Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/b378e0-cf99-41b1-a38a-e136c989be33/1/xk4DOvvfnSoGJBQIEXo7RvXUR0I.roa
File:                     xk4DOvvfnSoGJBQIEXo7RvXUR0I.roa (raw, json)
Hash identifier:          rcOLU3wpYSF5aKinAeJ9Oa23NnhX7HdjU8YJxwsB/Hk=
Subject key identifier:   C6:4E:03:3A:FB:DF:9D:2A:06:24:14:08:11:7A:3B:46:F5:D4:47:42
Certificate issuer:       /CN=79646b38c3d87d33145b634b4e1dcc2145f6416c
Certificate serial:       018CC6B78895C25D412234EE9C4207DF816A
Authority key identifier: 79:64:6B:38:C3:D8:7D:33:14:5B:63:4B:4E:1D:CC:21:45:F6:41:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eWRrOMPYfTMUW2NLTh3MIUX2QWw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/b378e0-cf99-41b1-a38a-e136c989be33/1/xk4DOvvfnSoGJBQIEXo7RvXUR0I.roa
Signing time:             Mon 01 Jan 2024 20:29:25 +0000
ROA not before:           Mon 01 Jan 2024 20:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42672
IP address blocks:        95.182.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/b378e0-cf99-41b1-a38a-e136c989be33/1/eWRrOMPYfTMUW2NLTh3MIUX2QWw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/b378e0-cf99-41b1-a38a-e136c989be33/1/eWRrOMPYfTMUW2NLTh3MIUX2QWw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eWRrOMPYfTMUW2NLTh3MIUX2QWw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:88:95:c2:5d:41:22:34:ee:9c:42:07:df:81:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79646b38c3d87d33145b634b4e1dcc2145f6416c
        Validity
            Not Before: Jan  1 20:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c64e033afbdf9d2a06241408117a3b46f5d44742
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:27:2c:38:19:be:d0:25:90:94:ac:30:9a:40:
                    2b:d1:c5:44:b1:ba:e6:26:f5:cb:27:0d:4e:53:12:
                    de:2a:0a:21:68:40:0c:b0:0c:15:25:9d:a6:ed:f4:
                    d3:f3:83:60:01:41:f8:a2:02:47:c7:49:9a:90:23:
                    5e:82:ad:f6:ab:39:4a:06:bd:e5:ae:f6:77:d3:15:
                    8e:76:bd:ac:66:20:46:eb:d9:67:4a:31:e0:20:28:
                    a3:8a:06:fb:3f:c3:dc:87:a7:0b:d2:d7:60:ab:ad:
                    c7:a5:c3:0f:4c:68:bb:ad:af:94:2e:bc:42:0e:37:
                    5b:f6:ce:43:81:57:f5:cb:99:fe:c0:a0:22:13:cb:
                    14:9f:c4:5e:d8:f2:d4:e8:62:97:40:0f:48:2e:6f:
                    b3:58:89:77:65:dd:a1:0d:e0:c3:90:fe:89:10:32:
                    c5:b4:34:54:59:ad:8a:e7:49:27:c0:54:d4:62:17:
                    b1:38:b6:64:37:78:12:ee:8d:71:fa:2c:f8:37:c0:
                    a0:d1:cc:84:1e:a2:04:8d:08:33:1f:17:5f:b1:04:
                    f8:ef:c7:3c:68:85:ca:4a:fc:58:a6:a0:db:6d:42:
                    61:f5:ad:e6:f9:11:88:86:1d:d5:13:3b:4e:15:eb:
                    05:c4:19:25:ff:80:4e:a6:98:6e:e1:97:33:f4:bb:
                    8c:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:4E:03:3A:FB:DF:9D:2A:06:24:14:08:11:7A:3B:46:F5:D4:47:42
            X509v3 Authority Key Identifier:
                keyid:79:64:6B:38:C3:D8:7D:33:14:5B:63:4B:4E:1D:CC:21:45:F6:41:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eWRrOMPYfTMUW2NLTh3MIUX2QWw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/b378e0-cf99-41b1-a38a-e136c989be33/1/xk4DOvvfnSoGJBQIEXo7RvXUR0I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/b378e0-cf99-41b1-a38a-e136c989be33/1/eWRrOMPYfTMUW2NLTh3MIUX2QWw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.182.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:8e:1e:5f:e3:92:77:ec:e6:04:47:8a:e5:38:62:c3:4d:bc:
         90:17:a6:21:13:6b:03:84:5a:91:55:9f:3b:48:39:e1:87:2b:
         74:df:29:64:4e:c0:c1:90:41:00:d9:78:f9:9a:fb:49:08:7b:
         1a:c9:ed:68:58:f3:a9:36:88:7e:a5:29:9e:ab:0a:3c:bd:c0:
         a1:8e:08:e7:e3:59:7c:62:04:c9:2e:fd:00:fe:34:20:a9:bd:
         18:c9:f6:e4:f2:f5:db:97:64:fe:b8:88:2d:76:cc:ac:26:30:
         a7:dd:f4:1c:90:4c:36:00:41:dc:40:b1:52:d0:5a:25:05:b6:
         f6:2c:d4:1b:b1:13:35:45:87:8f:55:07:4d:3a:5b:fc:13:8e:
         15:7b:da:28:07:4a:b3:1a:5a:f1:2c:74:e5:76:ee:db:a6:a6:
         81:c1:13:c8:19:3d:a1:10:3b:47:d7:a0:c1:7f:1a:67:6b:b4:
         6e:ca:b1:7f:11:1f:e9:00:e3:e7:98:92:84:1f:c3:c5:6e:46:
         09:1f:bf:ce:2e:48:66:41:4f:9d:2f:94:0a:66:dd:9e:69:26:
         98:46:82:96:7a:06:fd:d0:52:83:20:b1:fd:5c:de:89:a6:b8:
         bc:eb:b7:91:0e:f8:a6:39:23:cd:4c:e5:d4:6c:54:98:01:a6:
         fa:1f:24:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt4iVwl1BIjTunEIH34FqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5NjQ2YjM4YzNkODdkMzMxNDViNjM0YjRlMWRjYzIxNDVm
NjQxNmMwHhcNMjQwMTAxMjAyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjRlMDMzYWZiZGY5ZDJhMDYyNDE0MDgxMTdhM2I0NmY1ZDQ0NzQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqScsOBm+0CWQlKwwmkAr0cVEsbrm
JvXLJw1OUxLeKgohaEAMsAwVJZ2m7fTT84NgAUH4ogJHx0makCNegq32qzlKBr3l
rvZ30xWOdr2sZiBG69lnSjHgICijigb7P8Pch6cL0tdgq63HpcMPTGi7ra+ULrxC
Djdb9s5DgVf1y5n+wKAiE8sUn8Re2PLU6GKXQA9ILm+zWIl3Zd2hDeDDkP6JEDLF
tDRUWa2K50knwFTUYhexOLZkN3gS7o1x+iz4N8Cg0cyEHqIEjQgzHxdfsQT478c8
aIXKSvxYpqDbbUJh9a3m+RGIhh3VEztOFesFxBkl/4BOpphu4Zcz9LuMlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMZOAzr7350qBiQUCBF6O0b11EdCMB8GA1UdIwQY
MBaAFHlkazjD2H0zFFtjS04dzCFF9kFsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVdSck9NUFlmVE1VVzJOTFRoM01JVVgyUVd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9iMzc4ZTAtY2Y5OS00MWIxLWEzOGEt
ZTEzNmM5ODliZTMzLzEveGs0RE92dmZuU29HSkJRSUVYbzdSdlhVUjBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9iMzc4ZTAtY2Y5OS00MWIxLWEzOGEtZTEzNmM5ODliZTMz
LzEvZVdSck9NUFlmVE1VVzJOTFRoM01JVVgyUVd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX7YYMA0G
CSqGSIb3DQEBCwUAA4IBAQCOjh5f45J37OYER4rlOGLDTbyQF6YhE2sDhFqRVZ87
SDnhhyt03ylkTsDBkEEA2Xj5mvtJCHsaye1oWPOpNoh+pSmeqwo8vcChjgjn41l8
YgTJLv0A/jQgqb0Yyfbk8vXbl2T+uIgtdsysJjCn3fQckEw2AEHcQLFS0FolBbb2
LNQbsRM1RYePVQdNOlv8E44Ve9ooB0qzGlrxLHTldu7bpqaBwRPIGT2hEDtH16DB
fxpna7RuyrF/ER/pAOPnmJKEH8PFbkYJH7/OLkhmQU+dL5QKZt2eaSaYRoKWegb9
0FKDILH9XN6Jpri867eRDvimOSPNTOXUbFSYAab6HyS1
-----END CERTIFICATE-----