Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/95cSESaxr4UJn8E6L5SyNJX2MQg.roa
File:                     95cSESaxr4UJn8E6L5SyNJX2MQg.roa (raw, json)
Hash identifier:          yLtxAaHutXdDe8D98mlhSKjA98cn9Y0/zpo8A/eIKSQ=
Subject key identifier:   F7:97:12:11:26:B1:AF:85:09:9F:C1:3A:2F:94:B2:34:95:F6:31:08
Certificate issuer:       /CN=f030658f16d2d88d34164592fcd4de13131f1695
Certificate serial:       01913726A380013641552BAECEF1018D620E
Authority key identifier: F0:30:65:8F:16:D2:D8:8D:34:16:45:92:FC:D4:DE:13:13:1F:16:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8DBljxbS2I00FkWS_NTeExMfFpU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/95cSESaxr4UJn8E6L5SyNJX2MQg.roa
Signing time:             Fri 09 Aug 2024 12:39:24 +0000
ROA not before:           Fri 09 Aug 2024 12:39:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216024
IP address blocks:        45.15.156.0/24 maxlen: 24
                          217.196.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/8DBljxbS2I00FkWS_NTeExMfFpU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/8DBljxbS2I00FkWS_NTeExMfFpU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8DBljxbS2I00FkWS_NTeExMfFpU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:37:26:a3:80:01:36:41:55:2b:ae:ce:f1:01:8d:62:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f030658f16d2d88d34164592fcd4de13131f1695
        Validity
            Not Before: Aug  9 12:39:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f797121126b1af85099fc13a2f94b23495f63108
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:af:5b:1e:cb:e7:ae:ae:e9:b4:81:e3:91:6a:
                    a9:11:5e:e6:b9:c7:df:43:19:7b:81:95:5b:3e:36:
                    ff:8b:67:98:26:ed:cb:b5:3e:f8:15:6e:76:f5:7e:
                    63:45:f3:60:d6:70:23:0c:3d:0c:fd:e3:73:eb:80:
                    97:a2:a1:84:64:a8:b8:f6:aa:7f:31:0b:8b:e9:8c:
                    6b:01:e0:81:6f:63:2c:34:f5:c4:87:bb:76:54:ca:
                    d2:41:f8:38:ba:98:9e:53:a4:b0:93:d0:4c:20:98:
                    cc:a4:62:16:7c:dc:7f:75:73:ad:b5:d5:cf:e9:14:
                    40:ad:5d:9c:88:76:4f:91:1b:2d:1f:81:e7:e6:86:
                    92:3c:c9:4b:3b:51:23:ac:81:73:f4:87:ea:a6:d2:
                    22:e4:38:b6:58:76:cd:7c:c9:c9:9c:b3:ab:7d:f5:
                    e4:d9:d7:c0:a5:6b:61:8f:bc:5c:5f:dd:6e:da:f6:
                    57:53:9b:a5:ab:19:b5:8f:fe:5d:6e:cf:98:84:b7:
                    d0:8e:d4:23:1e:4f:90:8d:a8:f9:37:51:f7:9c:82:
                    d9:26:74:db:63:0c:f5:6f:d3:04:47:46:63:14:fb:
                    06:d0:63:4b:50:f3:e0:09:82:62:76:2d:76:fb:66:
                    af:84:e4:01:1b:05:b3:9e:11:3b:49:81:6e:9d:dc:
                    22:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:97:12:11:26:B1:AF:85:09:9F:C1:3A:2F:94:B2:34:95:F6:31:08
            X509v3 Authority Key Identifier:
                keyid:F0:30:65:8F:16:D2:D8:8D:34:16:45:92:FC:D4:DE:13:13:1F:16:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8DBljxbS2I00FkWS_NTeExMfFpU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/95cSESaxr4UJn8E6L5SyNJX2MQg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/8DBljxbS2I00FkWS_NTeExMfFpU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.156.0/24
                  217.196.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:1c:35:4a:3a:98:51:77:c0:77:d5:d2:fa:4d:c1:1a:3c:95:
         9f:6f:ff:da:6c:f4:5d:06:08:1a:fa:2f:48:77:fd:fd:fe:7d:
         3d:37:ad:dd:7c:7d:5e:92:5a:33:bf:2b:63:67:46:3e:0f:46:
         66:7d:0f:71:7c:12:20:e6:e2:97:50:ee:38:0c:17:dd:38:2a:
         89:11:cb:81:5b:27:a2:77:eb:76:67:29:d2:95:9b:9f:45:3f:
         06:41:c9:4f:8a:2a:9e:52:7e:9c:8a:7e:f6:eb:fa:57:af:80:
         09:ea:b3:13:b1:e3:f4:b2:da:35:fd:00:38:78:6b:bb:97:92:
         c8:70:d9:b9:f5:8e:e4:1f:c3:95:ee:55:7a:86:05:04:10:5f:
         55:39:ab:d3:44:6c:9b:0b:d4:15:f4:75:da:95:c2:9d:83:d8:
         bc:15:31:26:16:32:0f:80:4d:47:1c:7c:db:cc:68:06:de:35:
         f1:0d:47:f9:0a:67:e2:ac:2a:ae:80:fa:12:46:7f:7b:ff:23:
         97:8a:fc:0c:82:97:f0:fd:e4:07:10:18:96:aa:ed:21:90:50:
         af:2c:70:cf:a7:c8:8c:02:13:99:2d:90:b1:fe:72:5a:f5:72:
         00:ed:93:8f:fd:32:8b:be:f8:f0:23:f3:3e:48:b9:7f:ec:dd:
         cc:90:5d:e0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZE3JqOAATZBVSuuzvEBjWIOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMzA2NThmMTZkMmQ4OGQzNDE2NDU5MmZjZDRkZTEzMTMx
ZjE2OTUwHhcNMjQwODA5MTIzOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzk3MTIxMTI2YjFhZjg1MDk5ZmMxM2EyZjk0YjIzNDk1ZjYzMTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1a9bHsvnrq7ptIHjkWqpEV7mucff
Qxl7gZVbPjb/i2eYJu3LtT74FW529X5jRfNg1nAjDD0M/eNz64CXoqGEZKi49qp/
MQuL6YxrAeCBb2MsNPXEh7t2VMrSQfg4upieU6Swk9BMIJjMpGIWfNx/dXOttdXP
6RRArV2ciHZPkRstH4Hn5oaSPMlLO1EjrIFz9IfqptIi5Di2WHbNfMnJnLOrffXk
2dfApWthj7xcX91u2vZXU5ulqxm1j/5dbs+YhLfQjtQjHk+Qjaj5N1H3nILZJnTb
Ywz1b9MER0ZjFPsG0GNLUPPgCYJidi12+2avhOQBGwWznhE7SYFundwigwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPeXEhEmsa+FCZ/BOi+UsjSV9jEIMB8GA1UdIwQY
MBaAFPAwZY8W0tiNNBZFkvzU3hMTHxaVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOERCbGp4YlMySTAwRmtXU19OVGVFeE1mRnBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi82NjkzZTMtODljYS00NGExLWE4YjYt
ODk0ODA1Mjg5Y2MwLzEvOTVjU0VTYXhyNFVKbjhFNkw1U3lOSlgyTVFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi82NjkzZTMtODljYS00NGExLWE4YjYtODk0ODA1Mjg5Y2Mw
LzEvOERCbGp4YlMySTAwRmtXU19OVGVFeE1mRnBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQ+cAwQA
2cRoMA0GCSqGSIb3DQEBCwUAA4IBAQBlHDVKOphRd8B31dL6TcEaPJWfb//abPRd
Bgga+i9Id/39/n09N63dfH1eklozvytjZ0Y+D0ZmfQ9xfBIg5uKXUO44DBfdOCqJ
EcuBWyeid+t2ZynSlZufRT8GQclPiiqeUn6cin726/pXr4AJ6rMTseP0sto1/QA4
eGu7l5LIcNm59Y7kH8OV7lV6hgUEEF9VOavTRGybC9QV9HXalcKdg9i8FTEmFjIP
gE1HHHzbzGgG3jXxDUf5CmfirCqugPoSRn97/yOXivwMgpfw/eQHEBiWqu0hkFCv
LHDPp8iMAhOZLZCx/nJa9XIA7ZOP/TKLvvjwI/M+SLl/7N3MkF3g
-----END CERTIFICATE-----