Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/yixdNNBL7KF0B4qxmhviXksxk1I.roa
File:                     yixdNNBL7KF0B4qxmhviXksxk1I.roa (raw, json)
Hash identifier:          BoKbk5HtjpkwtTLtCnsoW25K+z8jpIHQF+MvNroJspk=
Subject key identifier:   CA:2C:5D:34:D0:4B:EC:A1:74:07:8A:B1:9A:1B:E2:5E:4B:31:93:52
Certificate issuer:       /CN=9374b853dfd9973f2cd994b2e3b75461d9a3fc44
Certificate serial:       018D658F7316C91608EBED58912F97616570
Authority key identifier: 93:74:B8:53:DF:D9:97:3F:2C:D9:94:B2:E3:B7:54:61:D9:A3:FC:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/yixdNNBL7KF0B4qxmhviXksxk1I.roa
Signing time:             Thu 01 Feb 2024 16:45:16 +0000
ROA not before:           Thu 01 Feb 2024 16:45:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        95.128.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 01:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:65:8f:73:16:c9:16:08:eb:ed:58:91:2f:97:61:65:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9374b853dfd9973f2cd994b2e3b75461d9a3fc44
        Validity
            Not Before: Feb  1 16:45:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca2c5d34d04beca174078ab19a1be25e4b319352
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:7f:f3:ae:45:0b:dc:e3:ea:e7:ce:d0:fa:40:
                    8d:0b:3c:d9:76:9c:96:ce:d1:c2:aa:6a:0a:f8:a4:
                    aa:bc:11:6a:6d:9a:1b:3c:54:c6:7c:38:87:f9:44:
                    3d:d0:8d:86:ae:11:6a:86:cb:4b:97:12:0f:50:55:
                    3f:d3:99:b5:18:76:3c:1d:92:e8:56:9e:17:9b:63:
                    79:8e:48:b9:d3:4e:04:59:55:66:3d:1b:e4:cd:2a:
                    7d:b2:d1:fb:d2:81:45:8e:5f:99:03:4e:de:ec:25:
                    e4:39:89:19:96:bf:87:0b:04:0c:19:42:9a:3a:ef:
                    77:30:a6:8b:5a:eb:bd:02:ee:d1:3e:a1:b8:ac:70:
                    de:78:e2:17:2e:4e:44:64:13:62:32:90:85:a7:11:
                    a4:f6:b3:f5:03:c8:d1:b2:6a:cd:13:ae:a2:f5:f1:
                    9d:38:8d:e5:e2:86:0a:d3:67:c9:fc:10:ff:e9:73:
                    6f:f7:81:a3:4d:22:01:3c:46:4b:38:64:33:6b:06:
                    61:a4:d6:25:16:55:42:2a:b7:27:73:3d:8e:a8:ee:
                    47:8e:7c:af:cd:d5:0a:f5:12:e3:35:51:1b:7b:72:
                    92:be:fb:5d:09:55:72:c2:ed:1b:92:f4:59:58:a8:
                    56:00:22:66:dd:ec:77:71:d6:3c:51:95:b8:b2:f1:
                    b3:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:2C:5D:34:D0:4B:EC:A1:74:07:8A:B1:9A:1B:E2:5E:4B:31:93:52
            X509v3 Authority Key Identifier:
                keyid:93:74:B8:53:DF:D9:97:3F:2C:D9:94:B2:E3:B7:54:61:D9:A3:FC:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/yixdNNBL7KF0B4qxmhviXksxk1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:cc:ee:25:5d:ae:a0:dd:36:db:4a:4f:9d:25:b7:dc:0f:0c:
         b2:43:a8:ac:4b:9b:de:b9:a7:8e:5a:bd:c6:e8:db:b7:37:7f:
         f2:b7:2a:4f:7a:f9:e4:a7:33:9b:09:f9:fe:d4:03:2a:2c:c5:
         72:50:ee:51:56:29:b7:f7:a4:f7:46:49:1b:5c:ac:8e:77:e5:
         33:62:32:be:67:32:db:13:0d:fa:6b:3b:09:f3:f6:dd:34:fb:
         95:9c:6b:7d:ca:b6:cb:7d:21:cf:25:61:87:91:8a:96:28:2e:
         f4:c3:fc:8b:7a:5a:58:fe:75:d2:a7:9e:1a:97:90:cf:2c:90:
         77:14:e7:4f:d3:4b:80:50:d5:95:85:ca:fd:c0:e5:fc:22:33:
         50:9d:2a:8b:1f:50:29:53:dd:f7:c6:34:5e:12:57:0f:49:49:
         63:d5:84:93:a7:09:0b:8c:f9:b4:a6:54:d2:af:75:77:fc:a3:
         f1:17:9d:fb:0f:c0:8b:66:10:d2:8e:cf:06:fe:10:3c:d1:7e:
         a6:ea:4b:12:55:b8:d7:e8:72:7e:da:6f:9c:1e:4b:da:3f:81:
         3d:ae:0b:0e:c0:12:27:ad:0d:a7:3b:86:5b:20:23:09:6f:d6:
         5e:5e:c9:12:18:22:48:89:c9:eb:75:96:d5:35:1b:52:c2:28:
         95:20:a9:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1lj3MWyRYI6+1YkS+XYWVwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNzRiODUzZGZkOTk3M2YyY2Q5OTRiMmUzYjc1NDYxZDlh
M2ZjNDQwHhcNMjQwMjAxMTY0NTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTJjNWQzNGQwNGJlY2ExNzQwNzhhYjE5YTFiZTI1ZTRiMzE5MzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuH/zrkUL3OPq587Q+kCNCzzZdpyW
ztHCqmoK+KSqvBFqbZobPFTGfDiH+UQ90I2GrhFqhstLlxIPUFU/05m1GHY8HZLo
Vp4Xm2N5jki5004EWVVmPRvkzSp9stH70oFFjl+ZA07e7CXkOYkZlr+HCwQMGUKa
Ou93MKaLWuu9Au7RPqG4rHDeeOIXLk5EZBNiMpCFpxGk9rP1A8jRsmrNE66i9fGd
OI3l4oYK02fJ/BD/6XNv94GjTSIBPEZLOGQzawZhpNYlFlVCKrcncz2OqO5Hjnyv
zdUK9RLjNVEbe3KSvvtdCVVywu0bkvRZWKhWACJm3ex3cdY8UZW4svGzYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMosXTTQS+yhdAeKsZob4l5LMZNSMB8GA1UdIwQY
MBaAFJN0uFPf2Zc/LNmUsuO3VGHZo/xEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazNTNFU5X1psejhzMlpTeTQ3ZFVZZG1qX0VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9iYTdiMzMtNWNkOC00MDRmLWJmZmQt
NjViY2M4Y2VmZGQyLzEveWl4ZE5OQkw3S0YwQjRxeG1odmlYa3N4azFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9iYTdiMzMtNWNkOC00MDRmLWJmZmQtNjViY2M4Y2VmZGQy
LzEvazNTNFU5X1psejhzMlpTeTQ3ZFVZZG1qX0VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4DGMA0G
CSqGSIb3DQEBCwUAA4IBAQBqzO4lXa6g3TbbSk+dJbfcDwyyQ6isS5veuaeOWr3G
6Nu3N3/ytypPevnkpzObCfn+1AMqLMVyUO5RVim396T3RkkbXKyOd+UzYjK+ZzLb
Ew36azsJ8/bdNPuVnGt9yrbLfSHPJWGHkYqWKC70w/yLelpY/nXSp54al5DPLJB3
FOdP00uAUNWVhcr9wOX8IjNQnSqLH1ApU933xjReElcPSUlj1YSTpwkLjPm0plTS
r3V3/KPxF537D8CLZhDSjs8G/hA80X6m6ksSVbjX6HJ+2m+cHkvaP4E9rgsOwBIn
rQ2nO4ZbICMJb9ZeXskSGCJIicnrdZbVNRtSwiiVIKmU
-----END CERTIFICATE-----