Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/1f4d56-bdd9-4116-954c-2240d27402fe/1/tftXyR1gKht19pz38x_BNSqKFEE.roa
File:                     tftXyR1gKht19pz38x_BNSqKFEE.roa (raw, json)
Hash identifier:          usHo9R1WngCxLqF9b4/7XoVOa0/xaIO8M0WJ1/RKBlA=
Subject key identifier:   B5:FB:57:C9:1D:60:2A:1B:75:F6:9C:F7:F3:1F:C1:35:2A:8A:14:41
Certificate issuer:       /CN=fea2da9911b31bf5b0d614912fdbf95bf1d7035b
Certificate serial:       018D5EC90E19C36F863DAB3A13A229A1181C
Authority key identifier: FE:A2:DA:99:11:B3:1B:F5:B0:D6:14:91:2F:DB:F9:5B:F1:D7:03:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_qLamRGzG_Ww1hSRL9v5W_HXA1s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/1f4d56-bdd9-4116-954c-2240d27402fe/1/tftXyR1gKht19pz38x_BNSqKFEE.roa
Signing time:             Wed 31 Jan 2024 09:10:51 +0000
ROA not before:           Wed 31 Jan 2024 09:10:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41236
IP address blocks:        195.35.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/1f4d56-bdd9-4116-954c-2240d27402fe/1/_qLamRGzG_Ww1hSRL9v5W_HXA1s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/1f4d56-bdd9-4116-954c-2240d27402fe/1/_qLamRGzG_Ww1hSRL9v5W_HXA1s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_qLamRGzG_Ww1hSRL9v5W_HXA1s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5e:c9:0e:19:c3:6f:86:3d:ab:3a:13:a2:29:a1:18:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fea2da9911b31bf5b0d614912fdbf95bf1d7035b
        Validity
            Not Before: Jan 31 09:10:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5fb57c91d602a1b75f69cf7f31fc1352a8a1441
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:f7:7c:19:a4:da:98:36:9e:86:2f:8e:2d:b8:
                    a6:a5:e8:84:38:4f:8d:0c:86:3c:22:6c:b3:84:7e:
                    28:c6:f8:f9:19:d2:33:94:34:51:52:d8:ac:d1:44:
                    79:d5:99:81:9e:94:8d:88:e3:08:e5:8e:4f:1a:39:
                    c6:48:24:6c:c9:42:da:a0:ba:09:44:2f:44:74:b0:
                    e1:bc:ed:f4:df:e3:2c:ee:27:61:fc:c5:43:0c:17:
                    5a:1b:47:7d:28:a5:ae:ce:3e:d3:21:3e:98:00:b5:
                    9c:25:95:9b:e5:e9:98:ff:8b:a8:36:38:7d:5b:ca:
                    52:36:7f:9c:88:e2:7f:50:8b:90:0c:51:6b:61:50:
                    07:2a:45:40:59:ce:fd:48:34:b9:98:37:da:5d:9e:
                    cb:5c:fc:dc:49:e6:b6:1c:41:ff:e6:3b:19:16:d6:
                    7b:b1:68:ab:86:3e:78:95:d0:9c:c9:9d:20:65:76:
                    96:bc:36:c7:f8:a5:81:de:67:3b:cd:00:6d:9d:f7:
                    ae:e3:7b:77:00:9a:d9:00:e8:c0:71:71:90:cd:32:
                    cb:5d:50:48:96:59:f5:0a:61:8a:47:d1:f9:fc:31:
                    f9:70:93:ae:2c:af:f6:f8:d9:3e:2d:93:0c:26:d4:
                    99:13:3e:55:d8:5d:1b:ea:90:2d:bd:63:66:19:68:
                    39:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:FB:57:C9:1D:60:2A:1B:75:F6:9C:F7:F3:1F:C1:35:2A:8A:14:41
            X509v3 Authority Key Identifier:
                keyid:FE:A2:DA:99:11:B3:1B:F5:B0:D6:14:91:2F:DB:F9:5B:F1:D7:03:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_qLamRGzG_Ww1hSRL9v5W_HXA1s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/1f4d56-bdd9-4116-954c-2240d27402fe/1/tftXyR1gKht19pz38x_BNSqKFEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/1f4d56-bdd9-4116-954c-2240d27402fe/1/_qLamRGzG_Ww1hSRL9v5W_HXA1s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:bb:52:f9:f8:79:c3:42:df:19:0d:1e:db:63:76:0e:54:5c:
         c8:bf:41:f5:36:56:9d:d7:2e:44:bf:88:1c:4f:46:21:6c:28:
         f9:26:6c:b1:9e:f4:1a:bf:32:7d:f8:0c:56:4c:98:c3:8b:f6:
         ba:f7:53:67:f1:dc:5c:c6:c9:c3:62:7a:9e:92:d7:32:c4:f7:
         99:e7:c1:90:c7:ea:01:f6:96:4e:7d:c4:ef:75:ae:4d:a2:64:
         42:6d:62:c9:fd:bf:6a:06:20:45:5e:b8:77:d7:1f:51:b3:16:
         00:e7:bf:54:19:55:5d:97:15:d9:24:99:55:7a:f5:e4:62:b2:
         6e:e3:72:75:78:13:a0:1d:16:c3:8a:7f:28:b7:48:7e:bc:a7:
         eb:10:4a:de:aa:84:82:6c:63:15:b4:3e:a7:ec:4e:dd:41:1c:
         ba:e6:b2:40:96:1e:6c:69:f7:2f:8e:aa:d4:40:19:33:c0:c1:
         0b:5c:be:4c:00:09:7b:13:4b:3c:9a:49:dc:ea:8c:f7:c6:a4:
         0f:96:a0:45:12:9e:97:75:82:31:c9:8a:57:14:24:1b:63:56:
         b2:dc:b8:f5:b9:4b:c8:d5:2a:1c:56:b3:f3:18:44:56:ec:2f:
         b8:d7:16:fa:59:16:3c:bf:7c:92:1e:c2:08:52:45:a0:77:f8:
         84:54:f1:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1eyQ4Zw2+GPas6E6IpoRgcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYTJkYTk5MTFiMzFiZjViMGQ2MTQ5MTJmZGJmOTViZjFk
NzAzNWIwHhcNMjQwMTMxMDkxMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWZiNTdjOTFkNjAyYTFiNzVmNjljZjdmMzFmYzEzNTJhOGExNDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5fd8GaTamDaehi+OLbimpeiEOE+N
DIY8ImyzhH4oxvj5GdIzlDRRUtis0UR51ZmBnpSNiOMI5Y5PGjnGSCRsyULaoLoJ
RC9EdLDhvO303+Ms7idh/MVDDBdaG0d9KKWuzj7TIT6YALWcJZWb5emY/4uoNjh9
W8pSNn+ciOJ/UIuQDFFrYVAHKkVAWc79SDS5mDfaXZ7LXPzcSea2HEH/5jsZFtZ7
sWirhj54ldCcyZ0gZXaWvDbH+KWB3mc7zQBtnfeu43t3AJrZAOjAcXGQzTLLXVBI
lln1CmGKR9H5/DH5cJOuLK/2+Nk+LZMMJtSZEz5V2F0b6pAtvWNmGWg59wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLX7V8kdYCobdfac9/MfwTUqihRBMB8GA1UdIwQY
MBaAFP6i2pkRsxv1sNYUkS/b+Vvx1wNbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3FMYW1SR3pHX1d3MWhTUkw5djVXX0hYQTFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC8xZjRkNTYtYmRkOS00MTE2LTk1NGMt
MjI0MGQyNzQwMmZlLzEvdGZ0WHlSMWdLaHQxOXB6Mzh4X0JOU3FLRkVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC8xZjRkNTYtYmRkOS00MTE2LTk1NGMtMjI0MGQyNzQwMmZl
LzEvX3FMYW1SR3pHX1d3MWhTUkw5djVXX0hYQTFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwyNkMA0G
CSqGSIb3DQEBCwUAA4IBAQAQu1L5+HnDQt8ZDR7bY3YOVFzIv0H1Nlad1y5Ev4gc
T0YhbCj5JmyxnvQavzJ9+AxWTJjDi/a691Nn8dxcxsnDYnqektcyxPeZ58GQx+oB
9pZOfcTvda5NomRCbWLJ/b9qBiBFXrh31x9RsxYA579UGVVdlxXZJJlVevXkYrJu
43J1eBOgHRbDin8ot0h+vKfrEEreqoSCbGMVtD6n7E7dQRy65rJAlh5safcvjqrU
QBkzwMELXL5MAAl7E0s8mknc6oz3xqQPlqBFEp6XdYIxyYpXFCQbY1ay3Lj1uUvI
1SocVrPzGERW7C+41xb6WRY8v3ySHsIIUkWgd/iEVPFT
-----END CERTIFICATE-----