Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/iJ-NhnO5tJq_CMxSADI-QNv3xC0.roa
File:                     iJ-NhnO5tJq_CMxSADI-QNv3xC0.roa (raw, json)
Hash identifier:          acpE0sw0jSY6iCJ2XE4NW51gg9f4+n2Ws3lUOV0xPsQ=
Subject key identifier:   88:9F:8D:86:73:B9:B4:9A:BF:08:CC:52:00:32:3E:40:DB:F7:C4:2D
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       018E61943054D5198E3A2224351A0E55D3AF
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/iJ-NhnO5tJq_CMxSADI-QNv3xC0.roa
Signing time:             Thu 21 Mar 2024 15:14:45 +0000
ROA not before:           Thu 21 Mar 2024 15:14:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9050
IP address blocks:        95.100.220.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:61:94:30:54:d5:19:8e:3a:22:24:35:1a:0e:55:d3:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Mar 21 15:14:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=889f8d8673b9b49abf08cc5200323e40dbf7c42d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:c1:5e:b1:42:1b:b0:27:e2:1d:2c:e0:7a:19:
                    bd:46:99:5e:46:f9:cd:73:47:2c:32:60:72:da:cf:
                    74:a4:12:5b:b9:d1:34:6b:69:e8:79:8c:ad:4a:49:
                    98:df:85:c2:ad:90:82:e6:30:a1:c0:50:89:3a:1a:
                    b6:bd:bb:21:a6:2f:a5:a4:51:6c:e4:cd:d3:a9:fd:
                    33:db:06:53:23:13:12:07:95:0d:27:81:f8:04:57:
                    06:57:f7:e5:68:19:a5:db:31:4b:fa:7e:d8:ce:60:
                    e6:c3:cf:6a:3c:64:18:b4:ed:ab:79:22:15:f0:2f:
                    64:39:02:06:97:67:9d:dc:fc:4e:ef:a5:d6:39:c3:
                    c4:8c:51:fe:93:4f:97:c5:84:31:a0:da:04:2c:32:
                    2c:b5:fa:8f:49:27:02:e6:26:ae:51:47:91:b9:f3:
                    dd:8b:ce:63:b9:68:a6:f5:88:30:d1:4c:86:1b:2a:
                    ce:fd:d8:35:aa:f6:b9:4d:71:a6:28:93:9e:79:fc:
                    63:b6:ca:39:ac:d2:14:dc:fe:cd:bb:dd:e4:70:77:
                    38:7f:ae:9a:5d:11:95:1b:36:17:4f:86:24:01:a4:
                    f9:46:0b:c2:58:08:db:f0:93:95:40:58:06:a3:e4:
                    c0:dc:7d:af:2c:d3:01:7f:81:ad:45:8e:48:14:85:
                    c6:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:9F:8D:86:73:B9:B4:9A:BF:08:CC:52:00:32:3E:40:DB:F7:C4:2D
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/iJ-NhnO5tJq_CMxSADI-QNv3xC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.100.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         38:90:a7:4e:b1:77:07:90:a1:c9:8a:96:16:7a:6d:5d:cf:a5:
         dc:a0:e2:45:29:cd:1a:4d:9c:8b:7e:d1:46:a3:4e:a4:b0:65:
         73:8c:1b:d8:c0:8b:92:d2:dd:7f:d4:bc:99:41:79:00:68:ef:
         57:52:62:5e:21:80:8d:5b:c3:2e:41:37:ac:6b:b8:11:4a:23:
         6e:27:f5:47:3c:c4:55:6a:35:2b:62:b9:a4:0c:53:a0:e8:e9:
         77:30:75:a6:b3:c8:92:4c:c2:31:fe:02:a4:18:38:ec:dc:33:
         70:06:53:f9:0e:a5:cf:c2:81:fb:60:30:22:89:c8:4d:fc:bd:
         67:f5:3a:e2:8a:d7:b0:a8:4e:54:fc:da:51:9c:b5:b5:68:26:
         5b:09:cf:a9:78:49:4b:94:1c:b0:98:69:02:19:1f:8f:60:bc:
         88:fa:2e:5c:0b:8e:d7:69:eb:d7:92:08:dc:a1:4e:25:12:fd:
         70:97:4c:ab:e6:73:d4:e4:c9:8a:7e:be:b0:15:69:8f:b4:21:
         44:0e:97:a6:51:3a:6c:e3:12:cc:06:20:dc:35:06:52:be:9d:
         89:d9:df:ce:72:ee:71:9c:2c:a9:98:8b:02:c7:9b:73:07:82:
         31:b9:a2:48:82:22:da:56:49:b3:02:c7:5e:89:e3:7a:fd:2f:
         7f:11:8b:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5hlDBU1RmOOiIkNRoOVdOvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjQwMzIxMTUxNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODlmOGQ4NjczYjliNDlhYmYwOGNjNTIwMDMyM2U0MGRiZjdjNDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0MFesUIbsCfiHSzgehm9RpleRvnN
c0csMmBy2s90pBJbudE0a2noeYytSkmY34XCrZCC5jChwFCJOhq2vbshpi+lpFFs
5M3Tqf0z2wZTIxMSB5UNJ4H4BFcGV/flaBml2zFL+n7YzmDmw89qPGQYtO2reSIV
8C9kOQIGl2ed3PxO76XWOcPEjFH+k0+XxYQxoNoELDIstfqPSScC5iauUUeRufPd
i85juWim9Ygw0UyGGyrO/dg1qva5TXGmKJOeefxjtso5rNIU3P7Nu93kcHc4f66a
XRGVGzYXT4YkAaT5RgvCWAjb8JOVQFgGo+TA3H2vLNMBf4GtRY5IFIXG9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIifjYZzubSavwjMUgAyPkDb98QtMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvaUotTmhuTzV0SnFfQ014U0FESS1RTnYzeEMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCX2TcMA0G
CSqGSIb3DQEBCwUAA4IBAQA4kKdOsXcHkKHJipYWem1dz6XcoOJFKc0aTZyLftFG
o06ksGVzjBvYwIuS0t1/1LyZQXkAaO9XUmJeIYCNW8MuQTesa7gRSiNuJ/VHPMRV
ajUrYrmkDFOg6Ol3MHWms8iSTMIx/gKkGDjs3DNwBlP5DqXPwoH7YDAiichN/L1n
9TriitewqE5U/NpRnLW1aCZbCc+peElLlBywmGkCGR+PYLyI+i5cC47XaevXkgjc
oU4lEv1wl0yr5nPU5MmKfr6wFWmPtCFEDpemUTps4xLMBiDcNQZSvp2J2d/Ocu5x
nCypmIsCx5tzB4IxuaJIgiLaVkmzAsdeieN6/S9/EYsu
-----END CERTIFICATE-----