Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/APRp7rHpEjYjR8ZrUG2fyAOxowU.roa
File:                     APRp7rHpEjYjR8ZrUG2fyAOxowU.roa (raw, json)
Hash identifier:          bUA1CuSmyE/2BEwa5cuF2WIZQjckyqdMqQVTwHAmqmY=
Subject key identifier:   00:F4:69:EE:B1:E9:12:36:23:47:C6:6B:50:6D:9F:C8:03:B1:A3:05
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       018CC9BC71F0BBFBCEF71570B09217E5F892
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/APRp7rHpEjYjR8ZrUG2fyAOxowU.roa
Signing time:             Tue 02 Jan 2024 10:33:39 +0000
ROA not before:           Tue 02 Jan 2024 10:33:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211030
IP address blocks:        195.5.115.0/24 maxlen: 24
                          2a0d:f407:1030::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:71:f0:bb:fb:ce:f7:15:70:b0:92:17:e5:f8:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Jan  2 10:33:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00f469eeb1e912362347c66b506d9fc803b1a305
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:e0:f8:d8:f7:43:ee:5f:0b:48:84:ca:33:3c:
                    7b:74:b5:7e:71:c5:5b:ce:14:08:50:74:d1:26:12:
                    aa:0e:48:11:8f:cd:da:7a:cf:61:ce:27:c5:78:b6:
                    7b:ec:e8:3c:e3:8c:c2:8f:2a:ab:29:db:55:f1:d7:
                    12:31:1a:71:fd:b8:d9:e5:53:00:ea:b9:0e:69:50:
                    ec:1a:a8:54:51:0a:79:3d:76:4b:d5:eb:7e:07:b6:
                    cf:4d:43:29:ed:15:b7:bf:c4:68:5c:df:75:c8:bd:
                    db:bc:d9:55:9b:4d:7b:22:e4:8e:1a:24:60:ed:9a:
                    3d:d7:ad:1a:be:53:7c:67:36:25:25:db:0d:06:4b:
                    12:4a:c7:a3:dd:b1:b9:6a:89:46:02:19:75:95:a3:
                    85:a2:e6:46:23:0a:fb:aa:cd:d6:3e:59:37:8f:f7:
                    ab:bb:a8:81:c9:14:e5:e7:e7:21:0a:df:97:d9:5d:
                    4f:fc:49:9e:20:e6:97:1d:90:9b:31:20:18:32:bb:
                    59:bb:8d:51:66:12:90:89:c3:61:f4:9e:ff:6f:26:
                    7e:57:ec:c5:ce:8e:a6:1d:e4:9a:d5:b7:79:43:33:
                    ff:55:0d:cb:cb:84:16:4c:4a:8e:01:31:01:68:a1:
                    9d:e3:19:3a:3b:d5:3c:de:f2:aa:9e:d6:9c:a7:97:
                    1d:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:F4:69:EE:B1:E9:12:36:23:47:C6:6B:50:6D:9F:C8:03:B1:A3:05
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/APRp7rHpEjYjR8ZrUG2fyAOxowU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.5.115.0/24
                IPv6:
                  2a0d:f407:1030::/48

    Signature Algorithm: sha256WithRSAEncryption
         4d:9b:c7:26:17:a1:34:72:72:8c:6c:bb:88:9c:c6:73:4b:56:
         c1:a8:2f:b3:16:a5:51:da:b9:6e:8c:ee:ca:c9:93:d4:3c:ea:
         b7:a5:81:40:97:60:38:83:a9:c0:ae:26:72:6a:25:40:49:73:
         8e:a0:15:24:ce:bd:e7:c2:0d:ea:fb:04:60:ba:fe:cb:e1:09:
         02:b8:ce:84:fd:a1:ac:e2:3e:8c:35:0d:89:c8:d9:a7:fe:6b:
         ff:7b:d2:f3:12:89:f0:d2:1e:22:6b:17:45:81:50:34:2e:23:
         f0:3a:f6:b2:1b:48:41:2b:6c:96:3c:96:b1:31:e6:ac:af:a7:
         e9:1a:ab:2f:6b:35:c4:b9:a8:38:0a:49:c5:a4:7b:8b:e4:c8:
         fa:21:73:86:25:bd:5c:b3:f0:22:ee:5f:4a:90:09:21:3b:f1:
         53:7c:29:2e:11:37:70:d1:f5:57:39:56:80:fa:58:f3:d6:55:
         cb:13:7b:01:7b:b9:b1:b6:58:1a:f7:21:09:e8:36:12:1b:98:
         df:2b:e2:65:49:75:bb:19:17:30:fa:20:15:34:4d:63:ab:f1:
         83:3f:90:5f:07:3c:e8:19:3c:42:d6:3a:47:1e:40:7e:ab:3c:
         de:62:39:b8:66:ca:17:50:ca:2c:3e:fc:0d:d2:1e:92:c0:0e:
         28:d5:91:4c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJvHHwu/vO9xVwsJIX5fiSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjQwMTAyMTAzMzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGY0NjllZWIxZTkxMjM2MjM0N2M2NmI1MDZkOWZjODAzYjFhMzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+D42PdD7l8LSITKMzx7dLV+ccVb
zhQIUHTRJhKqDkgRj83aes9hzifFeLZ77Og844zCjyqrKdtV8dcSMRpx/bjZ5VMA
6rkOaVDsGqhUUQp5PXZL1et+B7bPTUMp7RW3v8RoXN91yL3bvNlVm017IuSOGiRg
7Zo9160avlN8ZzYlJdsNBksSSsej3bG5aolGAhl1laOFouZGIwr7qs3WPlk3j/er
u6iByRTl5+chCt+X2V1P/EmeIOaXHZCbMSAYMrtZu41RZhKQicNh9J7/byZ+V+zF
zo6mHeSa1bd5QzP/VQ3Ly4QWTEqOATEBaKGd4xk6O9U83vKqntacp5cd/QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAD0ae6x6RI2I0fGa1Btn8gDsaMFMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvQVBScDdySHBFallqUjhaclVHMmZ5QU94b3dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwwVzMA8E
AgACMAkDBwAqDfQHEDAwDQYJKoZIhvcNAQELBQADggEBAE2bxyYXoTRycoxsu4ic
xnNLVsGoL7MWpVHauW6M7srJk9Q86relgUCXYDiDqcCuJnJqJUBJc46gFSTOvefC
Der7BGC6/svhCQK4zoT9oaziPow1DYnI2af+a/970vMSifDSHiJrF0WBUDQuI/A6
9rIbSEErbJY8lrEx5qyvp+kaqy9rNcS5qDgKScWke4vkyPohc4YlvVyz8CLuX0qQ
CSE78VN8KS4RN3DR9Vc5VoD6WPPWVcsTewF7ubG2WBr3IQnoNhIbmN8r4mVJdbsZ
FzD6IBU0TWOr8YM/kF8HPOgZPELWOkceQH6rPN5iObhmyhdQyiw+/A3SHpLADijV
kUw=
-----END CERTIFICATE-----