Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/DY5d5q-0bvbouyM6SCPzZEectjk.roa
File:                     DY5d5q-0bvbouyM6SCPzZEectjk.roa (raw, json)
Hash identifier:          QKXpN4cJgSW1UuwHoM7OHwf7BJfAg8vj7Rm3G6f2QUM=
Subject key identifier:   0D:8E:5D:E6:AF:B4:6E:F6:E8:BB:23:3A:48:23:F3:64:47:9C:B6:39
Certificate issuer:       /CN=b9ea8936f8e53063b4b3bdf0f3b15b2ae667ef13
Certificate serial:       018CC64A05A5258CC98071F983D1C3A5DD20
Authority key identifier: B9:EA:89:36:F8:E5:30:63:B4:B3:BD:F0:F3:B1:5B:2A:E6:67:EF:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/DY5d5q-0bvbouyM6SCPzZEectjk.roa
Signing time:             Mon 01 Jan 2024 18:29:49 +0000
ROA not before:           Mon 01 Jan 2024 18:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50053
IP address blocks:        95.140.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 09:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:05:a5:25:8c:c9:80:71:f9:83:d1:c3:a5:dd:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9ea8936f8e53063b4b3bdf0f3b15b2ae667ef13
        Validity
            Not Before: Jan  1 18:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d8e5de6afb46ef6e8bb233a4823f364479cb639
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:a2:34:79:86:e8:70:a7:ad:09:ef:f6:99:93:
                    2a:56:50:e2:45:d4:1e:0f:44:37:fc:a5:58:dd:f5:
                    e0:bb:67:91:17:ca:9d:26:de:df:5f:d1:f4:a2:1a:
                    b4:33:13:cf:b6:08:4a:5e:d1:62:12:76:cc:81:f6:
                    08:d3:81:d4:83:6b:1c:ad:aa:4f:39:e8:8f:bd:a2:
                    0f:58:17:43:cd:de:b9:c7:50:30:06:eb:0e:ed:80:
                    57:b1:fc:9c:f4:1f:c9:9f:2f:66:66:a4:51:dc:b8:
                    39:8d:57:d6:97:2b:19:8d:8c:c3:ea:fa:cb:f5:ae:
                    c2:c0:6e:1d:45:99:12:4e:b3:ce:a9:65:a6:11:c3:
                    1e:b0:e8:c6:cb:cd:1a:3c:61:45:62:33:e1:78:97:
                    28:b4:5b:b2:98:17:49:81:bf:0e:f0:6d:35:fd:9a:
                    41:75:4f:5b:48:d9:ca:04:87:28:a6:2d:c7:85:dc:
                    e6:8d:75:b0:74:07:3b:4d:c4:f7:67:7d:be:4e:8b:
                    86:dc:c6:3b:f6:f6:97:3f:d4:13:1e:2a:0f:53:4f:
                    6d:78:23:18:aa:47:89:ab:99:d5:c4:5e:2f:49:c4:
                    d4:d5:ba:19:06:36:52:7d:53:b6:98:59:b7:a4:a2:
                    44:3b:90:77:85:0f:8a:55:9e:04:25:6b:07:c9:c8:
                    8b:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:8E:5D:E6:AF:B4:6E:F6:E8:BB:23:3A:48:23:F3:64:47:9C:B6:39
            X509v3 Authority Key Identifier:
                keyid:B9:EA:89:36:F8:E5:30:63:B4:B3:BD:F0:F3:B1:5B:2A:E6:67:EF:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/DY5d5q-0bvbouyM6SCPzZEectjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.140.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:7a:04:7e:67:1c:30:4e:0b:6c:1e:a7:1f:a7:b5:ad:55:2a:
         c3:78:7a:40:87:91:43:14:89:1d:1d:aa:01:23:20:01:27:a7:
         7f:cd:76:a5:a3:bf:95:65:bc:3d:94:59:12:d6:cd:52:88:ea:
         12:e3:7f:b0:b6:ca:17:a5:5d:7c:eb:51:51:28:60:30:ba:8c:
         59:88:4c:40:00:2e:eb:1f:9e:91:8f:0b:96:01:21:bd:1c:c0:
         4e:a0:14:ad:27:8b:06:80:6d:c0:a2:93:52:f7:4b:77:27:61:
         ce:78:26:22:0a:30:7f:e5:13:f1:98:f8:db:6c:2f:73:82:9f:
         83:64:7d:9b:19:9c:a8:2b:84:ee:90:4c:cc:97:12:71:8d:b0:
         a8:3e:7a:e8:70:87:e6:fe:75:ab:dc:15:2c:8e:ea:79:a2:11:
         2b:cf:76:e7:79:17:3f:27:72:11:8b:98:d9:32:11:0c:42:ac:
         c9:3f:73:9b:f1:f7:5e:ba:b3:8f:69:05:87:e2:c6:46:f7:cb:
         8c:66:02:bb:f0:3e:43:a9:18:70:70:90:d2:8b:eb:27:fe:88:
         e8:e2:ed:5a:1a:dc:a3:14:31:5f:17:25:98:9d:e6:aa:dc:ec:
         0c:49:a5:e9:6e:56:17:a1:8e:51:18:ff:ed:35:4b:29:21:ae:
         61:0b:fc:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSgWlJYzJgHH5g9HDpd0gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZWE4OTM2ZjhlNTMwNjNiNGIzYmRmMGYzYjE1YjJhZTY2
N2VmMTMwHhcNMjQwMTAxMTgyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDhlNWRlNmFmYjQ2ZWY2ZThiYjIzM2E0ODIzZjM2NDQ3OWNiNjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqI0eYbocKetCe/2mZMqVlDiRdQe
D0Q3/KVY3fXgu2eRF8qdJt7fX9H0ohq0MxPPtghKXtFiEnbMgfYI04HUg2scrapP
OeiPvaIPWBdDzd65x1AwBusO7YBXsfyc9B/Jny9mZqRR3Lg5jVfWlysZjYzD6vrL
9a7CwG4dRZkSTrPOqWWmEcMesOjGy80aPGFFYjPheJcotFuymBdJgb8O8G01/ZpB
dU9bSNnKBIcopi3HhdzmjXWwdAc7TcT3Z32+TouG3MY79vaXP9QTHioPU09teCMY
qkeJq5nVxF4vScTU1boZBjZSfVO2mFm3pKJEO5B3hQ+KVZ4EJWsHyciL1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA2OXeavtG726LsjOkgj82RHnLY5MB8GA1UdIwQY
MBaAFLnqiTb45TBjtLO98POxWyrmZ+8TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWVxSk52amxNR08wczczdzg3RmJLdVpuN3hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9lYzI5ZTItMzQ0MC00MDlhLTk4NmEt
YjI1MDk5N2ZjNzVkLzEvRFk1ZDVxLTBidmJvdXlNNlNDUHpaRWVjdGprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9lYzI5ZTItMzQ0MC00MDlhLTk4NmEtYjI1MDk5N2ZjNzVk
LzEvdWVxSk52amxNR08wczczdzg3RmJLdVpuN3hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4yUMA0G
CSqGSIb3DQEBCwUAA4IBAQAeegR+ZxwwTgtsHqcfp7WtVSrDeHpAh5FDFIkdHaoB
IyABJ6d/zXalo7+VZbw9lFkS1s1SiOoS43+wtsoXpV1861FRKGAwuoxZiExAAC7r
H56RjwuWASG9HMBOoBStJ4sGgG3AopNS90t3J2HOeCYiCjB/5RPxmPjbbC9zgp+D
ZH2bGZyoK4TukEzMlxJxjbCoPnrocIfm/nWr3BUsjup5ohErz3bneRc/J3IRi5jZ
MhEMQqzJP3Ob8fdeurOPaQWH4sZG98uMZgK78D5DqRhwcJDSi+sn/ojo4u1aGtyj
FDFfFyWYneaq3OwMSaXpblYXoY5RGP/tNUspIa5hC/zf
-----END CERTIFICATE-----