Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/423e9c-4425-496e-b237-6b0ef9108688/1/ONEdxN-peaPcpdnR-c7nkTvQ1WI.roa
File:                     ONEdxN-peaPcpdnR-c7nkTvQ1WI.roa (raw, json)
Hash identifier:          pzRpQilNfnuOz0iZr6WV5PGc0XZr/OMxaeOc7+T4CPU=
Subject key identifier:   38:D1:1D:C4:DF:A9:79:A3:DC:A5:D9:D1:F9:CE:E7:91:3B:D0:D5:62
Certificate issuer:       /CN=8b8d8598064db5a8edb3a6084064cd2a1ad8c6e3
Certificate serial:       018D610FB6B2880D6C26C0DF69A21D8D253F
Authority key identifier: 8B:8D:85:98:06:4D:B5:A8:ED:B3:A6:08:40:64:CD:2A:1A:D8:C6:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i42FmAZNtajts6YIQGTNKhrYxuM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/423e9c-4425-496e-b237-6b0ef9108688/1/ONEdxN-peaPcpdnR-c7nkTvQ1WI.roa
Signing time:             Wed 31 Jan 2024 19:47:16 +0000
ROA not before:           Wed 31 Jan 2024 19:47:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204457
IP address blocks:        95.141.248.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/423e9c-4425-496e-b237-6b0ef9108688/1/i42FmAZNtajts6YIQGTNKhrYxuM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/423e9c-4425-496e-b237-6b0ef9108688/1/i42FmAZNtajts6YIQGTNKhrYxuM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i42FmAZNtajts6YIQGTNKhrYxuM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:61:0f:b6:b2:88:0d:6c:26:c0:df:69:a2:1d:8d:25:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b8d8598064db5a8edb3a6084064cd2a1ad8c6e3
        Validity
            Not Before: Jan 31 19:47:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38d11dc4dfa979a3dca5d9d1f9cee7913bd0d562
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:2f:99:ee:04:24:d0:9a:5d:67:51:1c:c0:30:
                    b0:93:38:52:4e:24:4e:f8:8c:7b:7c:d8:75:63:f6:
                    3f:51:0c:5e:33:c5:30:6c:7f:9b:97:27:84:88:35:
                    d9:54:d5:28:ca:8e:41:ec:96:6e:07:84:61:70:80:
                    f6:87:c2:a3:40:1b:08:f8:e5:cc:20:86:43:aa:a3:
                    07:1f:a3:2e:f6:ee:0e:c8:c2:3c:04:b8:cc:72:24:
                    ee:6b:19:f6:77:ea:07:ed:ca:28:bf:cb:74:d5:cb:
                    a8:eb:f2:f4:39:68:21:c0:61:10:ed:52:ca:fe:30:
                    dc:c5:40:e2:d8:03:47:e8:65:23:c9:90:5a:99:02:
                    ff:60:02:64:3c:82:2d:b4:24:b7:07:29:07:6b:36:
                    ca:3c:33:1e:2d:bb:e7:8b:f6:4a:a9:e5:cb:4f:1f:
                    f7:f5:9c:fa:c7:c9:46:fe:74:b7:c6:76:65:35:8c:
                    54:30:9c:ed:35:99:23:37:90:ac:8e:c8:92:e0:d6:
                    61:68:6a:b0:a7:6f:cb:39:ce:71:50:49:b9:61:39:
                    93:f1:00:65:21:a4:a5:4a:75:2c:d7:58:43:38:06:
                    d6:52:6c:36:81:f5:2e:8b:92:9a:64:29:96:e0:88:
                    98:3c:f3:53:1a:29:a9:e2:ea:7c:43:61:77:27:74:
                    0b:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:D1:1D:C4:DF:A9:79:A3:DC:A5:D9:D1:F9:CE:E7:91:3B:D0:D5:62
            X509v3 Authority Key Identifier:
                keyid:8B:8D:85:98:06:4D:B5:A8:ED:B3:A6:08:40:64:CD:2A:1A:D8:C6:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i42FmAZNtajts6YIQGTNKhrYxuM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/423e9c-4425-496e-b237-6b0ef9108688/1/ONEdxN-peaPcpdnR-c7nkTvQ1WI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/423e9c-4425-496e-b237-6b0ef9108688/1/i42FmAZNtajts6YIQGTNKhrYxuM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.141.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:09:5c:8e:09:69:cb:b5:a8:3a:04:55:4b:e0:d3:9f:1b:57:
         88:04:c6:61:5c:7f:5c:00:18:e3:26:ba:d0:72:09:28:44:15:
         f4:6f:e8:87:e0:19:a7:c9:2d:79:f8:0d:55:be:14:3f:2e:91:
         07:db:d8:4b:92:f6:18:73:ba:31:e7:b3:1b:3b:b7:ab:f3:07:
         ee:15:b7:c1:f6:c7:72:3e:12:2c:4a:2d:ac:89:29:f2:2b:4f:
         9f:3b:8a:9c:b0:c3:ba:9c:e5:b6:0d:4e:19:fb:3d:79:b8:5a:
         42:33:57:e8:07:3c:9a:f2:d2:94:06:48:5a:a8:eb:62:a3:dd:
         76:32:b5:d8:d6:51:17:6d:5b:53:c9:d5:6d:73:35:c2:86:53:
         1b:a8:04:fa:af:d7:b2:67:60:cd:da:16:27:e9:00:1f:13:66:
         c7:4a:0f:ec:be:40:1a:44:84:60:9c:e0:d2:ab:f3:3b:2e:0b:
         44:4a:fe:82:f4:8f:45:ea:f6:50:11:f9:c4:91:c3:7c:92:0b:
         9d:94:40:0e:b4:1e:ac:c1:54:8c:de:11:dd:c2:3b:f4:0b:26:
         b4:13:04:ab:14:4f:be:c5:84:23:f7:fd:22:8a:82:37:68:f8:
         b0:7d:9f:59:ee:f2:f9:35:c1:54:10:83:41:57:61:17:bf:d3:
         54:94:43:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1hD7ayiA1sJsDfaaIdjSU/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiOGQ4NTk4MDY0ZGI1YThlZGIzYTYwODQwNjRjZDJhMWFk
OGM2ZTMwHhcNMjQwMTMxMTk0NzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGQxMWRjNGRmYTk3OWEzZGNhNWQ5ZDFmOWNlZTc5MTNiZDBkNTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgi+Z7gQk0JpdZ1EcwDCwkzhSTiRO
+Ix7fNh1Y/Y/UQxeM8UwbH+blyeEiDXZVNUoyo5B7JZuB4RhcID2h8KjQBsI+OXM
IIZDqqMHH6Mu9u4OyMI8BLjMciTuaxn2d+oH7coov8t01cuo6/L0OWghwGEQ7VLK
/jDcxUDi2ANH6GUjyZBamQL/YAJkPIIttCS3BykHazbKPDMeLbvni/ZKqeXLTx/3
9Zz6x8lG/nS3xnZlNYxUMJztNZkjN5CsjsiS4NZhaGqwp2/LOc5xUEm5YTmT8QBl
IaSlSnUs11hDOAbWUmw2gfUui5KaZCmW4IiYPPNTGimp4up8Q2F3J3QL8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDjRHcTfqXmj3KXZ0fnO55E70NViMB8GA1UdIwQY
MBaAFIuNhZgGTbWo7bOmCEBkzSoa2MbjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTQyRm1BWk50YWp0czZZSVFHVE5LaHJZeHVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MjNlOWMtNDQyNS00OTZlLWIyMzct
NmIwZWY5MTA4Njg4LzEvT05FZHhOLXBlYVBjcGRuUi1jN25rVHZRMVdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MjNlOWMtNDQyNS00OTZlLWIyMzctNmIwZWY5MTA4Njg4
LzEvaTQyRm1BWk50YWp0czZZSVFHVE5LaHJZeHVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX434MA0G
CSqGSIb3DQEBCwUAA4IBAQCoCVyOCWnLtag6BFVL4NOfG1eIBMZhXH9cABjjJrrQ
cgkoRBX0b+iH4BmnyS15+A1VvhQ/LpEH29hLkvYYc7ox57MbO7er8wfuFbfB9sdy
PhIsSi2siSnyK0+fO4qcsMO6nOW2DU4Z+z15uFpCM1foBzya8tKUBkhaqOtio912
MrXY1lEXbVtTydVtczXChlMbqAT6r9eyZ2DN2hYn6QAfE2bHSg/svkAaRIRgnODS
q/M7LgtESv6C9I9F6vZQEfnEkcN8kgudlEAOtB6swVSM3hHdwjv0Cya0EwSrFE++
xYQj9/0iioI3aPiwfZ9Z7vL5NcFUEINBV2EXv9NUlEOq
-----END CERTIFICATE-----