Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/8065d5-04d0-43e5-a2f4-041a48d2123f/1/lU9Ys5hp4Iz8Z3Ol4fumVUFIDYU.roa
File:                     lU9Ys5hp4Iz8Z3Ol4fumVUFIDYU.roa (raw, json)
Hash identifier:          iwy3snEyrFnewWosExT9g9WO/780vtNIrwCT5awi8eY=
Subject key identifier:   95:4F:58:B3:98:69:E0:8C:FC:67:73:A5:E1:FB:A6:55:41:48:0D:85
Certificate issuer:       /CN=a4767bc5fbcbcefb1c1c747bb0eb5337dab691c0
Certificate serial:       018CC6B920511DEB63F82891664932456626
Authority key identifier: A4:76:7B:C5:FB:CB:CE:FB:1C:1C:74:7B:B0:EB:53:37:DA:B6:91:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pHZ7xfvLzvscHHR7sOtTN9q2kcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/8065d5-04d0-43e5-a2f4-041a48d2123f/1/lU9Ys5hp4Iz8Z3Ol4fumVUFIDYU.roa
Signing time:             Mon 01 Jan 2024 20:31:10 +0000
ROA not before:           Mon 01 Jan 2024 20:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50827
IP address blocks:        212.63.223.0/24 maxlen: 24
                          193.42.215.0/24 maxlen: 24
                          2a01:298:fd::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/8065d5-04d0-43e5-a2f4-041a48d2123f/1/pHZ7xfvLzvscHHR7sOtTN9q2kcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/8065d5-04d0-43e5-a2f4-041a48d2123f/1/pHZ7xfvLzvscHHR7sOtTN9q2kcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pHZ7xfvLzvscHHR7sOtTN9q2kcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 13:02:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:20:51:1d:eb:63:f8:28:91:66:49:32:45:66:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4767bc5fbcbcefb1c1c747bb0eb5337dab691c0
        Validity
            Not Before: Jan  1 20:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=954f58b39869e08cfc6773a5e1fba65541480d85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:d6:64:b9:76:23:8a:cd:a1:5e:7a:53:46:14:
                    ba:e5:fd:57:63:96:46:aa:01:c8:ad:5e:58:82:37:
                    4e:eb:9d:30:67:94:d3:2a:34:99:3f:3e:0a:a9:49:
                    e5:eb:4f:81:89:32:f5:f9:5f:08:c2:4c:32:52:f2:
                    d0:37:5f:57:15:10:31:e7:3d:f9:e1:85:85:2f:54:
                    e7:f3:34:e2:af:2e:c5:53:f4:f6:c4:4e:a4:f8:e5:
                    09:a2:78:97:7a:50:ca:1b:f2:69:c8:c1:57:ed:fa:
                    ac:e9:c1:16:ae:e1:cd:6b:be:82:64:90:ec:45:26:
                    16:5d:e8:44:29:9b:18:dd:3a:16:34:2b:cf:44:3b:
                    10:10:f9:bb:7c:68:26:a5:1c:b8:ac:2b:0b:d2:52:
                    93:9e:6e:f7:f5:03:06:74:4c:02:d6:be:1a:c7:ea:
                    6b:d2:14:2f:62:0a:dd:c7:e3:8b:de:4e:ae:af:26:
                    aa:ac:97:dd:90:5e:bf:e6:30:92:59:9a:9e:ca:2f:
                    70:1c:94:56:d2:33:a8:17:58:38:97:df:0e:b6:8b:
                    07:7b:94:70:c3:e6:c4:b4:51:46:41:df:ab:15:fd:
                    ba:9b:c5:6c:15:68:a2:07:8b:77:70:18:1f:65:45:
                    ba:d1:81:b8:c6:bd:0f:8a:c6:ed:6c:a2:06:38:86:
                    f3:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:4F:58:B3:98:69:E0:8C:FC:67:73:A5:E1:FB:A6:55:41:48:0D:85
            X509v3 Authority Key Identifier:
                keyid:A4:76:7B:C5:FB:CB:CE:FB:1C:1C:74:7B:B0:EB:53:37:DA:B6:91:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pHZ7xfvLzvscHHR7sOtTN9q2kcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/8065d5-04d0-43e5-a2f4-041a48d2123f/1/lU9Ys5hp4Iz8Z3Ol4fumVUFIDYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/8065d5-04d0-43e5-a2f4-041a48d2123f/1/pHZ7xfvLzvscHHR7sOtTN9q2kcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.42.215.0/24
                  212.63.223.0/24
                IPv6:
                  2a01:298:fd::/48

    Signature Algorithm: sha256WithRSAEncryption
         4d:e5:b8:a3:0e:25:a1:56:17:67:a4:90:24:80:05:e1:0e:17:
         e8:43:cc:dc:17:3e:34:cb:ca:b2:aa:af:40:e0:0c:e3:67:f7:
         21:a9:34:48:f7:2a:17:b5:82:37:b9:fe:ad:2c:6e:ae:2e:98:
         01:58:42:26:e7:a9:2f:7f:c3:22:5c:60:1a:03:1e:99:ad:30:
         e8:7d:a6:ee:ea:4a:c8:bc:9f:27:bf:b4:2b:82:81:98:f9:8a:
         2c:73:34:33:4a:2c:e2:20:7f:0f:c3:49:9b:9c:4b:af:b1:46:
         e2:97:80:67:ec:f3:ae:7a:69:c5:4c:7b:f4:be:0e:c8:34:4f:
         b4:62:50:62:6f:06:09:f0:19:18:37:2d:90:60:ee:9b:11:34:
         f2:21:1b:e8:9e:5c:48:db:14:8d:6f:2d:11:0f:a9:64:16:21:
         43:24:31:e5:8d:ca:0e:5e:32:36:bb:bb:7e:fa:21:03:95:a9:
         42:4a:d4:62:a1:fe:a1:25:65:c0:d2:a4:b4:97:8d:8d:8c:12:
         62:0d:4d:83:92:9b:9c:f7:a0:2a:29:b4:d0:8c:f3:c3:e1:22:
         1d:54:34:51:47:3a:3b:6d:e5:40:ee:19:c1:73:47:e1:f9:a0:
         52:0b:53:6d:fe:d3:2c:9a:3e:56:c8:ef:f9:5e:7e:74:46:79:
         2a:51:08:e8
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzGuSBRHetj+CiRZkkyRWYmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0NzY3YmM1ZmJjYmNlZmIxYzFjNzQ3YmIwZWI1MzM3ZGFi
NjkxYzAwHhcNMjQwMTAxMjAzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTRmNThiMzk4NjllMDhjZmM2NzczYTVlMWZiYTY1NTQxNDgwZDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvdZkuXYjis2hXnpTRhS65f1XY5ZG
qgHIrV5YgjdO650wZ5TTKjSZPz4KqUnl60+BiTL1+V8IwkwyUvLQN19XFRAx5z35
4YWFL1Tn8zTiry7FU/T2xE6k+OUJoniXelDKG/JpyMFX7fqs6cEWruHNa76CZJDs
RSYWXehEKZsY3ToWNCvPRDsQEPm7fGgmpRy4rCsL0lKTnm739QMGdEwC1r4ax+pr
0hQvYgrdx+OL3k6uryaqrJfdkF6/5jCSWZqeyi9wHJRW0jOoF1g4l98OtosHe5Rw
w+bEtFFGQd+rFf26m8VsFWiiB4t3cBgfZUW60YG4xr0PisbtbKIGOIbzrQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFJVPWLOYaeCM/GdzpeH7plVBSA2FMB8GA1UdIwQY
MBaAFKR2e8X7y877HBx0e7DrUzfatpHAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEhaN3hmdkx6dnNjSEhSN3NPdFROOXEya2NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS84MDY1ZDUtMDRkMC00M2U1LWEyZjQt
MDQxYTQ4ZDIxMjNmLzEvbFU5WXM1aHA0SXo4WjNPbDRmdW1WVUZJRFlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS84MDY1ZDUtMDRkMC00M2U1LWEyZjQtMDQxYTQ4ZDIxMjNm
LzEvcEhaN3hmdkx6dnNjSEhSN3NPdFROOXEya2NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAwSrXAwQA
1D/fMA8EAgACMAkDBwAqAQKYAP0wDQYJKoZIhvcNAQELBQADggEBAE3luKMOJaFW
F2ekkCSABeEOF+hDzNwXPjTLyrKqr0DgDONn9yGpNEj3Khe1gje5/q0sbq4umAFY
QibnqS9/wyJcYBoDHpmtMOh9pu7qSsi8nye/tCuCgZj5iixzNDNKLOIgfw/DSZuc
S6+xRuKXgGfs8656acVMe/S+Dsg0T7RiUGJvBgnwGRg3LZBg7psRNPIhG+ieXEjb
FI1vLREPqWQWIUMkMeWNyg5eMja7u376IQOVqUJK1GKh/qElZcDSpLSXjY2MEmIN
TYOSm5z3oCoptNCM88PhIh1UNFFHOjtt5UDuGcFzR+H5oFILU23+0yyaPlbI7/le
fnRGeSpRCOg=
-----END CERTIFICATE-----