Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/Q0LKl_MEJXz0U6Pq78jk75iq0SY.roa
File:                     Q0LKl_MEJXz0U6Pq78jk75iq0SY.roa (raw, json)
Hash identifier:          dRV9YdycyWEv26thF+aXmLZsBG1hwPj+7LMe+MUQkBs=
Subject key identifier:   43:42:CA:97:F3:04:25:7C:F4:53:A3:EA:EF:C8:E4:EF:98:AA:D1:26
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       018CC794153D10538861DEA4D3C758C3C247
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/Q0LKl_MEJXz0U6Pq78jk75iq0SY.roa
Signing time:             Tue 02 Jan 2024 00:30:19 +0000
ROA not before:           Tue 02 Jan 2024 00:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12389
IP address blocks:        95.182.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:15:3d:10:53:88:61:de:a4:d3:c7:58:c3:c2:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 00:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4342ca97f304257cf453a3eaefc8e4ef98aad126
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:46:0d:a4:82:71:59:84:47:c7:15:7a:bd:95:
                    b7:93:b7:a1:be:f6:81:2f:b4:12:10:97:84:fc:90:
                    5a:a4:45:b9:65:82:00:bb:1a:5a:07:1b:0f:fd:98:
                    63:4e:b9:8b:7c:f2:45:47:43:09:fd:f0:7c:b9:e4:
                    23:1a:f9:7b:79:c3:9e:ea:4e:77:91:bc:3a:a1:c8:
                    41:06:66:17:60:67:32:5f:36:d4:8d:80:67:90:f3:
                    4f:6c:c1:38:fe:d8:47:a7:43:8e:e1:2c:3f:61:bd:
                    cd:f1:e5:35:76:da:a2:84:a4:41:d6:e1:a3:b1:4d:
                    68:64:d1:55:2a:5b:91:d0:89:a0:4d:02:af:e6:4c:
                    ef:f5:8b:2e:cd:4a:c6:a1:bb:a6:55:34:b3:dd:47:
                    51:2e:66:55:98:5d:67:89:c3:76:cc:25:69:5c:d0:
                    58:27:f6:cf:74:51:69:b5:48:e8:a0:84:01:00:b4:
                    83:03:00:ab:ab:8f:4d:c3:d9:22:8b:61:b6:15:69:
                    c1:78:f2:76:d6:cc:97:d2:d6:40:a2:f5:db:4d:c4:
                    ee:2c:0f:71:8a:1c:cb:14:25:38:d3:7e:39:2d:33:
                    43:85:6e:e4:1c:ac:6d:e8:a0:53:b4:44:3a:56:b6:
                    d9:c2:10:69:df:0d:14:23:11:89:bb:e3:e0:d5:57:
                    76:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:42:CA:97:F3:04:25:7C:F4:53:A3:EA:EF:C8:E4:EF:98:AA:D1:26
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/Q0LKl_MEJXz0U6Pq78jk75iq0SY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.182.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:24:e8:70:f5:34:c7:49:58:6d:05:19:0b:f4:32:e3:10:c6:
         f9:75:b6:49:03:20:46:a7:42:7e:40:9f:52:19:0f:d9:9e:c9:
         36:d7:16:2f:63:06:4a:59:26:7a:d4:95:c8:cb:e8:0b:d4:77:
         6f:e3:90:e8:02:88:35:e4:5f:0a:5b:f2:1e:20:93:e5:2b:e8:
         49:e6:6f:73:d6:d5:1b:81:c0:24:37:11:e7:a2:dd:f7:c2:ea:
         6b:b3:a0:e1:b0:13:80:39:f8:a9:90:c5:fb:23:f8:96:bb:65:
         fa:3e:bf:64:05:3d:b8:55:4c:3d:7f:5d:92:b3:f8:07:9f:77:
         4e:50:be:61:58:61:ae:fa:7d:3f:7a:de:0e:51:ab:a3:d3:95:
         0d:16:9a:b5:bb:0f:e0:cb:13:56:c7:89:22:49:c2:e1:47:25:
         10:65:52:fe:5f:b6:c8:33:10:47:2c:aa:44:2e:65:b1:ea:67:
         1d:04:2f:c5:d6:f5:92:5f:7b:b7:b9:d4:da:56:c5:51:0e:b5:
         e7:06:e5:e5:ae:47:6d:90:6c:e6:f4:42:7e:98:e4:f8:82:fd:
         a9:26:48:99:c0:29:14:74:49:2b:75:53:6a:a8:2e:5d:6d:89:
         01:ca:fa:32:b5:f5:e3:48:43:ee:f7:d5:a7:00:89:97:33:84:
         02:6a:c9:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlBU9EFOIYd6k08dYw8JHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQwMTAyMDAzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzQyY2E5N2YzMDQyNTdjZjQ1M2EzZWFlZmM4ZTRlZjk4YWFkMTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh0YNpIJxWYRHxxV6vZW3k7ehvvaB
L7QSEJeE/JBapEW5ZYIAuxpaBxsP/ZhjTrmLfPJFR0MJ/fB8ueQjGvl7ecOe6k53
kbw6ochBBmYXYGcyXzbUjYBnkPNPbME4/thHp0OO4Sw/Yb3N8eU1dtqihKRB1uGj
sU1oZNFVKluR0ImgTQKv5kzv9YsuzUrGobumVTSz3UdRLmZVmF1nicN2zCVpXNBY
J/bPdFFptUjooIQBALSDAwCrq49Nw9kii2G2FWnBePJ21syX0tZAovXbTcTuLA9x
ihzLFCU40345LTNDhW7kHKxt6KBTtEQ6VrbZwhBp3w0UIxGJu+Pg1Vd29wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFENCypfzBCV89FOj6u/I5O+YqtEmMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvUTBMS2xfTUVKWHowVTZQcTc4ams3NWlxMFNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX7ZvMA0G
CSqGSIb3DQEBCwUAA4IBAQA9JOhw9TTHSVhtBRkL9DLjEMb5dbZJAyBGp0J+QJ9S
GQ/Znsk21xYvYwZKWSZ61JXIy+gL1Hdv45DoAog15F8KW/IeIJPlK+hJ5m9z1tUb
gcAkNxHnot33wuprs6DhsBOAOfipkMX7I/iWu2X6Pr9kBT24VUw9f12Ss/gHn3dO
UL5hWGGu+n0/et4OUauj05UNFpq1uw/gyxNWx4kiScLhRyUQZVL+X7bIMxBHLKpE
LmWx6mcdBC/F1vWSX3u3udTaVsVRDrXnBuXlrkdtkGzm9EJ+mOT4gv2pJkiZwCkU
dEkrdVNqqC5dbYkByvoytfXjSEPu99WnAImXM4QCaslC
-----END CERTIFICATE-----