Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/b66d75-a0bb-4960-beea-0117841d255b/1/RIy2Nn2HFcyAuE_g7rQNdJZw40M.roa
File:                     RIy2Nn2HFcyAuE_g7rQNdJZw40M.roa (raw, json)
Hash identifier:          oeN0A1XWuR7Gpt7alqi7tig5sqBtOwwIQkghnbBs478=
Subject key identifier:   44:8C:B6:36:7D:87:15:CC:80:B8:4F:E0:EE:B4:0D:74:96:70:E3:43
Certificate issuer:       /CN=078b3739f78d96844a4ef68626dc87ac2eefa50f
Certificate serial:       018CCA9990BCCA6D994C01320A4CAE9548FA
Authority key identifier: 07:8B:37:39:F7:8D:96:84:4A:4E:F6:86:26:DC:87:AC:2E:EF:A5:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B4s3OfeNloRKTvaGJtyHrC7vpQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/b66d75-a0bb-4960-beea-0117841d255b/1/RIy2Nn2HFcyAuE_g7rQNdJZw40M.roa
Signing time:             Tue 02 Jan 2024 14:35:10 +0000
ROA not before:           Tue 02 Jan 2024 14:35:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59488
IP address blocks:        95.215.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/b66d75-a0bb-4960-beea-0117841d255b/1/B4s3OfeNloRKTvaGJtyHrC7vpQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/b66d75-a0bb-4960-beea-0117841d255b/1/B4s3OfeNloRKTvaGJtyHrC7vpQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B4s3OfeNloRKTvaGJtyHrC7vpQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:90:bc:ca:6d:99:4c:01:32:0a:4c:ae:95:48:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=078b3739f78d96844a4ef68626dc87ac2eefa50f
        Validity
            Not Before: Jan  2 14:35:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=448cb6367d8715cc80b84fe0eeb40d749670e343
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:b6:cb:fc:32:1f:f1:b2:14:e2:27:5a:fb:8c:
                    87:09:9e:54:66:05:c6:ab:cb:af:3e:8a:d0:12:07:
                    b7:6a:86:a2:5c:ac:78:a2:f2:75:cd:de:41:c2:cc:
                    43:ad:2f:9d:4d:d5:af:54:a6:ae:fb:02:b4:e9:a9:
                    db:19:ed:43:d7:c8:c9:66:b0:81:50:57:a4:34:32:
                    66:62:24:29:ac:90:7d:a7:04:81:43:3a:66:b4:78:
                    6b:c5:68:49:da:3e:2c:6d:03:20:5c:01:4e:63:d8:
                    9a:8c:1c:2e:ee:f4:97:15:82:fe:42:f9:d0:78:fb:
                    00:3f:d8:98:3c:78:ed:90:f4:ef:af:92:08:77:27:
                    f0:18:72:17:a1:ad:5c:19:18:d7:a3:ce:57:75:cb:
                    b7:22:f5:cf:c1:5c:27:e0:c9:52:22:3b:3c:f9:27:
                    c5:8c:64:e5:65:2d:92:ab:78:93:52:cc:1d:56:81:
                    40:95:56:2e:c2:5a:80:bf:1b:3b:db:93:c1:5f:3a:
                    c9:8c:65:ab:93:ba:ba:d4:a3:1e:f8:04:1b:ef:d6:
                    45:d0:e3:08:bc:60:41:8d:70:4f:e1:54:f9:98:17:
                    b2:fe:cc:18:06:ee:5d:39:54:c6:a9:6c:51:01:5c:
                    69:03:cb:43:73:03:a9:ff:01:57:67:ee:93:af:95:
                    3c:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:8C:B6:36:7D:87:15:CC:80:B8:4F:E0:EE:B4:0D:74:96:70:E3:43
            X509v3 Authority Key Identifier:
                keyid:07:8B:37:39:F7:8D:96:84:4A:4E:F6:86:26:DC:87:AC:2E:EF:A5:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B4s3OfeNloRKTvaGJtyHrC7vpQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/b66d75-a0bb-4960-beea-0117841d255b/1/RIy2Nn2HFcyAuE_g7rQNdJZw40M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/b66d75-a0bb-4960-beea-0117841d255b/1/B4s3OfeNloRKTvaGJtyHrC7vpQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.215.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:73:6a:a3:0c:70:1d:ec:52:15:7b:91:07:3f:4d:a2:e3:8d:
         8d:59:5c:77:07:1c:4e:2f:cc:f2:98:f5:97:64:d9:37:8a:6b:
         a2:75:32:e4:bd:2d:58:66:d1:97:bd:06:43:48:9c:ac:b4:9a:
         39:91:1b:bf:10:56:b5:de:b6:ab:df:c0:d5:e6:f5:8b:01:91:
         7f:8d:ca:e7:93:d6:5a:76:54:5f:21:56:b5:09:e2:3a:27:10:
         d6:20:5c:b3:b3:14:22:e0:14:56:fc:52:7c:3e:67:ad:f4:05:
         69:7e:10:2f:87:62:28:c0:dd:e3:7c:fd:65:b1:72:bd:65:d4:
         8d:f4:c6:61:c2:f3:51:5e:14:d5:bc:28:ae:09:40:e1:5a:0f:
         68:40:e5:9c:27:31:e0:79:58:8a:e6:5f:46:16:69:53:53:c5:
         f5:65:9f:17:ac:e7:78:7b:19:01:9e:7a:7d:ee:ec:ed:14:53:
         7f:8b:a1:79:0c:d1:e1:c9:54:cc:37:99:24:30:24:5d:d3:e6:
         28:bd:b5:36:79:02:a7:b1:3e:b8:cb:c4:30:d1:10:3d:46:78:
         19:dd:14:c6:e0:6a:55:19:e1:e0:80:be:d7:e3:73:c9:c9:fd:
         15:6f:58:4b:d4:35:20:6a:1c:8b:2d:7a:d4:63:b2:f6:23:e2:
         fc:a3:c3:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmZC8ym2ZTAEyCkyulUj6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3OGIzNzM5Zjc4ZDk2ODQ0YTRlZjY4NjI2ZGM4N2FjMmVl
ZmE1MGYwHhcNMjQwMTAyMTQzNTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDhjYjYzNjdkODcxNWNjODBiODRmZTBlZWI0MGQ3NDk2NzBlMzQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7bL/DIf8bIU4ida+4yHCZ5UZgXG
q8uvPorQEge3aoaiXKx4ovJ1zd5BwsxDrS+dTdWvVKau+wK06anbGe1D18jJZrCB
UFekNDJmYiQprJB9pwSBQzpmtHhrxWhJ2j4sbQMgXAFOY9iajBwu7vSXFYL+QvnQ
ePsAP9iYPHjtkPTvr5IIdyfwGHIXoa1cGRjXo85Xdcu3IvXPwVwn4MlSIjs8+SfF
jGTlZS2Sq3iTUswdVoFAlVYuwlqAvxs725PBXzrJjGWrk7q61KMe+AQb79ZF0OMI
vGBBjXBP4VT5mBey/swYBu5dOVTGqWxRAVxpA8tDcwOp/wFXZ+6Tr5U8zwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFESMtjZ9hxXMgLhP4O60DXSWcONDMB8GA1UdIwQY
MBaAFAeLNzn3jZaESk72hibch6wu76UPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjRzM09mZU5sb1JLVHZhR0p0eUhyQzd2cFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS9iNjZkNzUtYTBiYi00OTYwLWJlZWEt
MDExNzg0MWQyNTViLzEvUkl5Mk5uMkhGY3lBdUVfZzdyUU5kSlp3NDBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS9iNjZkNzUtYTBiYi00OTYwLWJlZWEtMDExNzg0MWQyNTVi
LzEvQjRzM09mZU5sb1JLVHZhR0p0eUhyQzd2cFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX9feMA0G
CSqGSIb3DQEBCwUAA4IBAQBzc2qjDHAd7FIVe5EHP02i442NWVx3BxxOL8zymPWX
ZNk3imuidTLkvS1YZtGXvQZDSJystJo5kRu/EFa13rar38DV5vWLAZF/jcrnk9Za
dlRfIVa1CeI6JxDWIFyzsxQi4BRW/FJ8Pmet9AVpfhAvh2IowN3jfP1lsXK9ZdSN
9MZhwvNRXhTVvCiuCUDhWg9oQOWcJzHgeViK5l9GFmlTU8X1ZZ8XrOd4exkBnnp9
7uztFFN/i6F5DNHhyVTMN5kkMCRd0+YovbU2eQKnsT64y8Qw0RA9RngZ3RTG4GpV
GeHggL7X43PJyf0Vb1hL1DUgahyLLXrUY7L2I+L8o8Mc
-----END CERTIFICATE-----