Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/5618a8-0b64-41e7-9b73-038918eb720f/1/sS1AR4FgRRNYkpotwRkNQO8kVEM.roa
File:                     sS1AR4FgRRNYkpotwRkNQO8kVEM.roa (raw, json)
Hash identifier:          hJpNaJKnQNDzRFdlAesa61rJkakb92rbddMB7FELQzk=
Subject key identifier:   B1:2D:40:47:81:60:45:13:58:92:9A:2D:C1:19:0D:40:EF:24:54:43
Certificate issuer:       /CN=5cde8e8139f2c8f62f8482d01b0adb86b2a1d195
Certificate serial:       018CCA2B8E36CD1B6CCE05D369FB9CC707B2
Authority key identifier: 5C:DE:8E:81:39:F2:C8:F6:2F:84:82:D0:1B:0A:DB:86:B2:A1:D1:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XN6OgTnyyPYvhILQGwrbhrKh0ZU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/5618a8-0b64-41e7-9b73-038918eb720f/1/sS1AR4FgRRNYkpotwRkNQO8kVEM.roa
Signing time:             Tue 02 Jan 2024 12:35:01 +0000
ROA not before:           Tue 02 Jan 2024 12:35:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50415
IP address blocks:        95.215.80.0/22 maxlen: 24
                          2a0c:7840::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/5618a8-0b64-41e7-9b73-038918eb720f/1/XN6OgTnyyPYvhILQGwrbhrKh0ZU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/5618a8-0b64-41e7-9b73-038918eb720f/1/XN6OgTnyyPYvhILQGwrbhrKh0ZU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XN6OgTnyyPYvhILQGwrbhrKh0ZU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:8e:36:cd:1b:6c:ce:05:d3:69:fb:9c:c7:07:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5cde8e8139f2c8f62f8482d01b0adb86b2a1d195
        Validity
            Not Before: Jan  2 12:35:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b12d40478160451358929a2dc1190d40ef245443
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:87:85:4e:3e:bd:25:54:00:05:1a:e2:82:3d:
                    6c:f3:c1:b6:41:aa:a5:a0:f5:cd:dd:fc:57:0a:0e:
                    90:c7:7f:15:42:9e:3a:b9:a1:82:ef:75:d8:82:0a:
                    75:db:00:29:59:ee:83:4b:fd:c4:c8:f6:3b:c8:9d:
                    ce:27:0d:df:d7:32:4a:83:50:36:a9:bb:eb:de:7a:
                    6a:a9:04:06:d5:5a:e7:cf:14:39:63:18:5b:62:e8:
                    1c:bc:b7:3a:2f:97:58:c6:22:86:4e:c8:b1:fe:3d:
                    52:b0:64:d0:23:a0:e7:0e:b9:7e:59:32:10:b8:6d:
                    0e:7c:3a:8d:b2:9a:fc:54:9d:a8:8a:72:36:bc:8a:
                    bb:7f:01:c0:a1:d7:25:e5:94:ca:82:9a:f7:b2:7a:
                    8f:d3:1a:ab:a9:97:01:3e:87:1a:b2:b4:d5:4c:24:
                    cd:36:0a:be:30:e3:3d:42:d1:88:54:14:f7:8d:e1:
                    25:f2:f5:f8:e0:d7:a0:23:c6:4e:69:e4:2f:6f:21:
                    ad:95:48:19:18:f7:0b:7e:95:c6:03:8a:60:50:6c:
                    b4:f4:d4:25:a7:9b:64:17:39:c6:ba:cf:dc:2e:7c:
                    47:c4:aa:f1:5f:0b:57:6d:26:57:c7:03:da:99:c1:
                    1f:8c:49:80:22:25:8f:de:cb:f4:44:f8:17:85:0f:
                    d7:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:2D:40:47:81:60:45:13:58:92:9A:2D:C1:19:0D:40:EF:24:54:43
            X509v3 Authority Key Identifier:
                keyid:5C:DE:8E:81:39:F2:C8:F6:2F:84:82:D0:1B:0A:DB:86:B2:A1:D1:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XN6OgTnyyPYvhILQGwrbhrKh0ZU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/5618a8-0b64-41e7-9b73-038918eb720f/1/sS1AR4FgRRNYkpotwRkNQO8kVEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/5618a8-0b64-41e7-9b73-038918eb720f/1/XN6OgTnyyPYvhILQGwrbhrKh0ZU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.215.80.0/22
                IPv6:
                  2a0c:7840::/29

    Signature Algorithm: sha256WithRSAEncryption
         1f:6e:af:03:b1:58:c5:6b:ea:00:8b:c9:14:3f:cc:4f:f9:62:
         8a:22:47:ad:0b:8b:00:3b:b5:29:6b:a2:cd:ad:4d:0a:16:a3:
         74:28:4f:c0:7d:42:2f:5a:26:df:d8:cb:3b:0a:17:d0:cc:86:
         d3:8f:55:c1:93:ca:12:51:6a:2a:c5:40:55:8b:e8:a0:98:df:
         ad:d9:9b:e6:16:ba:2e:db:ee:96:f5:bc:1b:79:e3:ae:a9:32:
         4b:a4:9e:b5:16:eb:15:5c:fd:af:f4:75:b9:53:e1:ab:84:a1:
         72:40:e0:df:1f:d3:3f:29:1f:f8:ff:97:af:5f:aa:0f:29:8f:
         4f:6a:e5:4d:fa:66:f6:13:3a:60:f8:8f:21:2d:4a:7f:cb:1d:
         44:3a:5b:49:ff:6a:69:69:9c:c2:e2:30:14:ae:6e:cf:19:95:
         df:bc:55:c6:60:bc:84:5b:c3:cc:06:c1:70:b3:b4:38:82:26:
         84:19:1b:9f:11:f4:82:44:bd:d7:e4:7f:a6:6e:94:60:08:f6:
         84:9c:9d:30:e9:5e:2c:45:2d:3b:43:4d:38:d3:23:af:6c:c1:
         0b:e8:81:62:38:6c:79:12:6e:9e:8c:8e:75:62:35:c1:43:ef:
         ad:a6:79:1c:fe:bc:53:04:fe:a9:56:54:2f:1d:89:5f:7f:f9:
         46:3b:9b:80
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKK442zRtszgXTafucxweyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjZGU4ZTgxMzlmMmM4ZjYyZjg0ODJkMDFiMGFkYjg2YjJh
MWQxOTUwHhcNMjQwMTAyMTIzNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTJkNDA0NzgxNjA0NTEzNTg5MjlhMmRjMTE5MGQ0MGVmMjQ1NDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxIeFTj69JVQABRrigj1s88G2Qaql
oPXN3fxXCg6Qx38VQp46uaGC73XYggp12wApWe6DS/3EyPY7yJ3OJw3f1zJKg1A2
qbvr3npqqQQG1VrnzxQ5YxhbYugcvLc6L5dYxiKGTsix/j1SsGTQI6DnDrl+WTIQ
uG0OfDqNspr8VJ2oinI2vIq7fwHAodcl5ZTKgpr3snqP0xqrqZcBPocasrTVTCTN
Ngq+MOM9QtGIVBT3jeEl8vX44NegI8ZOaeQvbyGtlUgZGPcLfpXGA4pgUGy09NQl
p5tkFznGus/cLnxHxKrxXwtXbSZXxwPamcEfjEmAIiWP3sv0RPgXhQ/XIwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLEtQEeBYEUTWJKaLcEZDUDvJFRDMB8GA1UdIwQY
MBaAFFzejoE58sj2L4SC0BsK24ayodGVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWE42T2dUbnl5UFl2aElMUUd3cmJocktoMFpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy81NjE4YTgtMGI2NC00MWU3LTliNzMt
MDM4OTE4ZWI3MjBmLzEvc1MxQVI0RmdSUk5Za3BvdHdSa05RTzhrVkVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy81NjE4YTgtMGI2NC00MWU3LTliNzMtMDM4OTE4ZWI3MjBm
LzEvWE42T2dUbnl5UFl2aElMUUd3cmJocktoMFpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCX9dQMA0E
AgACMAcDBQMqDHhAMA0GCSqGSIb3DQEBCwUAA4IBAQAfbq8DsVjFa+oAi8kUP8xP
+WKKIketC4sAO7Upa6LNrU0KFqN0KE/AfUIvWibf2Ms7ChfQzIbTj1XBk8oSUWoq
xUBVi+igmN+t2ZvmFrou2+6W9bwbeeOuqTJLpJ61FusVXP2v9HW5U+GrhKFyQODf
H9M/KR/4/5evX6oPKY9PauVN+mb2Ezpg+I8hLUp/yx1EOltJ/2ppaZzC4jAUrm7P
GZXfvFXGYLyEW8PMBsFws7Q4giaEGRufEfSCRL3X5H+mbpRgCPaEnJ0w6V4sRS07
Q0040yOvbMEL6IFiOGx5Em6ejI51YjXBQ++tpnkc/rxTBP6pVlQvHYlff/lGO5uA
-----END CERTIFICATE-----