Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/30764e-799f-4736-9686-92d5d3970a59/1/XAxc8nrxQe_9foz5eXAz5zRx75o.roa
File:                     XAxc8nrxQe_9foz5eXAz5zRx75o.roa (raw, json)
Hash identifier:          44ppZwWS+xmwT7dXs8B2ZU09bH3kbsTFiWSjnn9xSLM=
Subject key identifier:   5C:0C:5C:F2:7A:F1:41:EF:FD:7E:8C:F9:79:70:33:E7:34:71:EF:9A
Certificate issuer:       /CN=9e2e88f507cd2eadbb232c864f71edba6ecb5da0
Certificate serial:       018CC8DE98A1A22928FA20D19878461227EF
Authority key identifier: 9E:2E:88:F5:07:CD:2E:AD:BB:23:2C:86:4F:71:ED:BA:6E:CB:5D:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ni6I9QfNLq27IyyGT3Htum7LXaA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/30764e-799f-4736-9686-92d5d3970a59/1/XAxc8nrxQe_9foz5eXAz5zRx75o.roa
Signing time:             Tue 02 Jan 2024 06:31:20 +0000
ROA not before:           Tue 02 Jan 2024 06:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44056
IP address blocks:        195.88.58.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/30764e-799f-4736-9686-92d5d3970a59/1/ni6I9QfNLq27IyyGT3Htum7LXaA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/30764e-799f-4736-9686-92d5d3970a59/1/ni6I9QfNLq27IyyGT3Htum7LXaA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ni6I9QfNLq27IyyGT3Htum7LXaA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:98:a1:a2:29:28:fa:20:d1:98:78:46:12:27:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e2e88f507cd2eadbb232c864f71edba6ecb5da0
        Validity
            Not Before: Jan  2 06:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c0c5cf27af141effd7e8cf9797033e73471ef9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:53:aa:e0:d2:6d:b1:f1:ea:4a:1e:db:93:ab:
                    9f:de:d5:54:35:39:29:16:b6:f4:7c:99:55:c7:49:
                    c4:08:65:1a:fc:a7:28:db:a2:43:d2:17:9a:28:1c:
                    b4:71:c5:69:bd:fe:07:62:84:fb:89:37:56:a5:8f:
                    dd:3a:82:57:b1:2f:5f:d5:3d:3b:b6:dd:30:46:72:
                    79:67:d4:82:87:a8:08:8b:9e:93:5b:28:64:f2:be:
                    d5:32:1b:22:91:08:74:49:d5:70:0e:3a:d9:f0:b6:
                    6c:4e:45:82:12:25:f1:8b:c3:43:7c:05:12:70:e2:
                    29:c6:32:7a:82:49:b5:5d:80:54:1a:78:4c:0f:be:
                    1e:42:1b:9a:49:41:8b:fb:80:ac:92:7f:db:1e:e0:
                    4c:ac:bb:d0:ea:b6:ae:ec:0a:aa:a3:9e:be:38:c1:
                    b2:96:a6:e8:31:54:e3:0e:d6:0b:cc:64:f5:99:4f:
                    73:2e:54:de:f6:52:6d:ee:68:43:dd:8e:22:07:ba:
                    34:e3:bb:ad:5f:79:5a:a6:a0:cb:5b:9f:b5:90:4a:
                    94:39:08:de:87:19:d1:b5:57:23:06:13:19:e8:16:
                    22:a7:d7:59:3c:cd:ed:e5:f1:eb:1b:bc:48:5d:aa:
                    52:0a:05:a9:2b:74:a4:df:0a:85:46:30:68:96:8c:
                    bb:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:0C:5C:F2:7A:F1:41:EF:FD:7E:8C:F9:79:70:33:E7:34:71:EF:9A
            X509v3 Authority Key Identifier:
                keyid:9E:2E:88:F5:07:CD:2E:AD:BB:23:2C:86:4F:71:ED:BA:6E:CB:5D:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ni6I9QfNLq27IyyGT3Htum7LXaA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/30764e-799f-4736-9686-92d5d3970a59/1/XAxc8nrxQe_9foz5eXAz5zRx75o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/30764e-799f-4736-9686-92d5d3970a59/1/ni6I9QfNLq27IyyGT3Htum7LXaA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.58.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a0:e3:a1:3f:b1:e2:4b:5c:e5:b1:6f:81:a6:70:04:2e:c4:41:
         35:1a:b9:19:49:80:f4:8f:94:c7:d6:bb:0a:43:9e:a0:5c:c9:
         7e:99:69:fc:0d:b6:f1:26:1b:61:52:33:f9:70:61:a0:b4:7e:
         a3:de:9e:cd:28:2f:6b:a4:72:ac:03:63:a5:a6:ba:6b:4f:f8:
         7a:e7:ff:c8:9b:f0:74:2e:d3:32:da:83:14:ce:f1:cb:2b:ec:
         62:39:e0:47:34:3e:e3:5b:22:33:35:d1:83:a3:09:fd:6d:76:
         ac:19:06:55:6b:ea:77:30:ac:ed:2c:74:ca:65:06:e8:fe:79:
         00:ff:57:bc:4a:ed:d0:6d:1b:95:41:d3:af:49:68:66:36:ac:
         89:b5:b4:a8:82:5f:61:b3:da:cb:77:6b:8b:b4:ce:18:8d:f4:
         e2:50:ba:17:cf:ce:04:34:3b:25:c2:92:f9:67:3f:d2:c7:d1:
         72:5e:a0:74:15:c4:4b:3a:8f:03:21:eb:ff:ad:5e:b8:47:23:
         4a:b8:d8:eb:62:c7:57:67:0b:b5:51:03:d6:a5:6d:44:f7:b4:
         29:3c:e2:7c:35:92:5f:dc:0a:1d:8e:e9:1f:5c:3c:a4:90:4e:
         c4:61:8b:df:9c:ac:1e:df:21:8e:04:30:ec:57:9d:c8:32:f9:
         28:50:40:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3pihoiko+iDRmHhGEifvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMmU4OGY1MDdjZDJlYWRiYjIzMmM4NjRmNzFlZGJhNmVj
YjVkYTAwHhcNMjQwMTAyMDYzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzBjNWNmMjdhZjE0MWVmZmQ3ZThjZjk3OTcwMzNlNzM0NzFlZjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2lOq4NJtsfHqSh7bk6uf3tVUNTkp
Frb0fJlVx0nECGUa/Kco26JD0heaKBy0ccVpvf4HYoT7iTdWpY/dOoJXsS9f1T07
tt0wRnJ5Z9SCh6gIi56TWyhk8r7VMhsikQh0SdVwDjrZ8LZsTkWCEiXxi8NDfAUS
cOIpxjJ6gkm1XYBUGnhMD74eQhuaSUGL+4Cskn/bHuBMrLvQ6rau7Aqqo56+OMGy
lqboMVTjDtYLzGT1mU9zLlTe9lJt7mhD3Y4iB7o047utX3lapqDLW5+1kEqUOQje
hxnRtVcjBhMZ6BYip9dZPM3t5fHrG7xIXapSCgWpK3Sk3wqFRjBoloy7HwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFwMXPJ68UHv/X6M+XlwM+c0ce+aMB8GA1UdIwQY
MBaAFJ4uiPUHzS6tuyMshk9x7bpuy12gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmk2STlRZk5McTI3SXl5R1QzSHR1bTdMWGFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS8zMDc2NGUtNzk5Zi00NzM2LTk2ODYt
OTJkNWQzOTcwYTU5LzEvWEF4YzhucnhRZV85Zm96NWVYQXo1elJ4NzVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS8zMDc2NGUtNzk5Zi00NzM2LTk2ODYtOTJkNWQzOTcwYTU5
LzEvbmk2STlRZk5McTI3SXl5R1QzSHR1bTdMWGFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw1g6MA0G
CSqGSIb3DQEBCwUAA4IBAQCg46E/seJLXOWxb4GmcAQuxEE1GrkZSYD0j5TH1rsK
Q56gXMl+mWn8DbbxJhthUjP5cGGgtH6j3p7NKC9rpHKsA2OlprprT/h65//Im/B0
LtMy2oMUzvHLK+xiOeBHND7jWyIzNdGDown9bXasGQZVa+p3MKztLHTKZQbo/nkA
/1e8Su3QbRuVQdOvSWhmNqyJtbSogl9hs9rLd2uLtM4YjfTiULoXz84ENDslwpL5
Zz/Sx9FyXqB0FcRLOo8DIev/rV64RyNKuNjrYsdXZwu1UQPWpW1E97QpPOJ8NZJf
3AodjukfXDykkE7EYYvfnKwe3yGOBDDsV53IMvkoUEB+
-----END CERTIFICATE-----