Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/5dfd89-4d79-4bb6-8bf3-0d38dddb0780/1/B8y1kCwpGiLQEvaVWkqHENau-Sc.roa
File:                     B8y1kCwpGiLQEvaVWkqHENau-Sc.roa (raw, json)
Hash identifier:          B4in8Xzl6a4AQaFy6gNV/dVcz09nHn4UiMZqVplrac8=
Subject key identifier:   07:CC:B5:90:2C:29:1A:22:D0:12:F6:95:5A:4A:87:10:D6:AE:F9:27
Certificate issuer:       /CN=5c32311952566d1ce18f088e8bb6ceabe7e7935a
Certificate serial:       018CC3B6EBCA215B60C8DBDA46D4D2503657
Authority key identifier: 5C:32:31:19:52:56:6D:1C:E1:8F:08:8E:8B:B6:CE:AB:E7:E7:93:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XDIxGVJWbRzhjwiOi7bOq-fnk1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/5dfd89-4d79-4bb6-8bf3-0d38dddb0780/1/B8y1kCwpGiLQEvaVWkqHENau-Sc.roa
Signing time:             Mon 01 Jan 2024 06:29:54 +0000
ROA not before:           Mon 01 Jan 2024 06:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60759
IP address blocks:        188.95.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/5dfd89-4d79-4bb6-8bf3-0d38dddb0780/1/XDIxGVJWbRzhjwiOi7bOq-fnk1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/5dfd89-4d79-4bb6-8bf3-0d38dddb0780/1/XDIxGVJWbRzhjwiOi7bOq-fnk1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XDIxGVJWbRzhjwiOi7bOq-fnk1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:eb:ca:21:5b:60:c8:db:da:46:d4:d2:50:36:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c32311952566d1ce18f088e8bb6ceabe7e7935a
        Validity
            Not Before: Jan  1 06:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07ccb5902c291a22d012f6955a4a8710d6aef927
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e9:93:8e:c0:83:8c:44:75:f3:b0:81:36:c4:
                    2e:f0:e6:ba:aa:9d:42:65:09:c2:54:9a:62:5e:33:
                    2b:22:bc:b5:a1:e3:1b:c4:30:63:87:f8:e1:76:83:
                    b1:55:01:92:2f:d2:54:39:4c:6a:f3:29:f2:92:68:
                    39:ea:de:00:c0:1a:14:ce:15:bf:0b:15:c8:0a:e3:
                    98:d1:7e:93:ea:7c:5a:72:dd:03:73:13:71:85:f5:
                    40:64:fa:81:50:cf:73:ca:83:5d:22:9f:2b:b1:a2:
                    7e:ea:6e:18:d7:13:a0:0e:04:60:33:fc:8e:86:a6:
                    7a:d9:10:51:1b:37:6e:33:02:a2:46:1d:74:7a:39:
                    ed:e7:8b:a8:32:f8:b4:3d:1a:f7:77:80:c3:0f:4b:
                    84:f5:a0:c1:42:c0:6e:d3:17:7c:fe:38:4b:b4:f9:
                    62:d6:e9:8c:6c:70:c8:51:0a:f2:6a:b1:16:8c:56:
                    cc:7b:cf:5b:5d:35:4e:f8:d4:1c:db:0c:18:57:f1:
                    b2:94:5e:9f:aa:d4:bb:e5:98:87:89:71:68:86:cc:
                    4a:c0:02:1e:b9:3e:1a:2e:22:a0:06:2f:e1:c3:e8:
                    76:cd:54:9b:1e:16:bb:4d:26:1e:69:c3:39:31:ac:
                    ca:8c:68:7f:e8:34:9f:d3:30:2a:ad:c5:bc:9f:89:
                    47:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:CC:B5:90:2C:29:1A:22:D0:12:F6:95:5A:4A:87:10:D6:AE:F9:27
            X509v3 Authority Key Identifier:
                keyid:5C:32:31:19:52:56:6D:1C:E1:8F:08:8E:8B:B6:CE:AB:E7:E7:93:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XDIxGVJWbRzhjwiOi7bOq-fnk1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/5dfd89-4d79-4bb6-8bf3-0d38dddb0780/1/B8y1kCwpGiLQEvaVWkqHENau-Sc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/5dfd89-4d79-4bb6-8bf3-0d38dddb0780/1/XDIxGVJWbRzhjwiOi7bOq-fnk1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.95.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:b5:80:4a:11:dc:a8:d8:e7:c0:f7:c3:f8:e7:e0:3d:0a:ec:
         64:7f:2e:10:23:55:80:f7:15:dc:c7:70:5e:12:0a:0e:c9:8e:
         1e:d0:50:c1:26:ce:20:59:e8:5d:a7:62:5d:28:ed:a0:30:7c:
         10:a4:eb:66:fd:be:10:49:da:68:eb:1e:dd:82:9b:30:57:c2:
         fa:77:89:32:fa:72:c1:0c:40:63:ed:26:5c:cc:58:48:08:81:
         f6:73:87:a0:7f:fd:42:d8:ac:41:68:dd:b5:94:04:2f:ce:58:
         7f:0a:c2:2a:60:92:3d:e3:19:db:4e:39:2b:86:d0:93:8f:62:
         44:b4:27:da:19:81:35:5d:50:fb:cc:2c:15:19:53:77:61:62:
         92:bb:82:13:3e:e1:41:6c:1b:6c:69:ba:b5:e6:53:38:3d:ac:
         f1:15:76:ff:fd:85:ff:ad:fb:2d:be:20:73:de:11:81:b3:93:
         30:9a:d4:25:4b:d7:6e:a9:6d:f3:d9:09:e3:58:f8:5c:fb:f8:
         31:84:d5:60:96:bf:a0:a2:57:f5:bf:42:6e:91:d2:93:34:63:
         30:5e:a3:84:93:36:45:36:6a:c1:f4:9f:51:50:c4:34:dd:17:
         8c:22:9a:57:c8:2d:c4:a3:99:08:05:e6:ba:d1:20:d6:79:e1:
         14:d1:13:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtuvKIVtgyNvaRtTSUDZXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjMzIzMTE5NTI1NjZkMWNlMThmMDg4ZThiYjZjZWFiZTdl
NzkzNWEwHhcNMjQwMTAxMDYyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2NjYjU5MDJjMjkxYTIyZDAxMmY2OTU1YTRhODcxMGQ2YWVmOTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOmTjsCDjER187CBNsQu8Oa6qp1C
ZQnCVJpiXjMrIry1oeMbxDBjh/jhdoOxVQGSL9JUOUxq8ynykmg56t4AwBoUzhW/
CxXICuOY0X6T6nxact0DcxNxhfVAZPqBUM9zyoNdIp8rsaJ+6m4Y1xOgDgRgM/yO
hqZ62RBRGzduMwKiRh10ejnt54uoMvi0PRr3d4DDD0uE9aDBQsBu0xd8/jhLtPli
1umMbHDIUQryarEWjFbMe89bXTVO+NQc2wwYV/GylF6fqtS75ZiHiXFohsxKwAIe
uT4aLiKgBi/hw+h2zVSbHha7TSYeacM5MazKjGh/6DSf0zAqrcW8n4lHmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAfMtZAsKRoi0BL2lVpKhxDWrvknMB8GA1UdIwQY
MBaAFFwyMRlSVm0c4Y8Ijou2zqvn55NaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWERJeEdWSldiUnpoandpT2k3Yk9xLWZuazFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC81ZGZkODktNGQ3OS00YmI2LThiZjMt
MGQzOGRkZGIwNzgwLzEvQjh5MWtDd3BHaUxRRXZhVldrcUhFTmF1LVNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC81ZGZkODktNGQ3OS00YmI2LThiZjMtMGQzOGRkZGIwNzgw
LzEvWERJeEdWSldiUnpoandpT2k3Yk9xLWZuazFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvF9bMA0G
CSqGSIb3DQEBCwUAA4IBAQAhtYBKEdyo2OfA98P45+A9Cuxkfy4QI1WA9xXcx3Be
EgoOyY4e0FDBJs4gWehdp2JdKO2gMHwQpOtm/b4QSdpo6x7dgpswV8L6d4ky+nLB
DEBj7SZczFhICIH2c4egf/1C2KxBaN21lAQvzlh/CsIqYJI94xnbTjkrhtCTj2JE
tCfaGYE1XVD7zCwVGVN3YWKSu4ITPuFBbBtsabq15lM4PazxFXb//YX/rfstviBz
3hGBs5MwmtQlS9duqW3z2QnjWPhc+/gxhNVglr+golf1v0JukdKTNGMwXqOEkzZF
NmrB9J9RUMQ03ReMIppXyC3Eo5kIBea60SDWeeEU0RNU
-----END CERTIFICATE-----