Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/ee09f1-7d0b-431f-aaee-bb8debc00388/1/leJobSz-95mCGZ1i2Mo_WJhrusw.roa
File:                     leJobSz-95mCGZ1i2Mo_WJhrusw.roa (raw, json)
Hash identifier:          W3UgoZngm85QuUydHp9O+U/MoQVJvd3baiBcd4B6MGM=
Subject key identifier:   95:E2:68:6D:2C:FE:F7:99:82:19:9D:62:D8:CA:3F:58:98:6B:BA:CC
Certificate issuer:       /CN=c61850173c8d28d5afbf91091ca63e5da3c75ed4
Certificate serial:       018CC4937037E24B736715B83082964289FF
Authority key identifier: C6:18:50:17:3C:8D:28:D5:AF:BF:91:09:1C:A6:3E:5D:A3:C7:5E:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhhQFzyNKNWvv5EJHKY-XaPHXtQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/ee09f1-7d0b-431f-aaee-bb8debc00388/1/leJobSz-95mCGZ1i2Mo_WJhrusw.roa
Signing time:             Mon 01 Jan 2024 10:30:45 +0000
ROA not before:           Mon 01 Jan 2024 10:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207661
IP address blocks:        194.32.161.0/24 maxlen: 24
                          2a05:5100::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/ee09f1-7d0b-431f-aaee-bb8debc00388/1/xhhQFzyNKNWvv5EJHKY-XaPHXtQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/ee09f1-7d0b-431f-aaee-bb8debc00388/1/xhhQFzyNKNWvv5EJHKY-XaPHXtQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhhQFzyNKNWvv5EJHKY-XaPHXtQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:70:37:e2:4b:73:67:15:b8:30:82:96:42:89:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c61850173c8d28d5afbf91091ca63e5da3c75ed4
        Validity
            Not Before: Jan  1 10:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=95e2686d2cfef79982199d62d8ca3f58986bbacc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:03:db:92:1d:a0:5b:71:9a:c8:36:e1:d2:01:
                    1a:d4:5b:89:82:b0:5e:3d:43:25:c8:f3:15:06:0f:
                    cf:9b:7a:5a:0a:ce:70:ef:3f:11:cd:ea:fc:b8:b3:
                    90:18:48:df:56:77:0c:4a:2e:58:95:a3:bb:cc:25:
                    25:a5:34:11:60:b8:4f:c8:46:50:d0:b3:9b:2c:28:
                    fd:49:c6:08:c0:45:bd:e8:26:7b:74:7a:66:7d:9c:
                    ba:8f:5d:93:71:64:f4:a9:df:fd:ef:98:28:9c:dd:
                    fd:8b:49:94:b4:79:64:08:b4:de:63:9a:90:dd:ae:
                    22:d5:61:4b:58:da:7f:5d:04:6a:b6:9f:1c:ef:c0:
                    23:4a:a4:41:d3:01:a6:c4:78:03:cd:8e:59:c0:80:
                    b5:cb:e4:f5:92:59:5f:10:a0:c5:e2:76:68:97:85:
                    24:f3:39:a2:68:e5:68:a4:c9:a3:8b:1e:6e:3d:45:
                    41:bb:c2:73:be:cc:62:9f:02:60:c9:7d:ca:66:d1:
                    1a:8c:09:db:ad:f2:87:5c:e4:1b:72:53:59:1f:a7:
                    84:d4:53:87:7c:a7:d9:6c:01:a6:f8:6c:39:36:23:
                    98:58:a8:4c:ec:a1:86:76:bd:76:37:ba:e2:98:29:
                    fa:16:ab:3f:3a:4c:4a:be:98:3e:e9:74:40:c8:93:
                    97:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:E2:68:6D:2C:FE:F7:99:82:19:9D:62:D8:CA:3F:58:98:6B:BA:CC
            X509v3 Authority Key Identifier:
                keyid:C6:18:50:17:3C:8D:28:D5:AF:BF:91:09:1C:A6:3E:5D:A3:C7:5E:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhhQFzyNKNWvv5EJHKY-XaPHXtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/ee09f1-7d0b-431f-aaee-bb8debc00388/1/leJobSz-95mCGZ1i2Mo_WJhrusw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/ee09f1-7d0b-431f-aaee-bb8debc00388/1/xhhQFzyNKNWvv5EJHKY-XaPHXtQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.32.161.0/24
                IPv6:
                  2a05:5100::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:29:3d:9d:9b:22:10:b3:2b:df:0b:e9:ad:6f:45:bd:2e:9c:
         0f:66:9f:f9:1d:10:24:a9:cc:00:2e:9d:ab:5b:55:81:16:86:
         b7:5b:15:95:a8:a5:f7:a7:ad:9f:47:bd:64:3e:5c:2f:21:3a:
         92:6f:62:fc:35:50:ac:46:78:17:4b:84:0e:16:c8:50:8f:66:
         1b:96:7e:d1:0b:6d:7c:a2:a4:21:e5:3d:23:fa:56:30:4a:7b:
         11:51:dc:d5:7e:58:1d:3d:cc:7c:13:01:48:06:e5:d7:5d:46:
         f3:8c:15:50:1c:3a:bf:72:f7:41:b1:9c:62:af:a3:2e:d2:9d:
         cf:42:5e:5d:d1:fd:26:9b:49:f5:60:bf:5c:2b:7b:fd:d4:47:
         0d:0f:6b:0a:59:87:1d:f8:3d:9a:bc:2e:1f:38:a6:c6:77:43:
         25:eb:fc:1b:cf:74:a8:60:23:e1:42:15:ce:21:1e:c8:2f:f5:
         bb:15:a7:42:8b:13:07:0d:a7:06:2c:4a:77:0b:24:f9:6c:14:
         1b:c8:a2:94:44:0a:85:a2:3d:4d:ff:46:49:d3:57:69:71:01:
         ab:47:1f:d5:d4:fa:27:ab:18:7b:79:b9:0b:e4:38:cb:e5:93:
         80:af:08:f3:86:aa:64:ca:89:04:3d:fa:74:46:cf:2c:6c:b2:
         7e:74:ca:43
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEk3A34ktzZxW4MIKWQon/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTg1MDE3M2M4ZDI4ZDVhZmJmOTEwOTFjYTYzZTVkYTNj
NzVlZDQwHhcNMjQwMTAxMTAzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWUyNjg2ZDJjZmVmNzk5ODIxOTlkNjJkOGNhM2Y1ODk4NmJiYWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgPbkh2gW3GayDbh0gEa1FuJgrBe
PUMlyPMVBg/Pm3paCs5w7z8Rzer8uLOQGEjfVncMSi5YlaO7zCUlpTQRYLhPyEZQ
0LObLCj9ScYIwEW96CZ7dHpmfZy6j12TcWT0qd/975gonN39i0mUtHlkCLTeY5qQ
3a4i1WFLWNp/XQRqtp8c78AjSqRB0wGmxHgDzY5ZwIC1y+T1kllfEKDF4nZol4Uk
8zmiaOVopMmjix5uPUVBu8JzvsxinwJgyX3KZtEajAnbrfKHXOQbclNZH6eE1FOH
fKfZbAGm+Gw5NiOYWKhM7KGGdr12N7rimCn6Fqs/OkxKvpg+6XRAyJOXvQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJXiaG0s/veZghmdYtjKP1iYa7rMMB8GA1UdIwQY
MBaAFMYYUBc8jSjVr7+RCRymPl2jx17UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhoUUZ6eU5LTld2djVFSkhLWS1YYVBIWHRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9lZTA5ZjEtN2QwYi00MzFmLWFhZWUt
YmI4ZGViYzAwMzg4LzEvbGVKb2JTei05NW1DR1oxaTJNb19XSmhydXN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9lZTA5ZjEtN2QwYi00MzFmLWFhZWUtYmI4ZGViYzAwMzg4
LzEveGhoUUZ6eU5LTld2djVFSkhLWS1YYVBIWHRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwiChMA8E
AgACMAkDBwAqBVEAAAAwDQYJKoZIhvcNAQELBQADggEBADkpPZ2bIhCzK98L6a1v
Rb0unA9mn/kdECSpzAAunatbVYEWhrdbFZWopfenrZ9HvWQ+XC8hOpJvYvw1UKxG
eBdLhA4WyFCPZhuWftELbXyipCHlPSP6VjBKexFR3NV+WB09zHwTAUgG5dddRvOM
FVAcOr9y90GxnGKvoy7Snc9CXl3R/SabSfVgv1wre/3URw0PawpZhx34PZq8Lh84
psZ3QyXr/BvPdKhgI+FCFc4hHsgv9bsVp0KLEwcNpwYsSncLJPlsFBvIopRECoWi
PU3/RknTV2lxAatHH9XU+ierGHt5uQvkOMvlk4CvCPOGqmTKiQQ9+nRGzyxssn50
ykM=
-----END CERTIFICATE-----