Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/94xA3wkFiu4LdZtjleGbuHc1kEc.roa
File:                     94xA3wkFiu4LdZtjleGbuHc1kEc.roa (raw, json)
Hash identifier:          M5/1E96340FSl75WyCVYJEFdyMnyxjJqmUyRALRlGoI=
Subject key identifier:   F7:8C:40:DF:09:05:8A:EE:0B:75:9B:63:95:E1:9B:B8:77:35:90:47
Certificate issuer:       /CN=e4be8efec1fb03d8af979af1cba13a0845a7b0ba
Certificate serial:       018CC79512AAA8C6AE51009BF0B3E9C1EDA2
Authority key identifier: E4:BE:8E:FE:C1:FB:03:D8:AF:97:9A:F1:CB:A1:3A:08:45:A7:B0:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5L6O_sH7A9ivl5rxy6E6CEWnsLo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/94xA3wkFiu4LdZtjleGbuHc1kEc.roa
Signing time:             Tue 02 Jan 2024 00:31:24 +0000
ROA not before:           Tue 02 Jan 2024 00:31:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204797
IP address blocks:        195.22.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/5L6O_sH7A9ivl5rxy6E6CEWnsLo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/5L6O_sH7A9ivl5rxy6E6CEWnsLo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5L6O_sH7A9ivl5rxy6E6CEWnsLo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 03:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:12:aa:a8:c6:ae:51:00:9b:f0:b3:e9:c1:ed:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4be8efec1fb03d8af979af1cba13a0845a7b0ba
        Validity
            Not Before: Jan  2 00:31:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f78c40df09058aee0b759b6395e19bb877359047
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ef:5f:0c:b5:bd:ae:e1:4c:d2:f9:03:4f:fb:
                    aa:a8:a6:18:6a:a0:3c:e1:dd:0d:a6:be:da:3a:62:
                    fc:72:83:83:98:76:45:0e:77:0f:8d:2c:cf:1d:b2:
                    9c:e9:be:e8:49:72:5d:16:74:86:f3:a8:bb:4f:3e:
                    3a:8d:a8:a6:69:09:36:d4:f7:89:68:2d:3b:6d:a3:
                    18:15:b4:26:ba:e0:eb:fe:e1:21:6b:e4:20:99:8e:
                    ae:76:7d:c3:fa:2a:12:8e:ee:33:e9:da:72:e5:cf:
                    3f:98:c7:fd:91:6d:c2:9a:ae:69:8d:ae:05:0c:ea:
                    c6:07:eb:a4:1a:43:18:76:b6:3c:45:5c:62:cf:ef:
                    38:0e:40:b1:d3:c0:6c:37:da:be:b3:b9:d8:49:86:
                    25:f6:27:12:45:34:16:e3:17:28:0a:90:fe:c3:6b:
                    82:39:8f:cf:4b:0c:96:c4:54:38:b9:16:a8:fe:c3:
                    25:76:ed:a6:59:bc:e3:8b:13:a5:80:85:e4:a0:f1:
                    7e:f1:2a:1b:94:dd:eb:fe:db:0a:7a:91:f9:49:86:
                    64:a8:e2:6e:95:86:a4:48:15:69:e2:6a:e5:bc:e5:
                    e2:b1:66:0a:b1:4f:ff:20:11:35:31:b9:b0:ad:3a:
                    3b:b7:d9:95:bc:9c:e9:9a:f8:20:65:ec:fe:cf:93:
                    39:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:8C:40:DF:09:05:8A:EE:0B:75:9B:63:95:E1:9B:B8:77:35:90:47
            X509v3 Authority Key Identifier:
                keyid:E4:BE:8E:FE:C1:FB:03:D8:AF:97:9A:F1:CB:A1:3A:08:45:A7:B0:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5L6O_sH7A9ivl5rxy6E6CEWnsLo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/94xA3wkFiu4LdZtjleGbuHc1kEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/5L6O_sH7A9ivl5rxy6E6CEWnsLo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.22.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:3a:12:51:b9:05:1c:6e:db:46:15:1b:7d:10:37:69:38:16:
         08:28:17:b5:20:9d:74:a2:0a:21:3c:24:a1:e4:8d:4b:7d:93:
         dd:50:fc:a7:05:6a:e8:22:42:91:ad:26:a9:1e:e3:68:09:91:
         85:51:e4:ab:01:cb:39:20:ec:20:91:d8:c8:05:1f:f6:73:9f:
         78:cd:41:d3:9d:83:7c:1a:c1:8e:a2:03:40:07:9c:78:53:2e:
         a9:0a:da:5f:a1:09:89:3c:2b:8b:97:03:8b:81:1b:1f:89:51:
         aa:21:ec:cb:2b:06:a2:83:99:e8:51:61:46:41:4c:42:bd:a5:
         31:68:9c:8f:bd:49:92:76:04:78:56:89:2a:f7:9f:56:ea:2a:
         4e:77:f8:79:1b:ec:3c:c2:24:16:10:eb:dd:c5:b2:eb:f6:77:
         eb:1d:a7:2c:09:3c:4b:91:ff:dc:f7:68:12:c2:c5:7b:e7:6c:
         d2:c0:c6:de:5d:49:08:3b:49:86:d1:71:5c:1d:67:95:91:51:
         53:ac:01:5f:0a:00:0a:7e:cf:e1:bb:fc:cb:11:4b:07:3e:9e:
         8a:85:bb:91:b1:72:aa:09:50:ab:53:8a:79:69:09:0a:17:1b:
         e6:94:e2:b7:94:a9:f2:ce:f8:90:ff:b9:8c:76:83:51:69:00:
         e0:f6:78:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlRKqqMauUQCb8LPpwe2iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0YmU4ZWZlYzFmYjAzZDhhZjk3OWFmMWNiYTEzYTA4NDVh
N2IwYmEwHhcNMjQwMTAyMDAzMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzhjNDBkZjA5MDU4YWVlMGI3NTliNjM5NWUxOWJiODc3MzU5MDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+9fDLW9ruFM0vkDT/uqqKYYaqA8
4d0Npr7aOmL8coODmHZFDncPjSzPHbKc6b7oSXJdFnSG86i7Tz46jaimaQk21PeJ
aC07baMYFbQmuuDr/uEha+QgmY6udn3D+ioSju4z6dpy5c8/mMf9kW3Cmq5pja4F
DOrGB+ukGkMYdrY8RVxiz+84DkCx08BsN9q+s7nYSYYl9icSRTQW4xcoCpD+w2uC
OY/PSwyWxFQ4uRao/sMldu2mWbzjixOlgIXkoPF+8SoblN3r/tsKepH5SYZkqOJu
lYakSBVp4mrlvOXisWYKsU//IBE1MbmwrTo7t9mVvJzpmvggZez+z5M5bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPeMQN8JBYruC3WbY5Xhm7h3NZBHMB8GA1UdIwQY
MBaAFOS+jv7B+wPYr5ea8cuhOghFp7C6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUw2T19zSDdBOWl2bDVyeHk2RTZDRVduc0xvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS8wZjlmMDItYzJhZC00ZWM4LWI0ZDUt
ZGZiZmEzZmNmMDIxLzEvOTR4QTN3a0ZpdTRMZFp0amxlR2J1SGMxa0VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS8wZjlmMDItYzJhZC00ZWM4LWI0ZDUtZGZiZmEzZmNmMDIx
LzEvNUw2T19zSDdBOWl2bDVyeHk2RTZDRVduc0xvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxZ0MA0G
CSqGSIb3DQEBCwUAA4IBAQArOhJRuQUcbttGFRt9EDdpOBYIKBe1IJ10ogohPCSh
5I1LfZPdUPynBWroIkKRrSapHuNoCZGFUeSrAcs5IOwgkdjIBR/2c594zUHTnYN8
GsGOogNAB5x4Uy6pCtpfoQmJPCuLlwOLgRsfiVGqIezLKwaig5noUWFGQUxCvaUx
aJyPvUmSdgR4Vokq959W6ipOd/h5G+w8wiQWEOvdxbLr9nfrHacsCTxLkf/c92gS
wsV752zSwMbeXUkIO0mG0XFcHWeVkVFTrAFfCgAKfs/hu/zLEUsHPp6KhbuRsXKq
CVCrU4p5aQkKFxvmlOK3lKnyzviQ/7mMdoNRaQDg9nic
-----END CERTIFICATE-----