Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/8a8487-931a-42fb-b664-c52df4aa521d/1/pPbZhWtuk0Woeaed6iXQO9QjU68.roa
File:                     pPbZhWtuk0Woeaed6iXQO9QjU68.roa (raw, json)
Hash identifier:          sSHoAMmgBgyzPLPexJodzzyyTQTrcN3/KCGBGLYjrgs=
Subject key identifier:   A4:F6:D9:85:6B:6E:93:45:A8:79:A7:9D:EA:25:D0:3B:D4:23:53:AF
Certificate issuer:       /CN=b55800300fa4017f970c95d767d812fd10d0dcbc
Certificate serial:       018CC5DBF178166894241E22CF8465940268
Authority key identifier: B5:58:00:30:0F:A4:01:7F:97:0C:95:D7:67:D8:12:FD:10:D0:DC:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVgAMA-kAX-XDJXXZ9gS_RDQ3Lw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/8a8487-931a-42fb-b664-c52df4aa521d/1/pPbZhWtuk0Woeaed6iXQO9QjU68.roa
Signing time:             Mon 01 Jan 2024 16:29:34 +0000
ROA not before:           Mon 01 Jan 2024 16:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209
IP address blocks:        195.93.196.0/24 maxlen: 24
                          195.93.197.0/24 maxlen: 24
                          95.130.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/8a8487-931a-42fb-b664-c52df4aa521d/1/tVgAMA-kAX-XDJXXZ9gS_RDQ3Lw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/8a8487-931a-42fb-b664-c52df4aa521d/1/tVgAMA-kAX-XDJXXZ9gS_RDQ3Lw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVgAMA-kAX-XDJXXZ9gS_RDQ3Lw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 07:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:f1:78:16:68:94:24:1e:22:cf:84:65:94:02:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55800300fa4017f970c95d767d812fd10d0dcbc
        Validity
            Not Before: Jan  1 16:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4f6d9856b6e9345a879a79dea25d03bd42353af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:42:96:03:de:60:19:b2:6b:d9:ba:91:db:a5:
                    28:92:e9:c5:4c:df:58:3e:ce:89:3c:da:b8:b9:2a:
                    1d:33:49:59:7a:e9:84:cd:22:f7:ec:35:4c:1c:c3:
                    34:f2:bb:73:05:3b:ca:d6:9b:f0:9b:a6:2f:37:90:
                    a3:fe:85:b6:0e:a6:4b:d8:82:8c:2c:eb:67:4f:17:
                    b9:f8:ca:60:fd:64:af:67:bb:8d:da:8a:cf:07:6f:
                    be:3d:b5:0b:1b:2d:5f:ea:cb:c0:bd:ea:16:e3:9e:
                    00:5e:a0:7b:75:98:3a:de:15:d4:32:7c:6c:f4:95:
                    4e:b6:a2:35:2d:6d:09:81:c8:99:3c:af:65:a1:4c:
                    0a:ca:f9:10:d0:ee:d3:bb:3b:ec:29:86:40:70:8e:
                    05:f0:12:fe:14:9c:1c:82:d1:69:10:f0:1e:09:b4:
                    ab:d8:2d:76:0d:b8:71:4a:d9:c3:2f:9d:bc:6e:7f:
                    79:9f:11:cd:f0:b0:89:6e:86:d3:05:32:8b:c7:84:
                    9f:9c:d3:53:02:3d:8e:75:36:56:71:d8:b3:8f:b3:
                    fe:ba:44:d3:26:db:6e:1b:38:fe:09:a7:54:5e:c9:
                    b4:78:3f:d5:12:cd:5c:54:9b:4e:66:ed:ba:d0:66:
                    32:b8:ea:8f:78:fa:0d:b7:f4:40:1e:e1:54:16:d0:
                    02:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:F6:D9:85:6B:6E:93:45:A8:79:A7:9D:EA:25:D0:3B:D4:23:53:AF
            X509v3 Authority Key Identifier:
                keyid:B5:58:00:30:0F:A4:01:7F:97:0C:95:D7:67:D8:12:FD:10:D0:DC:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVgAMA-kAX-XDJXXZ9gS_RDQ3Lw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/8a8487-931a-42fb-b664-c52df4aa521d/1/pPbZhWtuk0Woeaed6iXQO9QjU68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/8a8487-931a-42fb-b664-c52df4aa521d/1/tVgAMA-kAX-XDJXXZ9gS_RDQ3Lw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.130.110.0/24
                  195.93.196.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8d:cd:94:a4:ce:c0:00:d4:1e:07:bd:96:d1:a4:8c:26:f4:2f:
         8a:a7:84:b4:9f:74:33:79:9e:f9:fd:e4:ef:7c:4c:fc:13:78:
         be:17:78:e0:96:0c:45:03:1f:31:75:1f:2c:c9:75:72:49:1a:
         d4:59:07:d8:6b:44:65:bc:2c:42:a3:5f:9d:e3:3b:12:97:a9:
         fc:d6:76:1d:f6:8c:f7:95:bb:51:68:35:f0:25:e9:63:ae:98:
         eb:33:c9:cd:1d:65:6f:e0:0d:99:3c:e1:6d:90:27:45:67:75:
         c5:2f:9c:e1:d0:6f:b4:ac:1a:6e:c3:c6:ce:16:3d:24:66:3d:
         5e:05:0f:8a:f5:69:1f:2d:8a:12:38:4b:29:a6:ac:a3:9c:19:
         3f:9f:6c:b5:00:01:21:e5:5f:89:5f:59:3d:78:ce:51:63:89:
         7a:2c:a4:cb:40:af:37:a0:80:e5:5d:e5:64:01:13:71:47:e1:
         7b:b2:33:83:e1:49:50:fb:50:40:c4:5a:86:29:ac:a1:9f:84:
         79:62:9b:39:36:3a:78:28:19:0a:c9:3f:c6:a2:b6:b6:ca:c1:
         f9:3f:a5:9c:98:cb:cc:e7:73:64:5c:15:13:90:d6:bc:04:cc:
         f1:ce:f7:bc:fc:0d:43:41:ae:e9:99:4e:31:68:82:b4:ac:33:
         be:21:bf:67
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF2/F4FmiUJB4iz4RllAJoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTgwMDMwMGZhNDAxN2Y5NzBjOTVkNzY3ZDgxMmZkMTBk
MGRjYmMwHhcNMjQwMTAxMTYyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGY2ZDk4NTZiNmU5MzQ1YTg3OWE3OWRlYTI1ZDAzYmQ0MjM1M2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoEKWA95gGbJr2bqR26UokunFTN9Y
Ps6JPNq4uSodM0lZeumEzSL37DVMHMM08rtzBTvK1pvwm6YvN5Cj/oW2DqZL2IKM
LOtnTxe5+Mpg/WSvZ7uN2orPB2++PbULGy1f6svAveoW454AXqB7dZg63hXUMnxs
9JVOtqI1LW0JgciZPK9loUwKyvkQ0O7TuzvsKYZAcI4F8BL+FJwcgtFpEPAeCbSr
2C12DbhxStnDL528bn95nxHN8LCJbobTBTKLx4SfnNNTAj2OdTZWcdizj7P+ukTT
JttuGzj+CadUXsm0eD/VEs1cVJtOZu260GYyuOqPePoNt/RAHuFUFtAC/wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKT22YVrbpNFqHmnneol0DvUI1OvMB8GA1UdIwQY
MBaAFLVYADAPpAF/lwyV12fYEv0Q0Ny8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZnQU1BLWtBWC1YREpYWFo5Z1NfUkRRM0x3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC84YTg0ODctOTMxYS00MmZiLWI2NjQt
YzUyZGY0YWE1MjFkLzEvcFBiWmhXdHVrMFdvZWFlZDZpWFFPOVFqVTY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC84YTg0ODctOTMxYS00MmZiLWI2NjQtYzUyZGY0YWE1MjFk
LzEvdFZnQU1BLWtBWC1YREpYWFo5Z1NfUkRRM0x3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAX4JuAwQB
w13EMA0GCSqGSIb3DQEBCwUAA4IBAQCNzZSkzsAA1B4HvZbRpIwm9C+Kp4S0n3Qz
eZ75/eTvfEz8E3i+F3jglgxFAx8xdR8syXVySRrUWQfYa0RlvCxCo1+d4zsSl6n8
1nYd9oz3lbtRaDXwJeljrpjrM8nNHWVv4A2ZPOFtkCdFZ3XFL5zh0G+0rBpuw8bO
Fj0kZj1eBQ+K9WkfLYoSOEsppqyjnBk/n2y1AAEh5V+JX1k9eM5RY4l6LKTLQK83
oIDlXeVkARNxR+F7sjOD4UlQ+1BAxFqGKayhn4R5Yps5Njp4KBkKyT/Gora2ysH5
P6WcmMvM53NkXBUTkNa8BMzxzve8/A1DQa7pmU4xaIK0rDO+Ib9n
-----END CERTIFICATE-----