Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/aTszMWkXOxGKTt5X9mpcBUSkPdg.roa
File:                     aTszMWkXOxGKTt5X9mpcBUSkPdg.roa (raw, json)
Hash identifier:          0IjbyyCd3hFFY6OXa7asFCt4P3JNPOyVXDwRmc5apzQ=
Subject key identifier:   69:3B:33:31:69:17:3B:11:8A:4E:DE:57:F6:6A:5C:05:44:A4:3D:D8
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       019188EEE29965DE433482F28FA93E981552
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/aTszMWkXOxGKTt5X9mpcBUSkPdg.roa
Signing time:             Sun 25 Aug 2024 09:47:22 +0000
ROA not before:           Sun 25 Aug 2024 09:47:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64161
IP address blocks:        195.88.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:88:ee:e2:99:65:de:43:34:82:f2:8f:a9:3e:98:15:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Aug 25 09:47:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=693b333169173b118a4ede57f66a5c0544a43dd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:8d:40:97:76:7a:30:03:88:d4:5e:51:52:aa:
                    08:44:55:0f:f7:78:57:7f:90:e5:e6:5a:66:ac:7f:
                    d0:54:35:be:de:89:9f:83:c0:7a:22:0d:ac:ef:cb:
                    52:d6:1d:c0:15:49:45:12:65:8c:af:d5:4b:a9:a8:
                    22:34:65:31:a0:43:0b:7d:c7:ea:29:3d:84:0b:02:
                    e9:32:ff:aa:8a:f5:3f:74:7e:6d:6c:34:f1:9d:08:
                    53:5b:96:e1:d5:95:ad:d1:f7:df:4e:5f:1f:bd:0d:
                    f0:1c:aa:f8:91:0c:a3:e7:0a:5d:fb:04:36:1b:ab:
                    c9:9d:04:a5:20:55:e5:29:5c:a6:52:d2:7c:d6:c3:
                    2e:dc:18:f1:e2:39:ce:4e:fc:d7:fa:ba:1a:00:3b:
                    d5:ec:a0:d2:51:2a:78:d4:f9:8c:6c:53:e8:57:8b:
                    4c:8e:8f:e5:8d:67:81:64:42:d3:72:a2:66:6b:0c:
                    2b:5d:4a:3b:03:81:21:03:c9:6c:e0:bf:45:c1:f4:
                    53:c3:b2:39:5b:2f:2d:e4:e0:dd:ac:dc:6f:a2:e5:
                    ba:47:35:8b:e3:7c:13:2e:2e:35:c5:8f:37:25:36:
                    ea:6c:60:bc:a3:1c:bd:5b:ca:0e:23:9e:ad:68:68:
                    0b:3e:55:bc:ad:e3:74:37:ed:93:63:8f:53:15:63:
                    20:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:3B:33:31:69:17:3B:11:8A:4E:DE:57:F6:6A:5C:05:44:A4:3D:D8
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/aTszMWkXOxGKTt5X9mpcBUSkPdg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:20:b1:58:b1:fa:a1:76:76:4e:9b:15:3d:d8:11:4f:f4:92:
         e8:ee:00:01:19:3a:ab:dc:09:2f:de:9f:14:82:a1:2f:5d:40:
         e5:02:ad:65:fc:d0:52:18:5f:27:76:72:9a:21:34:e4:39:00:
         3f:6b:fe:17:0b:bd:2b:84:15:1c:73:f1:d1:0e:52:7d:c3:76:
         9e:3b:39:ac:f0:fd:0a:4e:ee:c9:c1:52:7c:e7:89:7e:b6:4b:
         9a:2a:08:21:54:96:78:44:0d:80:d5:5f:ab:4a:90:dc:55:ee:
         4d:c8:4e:f9:13:54:67:23:df:76:cb:2a:a0:38:25:6f:a0:88:
         e1:2a:c8:6e:81:88:fe:62:02:a5:54:1f:0a:ae:ee:9f:48:dc:
         31:c0:ff:f7:92:cb:82:50:6d:10:84:c0:ef:88:c5:2c:2c:1e:
         a9:b4:9b:ec:87:c7:fb:c9:6a:84:1d:67:d6:ce:90:8d:f9:10:
         c3:55:fa:4c:9c:98:89:33:7e:27:1d:b6:1e:b6:55:8e:72:1e:
         4e:89:b2:f5:2f:be:3a:d6:70:c6:fb:5a:e6:08:bb:2d:11:6c:
         8f:97:58:31:86:ca:a3:fb:3c:a1:ad:4d:37:df:c6:c5:fa:5b:
         87:03:ae:b1:98:9e:a8:41:26:fc:58:5b:83:b9:92:87:2d:5c:
         14:08:c1:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGI7uKZZd5DNILyj6k+mBVSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjQwODI1MDk0NzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTNiMzMzMTY5MTczYjExOGE0ZWRlNTdmNjZhNWMwNTQ0YTQzZGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqI1Al3Z6MAOI1F5RUqoIRFUP93hX
f5Dl5lpmrH/QVDW+3omfg8B6Ig2s78tS1h3AFUlFEmWMr9VLqagiNGUxoEMLfcfq
KT2ECwLpMv+qivU/dH5tbDTxnQhTW5bh1ZWt0fffTl8fvQ3wHKr4kQyj5wpd+wQ2
G6vJnQSlIFXlKVymUtJ81sMu3Bjx4jnOTvzX+roaADvV7KDSUSp41PmMbFPoV4tM
jo/ljWeBZELTcqJmawwrXUo7A4EhA8ls4L9FwfRTw7I5Wy8t5ODdrNxvouW6RzWL
43wTLi41xY83JTbqbGC8oxy9W8oOI56taGgLPlW8reN0N+2TY49TFWMgIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGk7MzFpFzsRik7eV/ZqXAVEpD3YMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvYVRzek1Xa1hPeEdLVHQ1WDltcGNCVVNrUGRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1jVMA0G
CSqGSIb3DQEBCwUAA4IBAQCuILFYsfqhdnZOmxU92BFP9JLo7gABGTqr3Akv3p8U
gqEvXUDlAq1l/NBSGF8ndnKaITTkOQA/a/4XC70rhBUcc/HRDlJ9w3aeOzms8P0K
Tu7JwVJ854l+tkuaKgghVJZ4RA2A1V+rSpDcVe5NyE75E1RnI992yyqgOCVvoIjh
KshugYj+YgKlVB8Kru6fSNwxwP/3ksuCUG0QhMDviMUsLB6ptJvsh8f7yWqEHWfW
zpCN+RDDVfpMnJiJM34nHbYetlWOch5OibL1L7461nDG+1rmCLstEWyPl1gxhsqj
+zyhrU0338bF+luHA66xmJ6oQSb8WFuDuZKHLVwUCMEB
-----END CERTIFICATE-----