Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/4DECoYtO6z5fJ8AC27jIpvbzEL0.roa
File:                     4DECoYtO6z5fJ8AC27jIpvbzEL0.roa (raw, json)
Hash identifier:          o9wKIO9GjD7tjpNcN3ACZHae7tZETS2et+jjqmqb6Gg=
Subject key identifier:   E0:31:02:A1:8B:4E:EB:3E:5F:27:C0:02:DB:B8:C8:A6:F6:F3:10:BD
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       018E61942FFBBE8261AEA6541522D66AD643
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/4DECoYtO6z5fJ8AC27jIpvbzEL0.roa
Signing time:             Thu 21 Mar 2024 15:14:45 +0000
ROA not before:           Thu 21 Mar 2024 15:14:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8551
IP address blocks:        95.100.204.0/22 maxlen: 22
                          2a02:26f0:8000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:61:94:2f:fb:be:82:61:ae:a6:54:15:22:d6:6a:d6:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Mar 21 15:14:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e03102a18b4eeb3e5f27c002dbb8c8a6f6f310bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:f4:f5:20:1e:6f:07:3b:ac:71:cd:70:9f:22:
                    50:bf:ae:d4:a7:d0:28:19:5d:e0:30:20:f4:cf:76:
                    15:dd:89:5f:73:cd:b5:ac:90:9f:5a:59:c1:9b:75:
                    fb:df:14:30:43:cf:10:37:f1:0f:96:27:1d:53:17:
                    fd:1f:1e:80:e7:3b:75:f2:30:a0:de:1a:98:6e:80:
                    e4:51:be:28:80:55:1d:d4:d0:7f:d0:8f:61:44:12:
                    23:8b:d5:47:ea:42:a6:ca:6b:99:29:4a:3b:72:03:
                    7e:ac:e7:8f:d3:30:db:a3:39:96:08:f9:08:a5:58:
                    38:e5:ce:6a:7e:92:70:52:6a:67:b0:f5:22:d3:fb:
                    48:70:34:f3:f1:82:4f:46:83:4b:3c:0c:19:ce:c5:
                    75:8c:3a:87:f8:e1:d3:a6:46:b6:d2:b4:97:6c:48:
                    63:49:06:98:33:28:dc:ff:e7:3e:05:f7:e8:29:e8:
                    38:86:ae:23:e4:d3:ee:c9:22:f2:a4:f8:7f:91:3a:
                    4e:42:74:c4:9e:55:7f:51:2b:c5:8c:8a:f8:08:c9:
                    c7:66:d2:0c:be:1b:4e:2c:f6:ea:73:e3:f9:f6:1e:
                    b2:db:80:63:ca:9a:2b:21:69:f2:fb:21:eb:e1:33:
                    5f:e9:72:6c:ff:a0:c0:ef:94:d8:74:a1:85:39:1c:
                    03:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:31:02:A1:8B:4E:EB:3E:5F:27:C0:02:DB:B8:C8:A6:F6:F3:10:BD
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/4DECoYtO6z5fJ8AC27jIpvbzEL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.100.204.0/22
                IPv6:
                  2a02:26f0:8000::/48

    Signature Algorithm: sha256WithRSAEncryption
         7d:94:1f:9b:14:9e:80:a7:0f:47:86:cb:0c:ca:d3:e6:7b:9b:
         93:4a:89:e2:d7:a0:a8:66:49:ff:b5:30:a3:ba:7d:b9:65:97:
         36:ff:ae:e8:22:51:7f:70:f9:c5:af:40:4d:ad:e9:77:7e:f5:
         8a:77:77:3f:19:32:48:c9:96:91:48:9d:07:b7:b1:34:3d:44:
         aa:33:89:71:2c:c7:3e:90:9f:6c:77:f6:f6:6a:89:53:49:d1:
         49:c0:ae:ae:21:2f:fc:3b:e0:8d:c2:73:86:65:06:64:3d:29:
         e8:be:d0:ac:c9:a8:15:72:ee:9f:84:fe:8f:6a:5f:f2:e4:a9:
         91:ce:f7:b1:6e:e4:9f:bb:0b:b2:75:86:16:f3:7a:0f:15:29:
         ae:16:c5:d9:50:14:70:a2:80:85:53:c7:21:f1:5a:20:b4:66:
         8b:23:c6:34:2d:db:9d:94:67:8f:95:b6:2b:b1:a9:a9:08:9f:
         fe:28:ee:fb:3e:e3:2b:cc:6e:35:36:61:ff:df:8a:86:25:0f:
         52:2e:b4:c7:7a:d7:7a:e0:33:e9:e7:83:73:b1:29:ab:da:f4:
         8b:63:52:42:91:a7:a8:15:c2:74:e5:71:1a:81:7b:93:0e:63:
         a6:2b:5a:5e:ab:7b:74:1a:ba:27:00:0b:c0:82:85:1f:1b:6e:
         b1:fd:53:41
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY5hlC/7voJhrqZUFSLWatZDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjQwMzIxMTUxNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDMxMDJhMThiNGVlYjNlNWYyN2MwMDJkYmI4YzhhNmY2ZjMxMGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/T1IB5vBzuscc1wnyJQv67Up9Ao
GV3gMCD0z3YV3Ylfc821rJCfWlnBm3X73xQwQ88QN/EPlicdUxf9Hx6A5zt18jCg
3hqYboDkUb4ogFUd1NB/0I9hRBIji9VH6kKmymuZKUo7cgN+rOeP0zDbozmWCPkI
pVg45c5qfpJwUmpnsPUi0/tIcDTz8YJPRoNLPAwZzsV1jDqH+OHTpka20rSXbEhj
SQaYMyjc/+c+BffoKeg4hq4j5NPuySLypPh/kTpOQnTEnlV/USvFjIr4CMnHZtIM
vhtOLPbqc+P59h6y24BjyporIWny+yHr4TNf6XJs/6DA75TYdKGFORwDuwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOAxAqGLTus+XyfAAtu4yKb28xC9MB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvNERFQ29ZdE82ejVmSjhBQzI3aklwdmJ6RUwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCX2TMMA8E
AgACMAkDBwAqAibwgAAwDQYJKoZIhvcNAQELBQADggEBAH2UH5sUnoCnD0eGywzK
0+Z7m5NKieLXoKhmSf+1MKO6fblllzb/rugiUX9w+cWvQE2t6Xd+9Yp3dz8ZMkjJ
lpFInQe3sTQ9RKoziXEsxz6Qn2x39vZqiVNJ0UnArq4hL/w74I3Cc4ZlBmQ9Kei+
0KzJqBVy7p+E/o9qX/LkqZHO97Fu5J+7C7J1hhbzeg8VKa4WxdlQFHCigIVTxyHx
WiC0ZosjxjQt252UZ4+VtiuxqakIn/4o7vs+4yvMbjU2Yf/fioYlD1IutMd613rg
M+nng3OxKava9ItjUkKRp6gVwnTlcRqBe5MOY6YrWl6re3QauicAC8CChR8bbrH9
U0E=
-----END CERTIFICATE-----