Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/05126d-4ab7-4f99-a012-2b788312151d/1/J0_hF2fSBiJ2V4NdI9p9ggToGbo.roa
File:                     J0_hF2fSBiJ2V4NdI9p9ggToGbo.roa (raw, json)
Hash identifier:          lSPil0tKXh6t2FTQ6q4lnIHRiaWn3KGT5uhqqSZivwE=
Subject key identifier:   27:4F:E1:17:67:D2:06:22:76:57:83:5D:23:DA:7D:82:04:E8:19:BA
Certificate issuer:       /CN=b16ad449c7ae4bd22c6aee5fbdc0823042fff8fc
Certificate serial:       018CC3B73D9D3FB7AB3E223DA502B8291378
Authority key identifier: B1:6A:D4:49:C7:AE:4B:D2:2C:6A:EE:5F:BD:C0:82:30:42:FF:F8:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sWrUSceuS9Isau5fvcCCMEL_-Pw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/05126d-4ab7-4f99-a012-2b788312151d/1/J0_hF2fSBiJ2V4NdI9p9ggToGbo.roa
Signing time:             Mon 01 Jan 2024 06:30:15 +0000
ROA not before:           Mon 01 Jan 2024 06:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49046
IP address blocks:        95.130.40.0/21 maxlen: 21
                          95.130.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/05126d-4ab7-4f99-a012-2b788312151d/1/sWrUSceuS9Isau5fvcCCMEL_-Pw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/05126d-4ab7-4f99-a012-2b788312151d/1/sWrUSceuS9Isau5fvcCCMEL_-Pw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sWrUSceuS9Isau5fvcCCMEL_-Pw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:3d:9d:3f:b7:ab:3e:22:3d:a5:02:b8:29:13:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b16ad449c7ae4bd22c6aee5fbdc0823042fff8fc
        Validity
            Not Before: Jan  1 06:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=274fe11767d206227657835d23da7d8204e819ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:aa:9e:68:b1:b3:23:b1:84:97:19:b5:86:4b:
                    0b:8e:aa:0c:e5:cf:94:8b:e8:2c:f6:57:d9:25:2e:
                    88:d4:8a:41:b7:be:1b:09:89:e0:42:5e:cd:41:54:
                    5c:d0:13:cb:73:c1:c7:fb:d4:01:13:1e:22:c9:b8:
                    70:6d:bd:68:da:6c:3b:c1:58:78:ea:77:58:ac:e0:
                    71:0e:e8:5f:4b:d5:76:ab:2a:81:d6:77:d8:e9:2d:
                    7f:9f:ec:e0:bc:39:38:48:cb:2c:03:80:aa:9c:61:
                    45:21:32:5b:90:26:70:a1:a7:91:01:a2:1c:c8:39:
                    a4:65:d2:8e:81:9b:cd:41:51:ea:1e:92:e4:19:76:
                    c7:b0:84:20:02:d5:25:18:73:77:1f:cb:bd:83:08:
                    a6:19:65:3e:56:3d:ff:20:97:36:07:67:51:aa:6c:
                    ab:93:3d:49:1f:62:49:4d:fd:38:be:2c:a0:d5:65:
                    0c:47:69:f8:a4:48:8b:1b:2d:6d:1a:a6:c9:2b:46:
                    86:3e:5a:06:88:df:49:36:e8:2d:55:a0:53:2f:0f:
                    66:dd:1b:72:9f:8c:88:c8:53:b8:fc:8b:60:47:74:
                    ac:7f:68:55:44:9d:03:3e:d5:22:99:ec:23:7f:9e:
                    bc:a7:82:ed:3c:00:48:0b:2f:f8:5b:a9:f9:00:db:
                    b0:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:4F:E1:17:67:D2:06:22:76:57:83:5D:23:DA:7D:82:04:E8:19:BA
            X509v3 Authority Key Identifier:
                keyid:B1:6A:D4:49:C7:AE:4B:D2:2C:6A:EE:5F:BD:C0:82:30:42:FF:F8:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sWrUSceuS9Isau5fvcCCMEL_-Pw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/05126d-4ab7-4f99-a012-2b788312151d/1/J0_hF2fSBiJ2V4NdI9p9ggToGbo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/05126d-4ab7-4f99-a012-2b788312151d/1/sWrUSceuS9Isau5fvcCCMEL_-Pw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.130.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         23:2e:83:96:cb:e8:75:74:d7:5d:4e:7c:60:de:99:ec:aa:2c:
         0e:f3:09:b0:b5:e8:e0:3e:3b:f4:06:b3:47:9f:f1:7a:aa:7f:
         99:5d:ae:b7:6e:62:16:43:fa:71:58:67:26:2e:b4:e3:0d:11:
         3b:2f:d7:6e:0e:b4:ec:3b:e0:4b:ed:2d:aa:9a:96:15:1c:f1:
         2f:94:89:a1:70:8a:a6:02:04:de:3c:b4:2d:bb:f0:4a:dd:b2:
         d8:54:f7:ec:11:cb:15:12:41:e7:2e:30:64:84:05:c6:20:c7:
         49:13:8d:cd:71:78:ac:79:61:bc:45:3d:93:d7:ba:b2:ba:3b:
         9b:26:1f:9d:cb:1d:33:36:9f:d5:c8:16:4b:84:b3:24:82:e5:
         ef:6a:4b:ff:97:2c:e7:19:3c:be:dc:30:1d:f0:03:20:fb:11:
         a1:a0:13:b7:02:9d:b4:0a:4d:a5:d1:d2:4b:57:91:6c:a5:a6:
         55:22:f2:fa:18:6a:50:bb:d4:c8:df:d9:9e:f6:cc:c0:01:f8:
         88:74:a7:d2:67:46:b3:cc:58:a8:2f:41:fc:1c:7b:1f:7a:b5:
         eb:a1:c1:ef:46:90:d7:91:63:1f:0a:c2:95:6d:da:c9:a0:ad:
         45:56:3e:bb:e1:9d:bb:ea:29:0a:b4:30:6f:90:9b:d9:f1:63:
         37:3e:94:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtz2dP7erPiI9pQK4KRN4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNmFkNDQ5YzdhZTRiZDIyYzZhZWU1ZmJkYzA4MjMwNDJm
ZmY4ZmMwHhcNMjQwMTAxMDYzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzRmZTExNzY3ZDIwNjIyNzY1NzgzNWQyM2RhN2Q4MjA0ZTgxOWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkaqeaLGzI7GElxm1hksLjqoM5c+U
i+gs9lfZJS6I1IpBt74bCYngQl7NQVRc0BPLc8HH+9QBEx4iybhwbb1o2mw7wVh4
6ndYrOBxDuhfS9V2qyqB1nfY6S1/n+zgvDk4SMssA4CqnGFFITJbkCZwoaeRAaIc
yDmkZdKOgZvNQVHqHpLkGXbHsIQgAtUlGHN3H8u9gwimGWU+Vj3/IJc2B2dRqmyr
kz1JH2JJTf04viyg1WUMR2n4pEiLGy1tGqbJK0aGPloGiN9JNugtVaBTLw9m3Rty
n4yIyFO4/ItgR3Ssf2hVRJ0DPtUimewjf568p4LtPABICy/4W6n5ANuwZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCdP4Rdn0gYidleDXSPafYIE6Bm6MB8GA1UdIwQY
MBaAFLFq1EnHrkvSLGruX73AgjBC//j8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1dyVVNjZXVTOUlzYXU1ZnZjQ0NNRUxfLVB3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8wNTEyNmQtNGFiNy00Zjk5LWEwMTIt
MmI3ODgzMTIxNTFkLzEvSjBfaEYyZlNCaUoyVjROZEk5cDlnZ1RvR2JvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8wNTEyNmQtNGFiNy00Zjk5LWEwMTItMmI3ODgzMTIxNTFk
LzEvc1dyVVNjZXVTOUlzYXU1ZnZjQ0NNRUxfLVB3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDX4IoMA0G
CSqGSIb3DQEBCwUAA4IBAQAjLoOWy+h1dNddTnxg3pnsqiwO8wmwtejgPjv0BrNH
n/F6qn+ZXa63bmIWQ/pxWGcmLrTjDRE7L9duDrTsO+BL7S2qmpYVHPEvlImhcIqm
AgTePLQtu/BK3bLYVPfsEcsVEkHnLjBkhAXGIMdJE43NcXiseWG8RT2T17qyujub
Jh+dyx0zNp/VyBZLhLMkguXvakv/lyznGTy+3DAd8AMg+xGhoBO3Ap20Ck2l0dJL
V5FspaZVIvL6GGpQu9TI39me9szAAfiIdKfSZ0azzFioL0H8HHsferXrocHvRpDX
kWMfCsKVbdrJoK1FVj674Z276ikKtDBvkJvZ8WM3PpQ6
-----END CERTIFICATE-----