Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/KT5bLeDxqU5LEXTyzGgfqeJmiPg.roa
File:                     KT5bLeDxqU5LEXTyzGgfqeJmiPg.roa (raw, json)
Hash identifier:          NjSm9iLLz5jAcS9mEwtYOLZzHnFn6XZc0vOY21tw4iE=
Subject key identifier:   29:3E:5B:2D:E0:F1:A9:4E:4B:11:74:F2:CC:68:1F:A9:E2:66:88:F8
Certificate issuer:       /CN=aedaeea9117a1d5ccc320222955a09faa0798fd9
Certificate serial:       018CC64B1F597EB97F67A0AB2C2F37C166A4
Authority key identifier: AE:DA:EE:A9:11:7A:1D:5C:CC:32:02:22:95:5A:09:FA:A0:79:8F:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rtruqRF6HVzMMgIilVoJ-qB5j9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/KT5bLeDxqU5LEXTyzGgfqeJmiPg.roa
Signing time:             Mon 01 Jan 2024 18:31:01 +0000
ROA not before:           Mon 01 Jan 2024 18:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     18692
IP address blocks:        95.172.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/rtruqRF6HVzMMgIilVoJ-qB5j9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/rtruqRF6HVzMMgIilVoJ-qB5j9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rtruqRF6HVzMMgIilVoJ-qB5j9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:1f:59:7e:b9:7f:67:a0:ab:2c:2f:37:c1:66:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aedaeea9117a1d5ccc320222955a09faa0798fd9
        Validity
            Not Before: Jan  1 18:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=293e5b2de0f1a94e4b1174f2cc681fa9e26688f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:27:d5:ca:f4:b2:d7:98:f5:3b:9b:9c:7c:94:
                    d4:a1:02:f2:03:22:07:ae:4d:46:de:1e:22:b9:d3:
                    aa:b3:88:4f:9b:2c:36:e2:15:df:5c:66:4e:c3:97:
                    f2:53:26:45:0d:33:df:0c:f8:46:e9:f2:49:40:5e:
                    a7:14:88:c9:62:e6:18:e5:6f:d2:3c:5b:b4:20:4d:
                    06:65:89:b5:ed:13:a0:ec:a2:ac:82:78:f7:87:65:
                    34:fa:46:d9:1b:0e:59:d0:ee:74:b5:72:56:65:e1:
                    92:d7:e5:6b:92:f4:f9:a9:2a:c8:63:be:94:41:49:
                    77:59:ee:a0:98:c7:9a:86:6a:10:bd:18:79:cc:fe:
                    f4:11:6d:8b:8e:9c:ca:21:2e:b5:4c:9f:7a:c5:fe:
                    c1:3d:59:67:0d:24:04:2e:54:2c:1e:60:84:db:54:
                    cb:12:dc:77:96:2f:bf:11:eb:2e:29:b8:09:29:47:
                    a6:41:3c:1b:fe:f8:aa:d7:b2:4a:f1:5c:82:95:5f:
                    24:ce:bf:88:45:8c:54:d8:90:5c:b9:69:62:d7:2b:
                    7d:26:8a:4f:06:9a:bd:97:b7:04:54:a1:ff:4b:88:
                    ea:b8:c0:2e:8a:e0:2d:7b:5c:d1:66:97:ac:b2:da:
                    79:f3:66:e9:06:9d:01:48:3d:49:bf:a5:2b:01:b6:
                    1d:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:3E:5B:2D:E0:F1:A9:4E:4B:11:74:F2:CC:68:1F:A9:E2:66:88:F8
            X509v3 Authority Key Identifier:
                keyid:AE:DA:EE:A9:11:7A:1D:5C:CC:32:02:22:95:5A:09:FA:A0:79:8F:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rtruqRF6HVzMMgIilVoJ-qB5j9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/KT5bLeDxqU5LEXTyzGgfqeJmiPg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/rtruqRF6HVzMMgIilVoJ-qB5j9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.172.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:51:e8:ce:a2:32:1b:91:7d:b0:68:32:aa:95:de:e0:93:cc:
         bb:f5:44:53:55:c5:0d:ba:26:8c:2c:a7:44:97:1a:99:ca:bf:
         c3:04:cd:98:57:3a:9b:93:11:62:b6:ff:a7:4b:0b:ee:0c:a8:
         73:08:f2:20:d8:ca:68:a1:12:2d:e7:d1:8c:be:b9:71:78:b4:
         fc:8d:a0:c5:8f:ab:14:27:97:30:8e:3d:14:8d:ac:b5:48:f4:
         41:bf:7d:f0:fa:e3:a0:ab:f4:ae:b4:26:f6:7b:73:7a:fc:ca:
         e2:a9:0b:5b:33:70:64:ea:74:dc:50:cc:05:0b:c3:8c:86:98:
         00:eb:9f:67:6f:9f:3e:b3:b1:a8:32:03:8a:87:23:ff:b9:c3:
         2a:cb:91:1d:9f:96:9b:96:04:83:f8:85:fc:ae:5f:e9:8c:c8:
         c2:fb:9f:2a:a3:69:4e:3e:5e:bc:9d:8a:b2:73:42:75:4d:a4:
         c4:1e:11:3e:98:c8:3e:11:99:cf:aa:1c:25:d6:f9:1b:1d:89:
         44:41:9f:69:91:1e:dd:80:af:c0:9a:bb:57:d4:fc:39:dd:0a:
         49:f8:6a:e0:f4:02:e6:d3:48:25:36:d0:dd:a8:5d:87:2f:36:
         32:99:6a:3d:dd:81:fd:c4:a7:5b:be:1c:ba:16:15:8b:ff:cc:
         03:fa:1f:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSx9Zfrl/Z6CrLC83wWakMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZGFlZWE5MTE3YTFkNWNjYzMyMDIyMjk1NWEwOWZhYTA3
OThmZDkwHhcNMjQwMTAxMTgzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTNlNWIyZGUwZjFhOTRlNGIxMTc0ZjJjYzY4MWZhOWUyNjY4OGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqSfVyvSy15j1O5ucfJTUoQLyAyIH
rk1G3h4iudOqs4hPmyw24hXfXGZOw5fyUyZFDTPfDPhG6fJJQF6nFIjJYuYY5W/S
PFu0IE0GZYm17ROg7KKsgnj3h2U0+kbZGw5Z0O50tXJWZeGS1+VrkvT5qSrIY76U
QUl3We6gmMeahmoQvRh5zP70EW2LjpzKIS61TJ96xf7BPVlnDSQELlQsHmCE21TL
Etx3li+/EesuKbgJKUemQTwb/viq17JK8VyClV8kzr+IRYxU2JBcuWli1yt9JopP
Bpq9l7cEVKH/S4jquMAuiuAte1zRZpesstp582bpBp0BSD1Jv6UrAbYdSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCk+Wy3g8alOSxF08sxoH6niZoj4MB8GA1UdIwQY
MBaAFK7a7qkReh1czDICIpVaCfqgeY/ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnRydXFSRjZIVnpNTWdJaWxWb0otcUI1ajlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9hMTNiMDEtNDE1My00ZWE1LWJmMjEt
OTk4NjhjNTEzMjlhLzEvS1Q1YkxlRHhxVTVMRVhUeXpHZ2ZxZUptaVBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9hMTNiMDEtNDE1My00ZWE1LWJmMjEtOTk4NjhjNTEzMjlh
LzEvcnRydXFSRjZIVnpNTWdJaWxWb0otcUI1ajlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6xIMA0G
CSqGSIb3DQEBCwUAA4IBAQBmUejOojIbkX2waDKqld7gk8y79URTVcUNuiaMLKdE
lxqZyr/DBM2YVzqbkxFitv+nSwvuDKhzCPIg2MpooRIt59GMvrlxeLT8jaDFj6sU
J5cwjj0Ujay1SPRBv33w+uOgq/SutCb2e3N6/MriqQtbM3Bk6nTcUMwFC8OMhpgA
659nb58+s7GoMgOKhyP/ucMqy5Edn5ablgSD+IX8rl/pjMjC+58qo2lOPl68nYqy
c0J1TaTEHhE+mMg+EZnPqhwl1vkbHYlEQZ9pkR7dgK/AmrtX1Pw53QpJ+Grg9ALm
00glNtDdqF2HLzYymWo93YH9xKdbvhy6FhWL/8wD+h+e
-----END CERTIFICATE-----