Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/qEPd0nqSig91awjPn67ELfYs8As.roa
File:                     qEPd0nqSig91awjPn67ELfYs8As.roa (raw, json)
Hash identifier:          SHIg9XBoUMy411p/9FGAneRAtPgULKrWih69F9Q73Kc=
Subject key identifier:   A8:43:DD:D2:7A:92:8A:0F:75:6B:08:CF:9F:AE:C4:2D:F6:2C:F0:0B
Certificate issuer:       /CN=67b5b02dc401666ee045ab90cc88817fe09d706a
Certificate serial:       018CC5DC5BC57774DEB3C25281F236539244
Authority key identifier: 67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/qEPd0nqSig91awjPn67ELfYs8As.roa
Signing time:             Mon 01 Jan 2024 16:30:02 +0000
ROA not before:           Mon 01 Jan 2024 16:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     63859
IP address blocks:        151.249.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:5b:c5:77:74:de:b3:c2:52:81:f2:36:53:92:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67b5b02dc401666ee045ab90cc88817fe09d706a
        Validity
            Not Before: Jan  1 16:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a843ddd27a928a0f756b08cf9faec42df62cf00b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:c4:ad:e2:d0:c8:40:33:c5:34:05:b4:07:10:
                    98:89:b9:83:2c:68:0f:fd:fc:82:e9:a4:0f:44:23:
                    72:13:fd:3d:76:9a:78:08:59:ae:80:f7:c4:3d:0a:
                    71:d6:8c:24:df:ae:e7:de:c1:0a:05:69:de:e4:24:
                    3e:fb:9a:30:ce:9d:d4:92:85:a1:9c:cf:c1:2a:b3:
                    0f:fe:a4:5d:d9:06:00:42:f8:66:ed:cc:70:5b:c0:
                    0a:dd:12:4b:88:a7:f2:2a:9c:8c:e8:6c:af:48:1c:
                    cb:fc:28:6e:ee:f1:ca:4c:c1:a3:81:17:d0:84:08:
                    8a:a5:05:ed:f1:73:94:e1:f9:44:1a:f9:c2:f2:20:
                    26:c3:02:96:94:c2:45:1d:6d:9a:80:d0:cd:11:07:
                    e8:f5:58:0d:0b:7c:4b:9f:eb:c0:44:b8:9c:5b:92:
                    bf:6d:bb:a9:3e:8e:45:34:82:9d:cd:f2:87:b7:33:
                    79:13:a6:3f:b4:d8:6c:19:6d:28:7a:eb:d8:fb:3f:
                    46:de:06:43:ca:b1:f6:64:8d:85:31:13:6b:7b:b0:
                    39:8a:6c:49:9c:b1:7c:52:a7:2e:34:8a:e3:e4:50:
                    81:21:21:6a:5a:f7:5d:5a:f8:1d:12:7c:ff:a4:06:
                    eb:d4:10:86:fd:f1:d8:a8:ef:27:35:df:51:01:e1:
                    5f:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:43:DD:D2:7A:92:8A:0F:75:6B:08:CF:9F:AE:C4:2D:F6:2C:F0:0B
            X509v3 Authority Key Identifier:
                keyid:67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/qEPd0nqSig91awjPn67ELfYs8As.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.249.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:20:af:b1:6d:43:b2:c6:cc:b8:51:97:28:e9:3b:c6:b0:f3:
         b9:2d:c1:58:97:e2:a8:b9:8e:d4:b9:c1:af:80:41:80:ed:e9:
         e9:d9:18:f8:dd:f4:8c:03:fc:ee:6e:50:22:82:87:99:49:ea:
         8c:62:e6:01:45:50:d5:f0:99:c0:dc:cf:67:31:d0:95:2c:ac:
         be:fb:8c:15:91:62:7a:71:46:76:ea:50:d8:07:a4:ef:01:93:
         d2:c9:80:7a:97:1a:45:2e:1a:51:5d:d6:13:3a:62:34:ae:a5:
         1d:0b:a2:69:c5:40:65:80:6e:a7:64:70:5a:97:ea:a0:74:2a:
         f7:49:e8:a6:11:c4:53:bc:55:ec:74:e2:33:b7:ed:43:9b:1b:
         44:05:45:ee:da:d2:8d:87:59:c2:fd:3a:0a:c1:88:9a:24:6d:
         be:d9:d9:e2:7d:db:ba:5a:80:47:34:09:65:cb:27:dc:f0:a7:
         ed:23:5f:1b:aa:23:4d:11:1c:26:f6:69:72:fc:30:2c:3e:ab:
         36:65:f3:aa:c0:42:ec:ee:c9:ca:13:36:08:db:67:bc:e2:31:
         e2:f1:2a:7e:91:5e:fd:69:af:3e:c5:a5:0d:38:01:96:94:31:
         0e:a6:cb:78:93:4c:63:b8:9c:61:cb:ed:5d:89:ef:4f:cb:23:
         c3:3a:7b:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3FvFd3Tes8JSgfI2U5JEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YjViMDJkYzQwMTY2NmVlMDQ1YWI5MGNjODg4MTdmZTA5
ZDcwNmEwHhcNMjQwMTAxMTYzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODQzZGRkMjdhOTI4YTBmNzU2YjA4Y2Y5ZmFlYzQyZGY2MmNmMDBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAicSt4tDIQDPFNAW0BxCYibmDLGgP
/fyC6aQPRCNyE/09dpp4CFmugPfEPQpx1owk367n3sEKBWne5CQ++5owzp3UkoWh
nM/BKrMP/qRd2QYAQvhm7cxwW8AK3RJLiKfyKpyM6GyvSBzL/Chu7vHKTMGjgRfQ
hAiKpQXt8XOU4flEGvnC8iAmwwKWlMJFHW2agNDNEQfo9VgNC3xLn+vARLicW5K/
bbupPo5FNIKdzfKHtzN5E6Y/tNhsGW0oeuvY+z9G3gZDyrH2ZI2FMRNre7A5imxJ
nLF8UqcuNIrj5FCBISFqWvddWvgdEnz/pAbr1BCG/fHYqO8nNd9RAeFfZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKhD3dJ6kooPdWsIz5+uxC32LPALMB8GA1UdIwQY
MBaAFGe1sC3EAWZu4EWrkMyIgX/gnXBqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQt
YjVkODg4YWRmZDM3LzEvcUVQZDBucVNpZzkxYXdqUG42N0VMZllzOEFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQtYjVkODg4YWRmZDM3
LzEvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/lfMA0G
CSqGSIb3DQEBCwUAA4IBAQBVIK+xbUOyxsy4UZco6TvGsPO5LcFYl+KouY7UucGv
gEGA7enp2Rj43fSMA/zublAigoeZSeqMYuYBRVDV8JnA3M9nMdCVLKy++4wVkWJ6
cUZ26lDYB6TvAZPSyYB6lxpFLhpRXdYTOmI0rqUdC6JpxUBlgG6nZHBal+qgdCr3
SeimEcRTvFXsdOIzt+1DmxtEBUXu2tKNh1nC/ToKwYiaJG2+2dnifdu6WoBHNAll
yyfc8KftI18bqiNNERwm9mly/DAsPqs2ZfOqwELs7snKEzYI22e84jHi8Sp+kV79
aa8+xaUNOAGWlDEOpst4k0xjuJxhy+1die9PyyPDOnut
-----END CERTIFICATE-----