Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/73f5b5-293d-4035-92ac-a87e2872ad8a/1/4NxxKvKOIIY0TqeBBK4wE_fw3as.roa
File:                     4NxxKvKOIIY0TqeBBK4wE_fw3as.roa (raw, json)
Hash identifier:          ycfweKcJutLpmXYhD85BiolePE0B+KzNB5SExA8hy9o=
Subject key identifier:   E0:DC:71:2A:F2:8E:20:86:34:4E:A7:81:04:AE:30:13:F7:F0:DD:AB
Certificate issuer:       /CN=96bbd1bfca2f8a1578faab5b10c0fc355561cc65
Certificate serial:       018D840FF7DA608667F498514100EEB61DC6
Authority key identifier: 96:BB:D1:BF:CA:2F:8A:15:78:FA:AB:5B:10:C0:FC:35:55:61:CC:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lrvRv8ovihV4-qtbEMD8NVVhzGU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/73f5b5-293d-4035-92ac-a87e2872ad8a/1/4NxxKvKOIIY0TqeBBK4wE_fw3as.roa
Signing time:             Wed 07 Feb 2024 14:54:15 +0000
ROA not before:           Wed 07 Feb 2024 14:54:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216282
IP address blocks:        195.184.234.0/24 maxlen: 24
                          2a13:e1c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/73f5b5-293d-4035-92ac-a87e2872ad8a/1/lrvRv8ovihV4-qtbEMD8NVVhzGU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/73f5b5-293d-4035-92ac-a87e2872ad8a/1/lrvRv8ovihV4-qtbEMD8NVVhzGU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lrvRv8ovihV4-qtbEMD8NVVhzGU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 17:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:84:0f:f7:da:60:86:67:f4:98:51:41:00:ee:b6:1d:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96bbd1bfca2f8a1578faab5b10c0fc355561cc65
        Validity
            Not Before: Feb  7 14:54:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0dc712af28e2086344ea78104ae3013f7f0ddab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:c0:5e:9a:54:62:81:b8:e2:04:a5:77:b6:21:
                    87:de:6a:31:53:6b:cd:38:ad:b1:91:f2:0c:7d:28:
                    8f:bd:50:f3:bf:8f:1f:1a:e7:55:37:02:d7:37:c8:
                    21:1b:2a:a2:81:38:b7:bf:03:46:96:0c:1c:bb:4c:
                    20:8a:73:d0:2a:99:6b:75:cf:40:2e:c5:cb:89:d0:
                    ae:7f:11:f6:be:45:b0:dc:33:e3:9b:b7:61:bf:3d:
                    27:71:4c:84:97:01:6a:92:e1:69:ef:f2:eb:3a:7d:
                    fd:4a:22:06:11:4e:d9:11:0e:77:30:d5:f1:4c:3b:
                    f4:07:6d:0d:25:5d:37:30:a6:3a:0b:68:21:3b:84:
                    de:c0:ae:ee:a4:9c:e9:27:b9:eb:f4:aa:1a:63:4e:
                    60:9f:49:61:d7:b9:49:f4:0e:d6:ec:6c:73:ff:92:
                    66:2e:55:b0:fe:f5:c0:25:80:b6:bb:48:fe:40:3c:
                    7b:d2:2b:90:b0:16:10:4b:c3:c1:d2:0b:c6:df:a7:
                    b3:70:39:97:5d:49:cd:46:c9:c2:49:73:fc:95:c6:
                    92:f8:f0:35:ac:ba:cc:dd:77:3f:f8:cb:4e:5f:2c:
                    a3:c5:2b:14:fb:bb:23:d3:6b:79:22:7a:e5:c7:7e:
                    95:17:3c:41:91:ba:28:1f:c8:3f:9e:c7:4e:9c:24:
                    7f:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:DC:71:2A:F2:8E:20:86:34:4E:A7:81:04:AE:30:13:F7:F0:DD:AB
            X509v3 Authority Key Identifier:
                keyid:96:BB:D1:BF:CA:2F:8A:15:78:FA:AB:5B:10:C0:FC:35:55:61:CC:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lrvRv8ovihV4-qtbEMD8NVVhzGU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/73f5b5-293d-4035-92ac-a87e2872ad8a/1/4NxxKvKOIIY0TqeBBK4wE_fw3as.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/73f5b5-293d-4035-92ac-a87e2872ad8a/1/lrvRv8ovihV4-qtbEMD8NVVhzGU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.184.234.0/24
                IPv6:
                  2a13:e1c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         1d:07:63:94:4b:d7:6b:36:4a:f7:eb:fc:2d:88:34:c0:2b:ec:
         d6:79:b7:72:4f:c4:8e:96:92:5f:ff:5a:64:03:ff:84:02:11:
         00:3a:2f:b9:bc:cc:75:55:6b:22:f5:69:68:1b:1c:55:f5:30:
         b5:5f:72:2e:0b:14:71:a5:2e:5d:e1:f4:c5:cf:6f:20:93:15:
         60:d9:ce:ea:89:cf:75:c3:0c:24:c5:37:91:52:d1:68:45:2f:
         41:71:39:6f:aa:72:99:03:5f:9a:37:cc:52:48:51:fe:c6:dc:
         a8:a3:4e:b5:85:20:95:5a:8b:a9:ac:90:68:e8:58:3a:03:c3:
         40:b1:af:e1:38:0b:f7:a4:23:0a:6d:f2:92:cf:9e:69:a2:4a:
         16:f0:05:f1:e3:cd:eb:dc:97:89:fe:24:14:ed:72:1d:cc:98:
         5a:c1:60:71:b9:f4:66:ef:6d:2a:75:37:19:49:c1:eb:f5:9f:
         46:f8:99:68:9e:02:31:d9:20:44:52:b0:de:c8:f1:8d:d6:26:
         35:42:66:3c:ff:c2:55:27:b3:c0:b3:f5:83:4f:3b:77:78:20:
         47:b0:68:60:8d:15:16:39:ce:73:50:0f:67:d5:f8:cf:35:4e:
         f9:67:f7:19:0a:29:ef:35:76:16:7f:f1:0d:76:59:b0:22:0a:
         64:82:7b:54
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY2ED/faYIZn9JhRQQDuth3GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2YmJkMWJmY2EyZjhhMTU3OGZhYWI1YjEwYzBmYzM1NTU2
MWNjNjUwHhcNMjQwMjA3MTQ1NDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGRjNzEyYWYyOGUyMDg2MzQ0ZWE3ODEwNGFlMzAxM2Y3ZjBkZGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAisBemlRigbjiBKV3tiGH3moxU2vN
OK2xkfIMfSiPvVDzv48fGudVNwLXN8ghGyqigTi3vwNGlgwcu0wginPQKplrdc9A
LsXLidCufxH2vkWw3DPjm7dhvz0ncUyElwFqkuFp7/LrOn39SiIGEU7ZEQ53MNXx
TDv0B20NJV03MKY6C2ghO4TewK7upJzpJ7nr9KoaY05gn0lh17lJ9A7W7Gxz/5Jm
LlWw/vXAJYC2u0j+QDx70iuQsBYQS8PB0gvG36ezcDmXXUnNRsnCSXP8lcaS+PA1
rLrM3Xc/+MtOXyyjxSsU+7sj02t5Inrlx36VFzxBkbooH8g/nsdOnCR/gwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFODccSryjiCGNE6ngQSuMBP38N2rMB8GA1UdIwQY
MBaAFJa70b/KL4oVePqrWxDA/DVVYcxlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHJ2UnY4b3ZpaFY0LXF0YkVNRDhOVlZoekdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My83M2Y1YjUtMjkzZC00MDM1LTkyYWMt
YTg3ZTI4NzJhZDhhLzEvNE54eEt2S09JSVkwVHFlQkJLNHdFX2Z3M2FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My83M2Y1YjUtMjkzZC00MDM1LTkyYWMtYTg3ZTI4NzJhZDhh
LzEvbHJ2UnY4b3ZpaFY0LXF0YkVNRDhOVlZoekdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAw7jqMA0E
AgACMAcDBQMqE+HAMA0GCSqGSIb3DQEBCwUAA4IBAQAdB2OUS9drNkr36/wtiDTA
K+zWebdyT8SOlpJf/1pkA/+EAhEAOi+5vMx1VWsi9WloGxxV9TC1X3IuCxRxpS5d
4fTFz28gkxVg2c7qic91wwwkxTeRUtFoRS9BcTlvqnKZA1+aN8xSSFH+xtyoo061
hSCVWouprJBo6Fg6A8NAsa/hOAv3pCMKbfKSz55pokoW8AXx483r3JeJ/iQU7XId
zJhawWBxufRm720qdTcZScHr9Z9G+JlongIx2SBEUrDeyPGN1iY1QmY8/8JVJ7PA
s/WDTzt3eCBHsGhgjRUWOc5zUA9n1fjPNU75Z/cZCinvNXYWf/ENdlmwIgpkgntU
-----END CERTIFICATE-----