Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/8a8487-931a-42fb-b664-c52df4aa521d/1/xGtllBH4I-7BmHugubV47oPlzPU.roa
File:                     xGtllBH4I-7BmHugubV47oPlzPU.roa (raw, json)
Hash identifier:          h1QrNrWLg6z6N8Kjoi9wHcio7W3ElR5AVzcA5Cr+Los=
Subject key identifier:   C4:6B:65:94:11:F8:23:EE:C1:98:7B:A0:B9:B5:78:EE:83:E5:CC:F5
Certificate issuer:       /CN=b55800300fa4017f970c95d767d812fd10d0dcbc
Certificate serial:       018CC5DBF0E2782A9BC6910E4899E7FFDE39
Authority key identifier: B5:58:00:30:0F:A4:01:7F:97:0C:95:D7:67:D8:12:FD:10:D0:DC:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVgAMA-kAX-XDJXXZ9gS_RDQ3Lw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/8a8487-931a-42fb-b664-c52df4aa521d/1/xGtllBH4I-7BmHugubV47oPlzPU.roa
Signing time:             Mon 01 Jan 2024 16:29:34 +0000
ROA not before:           Mon 01 Jan 2024 16:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203
IP address blocks:        195.93.197.0/24 maxlen: 24
                          195.93.196.0/24 maxlen: 24
                          95.130.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/8a8487-931a-42fb-b664-c52df4aa521d/1/tVgAMA-kAX-XDJXXZ9gS_RDQ3Lw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/8a8487-931a-42fb-b664-c52df4aa521d/1/tVgAMA-kAX-XDJXXZ9gS_RDQ3Lw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVgAMA-kAX-XDJXXZ9gS_RDQ3Lw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:f0:e2:78:2a:9b:c6:91:0e:48:99:e7:ff:de:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55800300fa4017f970c95d767d812fd10d0dcbc
        Validity
            Not Before: Jan  1 16:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c46b659411f823eec1987ba0b9b578ee83e5ccf5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:a0:fe:3d:e2:6a:1e:3a:4e:4f:f2:4d:7e:84:
                    fe:f5:0a:64:de:bd:89:57:ed:84:06:4c:06:78:42:
                    6f:c8:4e:96:6e:d7:bf:cd:ed:21:b0:74:a3:5d:9c:
                    d8:dd:60:f5:9a:33:ac:af:7e:a4:5e:4b:1a:f6:8a:
                    5a:e1:2b:16:b3:8c:d7:59:f3:ee:39:57:de:38:9a:
                    08:f3:89:e2:fe:14:f6:c6:df:1e:bf:6b:54:6a:bd:
                    3f:fe:92:dc:c0:e9:36:9b:21:68:cf:e1:e1:49:16:
                    6c:47:a8:bd:07:d8:06:e2:5a:45:40:1d:34:c3:fc:
                    71:bd:34:15:41:df:70:8b:73:69:4f:d9:4a:46:6c:
                    39:ae:c2:16:a6:93:8e:84:07:c9:5a:a5:06:76:5d:
                    77:8d:1e:56:7f:07:3f:93:0a:7c:65:c8:b6:cd:e1:
                    30:df:c9:c8:57:04:2b:77:a5:29:42:e9:22:b3:3c:
                    8f:62:81:8e:4e:e5:70:9d:c3:94:8e:29:5b:9d:0c:
                    06:aa:0e:11:85:fe:3e:07:d6:05:5f:7c:7a:26:12:
                    98:df:ba:a4:68:7e:65:3a:3f:d1:49:ec:86:f5:41:
                    67:94:af:c0:6d:6c:f6:df:0d:ae:a0:4c:e0:d2:69:
                    e6:69:09:4e:09:73:7c:0d:f5:aa:c1:06:81:8d:bd:
                    9b:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:6B:65:94:11:F8:23:EE:C1:98:7B:A0:B9:B5:78:EE:83:E5:CC:F5
            X509v3 Authority Key Identifier:
                keyid:B5:58:00:30:0F:A4:01:7F:97:0C:95:D7:67:D8:12:FD:10:D0:DC:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVgAMA-kAX-XDJXXZ9gS_RDQ3Lw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/8a8487-931a-42fb-b664-c52df4aa521d/1/xGtllBH4I-7BmHugubV47oPlzPU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/8a8487-931a-42fb-b664-c52df4aa521d/1/tVgAMA-kAX-XDJXXZ9gS_RDQ3Lw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.130.110.0/24
                  195.93.196.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4e:2d:60:3f:65:d7:0a:be:81:b6:11:38:78:ec:24:6f:0f:a8:
         82:13:c5:dd:5f:56:40:e5:0e:22:6f:88:40:3a:63:88:31:e6:
         64:51:9e:be:f2:30:d8:7f:b1:cb:4c:5b:24:22:bf:db:6c:5e:
         55:62:0a:04:b3:b8:1d:53:12:22:89:0a:15:56:40:fa:ec:4a:
         70:a4:17:25:73:06:3c:32:c3:8e:4c:3b:06:bb:f6:54:90:2d:
         05:ff:d1:e6:83:ae:98:24:43:9c:65:54:79:5a:54:16:70:eb:
         8d:17:5b:ae:c4:fd:0f:c3:14:6c:85:31:0f:28:46:d2:85:ed:
         52:93:d9:39:7f:3c:f2:e1:69:f5:ec:fe:b7:11:df:64:1e:e9:
         ef:df:28:81:4d:22:b7:f7:ad:75:49:b3:1b:75:e1:59:ba:68:
         c8:2c:dc:a1:55:58:c4:29:cc:8c:64:a2:36:e6:f9:77:e0:18:
         59:e4:b9:a6:de:70:4e:df:b4:a0:2e:81:1a:2a:22:9b:b4:b5:
         59:a1:a4:e5:ff:73:27:07:ca:08:ed:04:a0:26:5d:02:f4:3e:
         9c:98:9e:d8:e8:13:f2:87:5c:54:c3:07:9c:a3:ee:0a:28:cb:
         fb:0b:18:84:7c:f5:52:3a:30:19:a0:f1:0c:ba:ad:ec:d6:68:
         ad:0c:61:2c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF2/DieCqbxpEOSJnn/945MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTgwMDMwMGZhNDAxN2Y5NzBjOTVkNzY3ZDgxMmZkMTBk
MGRjYmMwHhcNMjQwMTAxMTYyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDZiNjU5NDExZjgyM2VlYzE5ODdiYTBiOWI1NzhlZTgzZTVjY2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqD+PeJqHjpOT/JNfoT+9Qpk3r2J
V+2EBkwGeEJvyE6Wbte/ze0hsHSjXZzY3WD1mjOsr36kXksa9opa4SsWs4zXWfPu
OVfeOJoI84ni/hT2xt8ev2tUar0//pLcwOk2myFoz+HhSRZsR6i9B9gG4lpFQB00
w/xxvTQVQd9wi3NpT9lKRmw5rsIWppOOhAfJWqUGdl13jR5Wfwc/kwp8Zci2zeEw
38nIVwQrd6UpQukiszyPYoGOTuVwncOUjilbnQwGqg4Rhf4+B9YFX3x6JhKY37qk
aH5lOj/RSeyG9UFnlK/AbWz23w2uoEzg0mnmaQlOCXN8DfWqwQaBjb2bwQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMRrZZQR+CPuwZh7oLm1eO6D5cz1MB8GA1UdIwQY
MBaAFLVYADAPpAF/lwyV12fYEv0Q0Ny8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZnQU1BLWtBWC1YREpYWFo5Z1NfUkRRM0x3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC84YTg0ODctOTMxYS00MmZiLWI2NjQt
YzUyZGY0YWE1MjFkLzEveEd0bGxCSDRJLTdCbUh1Z3ViVjQ3b1BselBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC84YTg0ODctOTMxYS00MmZiLWI2NjQtYzUyZGY0YWE1MjFk
LzEvdFZnQU1BLWtBWC1YREpYWFo5Z1NfUkRRM0x3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAX4JuAwQB
w13EMA0GCSqGSIb3DQEBCwUAA4IBAQBOLWA/ZdcKvoG2ETh47CRvD6iCE8XdX1ZA
5Q4ib4hAOmOIMeZkUZ6+8jDYf7HLTFskIr/bbF5VYgoEs7gdUxIiiQoVVkD67Epw
pBclcwY8MsOOTDsGu/ZUkC0F/9Hmg66YJEOcZVR5WlQWcOuNF1uuxP0PwxRshTEP
KEbShe1Sk9k5fzzy4Wn17P63Ed9kHunv3yiBTSK39611SbMbdeFZumjILNyhVVjE
KcyMZKI25vl34BhZ5Lmm3nBO37SgLoEaKiKbtLVZoaTl/3MnB8oI7QSgJl0C9D6c
mJ7Y6BPyh1xUwweco+4KKMv7CxiEfPVSOjAZoPEMuq3s1mitDGEs
-----END CERTIFICATE-----