Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f35432-cf99-4f19-a76e-07b7fef0858f/1/u0yWGjsGblMulmXhzgMZ4EEWS0g.roa
File:                     u0yWGjsGblMulmXhzgMZ4EEWS0g.roa (raw, json)
Hash identifier:          sFZGkiaYxnTmLVgxfL6kKuAoI41GCJdH/3liN7g/DOc=
Subject key identifier:   BB:4C:96:1A:3B:06:6E:53:2E:96:65:E1:CE:03:19:E0:41:16:4B:48
Certificate issuer:       /CN=c9b232958097b5863eafd047bb315171eaa01fb7
Certificate serial:       018CC56EBB700674D5D20EFA30CC74ED009A
Authority key identifier: C9:B2:32:95:80:97:B5:86:3E:AF:D0:47:BB:31:51:71:EA:A0:1F:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ybIylYCXtYY-r9BHuzFRceqgH7c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f35432-cf99-4f19-a76e-07b7fef0858f/1/u0yWGjsGblMulmXhzgMZ4EEWS0g.roa
Signing time:             Mon 01 Jan 2024 14:30:17 +0000
ROA not before:           Mon 01 Jan 2024 14:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57326
IP address blocks:        95.128.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f35432-cf99-4f19-a76e-07b7fef0858f/1/ybIylYCXtYY-r9BHuzFRceqgH7c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f35432-cf99-4f19-a76e-07b7fef0858f/1/ybIylYCXtYY-r9BHuzFRceqgH7c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ybIylYCXtYY-r9BHuzFRceqgH7c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 20:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:bb:70:06:74:d5:d2:0e:fa:30:cc:74:ed:00:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9b232958097b5863eafd047bb315171eaa01fb7
        Validity
            Not Before: Jan  1 14:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb4c961a3b066e532e9665e1ce0319e041164b48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:48:4e:77:fd:79:5d:6f:a7:4c:48:be:a3:55:
                    d9:e5:2d:46:7d:04:eb:79:07:20:7b:18:f0:81:64:
                    ed:e8:d5:b7:4c:fa:9b:1f:5a:29:7d:8b:93:2f:de:
                    52:88:c3:9f:44:6f:2e:59:6c:af:05:2b:12:cb:54:
                    87:b8:f3:b6:47:21:3a:5b:f0:ee:ad:69:df:21:c2:
                    20:74:82:35:bc:5a:d4:0e:5f:fb:d5:75:87:c7:9e:
                    e8:e8:f1:de:88:87:52:58:b5:9c:50:0c:00:e1:de:
                    74:e4:08:34:bb:5a:43:77:25:d0:89:de:5e:b6:c1:
                    f2:33:13:8e:fa:50:f2:42:63:f4:e7:76:2b:d4:b4:
                    00:9e:b1:6a:e2:f1:d7:db:42:cd:a0:ca:ab:36:d8:
                    27:76:bb:00:4b:df:ed:40:2f:0f:65:f0:c6:a3:8a:
                    13:b9:8e:04:e4:b6:6f:7c:ea:13:ef:b4:ce:82:20:
                    47:92:e2:d5:16:48:a0:1c:42:57:3a:55:a1:a9:7e:
                    a8:99:cc:da:60:4d:3e:5f:3f:be:c8:61:3d:87:f2:
                    38:61:45:d7:0f:11:02:8d:fa:23:f1:8d:86:52:bc:
                    eb:22:c2:00:b4:08:36:b9:72:49:be:42:f4:77:e2:
                    6a:f0:e7:86:6d:f3:74:95:ab:33:95:a1:25:1b:6e:
                    03:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:4C:96:1A:3B:06:6E:53:2E:96:65:E1:CE:03:19:E0:41:16:4B:48
            X509v3 Authority Key Identifier:
                keyid:C9:B2:32:95:80:97:B5:86:3E:AF:D0:47:BB:31:51:71:EA:A0:1F:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ybIylYCXtYY-r9BHuzFRceqgH7c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f35432-cf99-4f19-a76e-07b7fef0858f/1/u0yWGjsGblMulmXhzgMZ4EEWS0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f35432-cf99-4f19-a76e-07b7fef0858f/1/ybIylYCXtYY-r9BHuzFRceqgH7c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:e9:c6:9d:af:aa:b7:9d:2c:94:ab:ab:81:af:96:07:de:d2:
         03:04:e9:b6:d7:ae:ea:39:e6:e4:e8:b6:65:4f:bc:d6:81:e4:
         6d:b0:90:43:ea:4b:5b:04:a1:38:c0:c7:c0:51:20:d4:13:a1:
         5e:58:56:ca:5c:14:16:a7:8a:74:62:b0:97:f0:97:19:3f:e5:
         09:cb:9c:ed:6e:d3:85:2a:9d:96:a6:19:a4:ea:be:dd:43:88:
         18:fb:3f:63:dd:cb:f0:7f:ce:0a:d2:47:62:3d:e9:70:5f:15:
         4a:c3:b8:60:b8:8d:a7:d5:19:c3:9e:3d:f4:30:54:fc:07:3a:
         b6:6e:2c:5a:90:c6:93:89:b0:d1:2f:75:1e:ea:37:d1:53:68:
         e0:1b:f4:f2:91:18:47:e9:0a:78:4f:bf:81:70:cd:c8:40:c9:
         43:f3:d9:01:4b:59:3c:fc:25:56:cf:f0:27:5c:f0:43:b8:f5:
         a4:7b:9f:44:be:5e:06:50:3c:f0:c9:1f:71:bd:b3:63:5b:1b:
         a5:6b:ee:87:16:e9:0a:8f:94:47:b0:67:a6:7a:58:ef:98:71:
         49:b5:57:ca:6b:83:75:5b:11:ee:40:6b:93:6f:14:1e:a8:7b:
         cd:d4:cd:2b:08:2b:31:5f:af:f7:2a:f7:d8:0a:2f:38:23:5d:
         10:84:5f:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbrtwBnTV0g76MMx07QCaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5YjIzMjk1ODA5N2I1ODYzZWFmZDA0N2JiMzE1MTcxZWFh
MDFmYjcwHhcNMjQwMTAxMTQzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjRjOTYxYTNiMDY2ZTUzMmU5NjY1ZTFjZTAzMTllMDQxMTY0YjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgkhOd/15XW+nTEi+o1XZ5S1GfQTr
eQcgexjwgWTt6NW3TPqbH1opfYuTL95SiMOfRG8uWWyvBSsSy1SHuPO2RyE6W/Du
rWnfIcIgdII1vFrUDl/71XWHx57o6PHeiIdSWLWcUAwA4d505Ag0u1pDdyXQid5e
tsHyMxOO+lDyQmP053Yr1LQAnrFq4vHX20LNoMqrNtgndrsAS9/tQC8PZfDGo4oT
uY4E5LZvfOoT77TOgiBHkuLVFkigHEJXOlWhqX6omczaYE0+Xz++yGE9h/I4YUXX
DxECjfoj8Y2GUrzrIsIAtAg2uXJJvkL0d+Jq8OeGbfN0laszlaElG24DOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLtMlho7Bm5TLpZl4c4DGeBBFktIMB8GA1UdIwQY
MBaAFMmyMpWAl7WGPq/QR7sxUXHqoB+3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWJJeWxZQ1h0WVktcjlCSHV6RlJjZXFnSDdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMzU0MzItY2Y5OS00ZjE5LWE3NmUt
MDdiN2ZlZjA4NThmLzEvdTB5V0dqc0dibE11bG1YaHpnTVo0RUVXUzBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMzU0MzItY2Y5OS00ZjE5LWE3NmUtMDdiN2ZlZjA4NThm
LzEveWJJeWxZQ1h0WVktcjlCSHV6RlJjZXFnSDdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4CsMA0G
CSqGSIb3DQEBCwUAA4IBAQBZ6cadr6q3nSyUq6uBr5YH3tIDBOm2167qOebk6LZl
T7zWgeRtsJBD6ktbBKE4wMfAUSDUE6FeWFbKXBQWp4p0YrCX8JcZP+UJy5ztbtOF
Kp2Wphmk6r7dQ4gY+z9j3cvwf84K0kdiPelwXxVKw7hguI2n1RnDnj30MFT8Bzq2
bixakMaTibDRL3Ue6jfRU2jgG/TykRhH6Qp4T7+BcM3IQMlD89kBS1k8/CVWz/An
XPBDuPWke59Evl4GUDzwyR9xvbNjWxula+6HFukKj5RHsGemeljvmHFJtVfKa4N1
WxHuQGuTbxQeqHvN1M0rCCsxX6/3KvfYCi84I10QhF8w
-----END CERTIFICATE-----