Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/1--qhbrdJmYtRUfEAouLx_84V368.roa
File:                     1--qhbrdJmYtRUfEAouLx_84V368.roa (raw, json)
Hash identifier:          NhUqf/vW4DyrSFnnPPntvJe+9ZUzCh8nz+9wfqB59F8=
Subject key identifier:   FB:EA:A1:6E:B7:49:99:8B:51:51:F1:00:A2:E2:F1:FF:CE:15:DF:AF
Certificate issuer:       /CN=0e75fb4f52a829d136e29a9a025c636d19ae328e
Certificate serial:       018CC500922DE52FCFFEB3917089B4E1267E
Authority key identifier: 0E:75:FB:4F:52:A8:29:D1:36:E2:9A:9A:02:5C:63:6D:19:AE:32:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DnX7T1KoKdE24pqaAlxjbRmuMo4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/1--qhbrdJmYtRUfEAouLx_84V368.roa
Signing time:             Mon 01 Jan 2024 12:29:57 +0000
ROA not before:           Mon 01 Jan 2024 12:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205368
IP address blocks:        77.95.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/DnX7T1KoKdE24pqaAlxjbRmuMo4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/DnX7T1KoKdE24pqaAlxjbRmuMo4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DnX7T1KoKdE24pqaAlxjbRmuMo4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 16:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:92:2d:e5:2f:cf:fe:b3:91:70:89:b4:e1:26:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e75fb4f52a829d136e29a9a025c636d19ae328e
        Validity
            Not Before: Jan  1 12:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fbeaa16eb749998b5151f100a2e2f1ffce15dfaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:14:cf:5e:55:dd:fb:f5:1e:64:d8:f2:f4:68:
                    74:18:e7:46:a6:f4:cf:3c:2c:ca:fe:42:25:60:e8:
                    4a:5d:9f:22:7f:7d:a0:6a:35:0b:70:5d:f5:33:32:
                    2b:b8:fc:fd:f1:20:bd:04:cb:7e:af:48:2f:9d:9d:
                    a1:6d:4f:8d:a1:b9:eb:78:4e:20:6c:b8:08:2e:8c:
                    9b:46:15:18:7c:ae:cd:32:3e:74:16:56:7c:60:05:
                    8d:e3:7c:d5:37:e8:11:74:73:6c:b4:0e:54:d8:87:
                    20:7d:c6:4f:c7:ac:f7:10:9f:24:72:62:24:3f:fb:
                    b7:4c:92:c5:71:7b:bd:9d:7c:1b:f5:bf:ce:5d:4b:
                    35:5e:5b:3b:29:e9:45:fc:5b:62:01:9c:6c:26:81:
                    28:9b:7a:eb:3b:16:d7:54:d9:85:f4:ac:44:60:44:
                    d5:e8:8d:89:69:6e:df:42:21:df:f3:54:08:4b:19:
                    26:07:3e:fd:6f:d7:80:d5:92:6d:1f:d8:3a:ed:fd:
                    f8:a8:dc:1c:c9:82:15:b1:92:24:0f:c7:b0:ca:d5:
                    87:b6:df:33:4e:a4:49:26:49:93:8e:73:0b:5b:07:
                    e3:6b:4c:19:bb:23:cb:bf:c9:32:d8:b1:50:27:37:
                    08:40:dd:5f:ea:46:ec:6f:69:5c:86:65:ef:b8:bf:
                    ac:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:EA:A1:6E:B7:49:99:8B:51:51:F1:00:A2:E2:F1:FF:CE:15:DF:AF
            X509v3 Authority Key Identifier:
                keyid:0E:75:FB:4F:52:A8:29:D1:36:E2:9A:9A:02:5C:63:6D:19:AE:32:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DnX7T1KoKdE24pqaAlxjbRmuMo4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/1--qhbrdJmYtRUfEAouLx_84V368.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/DnX7T1KoKdE24pqaAlxjbRmuMo4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.95.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:91:18:65:ef:b4:90:31:cb:69:34:db:30:8f:4f:50:75:38:
         14:63:76:07:00:72:46:df:b3:e7:72:a3:33:e5:2b:d3:62:a2:
         8e:c4:a5:39:9e:58:f7:1f:b5:5d:23:fb:e6:d9:6a:fd:97:c6:
         d3:5c:ac:46:95:da:4b:4d:d4:ac:5e:9c:d8:69:4e:e0:71:59:
         9e:7c:cd:13:78:e4:f6:58:7c:d4:20:d4:89:4a:13:f3:c9:9c:
         24:46:6c:91:17:3d:08:47:12:fb:d4:ef:e0:01:97:49:5a:73:
         dd:39:f9:39:88:d3:6c:8e:d4:54:b9:b1:5c:ea:49:d5:62:a3:
         04:29:12:3d:70:d7:39:18:d0:cb:0c:e5:ca:f5:ec:5d:e8:80:
         11:5e:0c:a5:f6:a4:7d:50:44:eb:dc:f1:84:6a:1b:6d:57:6b:
         0d:a9:18:7c:a7:f3:e5:11:b0:b3:f7:86:40:c6:5f:e8:4f:dd:
         7b:96:ca:50:38:ef:ea:20:ca:23:06:ec:9f:a4:b3:6c:b3:3e:
         1d:15:88:b9:4c:92:38:b1:56:d7:57:e7:d4:6d:79:4a:a1:8c:
         e8:2b:46:a0:8d:0b:8b:18:09:a3:db:ca:fa:eb:99:04:6d:f2:
         e9:9a:e0:ae:9b:71:f9:0e:25:5b:d5:ff:2c:7b:5e:54:6f:52:
         a2:76:5c:ef
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFAJIt5S/P/rORcIm04SZ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlNzVmYjRmNTJhODI5ZDEzNmUyOWE5YTAyNWM2MzZkMTlh
ZTMyOGUwHhcNMjQwMTAxMTIyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmVhYTE2ZWI3NDk5OThiNTE1MWYxMDBhMmUyZjFmZmNlMTVkZmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnhTPXlXd+/UeZNjy9Gh0GOdGpvTP
PCzK/kIlYOhKXZ8if32gajULcF31MzIruPz98SC9BMt+r0gvnZ2hbU+NobnreE4g
bLgILoybRhUYfK7NMj50FlZ8YAWN43zVN+gRdHNstA5U2IcgfcZPx6z3EJ8kcmIk
P/u3TJLFcXu9nXwb9b/OXUs1Xls7KelF/FtiAZxsJoEom3rrOxbXVNmF9KxEYETV
6I2JaW7fQiHf81QISxkmBz79b9eA1ZJtH9g67f34qNwcyYIVsZIkD8ewytWHtt8z
TqRJJkmTjnMLWwfja0wZuyPLv8ky2LFQJzcIQN1f6kbsb2lchmXvuL+sOQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPvqoW63SZmLUVHxAKLi8f/OFd+vMB8GA1UdIwQY
MBaAFA51+09SqCnRNuKamgJcY20ZrjKOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRG5YN1QxS29LZEUyNHBxYUFseGpiUm11TW80LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC81NzU5ZjYtOTNlMi00MDI5LWE0OWYt
MzViYTI2N2RlZDNiLzEvMS0tcWhicmRKbVl0UlVmRUFvdUx4Xzg0VjM2OC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzgvNTc1OWY2LTkzZTItNDAyOS1hNDlmLTM1YmEyNjdkZWQz
Yi8xL0RuWDdUMUtvS2RFMjRwcWFBbHhqYlJtdU1vNC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAE1fuTAN
BgkqhkiG9w0BAQsFAAOCAQEAbZEYZe+0kDHLaTTbMI9PUHU4FGN2BwByRt+z53Kj
M+Ur02KijsSlOZ5Y9x+1XSP75tlq/ZfG01ysRpXaS03UrF6c2GlO4HFZnnzNE3jk
9lh81CDUiUoT88mcJEZskRc9CEcS+9Tv4AGXSVpz3Tn5OYjTbI7UVLmxXOpJ1WKj
BCkSPXDXORjQywzlyvXsXeiAEV4MpfakfVBE69zxhGobbVdrDakYfKfz5RGws/eG
QMZf6E/de5bKUDjv6iDKIwbsn6SzbLM+HRWIuUySOLFW11fn1G15SqGM6CtGoI0L
ixgJo9vK+uuZBG3y6Zrgrptx+Q4lW9X/LHteVG9SonZc7w==
-----END CERTIFICATE-----