:       018CC8DE68732EE7472248478EBA7729FBC1
Authority key identifier: 27:2E:D0:90:AC:F7:C8:29:A2:2B:BF:BE:2B:0E:99:8C:D2:0A:D8:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jy7QkKz3yCmiK7--Kw6ZjNIK2CY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/a15f96-ec18-4644-89b3-acc22bb4dced/1/qRvi2tndNuj0sdoW3bUOccSFSXA.roa
Signing time:             Tue 02 Jan 2024 06:31:08 +0000
ROA not before:           Tue 02 Jan 2024 06:31:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48147
IP address blocks:        95.81.82.0/23 maxlen: 24
                          95.81.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/a15f96-ec18-4644-89b3-acc22bb4dced/1/Jy7QkKz3yCmiK7--Kw6ZjNIK2CY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/a15f96-ec18-4644-89b3-acc22bb4dced/1/Jy7QkKz3yCmiK7--Kw6ZjNIK2CY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jy7QkKz3yCmiK7--Kw6ZjNIK2CY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 14:36:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:68:73:2e:e7:47:22:48:47:8e:ba:77:29:fb:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=272ed090acf7c829a22bbfbe2b0e998cd20ad826
        Validity
            Not Before: Jan  2 06:31:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a91be2dad9dd36e8f4b1da16ddb50e71c4854970
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:83:db:c1:71:c1:ef:4a:73:63:7c:0a:3b:be:
                    8b:0a:e1:37:24:4b:a2:2b:d4:97:6e:6e:8f:4f:52:
                    d8:1a:5f:e9:b3:22:fc:24:19:06:1d:bc:7d:9a:ef:
                    2b:18:00:e3:9a:5c:75:78:ce:9b:46:2b:3f:cc:69:
                    8b:fb:c7:d7:94:65:0c:0b:02:eb:0f:e4:be:63:a9:
                    79:20:47:d8:fe:37:45:a1:de:24:15:d0:0a:31:71:
                    23:2b:2f:5d:0c:7f:6a:27:0a:55:93:e8:3b:47:7c:
                    05:ad:7f:dd:5e:4b:a7:38:b5:70:b4:50:77:ff:e7:
                    14:4b:33:ed:00:0d:b0:e2:89:7e:5e:52:a5:8a:ea:
                    7e:fe:e7:4d:e6:ee:ce:2b:f9:47:81:b1:00:da:59:
                    9a:f8:c7:a8:76:9e:7a:b1:49:66:3a:99:44:28:f3:
                    7d:47:9d:09:18:f7:78:1e:92:ea:a5:74:f4:9a:59:
                    ef:e2:e4:99:fd:e4:21:65:0a:ec:e3:65:e3:43:e2:
                    51:4a:21:9d:11:ff:e2:e2:3f:c2:2e:7b:f8:8d:1d:
                    53:d0:2d:ae:11:9f:23:cf:4a:f6:d2:68:84:04:42:
                    d1:a3:ee:c7:85:ae:37:1f:b4:e4:be:00:ac:d3:1e:
                    17:c1:78:02:6c:50:fb:09:49:5d:34:0f:da:d7:d8:
                    7b:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:1B:E2:DA:D9:DD:36:E8:F4:B1:DA:16:DD:B5:0E:71:C4:85:49:70
            X509v3 Authority Key Identifier:
                keyid:27:2E:D0:90:AC:F7:C8:29:A2:2B:BF:BE:2B:0E:99:8C:D2:0A:D8:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jy7QkKz3yCmiK7--Kw6ZjNIK2CY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/a15f96-ec18-4644-89b3-acc22bb4dced/1/qRvi2tndNuj0sdoW3bUOccSFSXA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/a15f96-ec18-4644-89b3-acc22bb4dced/1/Jy7QkKz3yCmiK7--Kw6ZjNIK2CY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.81.82.0/23
                  95.81.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:04:e0:d0:d8:6c:31:ca:f5:e1:11:0e:1e:f5:3e:e3:0f:f2:
         11:92:9f:06:9f:2c:3b:70:94:58:72:ff:1d:d3:bb:74:6f:d2:
         c2:8b:3b:55:8e:01:66:2b:dd:8d:4e:ac:06:ab:b9:27:e9:40:
         e0:25:0c:a4:5e:83:a3:a3:98:3c:28:5a:c5:48:44:7e:c5:28:
         d8:dd:ff:b0:bd:c6:26:65:e9:bd:84:da:1e:3c:2a:68:9b:44:
         ee:1a:9b:dd:e3:09:54:39:fb:4b:bb:cb:3b:30:af:4c:89:f8:
         9d:4a:f7:ca:22:65:ad:0a:06:cd:29:03:82:1c:fd:3e:7f:19:
         3f:96:96:5d:15:91:16:bf:4a:0b:98:74:69:41:13:72:89:93:
         cb:47:b7:50:ed:fc:ed:d1:18:69:ba:95:12:2a:6f:ed:df:84:
         2f:e9:db:3b:12:9f:bc:91:82:20:59:6a:18:43:4f:3d:54:84:
         2a:18:8d:37:3a:d7:df:ea:99:c0:99:1c:31:4b:85:28:28:65:
         fc:02:f5:f2:5b:af:99:ac:85:17:77:c0:bb:b8:4d:bd:a9:5b:
         81:38:bb:bd:c9:48:2a:69:0b:83:45:c4:29:be:96:4c:a2:4d:
         cc:77:94:e0:d0:26:4d:27:74:26:25:52:be:70:e5:34:6a:77:
         4b:75:bd:58
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3mhzLudHIkhHjrp3KfvBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3MmVkMDkwYWNmN2M4MjlhMjJiYmZiZTJiMGU5OThjZDIw
YWQ4MjYwHhcNMjQwMTAyMDYzMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTFiZTJkYWQ5ZGQzNmU4ZjRiMWRhMTZkZGI1MGU3MWM0ODU0OTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYPbwXHB70pzY3wKO76LCuE3JEui
K9SXbm6PT1LYGl/psyL8JBkGHbx9mu8rGADjmlx1eM6bRis/zGmL+8fXlGUMCwLr
D+S+Y6l5IEfY/jdFod4kFdAKMXEjKy9dDH9qJwpVk+g7R3wFrX/dXkunOLVwtFB3
/+cUSzPtAA2w4ol+XlKliup+/udN5u7OK/lHgbEA2lma+Meodp56sUlmOplEKPN9
R50JGPd4HpLqpXT0mlnv4uSZ/eQhZQrs42XjQ+JRSiGdEf/i4j/CLnv4jR1T0C2u
EZ8jz0r20miEBELRo+7Hha43H7TkvgCs0x4XwXgCbFD7CUldNA/a19h7TQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKkb4trZ3Tbo9LHaFt21DnHEhUlwMB8GA1UdIwQY
MBaAFCcu0JCs98gpoiu/visOmYzSCtgmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnk3UWtLejN5Q21pSzctLUt3NlpqTklLMkNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My9hMTVmOTYtZWMxOC00NjQ0LTg5YjMt
YWNjMjJiYjRkY2VkLzEvcVJ2aTJ0bmROdWowc2RvVzNiVU9jY1NGU1hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My9hMTVmOTYtZWMxOC00NjQ0LTg5YjMtYWNjMjJiYjRkY2Vk
LzEvSnk3UWtLejN5Q21pSzctLUt3NlpqTklLMkNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBX1FSAwQA
X1FeMA0GCSqGSIb3DQEBCwUAA4IBAQAqBODQ2GwxyvXhEQ4e9T7jD/IRkp8Gnyw7
cJRYcv8d07t0b9LCiztVjgFmK92NTqwGq7kn6UDgJQykXoOjo5g8KFrFSER+xSjY
3f+wvcYmZem9hNoePCpom0TuGpvd4wlUOftLu8s7MK9MifidSvfKImWtCgbNKQOC
HP0+fxk/lpZdFZEWv0oLmHRpQRNyiZPLR7dQ7fzt0RhpupUSKm/t34Qv6ds7Ep+8
kYIgWWoYQ089VIQqGI03Otff6pnAmRwxS4UoKGX8AvXyW6+ZrIUXd8C7uE29qVuB
OLu9yUgqaQuDRcQpvpZMok3Md5Tg0CZNJ3QmJVK+cOU0andLdb1Y
-----END CERTIFICATE-----