Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/ed1609-1086-47b4-a49d-f10d26e3c3df/1/95kfmjeYu601tVD7G5VIwEGLvN8.roa
File:                     95kfmjeYu601tVD7G5VIwEGLvN8.roa (raw, json)
Hash identifier:          LncIH1GdBz4gKXhc1rjsKzlF4Bo9rfgpySezcZ0FWHw=
Subject key identifier:   F7:99:1F:9A:37:98:BB:AD:35:B5:50:FB:1B:95:48:C0:41:8B:BC:DF
Certificate issuer:       /CN=1b9ecfa71efef9bb1bfe7b2e40215cda5b231e5d
Certificate serial:       018CC80139418C40AEFC2CA4AD8FAA70FB6D
Authority key identifier: 1B:9E:CF:A7:1E:FE:F9:BB:1B:FE:7B:2E:40:21:5C:DA:5B:23:1E:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G57Ppx7--bsb_nsuQCFc2lsjHl0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/ed1609-1086-47b4-a49d-f10d26e3c3df/1/95kfmjeYu601tVD7G5VIwEGLvN8.roa
Signing time:             Tue 02 Jan 2024 02:29:32 +0000
ROA not before:           Tue 02 Jan 2024 02:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15830
IP address blocks:        95.214.96.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/ed1609-1086-47b4-a49d-f10d26e3c3df/1/G57Ppx7--bsb_nsuQCFc2lsjHl0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/ed1609-1086-47b4-a49d-f10d26e3c3df/1/G57Ppx7--bsb_nsuQCFc2lsjHl0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G57Ppx7--bsb_nsuQCFc2lsjHl0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:39:41:8c:40:ae:fc:2c:a4:ad:8f:aa:70:fb:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9ecfa71efef9bb1bfe7b2e40215cda5b231e5d
        Validity
            Not Before: Jan  2 02:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7991f9a3798bbad35b550fb1b9548c0418bbcdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:51:d0:35:83:77:4e:0e:a4:27:12:02:a7:69:
                    17:82:c9:f6:73:60:f1:d6:33:7e:62:d4:e1:4c:73:
                    ff:eb:7e:2b:22:e2:70:3d:7d:ef:2a:f0:7e:be:35:
                    68:62:59:c3:b9:a6:cc:40:16:ad:01:3d:d8:a1:87:
                    6a:bc:a9:03:30:4f:af:47:b9:4b:04:71:13:94:7c:
                    b2:44:69:73:33:9f:3c:17:41:0d:35:4b:96:18:2d:
                    1d:c9:b2:78:5b:51:1d:3a:0c:71:fa:63:43:b2:24:
                    28:2a:c9:a9:e1:bd:24:63:33:3c:1a:58:3c:dd:3a:
                    6a:c2:54:c7:a2:7a:14:96:36:b0:ed:5a:89:9c:3f:
                    84:ce:c5:75:50:b9:58:5e:bc:2b:a7:50:3e:ce:49:
                    29:cf:6b:a4:c6:b3:76:4c:5d:6e:0f:38:e5:9f:ae:
                    44:28:62:c0:3d:86:09:d1:88:9c:c2:fe:70:ab:d0:
                    59:64:26:76:81:62:21:7d:e1:30:02:f4:ed:0d:ab:
                    78:57:9a:b2:2c:b8:f0:1e:83:98:b8:92:d5:73:1f:
                    9a:11:90:fc:9d:ed:4f:36:5a:bf:93:40:15:5e:f2:
                    9f:c6:b5:75:20:df:76:15:8e:3c:fe:be:75:20:06:
                    1b:46:da:92:e6:ac:5f:d7:ed:4a:cb:23:6b:5d:89:
                    8b:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:99:1F:9A:37:98:BB:AD:35:B5:50:FB:1B:95:48:C0:41:8B:BC:DF
            X509v3 Authority Key Identifier:
                keyid:1B:9E:CF:A7:1E:FE:F9:BB:1B:FE:7B:2E:40:21:5C:DA:5B:23:1E:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G57Ppx7--bsb_nsuQCFc2lsjHl0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/ed1609-1086-47b4-a49d-f10d26e3c3df/1/95kfmjeYu601tVD7G5VIwEGLvN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/ed1609-1086-47b4-a49d-f10d26e3c3df/1/G57Ppx7--bsb_nsuQCFc2lsjHl0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.214.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b0:b6:05:5e:a5:29:84:f9:c4:ab:11:a6:87:aa:ee:f8:e6:0d:
         3a:2a:9e:af:8f:34:59:cc:12:18:a1:8b:6b:83:a7:a1:83:0b:
         4c:40:62:8a:02:82:0f:35:24:d8:f0:fe:69:07:24:6b:8a:98:
         56:e9:c7:b9:81:c2:58:a5:ed:c5:9a:50:90:76:f1:5c:b1:92:
         dc:9c:8c:ea:a4:80:8b:08:14:fa:9d:3e:f1:75:c8:2d:39:8d:
         23:26:2a:f3:9d:25:32:a4:df:41:e1:47:23:1a:30:26:62:05:
         5d:db:25:25:52:67:f5:08:d7:4c:12:12:43:a0:73:d8:fa:9a:
         c0:29:5e:ed:c1:29:8d:af:cd:a6:2f:8b:a8:c4:e1:93:ec:8f:
         d4:ce:3d:d1:52:89:f6:6b:1a:a2:73:e6:8e:a5:db:52:0f:b0:
         79:09:92:8c:b1:5c:3d:e1:df:fc:fe:28:93:8e:9e:bd:d7:48:
         69:51:1e:e6:bb:8d:df:18:94:df:79:f2:cc:37:d5:5f:06:91:
         80:6b:63:d4:f0:89:06:75:46:6f:41:46:f8:11:14:ba:38:2c:
         0b:1a:ae:43:b9:f1:2a:a7:c4:d6:0a:4a:a0:bb:5e:32:ba:2e:
         57:68:e5:30:af:ee:e9:f6:8a:49:6d:2f:be:f6:3e:bf:cb:20:
         77:65:b1:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIATlBjECu/CykrY+qcPttMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWVjZmE3MWVmZWY5YmIxYmZlN2IyZTQwMjE1Y2RhNWIy
MzFlNWQwHhcNMjQwMTAyMDIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzk5MWY5YTM3OThiYmFkMzViNTUwZmIxYjk1NDhjMDQxOGJiY2RmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgFHQNYN3Tg6kJxICp2kXgsn2c2Dx
1jN+YtThTHP/634rIuJwPX3vKvB+vjVoYlnDuabMQBatAT3YoYdqvKkDME+vR7lL
BHETlHyyRGlzM588F0ENNUuWGC0dybJ4W1EdOgxx+mNDsiQoKsmp4b0kYzM8Glg8
3TpqwlTHonoUljaw7VqJnD+EzsV1ULlYXrwrp1A+zkkpz2ukxrN2TF1uDzjln65E
KGLAPYYJ0Yicwv5wq9BZZCZ2gWIhfeEwAvTtDat4V5qyLLjwHoOYuJLVcx+aEZD8
ne1PNlq/k0AVXvKfxrV1IN92FY48/r51IAYbRtqS5qxf1+1KyyNrXYmLcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPeZH5o3mLutNbVQ+xuVSMBBi7zfMB8GA1UdIwQY
MBaAFBuez6ce/vm7G/57LkAhXNpbIx5dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU3UHB4Ny0tYnNiX25zdVFDRmMybHNqSGwwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9lZDE2MDktMTA4Ni00N2I0LWE0OWQt
ZjEwZDI2ZTNjM2RmLzEvOTVrZm1qZVl1NjAxdFZEN0c1Vkl3RUdMdk44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy9lZDE2MDktMTA4Ni00N2I0LWE0OWQtZjEwZDI2ZTNjM2Rm
LzEvRzU3UHB4Ny0tYnNiX25zdVFDRmMybHNqSGwwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCX9ZgMA0G
CSqGSIb3DQEBCwUAA4IBAQCwtgVepSmE+cSrEaaHqu745g06Kp6vjzRZzBIYoYtr
g6ehgwtMQGKKAoIPNSTY8P5pByRriphW6ce5gcJYpe3FmlCQdvFcsZLcnIzqpICL
CBT6nT7xdcgtOY0jJirznSUypN9B4UcjGjAmYgVd2yUlUmf1CNdMEhJDoHPY+prA
KV7twSmNr82mL4uoxOGT7I/Uzj3RUon2axqic+aOpdtSD7B5CZKMsVw94d/8/iiT
jp6910hpUR7mu43fGJTfefLMN9VfBpGAa2PU8IkGdUZvQUb4ERS6OCwLGq5DufEq
p8TWCkqgu14yui5XaOUwr+7p9opJbS++9j6/yyB3ZbG8
-----END CERTIFICATE-----