Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/796f8c-bdb7-441f-bdbb-03541d231574/1/slahiM7f-RYHvbhMgYrSeVXgulo.roa
File:                     slahiM7f-RYHvbhMgYrSeVXgulo.roa (raw, json)
Hash identifier:          /qmu+Dpp1bS3QpTnySyv+udWARgjycUFts78wP4iATE=
Subject key identifier:   B2:56:A1:88:CE:DF:F9:16:07:BD:B8:4C:81:8A:D2:79:55:E0:BA:5A
Certificate issuer:       /CN=680e20ccfb2d5898c2162900d1468070a7024956
Certificate serial:       018CC86F243FD0B2F54CA2158ACC06140760
Authority key identifier: 68:0E:20:CC:FB:2D:58:98:C2:16:29:00:D1:46:80:70:A7:02:49:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aA4gzPstWJjCFikA0UaAcKcCSVY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/796f8c-bdb7-441f-bdbb-03541d231574/1/slahiM7f-RYHvbhMgYrSeVXgulo.roa
Signing time:             Tue 02 Jan 2024 04:29:36 +0000
ROA not before:           Tue 02 Jan 2024 04:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25459
IP address blocks:        185.95.44.0/22 maxlen: 22
                          2a01:4520::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/796f8c-bdb7-441f-bdbb-03541d231574/1/aA4gzPstWJjCFikA0UaAcKcCSVY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/796f8c-bdb7-441f-bdbb-03541d231574/1/aA4gzPstWJjCFikA0UaAcKcCSVY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aA4gzPstWJjCFikA0UaAcKcCSVY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:24:3f:d0:b2:f5:4c:a2:15:8a:cc:06:14:07:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=680e20ccfb2d5898c2162900d1468070a7024956
        Validity
            Not Before: Jan  2 04:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b256a188cedff91607bdb84c818ad27955e0ba5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:52:74:78:66:e0:e3:03:1d:c0:f4:2f:61:df:
                    f5:6e:be:f2:a1:5f:e8:26:8f:b4:47:59:63:04:42:
                    1e:a9:01:2f:46:da:04:12:ad:97:72:b6:ad:8c:14:
                    aa:62:88:67:6b:e1:4e:1b:8d:03:e6:1d:84:b3:26:
                    d7:ef:26:6f:fb:0f:06:02:b2:2d:cc:b1:37:33:f1:
                    17:cc:3c:23:c3:d0:25:77:5d:6e:ad:e6:b0:2c:2d:
                    43:65:35:9d:3b:07:38:23:0f:16:c3:50:ab:66:f8:
                    66:ff:87:a1:9e:45:5c:11:9e:a6:b4:f2:0a:d5:e2:
                    c9:dd:57:90:f2:18:bf:a7:b3:c4:e8:53:a9:a3:38:
                    cc:a0:db:de:3c:20:51:b6:5f:cc:c0:7b:be:23:e2:
                    a4:64:24:07:ca:9e:d6:92:4f:eb:d8:6b:79:e0:bb:
                    41:cb:52:7e:42:61:8a:50:3c:d1:18:4b:42:ea:99:
                    88:66:63:24:1e:c7:09:df:e4:50:88:1d:cd:27:fe:
                    90:c0:53:de:c3:3d:b9:37:1d:f2:9c:b0:dd:a9:af:
                    0d:6b:26:fe:ef:98:3a:77:9d:76:d7:d9:e0:86:b7:
                    2b:9d:87:d4:34:f0:76:91:fb:a4:6d:2d:af:ce:4e:
                    14:f2:83:bd:b2:ea:af:a0:4c:07:14:67:e2:90:9e:
                    9a:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:56:A1:88:CE:DF:F9:16:07:BD:B8:4C:81:8A:D2:79:55:E0:BA:5A
            X509v3 Authority Key Identifier:
                keyid:68:0E:20:CC:FB:2D:58:98:C2:16:29:00:D1:46:80:70:A7:02:49:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aA4gzPstWJjCFikA0UaAcKcCSVY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/796f8c-bdb7-441f-bdbb-03541d231574/1/slahiM7f-RYHvbhMgYrSeVXgulo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/796f8c-bdb7-441f-bdbb-03541d231574/1/aA4gzPstWJjCFikA0UaAcKcCSVY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.95.44.0/22
                IPv6:
                  2a01:4520::/32

    Signature Algorithm: sha256WithRSAEncryption
         06:94:4e:59:64:91:d1:34:14:ab:f4:2b:1f:20:c5:20:a0:2f:
         e9:06:ec:63:33:e4:e0:f8:d9:e4:d5:0d:ea:a5:36:2a:54:03:
         64:36:40:b7:25:fe:32:0b:24:e7:d6:83:80:2b:88:df:ea:22:
         c2:c2:3b:a4:dc:f9:f4:2e:db:c4:98:d3:de:de:fb:10:02:cf:
         cd:82:72:55:9f:5e:c3:8f:86:27:bf:9c:53:ae:24:2c:27:0c:
         43:ce:0c:67:42:92:44:cc:46:9f:50:ca:32:18:e4:97:ed:67:
         9a:89:3b:ea:b1:1e:1f:d2:fe:43:5e:bb:53:15:16:1a:94:0b:
         b6:1d:da:d2:c2:84:c6:55:ce:d4:9b:1c:e6:1b:83:45:60:18:
         4b:4e:2d:8f:81:e5:ef:c0:8e:68:5c:50:b7:d3:4c:5e:11:5c:
         fa:d9:2b:10:60:aa:54:d3:b3:06:55:7e:da:3b:b7:a9:27:60:
         a8:f2:c5:c7:0c:41:0c:0e:81:13:5b:39:37:44:0e:19:b6:17:
         48:68:27:e2:5c:9c:d0:3b:59:3a:f2:c7:0e:39:fe:7f:f9:91:
         b8:60:0b:d7:e9:39:96:3b:d7:de:c0:75:18:f8:07:c8:f8:44:
         39:11:c8:c8:c8:9d:08:43:59:4d:1c:f0:0b:6f:ee:93:cb:e1:
         7d:d5:7b:56
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIbyQ/0LL1TKIViswGFAdgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4MGUyMGNjZmIyZDU4OThjMjE2MjkwMGQxNDY4MDcwYTcw
MjQ5NTYwHhcNMjQwMTAyMDQyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjU2YTE4OGNlZGZmOTE2MDdiZGI4NGM4MThhZDI3OTU1ZTBiYTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhFJ0eGbg4wMdwPQvYd/1br7yoV/o
Jo+0R1ljBEIeqQEvRtoEEq2XcratjBSqYohna+FOG40D5h2EsybX7yZv+w8GArIt
zLE3M/EXzDwjw9Ald11ureawLC1DZTWdOwc4Iw8Ww1CrZvhm/4ehnkVcEZ6mtPIK
1eLJ3VeQ8hi/p7PE6FOpozjMoNvePCBRtl/MwHu+I+KkZCQHyp7Wkk/r2Gt54LtB
y1J+QmGKUDzRGEtC6pmIZmMkHscJ3+RQiB3NJ/6QwFPewz25Nx3ynLDdqa8Nayb+
75g6d51219nghrcrnYfUNPB2kfukbS2vzk4U8oO9suqvoEwHFGfikJ6akwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLJWoYjO3/kWB724TIGK0nlV4LpaMB8GA1UdIwQY
MBaAFGgOIMz7LViYwhYpANFGgHCnAklWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUE0Z3pQc3RXSmpDRmlrQTBVYUFjS2NDU1ZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny83OTZmOGMtYmRiNy00NDFmLWJkYmIt
MDM1NDFkMjMxNTc0LzEvc2xhaGlNN2YtUllIdmJoTWdZclNlVlhndWxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny83OTZmOGMtYmRiNy00NDFmLWJkYmItMDM1NDFkMjMxNTc0
LzEvYUE0Z3pQc3RXSmpDRmlrQTBVYUFjS2NDU1ZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuV8sMA0E
AgACMAcDBQAqAUUgMA0GCSqGSIb3DQEBCwUAA4IBAQAGlE5ZZJHRNBSr9CsfIMUg
oC/pBuxjM+Tg+Nnk1Q3qpTYqVANkNkC3Jf4yCyTn1oOAK4jf6iLCwjuk3Pn0LtvE
mNPe3vsQAs/NgnJVn17Dj4Ynv5xTriQsJwxDzgxnQpJEzEafUMoyGOSX7WeaiTvq
sR4f0v5DXrtTFRYalAu2HdrSwoTGVc7UmxzmG4NFYBhLTi2PgeXvwI5oXFC300xe
EVz62SsQYKpU07MGVX7aO7epJ2Co8sXHDEEMDoETWzk3RA4ZthdIaCfiXJzQO1k6
8scOOf5/+ZG4YAvX6TmWO9fewHUY+AfI+EQ5EcjIyJ0IQ1lNHPALb+6Ty+F91XtW
-----END CERTIFICATE-----