Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/e4ccbb-fd61-4fc4-aabd-a1883c8b1fe4/1/LVIdaYduoFlUa7cF0x5TUDL9GRk.roa
File:                     LVIdaYduoFlUa7cF0x5TUDL9GRk.roa (raw, json)
Hash identifier:          y6H1ohqB+5LU4JN5crKY2r9w6Dvj5RyiHgrOjEm3KUg=
Subject key identifier:   2D:52:1D:69:87:6E:A0:59:54:6B:B7:05:D3:1E:53:50:32:FD:19:19
Certificate issuer:       /CN=e2e4cfe47aed51ec71aa75f536189bad6e862deb
Certificate serial:       018CC9BA64227D9B5FCED7060145FCC0ADFB
Authority key identifier: E2:E4:CF:E4:7A:ED:51:EC:71:AA:75:F5:36:18:9B:AD:6E:86:2D:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4uTP5HrtUexxqnX1NhibrW6GLes.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/e4ccbb-fd61-4fc4-aabd-a1883c8b1fe4/1/LVIdaYduoFlUa7cF0x5TUDL9GRk.roa
Signing time:             Tue 02 Jan 2024 10:31:24 +0000
ROA not before:           Tue 02 Jan 2024 10:31:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62206
IP address blocks:        95.215.40.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/e4ccbb-fd61-4fc4-aabd-a1883c8b1fe4/1/4uTP5HrtUexxqnX1NhibrW6GLes.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/e4ccbb-fd61-4fc4-aabd-a1883c8b1fe4/1/4uTP5HrtUexxqnX1NhibrW6GLes.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4uTP5HrtUexxqnX1NhibrW6GLes.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:64:22:7d:9b:5f:ce:d7:06:01:45:fc:c0:ad:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2e4cfe47aed51ec71aa75f536189bad6e862deb
        Validity
            Not Before: Jan  2 10:31:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d521d69876ea059546bb705d31e535032fd1919
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:b3:34:43:2e:c1:05:55:17:7f:57:02:d1:8d:
                    fc:60:1d:85:08:0c:32:88:71:69:ff:ae:3e:7b:ba:
                    60:06:de:a8:0f:bd:ee:e4:bd:5d:63:cf:51:95:de:
                    64:40:3c:4c:42:a9:83:f9:9d:04:65:21:64:88:52:
                    ec:02:b0:fc:99:8e:7a:02:af:20:26:3d:69:be:6c:
                    31:a2:1e:b9:f9:9b:c5:31:4a:ef:05:29:9b:18:97:
                    e8:f0:68:0a:85:e4:04:d7:9a:87:5c:d1:34:2a:eb:
                    d0:54:52:eb:e4:3d:5d:00:c4:7e:39:d5:f7:e8:3f:
                    32:6a:bc:4b:85:8c:7d:3f:cf:7a:34:23:95:05:6b:
                    ef:1b:ec:76:e2:e9:fc:c8:2e:fb:89:e8:c7:ba:7b:
                    8b:41:9e:3f:a2:80:59:78:ab:1e:59:d0:c5:8a:03:
                    d7:1a:58:66:ea:ab:3c:1e:ef:b4:47:df:36:f1:bd:
                    e7:5e:40:1d:26:15:8c:31:2a:b4:79:45:8a:ab:cf:
                    95:a3:c5:59:68:95:e9:c8:67:6c:85:4f:40:ab:fa:
                    7a:86:e3:7c:53:57:78:47:60:54:ce:15:76:27:db:
                    a8:9c:c3:f5:11:ee:97:ed:02:dc:5c:1e:1d:44:de:
                    70:47:4c:20:2b:56:87:f0:49:b5:53:ec:22:21:f7:
                    2c:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:52:1D:69:87:6E:A0:59:54:6B:B7:05:D3:1E:53:50:32:FD:19:19
            X509v3 Authority Key Identifier:
                keyid:E2:E4:CF:E4:7A:ED:51:EC:71:AA:75:F5:36:18:9B:AD:6E:86:2D:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4uTP5HrtUexxqnX1NhibrW6GLes.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/e4ccbb-fd61-4fc4-aabd-a1883c8b1fe4/1/LVIdaYduoFlUa7cF0x5TUDL9GRk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/e4ccbb-fd61-4fc4-aabd-a1883c8b1fe4/1/4uTP5HrtUexxqnX1NhibrW6GLes.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.215.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a4:fc:25:94:61:3e:7b:7e:55:39:1b:79:b6:26:ec:4e:97:33:
         0a:4c:eb:01:e3:3c:1e:63:84:33:2f:8f:01:c0:fd:13:94:ae:
         8f:3e:52:d7:cf:b6:87:ee:00:2c:a5:30:c1:d2:b5:b3:49:5c:
         c1:63:c1:7b:4a:15:9c:11:ff:82:53:09:26:42:6a:f4:ad:16:
         47:6c:33:44:2f:fd:f8:0d:b8:f2:3a:20:52:95:31:57:ba:8d:
         9e:e3:08:ae:51:fb:e0:2e:1b:06:2b:6c:d7:0c:5c:b7:a1:31:
         2d:f0:c3:62:51:1e:70:18:2d:5c:b2:14:e5:0d:7c:ed:e7:6a:
         a2:44:e1:e6:f3:2a:40:bc:8f:ae:df:71:95:ee:6b:35:6a:3f:
         37:5f:29:2b:f8:d0:8a:e3:3b:50:35:73:b9:ac:6a:b7:fd:b7:
         44:97:45:c4:4a:73:b4:e0:66:a7:24:17:62:f2:01:be:0e:b0:
         9c:6f:ca:ec:e5:37:03:66:67:97:42:99:1e:b0:0e:af:39:5b:
         6c:b4:fd:4a:3a:1a:e9:d2:3f:18:b6:d0:4c:53:5d:9e:6f:b2:
         b5:35:91:f3:ca:97:49:9a:b9:d3:f1:ea:76:78:e4:18:98:a5:
         1e:a8:11:75:4d:82:48:91:03:8c:15:58:f1:bc:2b:69:c5:c7:
         ce:7d:79:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJumQifZtfztcGAUX8wK37MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZTRjZmU0N2FlZDUxZWM3MWFhNzVmNTM2MTg5YmFkNmU4
NjJkZWIwHhcNMjQwMTAyMTAzMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDUyMWQ2OTg3NmVhMDU5NTQ2YmI3MDVkMzFlNTM1MDMyZmQxOTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjrM0Qy7BBVUXf1cC0Y38YB2FCAwy
iHFp/64+e7pgBt6oD73u5L1dY89Rld5kQDxMQqmD+Z0EZSFkiFLsArD8mY56Aq8g
Jj1pvmwxoh65+ZvFMUrvBSmbGJfo8GgKheQE15qHXNE0KuvQVFLr5D1dAMR+OdX3
6D8yarxLhYx9P896NCOVBWvvG+x24un8yC77iejHunuLQZ4/ooBZeKseWdDFigPX
Glhm6qs8Hu+0R9828b3nXkAdJhWMMSq0eUWKq8+Vo8VZaJXpyGdshU9Aq/p6huN8
U1d4R2BUzhV2J9uonMP1Ee6X7QLcXB4dRN5wR0wgK1aH8Em1U+wiIfcsWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC1SHWmHbqBZVGu3BdMeU1Ay/RkZMB8GA1UdIwQY
MBaAFOLkz+R67VHscap19TYYm61uhi3rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHVUUDVIcnRVZXh4cW5YMU5oaWJyVzZHTGVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9lNGNjYmItZmQ2MS00ZmM0LWFhYmQt
YTE4ODNjOGIxZmU0LzEvTFZJZGFZZHVvRmxVYTdjRjB4NVRVREw5R1JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9lNGNjYmItZmQ2MS00ZmM0LWFhYmQtYTE4ODNjOGIxZmU0
LzEvNHVUUDVIcnRVZXh4cW5YMU5oaWJyVzZHTGVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCX9coMA0G
CSqGSIb3DQEBCwUAA4IBAQCk/CWUYT57flU5G3m2JuxOlzMKTOsB4zweY4QzL48B
wP0TlK6PPlLXz7aH7gAspTDB0rWzSVzBY8F7ShWcEf+CUwkmQmr0rRZHbDNEL/34
DbjyOiBSlTFXuo2e4wiuUfvgLhsGK2zXDFy3oTEt8MNiUR5wGC1cshTlDXzt52qi
ROHm8ypAvI+u33GV7ms1aj83Xykr+NCK4ztQNXO5rGq3/bdEl0XESnO04GanJBdi
8gG+DrCcb8rs5TcDZmeXQpkesA6vOVtstP1KOhrp0j8YttBMU12eb7K1NZHzypdJ
mrnT8ep2eOQYmKUeqBF1TYJIkQOMFVjxvCtpxcfOfXlJ
-----END CERTIFICATE-----