Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/8a8487-931a-42fb-b664-c52df4aa521d/1/RGRXbuECVNGi3poZ4N6Ob-LyJyw.roa
File:                     RGRXbuECVNGi3poZ4N6Ob-LyJyw.roa (raw, json)
Hash identifier:          W1b9FXMAFugdFGW9vyUSzYXGsWW/0QblDOZjGddZ5cg=
Subject key identifier:   44:64:57:6E:E1:02:54:D1:A2:DE:9A:19:E0:DE:8E:6F:E2:F2:27:2C
Certificate issuer:       /CN=b55800300fa4017f970c95d767d812fd10d0dcbc
Certificate serial:       018CC5DBF2E513B4B200F113BF7E3186AEFC
Authority key identifier: B5:58:00:30:0F:A4:01:7F:97:0C:95:D7:67:D8:12:FD:10:D0:DC:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVgAMA-kAX-XDJXXZ9gS_RDQ3Lw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/8a8487-931a-42fb-b664-c52df4aa521d/1/RGRXbuECVNGi3poZ4N6Ob-LyJyw.roa
Signing time:             Mon 01 Jan 2024 16:29:35 +0000
ROA not before:           Mon 01 Jan 2024 16:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48967
IP address blocks:        195.93.197.0/24 maxlen: 24
                          95.130.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/8a8487-931a-42fb-b664-c52df4aa521d/1/tVgAMA-kAX-XDJXXZ9gS_RDQ3Lw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/8a8487-931a-42fb-b664-c52df4aa521d/1/tVgAMA-kAX-XDJXXZ9gS_RDQ3Lw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVgAMA-kAX-XDJXXZ9gS_RDQ3Lw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:f2:e5:13:b4:b2:00:f1:13:bf:7e:31:86:ae:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55800300fa4017f970c95d767d812fd10d0dcbc
        Validity
            Not Before: Jan  1 16:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4464576ee10254d1a2de9a19e0de8e6fe2f2272c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:6c:fa:07:37:29:1a:97:6f:94:b8:51:0e:7a:
                    6d:0e:91:27:4d:e5:1c:6d:5d:b6:7a:a0:8d:87:83:
                    7e:ee:7a:fb:c3:08:63:3b:43:da:05:88:a8:65:3d:
                    bc:60:b3:3e:6b:02:3d:91:4c:55:b5:3f:00:70:40:
                    de:13:fe:87:9b:ec:58:18:19:95:8b:3f:2f:60:fd:
                    b2:a9:d3:cb:b4:68:19:a3:81:af:73:64:7a:3d:86:
                    06:00:61:6b:e3:4d:89:f3:07:15:5d:5d:14:f8:7a:
                    ef:2d:e7:da:3e:4b:05:b0:06:48:62:36:f8:e8:bf:
                    a0:d7:11:f3:48:98:7d:9b:72:b9:1e:26:8f:cd:37:
                    75:82:b5:4a:a2:94:44:04:e2:20:e8:67:3e:5f:93:
                    ad:ec:9e:88:99:90:81:f4:5e:a2:8e:42:c0:48:e1:
                    79:37:f5:54:1d:1d:f2:c9:81:71:86:5f:b5:0e:ce:
                    d4:25:c2:37:69:80:05:28:f7:5f:f9:30:e1:13:7f:
                    de:7d:76:e0:5d:5f:4f:8f:87:ba:b0:6d:60:2f:c3:
                    92:43:c4:c8:05:b3:6e:57:28:a1:de:f5:af:2f:54:
                    d9:83:e3:3a:45:75:05:73:a9:7c:64:9f:48:b5:8e:
                    6f:46:8b:43:d9:c9:22:29:e8:dd:c5:e1:bc:3f:eb:
                    fc:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:64:57:6E:E1:02:54:D1:A2:DE:9A:19:E0:DE:8E:6F:E2:F2:27:2C
            X509v3 Authority Key Identifier:
                keyid:B5:58:00:30:0F:A4:01:7F:97:0C:95:D7:67:D8:12:FD:10:D0:DC:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVgAMA-kAX-XDJXXZ9gS_RDQ3Lw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/8a8487-931a-42fb-b664-c52df4aa521d/1/RGRXbuECVNGi3poZ4N6Ob-LyJyw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/8a8487-931a-42fb-b664-c52df4aa521d/1/tVgAMA-kAX-XDJXXZ9gS_RDQ3Lw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.130.110.0/24
                  195.93.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:60:60:a0:59:e0:08:fc:3a:b8:72:c3:cb:5f:35:ea:e1:2d:
         9d:db:c6:c2:b2:0d:56:62:a6:72:f5:32:86:e2:32:91:a4:b5:
         94:9f:7c:83:1d:5d:cb:08:e2:cb:db:45:2d:5a:07:fa:08:67:
         3f:69:0c:42:17:84:1b:0f:5c:df:a3:d5:0a:b9:8b:d3:2e:f4:
         f7:30:ba:92:ce:c7:3b:42:e8:66:c1:0c:20:a4:60:66:a0:c7:
         5f:e4:55:a7:f8:20:30:6a:f1:5e:2c:04:6c:9a:71:7d:c7:47:
         d8:84:0a:0e:73:a1:7a:d0:07:b9:4f:7b:46:85:67:f6:cd:8c:
         4c:fc:be:0f:d7:03:bc:4a:0a:38:50:54:80:59:a4:59:62:a7:
         0e:00:cf:98:57:fe:d1:aa:2b:c0:54:e7:35:9c:2e:80:db:8c:
         60:64:d5:10:8e:56:5a:ff:a7:21:e1:f3:9e:88:e9:0f:f0:7a:
         36:fd:fa:0d:83:f7:8e:f6:4a:75:1f:31:92:42:45:2c:81:84:
         b4:58:47:60:14:ce:4e:82:d0:79:47:a1:56:ac:89:a8:d7:62:
         ee:ea:86:68:9c:8a:cc:0b:8c:f2:71:2e:b7:2a:06:fc:70:4b:
         e9:39:ba:43:09:8d:0a:be:6c:06:2b:d2:6b:e0:20:58:9a:3b:
         93:8a:42:a5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF2/LlE7SyAPETv34xhq78MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTgwMDMwMGZhNDAxN2Y5NzBjOTVkNzY3ZDgxMmZkMTBk
MGRjYmMwHhcNMjQwMTAxMTYyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDY0NTc2ZWUxMDI1NGQxYTJkZTlhMTllMGRlOGU2ZmUyZjIyNzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnmz6BzcpGpdvlLhRDnptDpEnTeUc
bV22eqCNh4N+7nr7wwhjO0PaBYioZT28YLM+awI9kUxVtT8AcEDeE/6Hm+xYGBmV
iz8vYP2yqdPLtGgZo4Gvc2R6PYYGAGFr402J8wcVXV0U+HrvLefaPksFsAZIYjb4
6L+g1xHzSJh9m3K5HiaPzTd1grVKopREBOIg6Gc+X5Ot7J6ImZCB9F6ijkLASOF5
N/VUHR3yyYFxhl+1Ds7UJcI3aYAFKPdf+TDhE3/efXbgXV9Pj4e6sG1gL8OSQ8TI
BbNuVyih3vWvL1TZg+M6RXUFc6l8ZJ9ItY5vRotD2ckiKejdxeG8P+v8+wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFERkV27hAlTRot6aGeDejm/i8icsMB8GA1UdIwQY
MBaAFLVYADAPpAF/lwyV12fYEv0Q0Ny8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZnQU1BLWtBWC1YREpYWFo5Z1NfUkRRM0x3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC84YTg0ODctOTMxYS00MmZiLWI2NjQt
YzUyZGY0YWE1MjFkLzEvUkdSWGJ1RUNWTkdpM3BvWjRONk9iLUx5Snl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC84YTg0ODctOTMxYS00MmZiLWI2NjQtYzUyZGY0YWE1MjFk
LzEvdFZnQU1BLWtBWC1YREpYWFo5Z1NfUkRRM0x3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAX4JuAwQA
w13FMA0GCSqGSIb3DQEBCwUAA4IBAQA0YGCgWeAI/Dq4csPLXzXq4S2d28bCsg1W
YqZy9TKG4jKRpLWUn3yDHV3LCOLL20UtWgf6CGc/aQxCF4QbD1zfo9UKuYvTLvT3
MLqSzsc7QuhmwQwgpGBmoMdf5FWn+CAwavFeLARsmnF9x0fYhAoOc6F60Ae5T3tG
hWf2zYxM/L4P1wO8Sgo4UFSAWaRZYqcOAM+YV/7RqivAVOc1nC6A24xgZNUQjlZa
/6ch4fOeiOkP8Ho2/foNg/eO9kp1HzGSQkUsgYS0WEdgFM5OgtB5R6FWrImo12Lu
6oZonIrMC4zycS63Kgb8cEvpObpDCY0KvmwGK9Jr4CBYmjuTikKl
-----END CERTIFICATE-----