Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/af18c4-c044-4485-8ef0-d7812a338183/1/sEbq72kKyq0MUlSHy28OobqTc1U.roa
File:                     sEbq72kKyq0MUlSHy28OobqTc1U.roa (raw, json)
Hash identifier:          uhKLj1XsZrQ5VHi2PEIYIMK44bGkjfRIEa82qiy1OFg=
Subject key identifier:   B0:46:EA:EF:69:0A:CA:AD:0C:52:54:87:CB:6F:0E:A1:BA:93:73:55
Certificate issuer:       /CN=aa6745519323d8c2d93c1b107bf85f61933c71ca
Certificate serial:       018F0A2E2A1D461C93BE729D8C6AC08687B9
Authority key identifier: AA:67:45:51:93:23:D8:C2:D9:3C:1B:10:7B:F8:5F:61:93:3C:71:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qmdFUZMj2MLZPBsQe_hfYZM8cco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/af18c4-c044-4485-8ef0-d7812a338183/1/sEbq72kKyq0MUlSHy28OobqTc1U.roa
Signing time:             Tue 23 Apr 2024 08:59:08 +0000
ROA not before:           Tue 23 Apr 2024 08:59:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199393
IP address blocks:        195.95.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/af18c4-c044-4485-8ef0-d7812a338183/1/qmdFUZMj2MLZPBsQe_hfYZM8cco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/af18c4-c044-4485-8ef0-d7812a338183/1/qmdFUZMj2MLZPBsQe_hfYZM8cco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qmdFUZMj2MLZPBsQe_hfYZM8cco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0a:2e:2a:1d:46:1c:93:be:72:9d:8c:6a:c0:86:87:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa6745519323d8c2d93c1b107bf85f61933c71ca
        Validity
            Not Before: Apr 23 08:59:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b046eaef690acaad0c525487cb6f0ea1ba937355
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:50:af:42:4f:bc:4e:ca:19:75:a9:ab:52:17:
                    97:c3:6d:5b:8e:66:c6:1f:04:d8:cb:55:7a:cb:c5:
                    71:cc:c1:0c:7b:6a:bd:ee:b7:9f:15:40:87:16:f2:
                    c5:3b:8c:90:88:56:4e:bd:87:4f:9a:c7:32:0c:27:
                    4c:96:d4:1c:fa:85:6f:d1:41:98:24:c3:4f:d4:98:
                    f0:3c:22:9b:06:59:7c:d5:33:d5:05:23:17:2b:00:
                    11:ce:62:3f:ae:d1:ee:6e:2a:d6:f8:d4:f3:1d:1e:
                    34:35:15:37:d0:80:db:cc:bc:02:7f:5d:08:a4:cd:
                    74:55:f2:19:7e:50:0a:b5:ff:52:59:ad:f6:f5:fa:
                    5c:eb:a0:90:f3:4b:b9:ac:c2:5b:17:db:f3:13:ac:
                    39:ae:ba:16:47:9a:8d:31:2f:98:05:40:1d:c3:72:
                    b5:1e:b6:80:c6:d9:37:92:cd:ea:bd:d1:d8:21:03:
                    13:44:43:42:22:a3:91:2a:f8:35:e2:c8:b4:49:01:
                    5e:63:4f:f2:2c:42:f0:ab:c8:f4:69:36:da:27:a4:
                    75:05:22:3f:bf:b6:6b:dc:2b:fe:ae:81:eb:e1:b0:
                    c6:61:bb:93:75:3f:5d:18:69:96:77:cc:aa:ae:59:
                    5a:7c:6f:0e:cc:41:c5:01:05:d7:c2:71:86:68:00:
                    b4:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:46:EA:EF:69:0A:CA:AD:0C:52:54:87:CB:6F:0E:A1:BA:93:73:55
            X509v3 Authority Key Identifier:
                keyid:AA:67:45:51:93:23:D8:C2:D9:3C:1B:10:7B:F8:5F:61:93:3C:71:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qmdFUZMj2MLZPBsQe_hfYZM8cco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/af18c4-c044-4485-8ef0-d7812a338183/1/sEbq72kKyq0MUlSHy28OobqTc1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/af18c4-c044-4485-8ef0-d7812a338183/1/qmdFUZMj2MLZPBsQe_hfYZM8cco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:ee:1a:51:67:f3:b9:f3:dd:7a:8e:6e:46:24:be:5d:74:ce:
         85:7a:be:65:03:d2:f3:ac:71:29:9b:0f:aa:e0:2e:f3:46:54:
         c6:ea:6d:86:80:ea:03:74:6b:dd:7b:06:17:34:d5:26:f8:70:
         f2:c2:3e:ba:0c:e1:ec:ee:a5:90:2c:dd:15:a6:0c:70:6f:5e:
         eb:9c:35:0d:1c:39:0c:07:f0:1d:1f:f5:a3:9d:0e:7b:ed:9c:
         ac:b2:84:0c:ff:58:2a:ae:c5:c3:25:89:9c:e4:d7:da:1f:df:
         e8:7e:60:35:cb:fb:ad:e1:e5:0f:4b:d2:39:0c:73:60:b7:8f:
         6f:f3:04:46:97:2e:f3:da:70:85:f6:23:b2:b7:35:b9:c6:bc:
         2b:2a:ad:7b:95:09:b6:d8:c8:6d:8b:cb:01:98:46:41:84:d0:
         1a:5e:c5:d6:a7:3a:66:d8:e9:83:89:b8:d3:98:e9:dd:0f:db:
         85:4c:bb:bb:00:51:b9:0c:41:76:b6:76:ff:3e:d9:3b:0d:e9:
         d6:f3:7e:8c:4c:c1:ff:54:6d:8f:81:a8:b4:83:fe:2d:86:fa:
         4a:9a:b9:9e:f3:d1:6d:9d:13:2b:26:3c:72:3a:d0:40:91:d6:
         69:96:2c:01:a8:9f:5a:e0:8a:cd:b8:0d:61:d9:8d:a2:59:3d:
         8c:24:40:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8KLiodRhyTvnKdjGrAhoe5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNjc0NTUxOTMyM2Q4YzJkOTNjMWIxMDdiZjg1ZjYxOTMz
YzcxY2EwHhcNMjQwNDIzMDg1OTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDQ2ZWFlZjY5MGFjYWFkMGM1MjU0ODdjYjZmMGVhMWJhOTM3MzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFCvQk+8TsoZdamrUheXw21bjmbG
HwTYy1V6y8VxzMEMe2q97refFUCHFvLFO4yQiFZOvYdPmscyDCdMltQc+oVv0UGY
JMNP1JjwPCKbBll81TPVBSMXKwARzmI/rtHubirW+NTzHR40NRU30IDbzLwCf10I
pM10VfIZflAKtf9SWa329fpc66CQ80u5rMJbF9vzE6w5rroWR5qNMS+YBUAdw3K1
HraAxtk3ks3qvdHYIQMTRENCIqORKvg14si0SQFeY0/yLELwq8j0aTbaJ6R1BSI/
v7Zr3Cv+roHr4bDGYbuTdT9dGGmWd8yqrllafG8OzEHFAQXXwnGGaAC0/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLBG6u9pCsqtDFJUh8tvDqG6k3NVMB8GA1UdIwQY
MBaAFKpnRVGTI9jC2TwbEHv4X2GTPHHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcW1kRlVaTWoyTUxaUEJzUWVfaGZZWk04Y2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9hZjE4YzQtYzA0NC00NDg1LThlZjAt
ZDc4MTJhMzM4MTgzLzEvc0VicTcya0t5cTBNVWxTSHkyOE9vYnFUYzFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9hZjE4YzQtYzA0NC00NDg1LThlZjAtZDc4MTJhMzM4MTgz
LzEvcW1kRlVaTWoyTUxaUEJzUWVfaGZZWk04Y2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1+QMA0G
CSqGSIb3DQEBCwUAA4IBAQBA7hpRZ/O58916jm5GJL5ddM6Fer5lA9LzrHEpmw+q
4C7zRlTG6m2GgOoDdGvdewYXNNUm+HDywj66DOHs7qWQLN0Vpgxwb17rnDUNHDkM
B/AdH/WjnQ577ZyssoQM/1gqrsXDJYmc5NfaH9/ofmA1y/ut4eUPS9I5DHNgt49v
8wRGly7z2nCF9iOytzW5xrwrKq17lQm22Mhti8sBmEZBhNAaXsXWpzpm2OmDibjT
mOndD9uFTLu7AFG5DEF2tnb/Ptk7DenW836MTMH/VG2Pgai0g/4thvpKmrme89Ft
nRMrJjxyOtBAkdZpliwBqJ9a4IrNuA1h2Y2iWT2MJECr
-----END CERTIFICATE-----