Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/qmWhU9oSEBDjE-FOvGwIa6R3RXE.roa
File:                     qmWhU9oSEBDjE-FOvGwIa6R3RXE.roa (raw, json)
Hash identifier:          4fDY8YWfH9CDwRSj8KqKMypD/mbrgmjgl3/U4T+qkSI=
Subject key identifier:   AA:65:A1:53:DA:12:10:10:E3:13:E1:4E:BC:6C:08:6B:A4:77:45:71
Certificate issuer:       /CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
Certificate serial:       018CC56EB641C81CA6EF83B7E3C13CBD4DDA
Authority key identifier: 2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/qmWhU9oSEBDjE-FOvGwIa6R3RXE.roa
Signing time:             Mon 01 Jan 2024 14:30:16 +0000
ROA not before:           Mon 01 Jan 2024 14:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212609
IP address blocks:        195.95.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:b6:41:c8:1c:a6:ef:83:b7:e3:c1:3c:bd:4d:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
        Validity
            Not Before: Jan  1 14:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa65a153da121010e313e14ebc6c086ba4774571
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ea:9c:ba:d7:9e:49:c1:1a:81:b5:01:8e:ec:
                    35:ce:19:a4:8e:71:9e:6b:e8:f6:40:96:3f:88:c2:
                    0c:e7:57:78:09:c2:3a:a3:1c:2f:14:19:2a:85:e2:
                    ef:da:c5:7a:45:b0:d4:32:48:8a:bb:72:a3:bd:4f:
                    35:1b:12:77:c6:07:92:3b:44:68:bc:06:42:d3:73:
                    88:57:65:0e:61:11:63:4e:24:4b:05:86:19:19:06:
                    e3:19:fc:f3:58:a7:5c:6f:05:35:73:12:76:fc:a2:
                    ef:1a:3b:23:d3:df:d3:d6:cc:99:d2:0e:04:1b:e7:
                    54:1a:ea:50:bf:22:62:2c:ac:d2:db:ce:a3:66:a8:
                    ff:72:9f:3c:f6:43:ba:47:ac:82:a4:ad:f6:b5:71:
                    32:c7:ad:cd:82:51:60:0a:8e:59:a1:b6:bc:e4:03:
                    ad:17:2f:ff:6c:e4:ff:26:d7:dd:2b:9a:99:56:67:
                    04:ff:f7:ee:9f:b3:14:9f:0a:af:2d:eb:5f:42:44:
                    27:83:92:03:82:a8:44:20:3c:08:bb:30:ba:92:24:
                    ed:60:b0:ae:5f:33:93:da:73:25:9b:c4:22:68:f1:
                    4a:bf:18:06:c0:e9:85:b4:42:22:6c:72:7a:cf:2c:
                    a6:73:60:76:2b:ca:cd:83:ad:96:5d:0b:6a:e7:6e:
                    36:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:65:A1:53:DA:12:10:10:E3:13:E1:4E:BC:6C:08:6B:A4:77:45:71
            X509v3 Authority Key Identifier:
                keyid:2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/qmWhU9oSEBDjE-FOvGwIa6R3RXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:7f:29:5f:42:a2:a2:e3:be:6f:c8:a3:32:b5:fe:34:33:47:
         f0:e8:58:20:27:c9:a8:b8:b7:87:cc:6b:aa:f6:37:8a:84:fe:
         ef:3c:0e:0c:a6:1a:03:73:98:28:13:d5:f8:6e:02:4c:74:3c:
         15:ba:7e:3f:b4:c3:b5:a5:82:29:23:9a:1d:9c:ad:ec:62:81:
         59:f4:e8:00:16:36:dc:9a:ee:77:75:fa:4c:1a:2b:73:79:33:
         0f:ce:aa:8d:87:1b:f3:1e:e5:ad:c8:79:28:5a:26:8a:d1:d6:
         43:c7:c0:6b:d9:34:22:4b:5a:de:5f:de:18:e3:bf:2b:ee:a2:
         6f:e3:a2:c9:a0:e9:be:45:9e:c5:ed:28:ab:a8:cf:2c:d3:9a:
         c1:dd:80:0c:50:2c:a7:b0:c6:f4:ee:17:1f:f1:b4:a0:8c:9c:
         cb:a7:2c:10:af:10:d0:24:71:1e:b7:f5:29:45:5b:0e:6a:1a:
         a1:aa:bb:aa:8f:62:bc:8a:07:35:23:3c:54:8e:c1:76:42:c5:
         72:1e:14:e3:ba:3a:2e:84:8c:6d:08:e5:8d:89:76:31:ae:48:
         3a:ac:01:da:f8:4b:89:04:c9:92:77:92:36:16:a9:59:60:46:
         79:92:af:61:0f:2b:97:8f:d9:33:a6:3c:d7:30:56:64:35:d8:
         01:e4:2d:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbrZByBym74O348E8vU3aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlODI5NjNmZjFhYTcwYWIxMGQxZDMzZTg2YjFkNmQ0OTRk
NmNlNTEwHhcNMjQwMTAxMTQzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTY1YTE1M2RhMTIxMDEwZTMxM2UxNGViYzZjMDg2YmE0Nzc0NTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+qcuteeScEagbUBjuw1zhmkjnGe
a+j2QJY/iMIM51d4CcI6oxwvFBkqheLv2sV6RbDUMkiKu3KjvU81GxJ3xgeSO0Ro
vAZC03OIV2UOYRFjTiRLBYYZGQbjGfzzWKdcbwU1cxJ2/KLvGjsj09/T1syZ0g4E
G+dUGupQvyJiLKzS286jZqj/cp889kO6R6yCpK32tXEyx63NglFgCo5Zoba85AOt
Fy//bOT/JtfdK5qZVmcE//fun7MUnwqvLetfQkQng5IDgqhEIDwIuzC6kiTtYLCu
XzOT2nMlm8QiaPFKvxgGwOmFtEIibHJ6zyymc2B2K8rNg62WXQtq5242EwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKploVPaEhAQ4xPhTrxsCGukd0VxMB8GA1UdIwQY
MBaAFC6Clj/xqnCrENHTPoax1tSU1s5RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQt
ZGY2NGYwZTgyMzYwLzEvcW1XaFU5b1NFQkRqRS1GT3ZHd0lhNlIzUlhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQtZGY2NGYwZTgyMzYw
LzEvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1/NMA0G
CSqGSIb3DQEBCwUAA4IBAQBufylfQqKi475vyKMytf40M0fw6FggJ8mouLeHzGuq
9jeKhP7vPA4MphoDc5goE9X4bgJMdDwVun4/tMO1pYIpI5odnK3sYoFZ9OgAFjbc
mu53dfpMGitzeTMPzqqNhxvzHuWtyHkoWiaK0dZDx8Br2TQiS1reX94Y478r7qJv
46LJoOm+RZ7F7SirqM8s05rB3YAMUCynsMb07hcf8bSgjJzLpywQrxDQJHEet/Up
RVsOahqhqruqj2K8igc1IzxUjsF2QsVyHhTjujouhIxtCOWNiXYxrkg6rAHa+EuJ
BMmSd5I2FqlZYEZ5kq9hDyuXj9kzpjzXMFZkNdgB5C1/
-----END CERTIFICATE-----