Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/9R1xtEP7l1oHy3OC_a1AoOF07LQ.roa
File:                     9R1xtEP7l1oHy3OC_a1AoOF07LQ.roa (raw, json)
Hash identifier:          SzaPTOP5dS/JC07twtKC80ETYyhMzMCospYmIGrAFqI=
Subject key identifier:   F5:1D:71:B4:43:FB:97:5A:07:CB:73:82:FD:AD:40:A0:E1:74:EC:B4
Certificate issuer:       /CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
Certificate serial:       018CC56EB5E1792AC3D0C06A067C87052A16
Authority key identifier: 2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/9R1xtEP7l1oHy3OC_a1AoOF07LQ.roa
Signing time:             Mon 01 Jan 2024 14:30:16 +0000
ROA not before:           Mon 01 Jan 2024 14:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211432
IP address blocks:        195.95.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:b5:e1:79:2a:c3:d0:c0:6a:06:7c:87:05:2a:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
        Validity
            Not Before: Jan  1 14:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f51d71b443fb975a07cb7382fdad40a0e174ecb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:15:8d:a2:fc:2e:44:16:a3:d0:fa:0f:82:d9:
                    08:da:e9:3b:a4:f2:19:99:89:3f:38:96:9b:e0:3d:
                    58:f7:86:7f:af:8a:bc:30:64:cc:a1:e2:0f:81:8a:
                    2b:d4:ea:db:41:e3:ec:14:1f:12:b7:d7:ec:9a:18:
                    4d:f1:0f:b5:48:cd:ad:07:12:e4:d1:1c:53:ae:cc:
                    ff:ae:fd:e6:bd:7a:b9:20:00:eb:b7:0d:63:0f:ad:
                    35:59:12:fa:f1:01:94:40:7f:1b:b3:4a:36:ce:3a:
                    2b:19:b3:35:e5:94:9d:31:10:52:cc:3c:62:fa:b8:
                    f6:07:42:57:1c:41:b9:c8:33:90:de:d4:8d:d1:06:
                    95:07:4a:80:f8:da:d8:61:44:f6:fb:48:a1:ce:2d:
                    35:a3:e3:8a:c3:12:a5:0e:0a:9a:5b:b2:47:f9:6a:
                    e0:ac:d8:77:ba:07:c1:32:14:e4:0d:68:b4:17:33:
                    19:de:4e:31:18:1b:bf:8a:21:ef:64:be:f8:94:81:
                    2b:b5:fc:9b:63:9a:b1:c9:4f:65:5f:a9:32:50:66:
                    12:e5:fc:da:ed:08:6e:ae:84:be:12:76:09:c7:c6:
                    4c:da:de:82:f6:61:d5:87:05:89:e8:4b:ed:c0:3f:
                    1f:66:d2:86:c3:70:1d:95:6e:9e:3a:a5:42:8d:5f:
                    69:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:1D:71:B4:43:FB:97:5A:07:CB:73:82:FD:AD:40:A0:E1:74:EC:B4
            X509v3 Authority Key Identifier:
                keyid:2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/9R1xtEP7l1oHy3OC_a1AoOF07LQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:94:c5:de:cb:5c:06:89:7a:60:16:94:de:f9:f9:63:7e:4e:
         05:cf:3d:76:ad:bd:2d:51:fb:48:72:60:11:95:59:f4:3e:40:
         eb:7e:aa:45:05:2e:e7:f8:80:36:0f:13:c1:bf:09:ee:c6:8e:
         05:9e:a8:7a:08:e1:8f:26:f5:18:8c:2d:a2:45:af:f9:e9:22:
         7e:ad:e3:21:24:53:e5:1a:12:44:60:b5:96:7e:0c:d5:fc:90:
         94:fa:0e:6d:1c:4d:2b:6e:3a:2e:ba:81:a2:dc:7d:d7:14:ba:
         09:cb:df:8c:af:52:18:cc:ba:7a:02:b8:99:7b:1e:e7:36:4f:
         d1:c9:81:84:43:b6:c8:35:4e:0f:44:f9:33:d6:18:fb:6b:ed:
         6d:c1:e4:41:d8:a7:5b:7b:28:e4:9f:8a:8f:6c:ec:64:58:43:
         2d:7b:79:1d:4c:ed:4a:84:b1:4c:eb:8e:ea:55:dd:83:ab:bf:
         e3:68:36:63:a2:01:d0:69:74:99:19:62:0d:4a:0c:8c:3e:da:
         86:a1:99:a5:bb:7a:03:b6:80:dc:50:0c:2b:a9:11:39:72:b9:
         f4:1c:6e:79:4e:18:00:31:99:3e:15:c5:db:98:be:f8:f7:0b:
         08:97:08:59:1b:b7:48:51:b4:bd:63:97:ab:a6:46:6d:bc:7b:
         3c:b8:0a:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbrXheSrD0MBqBnyHBSoWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlODI5NjNmZjFhYTcwYWIxMGQxZDMzZTg2YjFkNmQ0OTRk
NmNlNTEwHhcNMjQwMTAxMTQzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTFkNzFiNDQzZmI5NzVhMDdjYjczODJmZGFkNDBhMGUxNzRlY2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+BWNovwuRBaj0PoPgtkI2uk7pPIZ
mYk/OJab4D1Y94Z/r4q8MGTMoeIPgYor1OrbQePsFB8St9fsmhhN8Q+1SM2tBxLk
0RxTrsz/rv3mvXq5IADrtw1jD601WRL68QGUQH8bs0o2zjorGbM15ZSdMRBSzDxi
+rj2B0JXHEG5yDOQ3tSN0QaVB0qA+NrYYUT2+0ihzi01o+OKwxKlDgqaW7JH+Wrg
rNh3ugfBMhTkDWi0FzMZ3k4xGBu/iiHvZL74lIErtfybY5qxyU9lX6kyUGYS5fza
7QhuroS+EnYJx8ZM2t6C9mHVhwWJ6EvtwD8fZtKGw3AdlW6eOqVCjV9p9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPUdcbRD+5daB8tzgv2tQKDhdOy0MB8GA1UdIwQY
MBaAFC6Clj/xqnCrENHTPoax1tSU1s5RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQt
ZGY2NGYwZTgyMzYwLzEvOVIxeHRFUDdsMW9IeTNPQ19hMUFvT0YwN0xRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQtZGY2NGYwZTgyMzYw
LzEvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1/NMA0G
CSqGSIb3DQEBCwUAA4IBAQB5lMXey1wGiXpgFpTe+fljfk4Fzz12rb0tUftIcmAR
lVn0PkDrfqpFBS7n+IA2DxPBvwnuxo4Fnqh6COGPJvUYjC2iRa/56SJ+reMhJFPl
GhJEYLWWfgzV/JCU+g5tHE0rbjouuoGi3H3XFLoJy9+Mr1IYzLp6AriZex7nNk/R
yYGEQ7bINU4PRPkz1hj7a+1tweRB2Kdbeyjkn4qPbOxkWEMte3kdTO1KhLFM647q
Vd2Dq7/jaDZjogHQaXSZGWINSgyMPtqGoZmlu3oDtoDcUAwrqRE5crn0HG55ThgA
MZk+FcXbmL749wsIlwhZG7dIUbS9Y5erpkZtvHs8uAol
-----END CERTIFICATE-----