Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/GpWKh2iTfcpcTXHvtYmZerVmxb0.roa
File:                     GpWKh2iTfcpcTXHvtYmZerVmxb0.roa (raw, json)
Hash identifier:          ZJKdHxgwr7Q9x9XZZPo7mVDaf6vQ3V6DWLe2LLf/6m0=
Subject key identifier:   1A:95:8A:87:68:93:7D:CA:5C:4D:71:EF:B5:89:99:7A:B5:66:C5:BD
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DFA248225DAA44B2E34C9ED0F84047
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/GpWKh2iTfcpcTXHvtYmZerVmxb0.roa
Signing time:             Tue 02 Jan 2024 06:32:28 +0000
ROA not before:           Tue 02 Jan 2024 06:32:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199726
IP address blocks:        45.95.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:a2:48:22:5d:aa:44:b2:e3:4c:9e:d0:f8:40:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a958a8768937dca5c4d71efb589997ab566c5bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:5d:fc:f9:f1:dc:4d:1a:b5:03:bc:6d:18:b5:
                    92:9c:fe:94:d0:1e:47:47:58:48:eb:e3:53:2a:4f:
                    a2:c5:b3:56:85:0f:af:68:2e:a9:ac:7f:83:53:fe:
                    43:81:4a:af:ca:50:c3:d5:fc:b8:80:c1:10:de:10:
                    aa:c8:5b:01:9d:18:67:ff:45:a5:ac:59:1c:8e:d3:
                    ca:ed:6e:7a:c5:57:c8:30:c3:89:41:51:2d:53:a4:
                    61:8e:42:e1:a2:af:3e:9a:be:2f:32:a8:0e:97:68:
                    db:99:3f:cd:6d:90:44:22:b6:53:6d:df:6c:ed:e6:
                    75:5e:86:e4:f5:54:68:60:c0:e9:bb:94:a1:c5:f2:
                    e7:ab:71:a5:69:24:25:2a:f3:84:0b:2f:7b:c3:2d:
                    1a:a6:9a:ab:34:e8:65:59:c1:ce:f2:86:08:27:d0:
                    26:55:56:3d:f4:d4:3c:4f:39:d0:84:f6:e0:78:d3:
                    d0:84:03:34:78:ab:19:d0:08:4c:4c:12:04:4b:f5:
                    0f:d6:de:f1:3b:df:09:90:6a:f4:db:89:08:ca:b8:
                    55:7b:bb:ac:20:f9:72:49:83:da:ea:27:83:21:a4:
                    74:99:16:bb:ff:33:ab:ba:be:43:16:16:3f:ef:04:
                    af:31:1d:39:a0:ee:c1:54:c7:f0:8d:5a:3f:6e:93:
                    b1:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:95:8A:87:68:93:7D:CA:5C:4D:71:EF:B5:89:99:7A:B5:66:C5:BD
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/GpWKh2iTfcpcTXHvtYmZerVmxb0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:b5:db:0d:b3:95:37:ab:22:83:a0:35:e0:35:27:e3:a0:04:
         29:08:70:e4:34:3e:f6:6a:bd:36:76:ee:b4:69:53:6b:ac:df:
         e5:86:14:e4:2b:0e:66:bd:37:b4:c0:c9:ce:0e:4b:7f:34:42:
         35:12:12:5a:3f:ae:e5:78:71:2f:fd:88:e2:a4:b9:cb:07:42:
         86:78:66:62:4d:1e:de:12:47:19:8e:c8:ca:1e:fd:da:0c:45:
         11:ad:40:a7:05:c2:5f:30:1f:14:0a:0a:66:55:4f:c0:49:51:
         ca:b9:d6:f4:f6:af:d2:7f:ef:25:35:01:07:46:4f:4d:eb:1d:
         65:28:f8:04:78:ac:d2:8d:4e:ea:52:f1:e6:35:b1:8a:0b:0f:
         e5:4e:50:68:d6:9d:d0:01:38:50:45:ac:98:7c:4b:13:cb:fe:
         c4:13:11:15:aa:3c:0d:38:ae:46:96:63:2f:8e:a4:9b:af:22:
         35:99:0d:d0:21:0f:aa:6a:80:ac:99:41:41:c2:ed:46:72:a8:
         58:5f:3c:7c:15:c9:c3:38:98:12:7b:72:23:d6:26:a8:1d:a0:
         af:77:21:a5:6d:ac:78:27:eb:5b:b4:cd:5a:41:8e:a3:13:e7:
         22:18:07:47:8a:71:16:8c:2c:b6:21:e9:69:63:77:6d:fa:8c:
         23:49:f5:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI36JIIl2qRLLjTJ7Q+EBHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTk1OGE4NzY4OTM3ZGNhNWM0ZDcxZWZiNTg5OTk3YWI1NjZjNWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnl38+fHcTRq1A7xtGLWSnP6U0B5H
R1hI6+NTKk+ixbNWhQ+vaC6prH+DU/5DgUqvylDD1fy4gMEQ3hCqyFsBnRhn/0Wl
rFkcjtPK7W56xVfIMMOJQVEtU6RhjkLhoq8+mr4vMqgOl2jbmT/NbZBEIrZTbd9s
7eZ1Xobk9VRoYMDpu5ShxfLnq3GlaSQlKvOECy97wy0appqrNOhlWcHO8oYIJ9Am
VVY99NQ8TznQhPbgeNPQhAM0eKsZ0AhMTBIES/UP1t7xO98JkGr024kIyrhVe7us
IPlySYPa6ieDIaR0mRa7/zOrur5DFhY/7wSvMR05oO7BVMfwjVo/bpOxuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBqViodok33KXE1x77WJmXq1ZsW9MB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvR3BXS2gyaVRmY3BjVFhIdnRZbVplclZteGIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV/IMA0G
CSqGSIb3DQEBCwUAA4IBAQCXtdsNs5U3qyKDoDXgNSfjoAQpCHDkND72ar02du60
aVNrrN/lhhTkKw5mvTe0wMnODkt/NEI1EhJaP67leHEv/YjipLnLB0KGeGZiTR7e
EkcZjsjKHv3aDEURrUCnBcJfMB8UCgpmVU/ASVHKudb09q/Sf+8lNQEHRk9N6x1l
KPgEeKzSjU7qUvHmNbGKCw/lTlBo1p3QAThQRayYfEsTy/7EExEVqjwNOK5GlmMv
jqSbryI1mQ3QIQ+qaoCsmUFBwu1GcqhYXzx8FcnDOJgSe3Ij1iaoHaCvdyGlbax4
J+tbtM1aQY6jE+ciGAdHinEWjCy2IelpY3dt+owjSfUl
-----END CERTIFICATE-----