Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/3qZFYcShwyZpC837Af3Hhi-BpA8.roa
File:                     3qZFYcShwyZpC837Af3Hhi-BpA8.roa (raw, json)
Hash identifier:          pwJ9iwXEN89e4WCAnZbbhVg5VXAHEHTTCPITxIpPrgo=
Subject key identifier:   DE:A6:45:61:C4:A1:C3:26:69:0B:CD:FB:01:FD:C7:86:2F:81:A4:0F
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018FC99F8D3E09B65C429B477D07D1C573B1
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/3qZFYcShwyZpC837Af3Hhi-BpA8.roa
Signing time:             Thu 30 May 2024 13:10:27 +0000
ROA not before:           Thu 30 May 2024 13:10:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214804
IP address blocks:        185.106.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c9:9f:8d:3e:09:b6:5c:42:9b:47:7d:07:d1:c5:73:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: May 30 13:10:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dea64561c4a1c326690bcdfb01fdc7862f81a40f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:61:7b:03:28:5b:5c:f0:89:21:b2:48:bf:34:
                    ea:71:08:e4:86:63:52:c4:8f:4c:2a:26:2e:cf:0d:
                    52:d8:ee:d1:8f:4f:0a:81:10:d9:d5:37:99:44:dd:
                    fe:b0:35:d2:5a:50:71:86:5f:c6:da:57:4a:4d:31:
                    48:38:1a:82:6a:9f:46:1c:cd:29:e1:cc:7a:4a:e1:
                    9a:24:13:d5:54:2d:3e:14:b9:cd:48:b5:51:69:06:
                    c0:c3:ce:6f:a8:ad:5b:e9:e7:4e:ba:93:dc:49:f4:
                    6c:f3:36:d3:55:97:8e:b8:eb:00:3e:8c:3e:7f:62:
                    92:cb:9c:d6:5c:48:4c:19:6a:3b:ad:27:8b:a7:fa:
                    ba:95:73:14:cf:64:98:2e:fb:29:b2:a7:9b:31:9b:
                    ac:ba:4f:7b:9c:51:a8:74:27:4b:ee:2a:23:09:73:
                    37:46:48:47:13:73:3e:d2:d8:2f:ac:30:5b:b6:1a:
                    18:b6:95:6c:5e:52:c4:04:5f:aa:5c:84:d1:67:fa:
                    19:e5:99:17:e0:42:a0:6e:92:de:b1:3c:80:33:b1:
                    69:6f:00:8f:eb:e3:71:75:da:81:fd:6f:ea:3f:70:
                    00:72:30:b1:38:53:79:36:c6:e7:3d:0a:21:d9:3d:
                    f3:e7:e4:b6:64:da:16:17:c2:8f:50:fe:2f:1c:b1:
                    71:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:A6:45:61:C4:A1:C3:26:69:0B:CD:FB:01:FD:C7:86:2F:81:A4:0F
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/3qZFYcShwyZpC837Af3Hhi-BpA8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.106.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:b9:79:14:3b:3e:2d:c8:3b:3d:6e:28:e5:d7:29:ba:ff:41:
         03:bf:4e:97:e4:a0:cb:05:c2:98:94:1c:90:88:49:bb:96:c0:
         79:b3:56:60:fa:15:9b:4e:c2:36:97:66:43:92:59:3d:d8:d4:
         de:1f:e1:df:52:f7:b8:51:90:45:b3:db:22:39:26:f7:59:8d:
         b1:53:d4:5f:64:ba:89:33:32:44:6e:20:5b:93:8a:66:3b:99:
         7c:d8:2f:f8:fa:10:9d:d1:6b:c4:94:34:ad:38:4d:d1:3e:5f:
         8f:41:92:07:5b:ca:87:c3:9b:cd:e6:6b:22:07:bd:c6:c5:68:
         b3:34:b0:d5:21:ce:18:e7:cb:55:a7:c4:7a:98:fb:6e:c4:69:
         7f:65:6e:78:fe:f6:df:79:e9:4e:7a:3a:8c:06:a8:d5:22:7d:
         3d:77:b4:02:ec:b4:7a:ea:09:0e:ca:b7:9b:cc:10:15:75:96:
         c3:63:ca:6e:57:ba:58:b7:78:cf:4f:f5:1b:01:26:2e:58:57:
         39:37:8f:b3:b7:51:0a:34:05:f3:f9:6f:9d:8d:6b:8f:42:9c:
         b8:42:0d:77:3c:6f:86:1c:71:02:13:cf:a6:81:45:7e:75:d7:
         c5:23:e6:c3:ae:a4:56:68:b6:13:04:d6:5f:fb:6c:c9:63:72:
         a1:27:be:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/Jn40+CbZcQptHfQfRxXOxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwNTMwMTMxMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWE2NDU2MWM0YTFjMzI2NjkwYmNkZmIwMWZkYzc4NjJmODFhNDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8GF7AyhbXPCJIbJIvzTqcQjkhmNS
xI9MKiYuzw1S2O7Rj08KgRDZ1TeZRN3+sDXSWlBxhl/G2ldKTTFIOBqCap9GHM0p
4cx6SuGaJBPVVC0+FLnNSLVRaQbAw85vqK1b6edOupPcSfRs8zbTVZeOuOsAPow+
f2KSy5zWXEhMGWo7rSeLp/q6lXMUz2SYLvspsqebMZusuk97nFGodCdL7iojCXM3
RkhHE3M+0tgvrDBbthoYtpVsXlLEBF+qXITRZ/oZ5ZkX4EKgbpLesTyAM7FpbwCP
6+NxddqB/W/qP3AAcjCxOFN5NsbnPQoh2T3z5+S2ZNoWF8KPUP4vHLFxLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN6mRWHEocMmaQvN+wH9x4YvgaQPMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvM3FaRlljU2h3eVpwQzgzN0FmM0hoaS1CcEE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWpfMA0G
CSqGSIb3DQEBCwUAA4IBAQCNuXkUOz4tyDs9bijl1ym6/0EDv06X5KDLBcKYlByQ
iEm7lsB5s1Zg+hWbTsI2l2ZDklk92NTeH+HfUve4UZBFs9siOSb3WY2xU9RfZLqJ
MzJEbiBbk4pmO5l82C/4+hCd0WvElDStOE3RPl+PQZIHW8qHw5vN5msiB73GxWiz
NLDVIc4Y58tVp8R6mPtuxGl/ZW54/vbfeelOejqMBqjVIn09d7QC7LR66gkOyreb
zBAVdZbDY8puV7pYt3jPT/UbASYuWFc5N4+zt1EKNAXz+W+djWuPQpy4Qg13PG+G
HHECE8+mgUV+ddfFI+bDrqRWaLYTBNZf+2zJY3KhJ74L
-----END CERTIFICATE-----