Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/e8fc9a-3b92-4798-8cfd-c6bdb1830694/1/SgzsNzdDplaQDtafq3SijmAHprM.roa
File:                     SgzsNzdDplaQDtafq3SijmAHprM.roa (raw, json)
Hash identifier:          3eOoNkXbz59MXoRZedqABx2BUTxWj6Fj+w3KcAFH0mA=
Subject key identifier:   4A:0C:EC:37:37:43:A6:56:90:0E:D6:9F:AB:74:A2:8E:60:07:A6:B3
Certificate issuer:       /CN=5032f297789a194a8b507805f35d42ee78c0d4c3
Certificate serial:       018CCA2BEB44BF1C8D0B7F22DF808BB1DCDF
Authority key identifier: 50:32:F2:97:78:9A:19:4A:8B:50:78:05:F3:5D:42:EE:78:C0:D4:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UDLyl3iaGUqLUHgF811C7njA1MM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/e8fc9a-3b92-4798-8cfd-c6bdb1830694/1/SgzsNzdDplaQDtafq3SijmAHprM.roa
Signing time:             Tue 02 Jan 2024 12:35:25 +0000
ROA not before:           Tue 02 Jan 2024 12:35:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41037
IP address blocks:        195.95.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/e8fc9a-3b92-4798-8cfd-c6bdb1830694/1/UDLyl3iaGUqLUHgF811C7njA1MM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/e8fc9a-3b92-4798-8cfd-c6bdb1830694/1/UDLyl3iaGUqLUHgF811C7njA1MM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UDLyl3iaGUqLUHgF811C7njA1MM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:eb:44:bf:1c:8d:0b:7f:22:df:80:8b:b1:dc:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5032f297789a194a8b507805f35d42ee78c0d4c3
        Validity
            Not Before: Jan  2 12:35:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a0cec373743a656900ed69fab74a28e6007a6b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:16:eb:f3:4f:4e:e8:e3:6b:3e:d9:57:94:98:
                    c7:68:55:e3:80:26:5b:17:6b:40:f2:b4:7f:6c:28:
                    6f:66:1d:24:0c:dc:1f:11:6a:9e:66:51:06:b9:a0:
                    5a:b4:a2:19:e7:fc:63:b9:37:b9:4c:fd:c4:02:4d:
                    47:dd:04:9a:29:ac:25:42:cb:58:6f:aa:ef:21:0a:
                    95:8d:47:74:e0:15:16:d7:3d:a6:97:c6:0b:a5:31:
                    0d:85:9c:cf:e3:49:ff:7c:f9:45:1a:49:c8:a8:42:
                    ae:f1:0d:4c:cb:02:0d:77:07:de:42:c4:0a:17:6d:
                    07:2a:2f:e4:3e:b2:7d:9a:8a:be:2d:2b:52:b3:3d:
                    99:35:93:cc:5d:ab:dc:72:e8:dc:99:ea:cf:22:1e:
                    21:ad:40:45:cb:06:46:5e:27:5c:47:4f:e1:6d:eb:
                    a3:56:36:66:30:d7:6d:ed:ac:b0:b7:6f:73:68:bb:
                    20:3b:4d:b5:c8:ee:80:00:1d:0d:e8:c7:d0:a1:1c:
                    84:84:49:4e:3c:85:b2:d7:d1:ef:d4:19:ca:bc:17:
                    9f:de:ab:79:ce:4e:fb:d2:d8:b4:3b:ad:4b:12:2e:
                    d5:44:ee:55:48:de:6d:a2:0f:d4:d7:42:ca:34:88:
                    de:dc:f2:04:5a:01:41:d4:b5:eb:d9:f1:f1:4f:ab:
                    e3:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:0C:EC:37:37:43:A6:56:90:0E:D6:9F:AB:74:A2:8E:60:07:A6:B3
            X509v3 Authority Key Identifier:
                keyid:50:32:F2:97:78:9A:19:4A:8B:50:78:05:F3:5D:42:EE:78:C0:D4:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UDLyl3iaGUqLUHgF811C7njA1MM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/e8fc9a-3b92-4798-8cfd-c6bdb1830694/1/SgzsNzdDplaQDtafq3SijmAHprM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/e8fc9a-3b92-4798-8cfd-c6bdb1830694/1/UDLyl3iaGUqLUHgF811C7njA1MM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:df:bc:05:c3:a9:b0:f5:e3:1a:eb:cb:9a:59:cf:2e:85:50:
         ae:fe:27:aa:88:cb:58:09:47:5f:b2:dc:96:56:61:5c:ce:92:
         3d:45:25:f5:14:52:6f:16:b1:71:59:d8:47:4d:60:38:d8:c9:
         84:2d:ab:ee:60:d3:e4:c4:55:fc:be:9a:d2:9f:d3:0f:1a:4c:
         27:19:75:ea:c7:d4:2a:6e:8f:db:10:db:dc:83:4c:94:9c:7b:
         1d:52:d3:98:59:8e:f3:d5:7e:82:b5:c8:64:f0:f4:9d:b5:f4:
         68:fe:0e:3c:a0:50:83:4d:5f:5b:30:4d:6a:e7:79:d0:67:c6:
         77:f2:52:21:de:ad:48:50:e1:c4:b2:d2:34:02:70:84:9c:2c:
         cc:ba:da:23:4c:4e:ec:a3:57:7d:da:7b:c7:aa:63:c9:27:2d:
         4e:52:92:68:1c:77:08:71:79:d6:74:a5:a9:45:3e:6e:17:62:
         53:c9:f0:be:68:a5:af:c2:34:02:02:a0:39:40:82:51:53:95:
         77:8c:88:c5:9b:06:db:6f:f9:c5:00:59:4f:80:03:c7:18:70:
         47:b4:81:74:c5:89:24:e6:3d:ff:c6:a4:3e:e4:cd:e9:00:74:
         c8:2c:c0:12:7e:42:84:a4:2f:d0:f6:d8:02:87:49:63:3e:1c:
         48:1e:06:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK+tEvxyNC38i34CLsdzfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwMzJmMjk3Nzg5YTE5NGE4YjUwNzgwNWYzNWQ0MmVlNzhj
MGQ0YzMwHhcNMjQwMTAyMTIzNTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTBjZWMzNzM3NDNhNjU2OTAwZWQ2OWZhYjc0YTI4ZTYwMDdhNmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxbr809O6ONrPtlXlJjHaFXjgCZb
F2tA8rR/bChvZh0kDNwfEWqeZlEGuaBatKIZ5/xjuTe5TP3EAk1H3QSaKawlQstY
b6rvIQqVjUd04BUW1z2ml8YLpTENhZzP40n/fPlFGknIqEKu8Q1MywINdwfeQsQK
F20HKi/kPrJ9moq+LStSsz2ZNZPMXavccujcmerPIh4hrUBFywZGXidcR0/hbeuj
VjZmMNdt7aywt29zaLsgO021yO6AAB0N6MfQoRyEhElOPIWy19Hv1BnKvBef3qt5
zk770ti0O61LEi7VRO5VSN5tog/U10LKNIje3PIEWgFB1LXr2fHxT6vjUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEoM7Dc3Q6ZWkA7Wn6t0oo5gB6azMB8GA1UdIwQY
MBaAFFAy8pd4mhlKi1B4BfNdQu54wNTDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVURMeWwzaWFHVXFMVUhnRjgxMUM3bmpBMU1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9lOGZjOWEtM2I5Mi00Nzk4LThjZmQt
YzZiZGIxODMwNjk0LzEvU2d6c056ZERwbGFRRHRhZnEzU2lqbUFIcHJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9lOGZjOWEtM2I5Mi00Nzk4LThjZmQtYzZiZGIxODMwNjk0
LzEvVURMeWwzaWFHVXFMVUhnRjgxMUM3bmpBMU1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1+uMA0G
CSqGSIb3DQEBCwUAA4IBAQB237wFw6mw9eMa68uaWc8uhVCu/ieqiMtYCUdfstyW
VmFczpI9RSX1FFJvFrFxWdhHTWA42MmELavuYNPkxFX8vprSn9MPGkwnGXXqx9Qq
bo/bENvcg0yUnHsdUtOYWY7z1X6Ctchk8PSdtfRo/g48oFCDTV9bME1q53nQZ8Z3
8lIh3q1IUOHEstI0AnCEnCzMutojTE7so1d92nvHqmPJJy1OUpJoHHcIcXnWdKWp
RT5uF2JTyfC+aKWvwjQCAqA5QIJRU5V3jIjFmwbbb/nFAFlPgAPHGHBHtIF0xYkk
5j3/xqQ+5M3pAHTILMASfkKEpC/Q9tgCh0ljPhxIHgZa
-----END CERTIFICATE-----