Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/f2fbd8-d6e1-47ad-aa21-147e4572873a/1/AJUZW4wIHBFvP4wT3aBmWpiknBc.roa
File:                     AJUZW4wIHBFvP4wT3aBmWpiknBc.roa (raw, json)
Hash identifier:          Mj3L1ka+qBoIg+4ZgN6o6jrxjD6nC8xpkgMKxnmCmIw=
Subject key identifier:   00:95:19:5B:8C:08:1C:11:6F:3F:8C:13:DD:A0:66:5A:98:A4:9C:17
Certificate issuer:       /CN=af5bc49d5f01a235af9289cf4926affef7af92b0
Certificate serial:       018CC94AC389C4B646B5DB8DA785847C94E3
Authority key identifier: AF:5B:C4:9D:5F:01:A2:35:AF:92:89:CF:49:26:AF:FE:F7:AF:92:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r1vEnV8BojWvkonPSSav_vevkrA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/f2fbd8-d6e1-47ad-aa21-147e4572873a/1/AJUZW4wIHBFvP4wT3aBmWpiknBc.roa
Signing time:             Tue 02 Jan 2024 08:29:29 +0000
ROA not before:           Tue 02 Jan 2024 08:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50673
IP address blocks:        185.254.172.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/f2fbd8-d6e1-47ad-aa21-147e4572873a/1/r1vEnV8BojWvkonPSSav_vevkrA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/f2fbd8-d6e1-47ad-aa21-147e4572873a/1/r1vEnV8BojWvkonPSSav_vevkrA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r1vEnV8BojWvkonPSSav_vevkrA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:c3:89:c4:b6:46:b5:db:8d:a7:85:84:7c:94:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af5bc49d5f01a235af9289cf4926affef7af92b0
        Validity
            Not Before: Jan  2 08:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0095195b8c081c116f3f8c13dda0665a98a49c17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:7d:b7:d3:79:4f:86:7a:06:d6:4a:b8:07:95:
                    ff:80:e9:c9:c5:db:9a:99:c2:f6:2b:01:26:81:bd:
                    69:ba:c9:ea:f0:e5:43:11:b5:45:a1:b8:16:7c:b5:
                    83:84:1c:33:ab:55:4b:c1:34:59:47:fa:a0:57:ce:
                    b6:6f:2c:2b:fb:0b:14:e9:ee:b7:1d:fa:40:45:37:
                    a6:bc:63:5d:1a:99:d0:91:0e:6d:44:11:40:98:cf:
                    a4:88:1e:b3:51:b2:8c:27:96:eb:40:7b:a8:eb:b4:
                    79:43:6b:2c:71:02:ab:f5:89:81:36:d0:6e:5f:d4:
                    46:66:89:c2:25:3e:a0:53:85:e9:ff:f8:56:ac:d4:
                    bf:61:ea:e9:a3:84:f2:b3:27:4e:5e:2d:6c:5d:f7:
                    08:ea:28:8d:c8:ae:51:0a:a7:d9:40:85:a8:1b:2f:
                    21:80:f2:8d:ec:8d:c5:b1:5b:66:8f:fe:29:79:a7:
                    07:20:46:a8:88:cc:18:9c:79:cb:23:ee:fe:f8:4a:
                    0e:af:a6:01:b2:bb:80:48:26:ce:9e:3f:a6:8c:c2:
                    6a:9a:96:a5:74:dd:c3:b5:45:24:85:be:32:c8:28:
                    cb:e1:d0:ad:5e:0b:cc:c2:e5:14:ab:04:0d:14:75:
                    f1:73:e8:e1:1a:03:72:37:a2:10:b5:e6:56:c1:e2:
                    b5:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:95:19:5B:8C:08:1C:11:6F:3F:8C:13:DD:A0:66:5A:98:A4:9C:17
            X509v3 Authority Key Identifier:
                keyid:AF:5B:C4:9D:5F:01:A2:35:AF:92:89:CF:49:26:AF:FE:F7:AF:92:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r1vEnV8BojWvkonPSSav_vevkrA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/f2fbd8-d6e1-47ad-aa21-147e4572873a/1/AJUZW4wIHBFvP4wT3aBmWpiknBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/f2fbd8-d6e1-47ad-aa21-147e4572873a/1/r1vEnV8BojWvkonPSSav_vevkrA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3c:27:e2:a1:86:ad:ac:e3:76:8f:ed:fc:d6:79:7e:9a:bb:37:
         fd:cd:42:70:4f:a6:f2:34:64:d9:e5:99:53:80:c2:ac:7b:51:
         05:c4:09:e8:50:8d:cd:15:c2:85:3d:64:22:fe:be:e8:86:7f:
         17:0c:ee:26:f4:d5:af:78:f8:f8:48:46:06:9b:6f:3b:25:9a:
         1b:5a:ee:f6:bd:66:56:48:59:e9:19:60:f4:b2:e8:80:32:16:
         6f:22:d3:12:a6:3a:ea:94:e4:ba:d4:2a:63:6d:af:10:f2:50:
         38:6c:a3:fe:6c:8a:11:08:d0:71:e9:ab:d2:3d:66:94:df:60:
         91:7e:d1:8b:17:04:46:e2:cd:06:46:70:92:b2:45:ca:2c:2d:
         bc:b0:fc:3f:04:40:ba:45:bc:e3:bc:42:ff:f5:82:5f:48:b0:
         6a:29:87:0d:16:c8:f6:b9:d5:90:cb:1b:cb:c2:ab:2d:44:1e:
         d5:da:6b:54:7e:e2:1c:fa:61:bf:54:82:b6:e7:ab:24:40:20:
         e9:96:6f:fd:a1:e5:db:04:1e:80:a1:40:c5:33:58:54:1a:c3:
         5d:0b:cd:49:97:0f:2c:26:98:9a:ec:78:31:8a:65:2c:6d:98:
         6e:17:01:01:a7:3f:d2:2f:89:20:e4:d3:5d:96:6f:0a:62:c4:
         45:8d:b4:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJSsOJxLZGtduNp4WEfJTjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNWJjNDlkNWYwMWEyMzVhZjkyODljZjQ5MjZhZmZlZjdh
ZjkyYjAwHhcNMjQwMTAyMDgyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDk1MTk1YjhjMDgxYzExNmYzZjhjMTNkZGEwNjY1YTk4YTQ5YzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuX2303lPhnoG1kq4B5X/gOnJxdua
mcL2KwEmgb1pusnq8OVDEbVFobgWfLWDhBwzq1VLwTRZR/qgV862bywr+wsU6e63
HfpARTemvGNdGpnQkQ5tRBFAmM+kiB6zUbKMJ5brQHuo67R5Q2sscQKr9YmBNtBu
X9RGZonCJT6gU4Xp//hWrNS/Yerpo4TysydOXi1sXfcI6iiNyK5RCqfZQIWoGy8h
gPKN7I3FsVtmj/4peacHIEaoiMwYnHnLI+7++EoOr6YBsruASCbOnj+mjMJqmpal
dN3DtUUkhb4yyCjL4dCtXgvMwuUUqwQNFHXxc+jhGgNyN6IQteZWweK1GQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFACVGVuMCBwRbz+ME92gZlqYpJwXMB8GA1UdIwQY
MBaAFK9bxJ1fAaI1r5KJz0kmr/73r5KwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjF2RW5WOEJvald2a29uUFNTYXZfdmV2a3JBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9mMmZiZDgtZDZlMS00N2FkLWFhMjEt
MTQ3ZTQ1NzI4NzNhLzEvQUpVWlc0d0lIQkZ2UDR3VDNhQm1XcGlrbkJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9mMmZiZDgtZDZlMS00N2FkLWFhMjEtMTQ3ZTQ1NzI4NzNh
LzEvcjF2RW5WOEJvald2a29uUFNTYXZfdmV2a3JBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuf6sMA0G
CSqGSIb3DQEBCwUAA4IBAQA8J+Khhq2s43aP7fzWeX6auzf9zUJwT6byNGTZ5ZlT
gMKse1EFxAnoUI3NFcKFPWQi/r7ohn8XDO4m9NWvePj4SEYGm287JZobWu72vWZW
SFnpGWD0suiAMhZvItMSpjrqlOS61Cpjba8Q8lA4bKP+bIoRCNBx6avSPWaU32CR
ftGLFwRG4s0GRnCSskXKLC28sPw/BEC6RbzjvEL/9YJfSLBqKYcNFsj2udWQyxvL
wqstRB7V2mtUfuIc+mG/VIK256skQCDplm/9oeXbBB6AoUDFM1hUGsNdC81Jlw8s
Jpia7HgximUsbZhuFwEBpz/SL4kg5NNdlm8KYsRFjbQP
-----END CERTIFICATE-----