Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/5a3f0b-86f5-406e-91d5-8fd4c024488e/1/_AowbM8o0Hxcfl9b66m1thflkbE.roa
File:                     _AowbM8o0Hxcfl9b66m1thflkbE.roa (raw, json)
Hash identifier:          7jnq9pFOjFIFBWoL004M5P7aZUCc9yOBg0GeoJYceIM=
Subject key identifier:   FC:0A:30:6C:CF:28:D0:7C:5C:7E:5F:5B:EB:A9:B5:B6:17:E5:91:B1
Certificate issuer:       /CN=f2485875c8470e6aacdc94742105f30c597ac2bb
Certificate serial:       018CC86F027ACA6C52C7C01717858ECB5E1C
Authority key identifier: F2:48:58:75:C8:47:0E:6A:AC:DC:94:74:21:05:F3:0C:59:7A:C2:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8khYdchHDmqs3JR0IQXzDFl6wrs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/5a3f0b-86f5-406e-91d5-8fd4c024488e/1/_AowbM8o0Hxcfl9b66m1thflkbE.roa
Signing time:             Tue 02 Jan 2024 04:29:27 +0000
ROA not before:           Tue 02 Jan 2024 04:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202779
IP address blocks:        95.215.220.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/5a3f0b-86f5-406e-91d5-8fd4c024488e/1/8khYdchHDmqs3JR0IQXzDFl6wrs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/5a3f0b-86f5-406e-91d5-8fd4c024488e/1/8khYdchHDmqs3JR0IQXzDFl6wrs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8khYdchHDmqs3JR0IQXzDFl6wrs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:02:7a:ca:6c:52:c7:c0:17:17:85:8e:cb:5e:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2485875c8470e6aacdc94742105f30c597ac2bb
        Validity
            Not Before: Jan  2 04:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc0a306ccf28d07c5c7e5f5beba9b5b617e591b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:fe:8d:98:4c:7c:c8:55:35:57:79:af:18:41:
                    9d:65:e2:cd:4e:e0:a3:76:02:d1:60:02:2b:a1:19:
                    ce:02:08:87:db:1e:6c:04:34:50:fb:94:b5:68:81:
                    2d:29:d1:3d:dd:d9:27:65:bb:7f:7a:76:9f:35:e2:
                    47:bd:0d:04:06:29:ce:52:9f:24:ff:ee:1e:b4:fc:
                    67:16:46:9a:ce:4a:a0:e9:24:3c:52:be:ba:70:76:
                    4e:c1:f7:41:05:1f:a8:2f:01:b9:3c:f0:46:fe:c5:
                    23:53:40:06:bf:f8:59:a1:0e:de:67:66:3a:0b:65:
                    95:07:aa:18:45:08:31:37:ad:8c:49:85:89:c1:5e:
                    33:a2:b9:e0:9d:75:59:7b:b7:bd:2c:e5:61:ee:a7:
                    59:18:91:7b:97:de:54:6c:9d:be:d6:c0:80:ba:11:
                    8e:ca:b9:09:f0:7a:4c:75:df:23:a3:86:ff:9b:86:
                    0e:54:bd:b6:0e:1f:95:9f:91:92:74:9c:de:24:af:
                    83:5e:8f:fc:b9:c7:b6:8e:2b:f7:bc:56:cc:cd:8b:
                    50:6b:1c:14:d1:80:dc:bc:cd:6f:4d:d8:97:9c:0c:
                    8e:8a:76:57:d8:8f:66:74:d4:c8:fe:0e:be:ba:c3:
                    87:40:3e:58:b1:5e:13:bc:9d:21:a2:47:6d:0a:10:
                    77:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:0A:30:6C:CF:28:D0:7C:5C:7E:5F:5B:EB:A9:B5:B6:17:E5:91:B1
            X509v3 Authority Key Identifier:
                keyid:F2:48:58:75:C8:47:0E:6A:AC:DC:94:74:21:05:F3:0C:59:7A:C2:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8khYdchHDmqs3JR0IQXzDFl6wrs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/5a3f0b-86f5-406e-91d5-8fd4c024488e/1/_AowbM8o0Hxcfl9b66m1thflkbE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/5a3f0b-86f5-406e-91d5-8fd4c024488e/1/8khYdchHDmqs3JR0IQXzDFl6wrs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.215.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         07:a3:df:8b:f9:e0:45:96:b9:21:fe:31:88:de:54:3f:e2:80:
         d6:b6:a5:30:87:5f:64:ba:1d:8a:e1:15:49:47:b9:1d:ba:c9:
         02:22:1b:bf:21:3f:8a:9e:b9:bf:74:21:8e:36:ed:8c:0d:d2:
         41:34:4d:ca:b8:c6:11:5d:33:1f:6d:0e:90:05:c0:08:6f:3f:
         f4:ea:ce:61:6c:71:49:aa:db:1e:c5:88:78:8e:1d:de:98:d3:
         a9:be:29:6a:89:fa:1b:29:84:ac:6a:e7:a7:c1:75:b0:5e:e5:
         d9:ea:e5:87:35:2d:75:5c:69:e7:a7:35:d3:84:63:a7:da:45:
         29:0b:2a:08:bc:d5:0c:ee:2d:e2:39:b6:a0:67:7d:89:31:08:
         87:8d:24:96:dc:52:2d:d2:94:62:80:36:f8:ad:b7:4a:e2:61:
         89:65:dc:aa:4d:a6:77:28:1f:84:c8:9d:2b:88:a3:50:6a:7e:
         d7:d2:47:f6:c1:b9:35:85:67:f9:64:11:ec:4f:b6:fa:48:bf:
         68:d9:32:df:7e:8c:69:1c:8c:d1:a1:9c:51:62:a2:d6:11:c5:
         28:42:c8:e8:2c:40:f6:bf:53:95:8a:b9:02:97:fe:26:7d:05:
         93:dc:2d:ed:d7:d9:c2:ff:8b:98:cc:ce:92:2c:ee:de:c7:c7:
         ce:5f:89:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbwJ6ymxSx8AXF4WOy14cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyNDg1ODc1Yzg0NzBlNmFhY2RjOTQ3NDIxMDVmMzBjNTk3
YWMyYmIwHhcNMjQwMTAyMDQyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzBhMzA2Y2NmMjhkMDdjNWM3ZTVmNWJlYmE5YjViNjE3ZTU5MWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh/6NmEx8yFU1V3mvGEGdZeLNTuCj
dgLRYAIroRnOAgiH2x5sBDRQ+5S1aIEtKdE93dknZbt/enafNeJHvQ0EBinOUp8k
/+4etPxnFkaazkqg6SQ8Ur66cHZOwfdBBR+oLwG5PPBG/sUjU0AGv/hZoQ7eZ2Y6
C2WVB6oYRQgxN62MSYWJwV4zorngnXVZe7e9LOVh7qdZGJF7l95UbJ2+1sCAuhGO
yrkJ8HpMdd8jo4b/m4YOVL22Dh+Vn5GSdJzeJK+DXo/8uce2jiv3vFbMzYtQaxwU
0YDcvM1vTdiXnAyOinZX2I9mdNTI/g6+usOHQD5YsV4TvJ0hokdtChB3TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPwKMGzPKNB8XH5fW+uptbYX5ZGxMB8GA1UdIwQY
MBaAFPJIWHXIRw5qrNyUdCEF8wxZesK7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGtoWWRjaEhEbXFzM0pSMElRWHpERmw2d3JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS81YTNmMGItODZmNS00MDZlLTkxZDUt
OGZkNGMwMjQ0ODhlLzEvX0Fvd2JNOG8wSHhjZmw5YjY2bTF0aGZsa2JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS81YTNmMGItODZmNS00MDZlLTkxZDUtOGZkNGMwMjQ0ODhl
LzEvOGtoWWRjaEhEbXFzM0pSMElRWHpERmw2d3JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBX9fcMA0G
CSqGSIb3DQEBCwUAA4IBAQAHo9+L+eBFlrkh/jGI3lQ/4oDWtqUwh19kuh2K4RVJ
R7kduskCIhu/IT+Knrm/dCGONu2MDdJBNE3KuMYRXTMfbQ6QBcAIbz/06s5hbHFJ
qtsexYh4jh3emNOpvilqifobKYSsauenwXWwXuXZ6uWHNS11XGnnpzXThGOn2kUp
CyoIvNUM7i3iObagZ32JMQiHjSSW3FIt0pRigDb4rbdK4mGJZdyqTaZ3KB+EyJ0r
iKNQan7X0kf2wbk1hWf5ZBHsT7b6SL9o2TLffoxpHIzRoZxRYqLWEcUoQsjoLED2
v1OVirkCl/4mfQWT3C3t19nC/4uYzM6SLO7ex8fOX4mk
-----END CERTIFICATE-----