Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/fsUSecMjEz5QM86rhQMI9sZTclg.roa
File:                     fsUSecMjEz5QM86rhQMI9sZTclg.roa (raw, json)
Hash identifier:          WMQcW1+Jvg3OzOTTnSx4QhVNCjyK3WVGt1CBTK+pQCw=
Subject key identifier:   7E:C5:12:79:C3:23:13:3E:50:33:CE:AB:85:03:08:F6:C6:53:72:58
Certificate issuer:       /CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
Certificate serial:       018CC4924C4FB9D03AA15AB4286380223645
Authority key identifier: EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/fsUSecMjEz5QM86rhQMI9sZTclg.roa
Signing time:             Mon 01 Jan 2024 10:29:31 +0000
ROA not before:           Mon 01 Jan 2024 10:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35448
IP address blocks:        95.158.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:4c:4f:b9:d0:3a:a1:5a:b4:28:63:80:22:36:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
        Validity
            Not Before: Jan  1 10:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ec51279c323133e5033ceab850308f6c6537258
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:ae:0d:0b:7e:99:a8:5f:7e:03:e9:77:da:c3:
                    aa:43:ea:d6:c2:94:e3:12:62:15:81:00:28:9e:48:
                    58:80:97:b5:79:6c:66:f0:e4:42:c0:19:58:ef:d4:
                    a0:84:bb:a5:4d:de:99:29:2e:18:eb:57:9d:c8:64:
                    63:48:26:b7:7d:fc:a4:96:3d:59:03:ed:b9:a6:7c:
                    6c:7b:8b:6c:92:69:a8:83:c4:8b:41:ea:50:37:82:
                    dd:9f:7a:63:93:9a:f7:e1:2f:4e:69:5f:da:54:c7:
                    12:f0:6b:a5:e4:f3:b7:83:01:ec:b5:6b:15:a2:09:
                    6b:c7:ae:6a:ab:df:c3:e6:fc:86:51:89:82:c8:62:
                    b8:1d:18:5d:b1:36:61:89:a4:40:a5:49:6f:10:df:
                    96:9d:8a:7b:38:b5:9c:d5:85:c9:27:ec:93:d5:08:
                    6e:f1:38:b2:93:b3:0a:91:13:b1:c7:4e:c3:a9:f1:
                    3b:8a:77:af:63:22:b7:be:65:4a:28:a1:89:3d:ec:
                    58:b2:70:c0:a7:3a:e1:7a:a4:9c:b0:86:9b:97:99:
                    08:6f:7f:d8:6f:89:0a:ff:61:03:a7:72:f4:cc:39:
                    ae:11:8e:b6:49:9b:6b:a8:22:c8:7f:ff:83:f7:af:
                    98:87:44:6f:09:76:b1:0f:f2:7a:24:50:27:08:24:
                    75:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:C5:12:79:C3:23:13:3E:50:33:CE:AB:85:03:08:F6:C6:53:72:58
            X509v3 Authority Key Identifier:
                keyid:EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/fsUSecMjEz5QM86rhQMI9sZTclg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.158.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:67:0f:e0:de:b4:cc:54:2e:17:1f:2f:a5:66:dc:62:c2:02:
         8a:cd:72:c3:fd:67:4a:24:40:8c:04:3c:18:c1:8f:c5:01:14:
         ae:a0:df:06:73:c7:6c:8c:00:9b:f5:3d:60:1c:68:07:46:07:
         70:8f:70:38:78:0c:e7:36:56:e0:10:21:83:f7:43:52:0b:7c:
         b3:2f:e4:00:b3:71:65:bf:a1:78:d3:52:fa:02:40:44:6a:d9:
         fc:a1:05:ac:d4:12:37:93:66:18:79:92:8f:92:19:63:96:f8:
         54:74:e1:d1:1c:03:f8:9c:e5:8a:e4:76:ba:33:ee:68:c4:65:
         9b:87:60:a7:13:e2:75:46:d3:7b:80:36:97:0a:f0:26:5c:06:
         c3:10:85:97:27:fe:de:52:f5:7f:e9:20:ef:9a:25:f7:3c:44:
         cc:b8:14:d1:5a:32:5d:48:49:4e:09:76:a2:9a:e4:61:20:11:
         11:9f:89:bd:b9:75:e0:bf:23:28:75:24:b5:e9:f2:31:be:7f:
         69:cc:9c:cc:66:43:89:e9:0e:5d:b8:54:f0:6d:12:cd:ca:05:
         a7:0c:07:3d:72:8e:e0:e3:7f:c6:90:ef:4d:fe:5f:e5:da:bf:
         74:b4:36:fe:cc:4a:b0:8b:2c:f9:09:92:34:b4:76:2c:6b:65:
         8b:4e:ec:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkkxPudA6oVq0KGOAIjZFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZWM5MDMwYzcwYTNkNDE5MmQ1OWMyOGRjYzhkNTQ3Njk0
MzQwYjMwHhcNMjQwMTAxMTAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWM1MTI3OWMzMjMxMzNlNTAzM2NlYWI4NTAzMDhmNmM2NTM3MjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAya4NC36ZqF9+A+l32sOqQ+rWwpTj
EmIVgQAonkhYgJe1eWxm8ORCwBlY79SghLulTd6ZKS4Y61edyGRjSCa3ffyklj1Z
A+25pnxse4tskmmog8SLQepQN4Ldn3pjk5r34S9OaV/aVMcS8Gul5PO3gwHstWsV
oglrx65qq9/D5vyGUYmCyGK4HRhdsTZhiaRApUlvEN+WnYp7OLWc1YXJJ+yT1Qhu
8Tiyk7MKkROxx07DqfE7inevYyK3vmVKKKGJPexYsnDApzrheqScsIabl5kIb3/Y
b4kK/2EDp3L0zDmuEY62SZtrqCLIf/+D96+Yh0RvCXaxD/J6JFAnCCR1KwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH7FEnnDIxM+UDPOq4UDCPbGU3JYMB8GA1UdIwQY
MBaAFOvskDDHCj1BktWcKNzI1UdpQ0CzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQt
NGE2Zjg2ODMyNjVjLzEvZnNVU2VjTWpFejVRTTg2cmhRTUk5c1pUY2xnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQtNGE2Zjg2ODMyNjVj
LzEvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX56QMA0G
CSqGSIb3DQEBCwUAA4IBAQBhZw/g3rTMVC4XHy+lZtxiwgKKzXLD/WdKJECMBDwY
wY/FARSuoN8Gc8dsjACb9T1gHGgHRgdwj3A4eAznNlbgECGD90NSC3yzL+QAs3Fl
v6F401L6AkBEatn8oQWs1BI3k2YYeZKPkhljlvhUdOHRHAP4nOWK5Ha6M+5oxGWb
h2CnE+J1RtN7gDaXCvAmXAbDEIWXJ/7eUvV/6SDvmiX3PETMuBTRWjJdSElOCXai
muRhIBERn4m9uXXgvyModSS16fIxvn9pzJzMZkOJ6Q5duFTwbRLNygWnDAc9co7g
43/GkO9N/l/l2r90tDb+zEqwiyz5CZI0tHYsa2WLTuxC
-----END CERTIFICATE-----