Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/9f5523-269c-45b0-aa6e-1106b047f6e0/1/53kbaQg7FTSB94UmPFJuBx93PGk.roa
File:                     53kbaQg7FTSB94UmPFJuBx93PGk.roa (raw, json)
Hash identifier:          M9hPBLO5FpkjMljHL+XFBiLIFwiZ69S6PvOPIs31lX4=
Subject key identifier:   E7:79:1B:69:08:3B:15:34:81:F7:85:26:3C:52:6E:07:1F:77:3C:69
Certificate issuer:       /CN=e96334b072108abae8f321ec4cce7494c10f0ef1
Certificate serial:       018CC794026DF16E0CB682934C815B98BF63
Authority key identifier: E9:63:34:B0:72:10:8A:BA:E8:F3:21:EC:4C:CE:74:94:C1:0F:0E:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6WM0sHIQirro8yHsTM50lMEPDvE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/9f5523-269c-45b0-aa6e-1106b047f6e0/1/53kbaQg7FTSB94UmPFJuBx93PGk.roa
Signing time:             Tue 02 Jan 2024 00:30:14 +0000
ROA not before:           Tue 02 Jan 2024 00:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41745
IP address blocks:        95.215.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/9f5523-269c-45b0-aa6e-1106b047f6e0/1/6WM0sHIQirro8yHsTM50lMEPDvE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/9f5523-269c-45b0-aa6e-1106b047f6e0/1/6WM0sHIQirro8yHsTM50lMEPDvE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6WM0sHIQirro8yHsTM50lMEPDvE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:02:6d:f1:6e:0c:b6:82:93:4c:81:5b:98:bf:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e96334b072108abae8f321ec4cce7494c10f0ef1
        Validity
            Not Before: Jan  2 00:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7791b69083b153481f785263c526e071f773c69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:26:24:9e:73:23:0d:bd:c2:61:4d:27:b8:8b:
                    1b:98:ce:da:71:22:a9:a0:a5:40:5c:87:a1:f8:c6:
                    54:81:bf:59:21:ae:65:20:b9:d2:69:c6:52:51:e8:
                    01:02:e6:04:e2:35:ef:cd:3b:9a:93:5a:0f:35:e0:
                    6a:a5:3c:32:9d:ab:18:12:8a:f5:22:ff:03:38:5d:
                    85:62:48:8c:e0:de:67:6e:10:1a:ab:4d:0d:fa:75:
                    1b:1b:bd:50:ee:ea:9d:b0:00:3f:7f:41:aa:f0:5e:
                    e7:81:2f:cd:90:0a:6a:8e:c5:38:27:d2:ba:22:fd:
                    d9:d3:e5:d6:3d:7e:a1:64:9e:dd:9f:32:6d:d8:31:
                    a6:22:ee:10:9a:45:9a:91:b6:b5:fd:37:f3:ee:a4:
                    9d:ba:ed:65:3c:c1:3b:94:2f:9d:f9:a0:33:a0:61:
                    21:b0:ad:3c:81:68:3b:dc:11:e1:23:16:37:45:d8:
                    ba:bd:bf:92:a6:eb:b3:ca:63:4e:52:f0:c9:80:a8:
                    ef:aa:a0:6e:99:4f:a8:78:08:5e:4f:45:de:84:a7:
                    20:f4:5c:93:e6:ad:15:fc:cb:df:1c:08:9c:da:e4:
                    6d:d5:f5:df:4f:9d:18:c5:f9:b8:7d:88:54:9a:aa:
                    a8:8b:2d:54:4c:04:fd:12:e5:75:24:c4:e8:94:7d:
                    62:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:79:1B:69:08:3B:15:34:81:F7:85:26:3C:52:6E:07:1F:77:3C:69
            X509v3 Authority Key Identifier:
                keyid:E9:63:34:B0:72:10:8A:BA:E8:F3:21:EC:4C:CE:74:94:C1:0F:0E:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6WM0sHIQirro8yHsTM50lMEPDvE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/9f5523-269c-45b0-aa6e-1106b047f6e0/1/53kbaQg7FTSB94UmPFJuBx93PGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/9f5523-269c-45b0-aa6e-1106b047f6e0/1/6WM0sHIQirro8yHsTM50lMEPDvE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.215.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:04:d3:e5:51:93:2f:fd:63:9c:f0:8d:5a:6b:1d:77:a2:fc:
         98:9c:6a:a8:23:eb:a6:2f:c2:5e:4c:f4:18:09:bd:85:44:35:
         25:ae:7a:15:67:8c:b6:0e:20:ed:29:96:e2:63:79:88:5d:4d:
         0c:41:a9:1d:bb:6c:31:2a:be:c6:09:1f:64:11:5d:f0:33:c7:
         89:f3:4a:98:b3:4d:71:51:2f:df:14:ee:51:76:8f:91:43:b7:
         89:18:f1:bb:14:f4:65:26:ac:9f:53:50:c0:e3:50:e0:7e:21:
         06:96:59:46:e9:83:50:38:ff:3e:f6:c9:da:6e:a0:08:07:71:
         f2:44:de:a0:b5:c6:4e:d7:83:b6:fa:40:71:99:0b:3f:f0:b4:
         e4:dc:6c:2f:7d:86:8e:49:b1:52:43:e5:cd:f9:66:f1:e6:9e:
         34:4d:35:9a:d3:e1:10:ef:16:c2:22:94:65:e6:a1:f7:0a:36:
         e9:6a:e4:48:6f:8b:7f:e0:d6:0b:fd:dd:eb:61:46:5f:02:52:
         0a:f6:ee:34:97:71:b7:49:48:43:f7:d9:22:e9:62:d6:ab:5b:
         62:1d:99:21:22:b7:e1:8c:71:0a:8f:a6:aa:d3:68:f0:f8:ef:
         4c:38:e6:6b:23:37:38:eb:92:07:eb:43:a8:85:9f:71:bd:3e:
         97:25:df:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlAJt8W4MtoKTTIFbmL9jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NjMzNGIwNzIxMDhhYmFlOGYzMjFlYzRjY2U3NDk0YzEw
ZjBlZjEwHhcNMjQwMTAyMDAzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzc5MWI2OTA4M2IxNTM0ODFmNzg1MjYzYzUyNmUwNzFmNzczYzY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApyYknnMjDb3CYU0nuIsbmM7acSKp
oKVAXIeh+MZUgb9ZIa5lILnSacZSUegBAuYE4jXvzTuak1oPNeBqpTwynasYEor1
Iv8DOF2FYkiM4N5nbhAaq00N+nUbG71Q7uqdsAA/f0Gq8F7ngS/NkApqjsU4J9K6
Iv3Z0+XWPX6hZJ7dnzJt2DGmIu4QmkWakba1/Tfz7qSduu1lPME7lC+d+aAzoGEh
sK08gWg73BHhIxY3Rdi6vb+SpuuzymNOUvDJgKjvqqBumU+oeAheT0XehKcg9FyT
5q0V/MvfHAic2uRt1fXfT50Yxfm4fYhUmqqoiy1UTAT9EuV1JMTolH1i7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOd5G2kIOxU0gfeFJjxSbgcfdzxpMB8GA1UdIwQY
MBaAFOljNLByEIq66PMh7EzOdJTBDw7xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNldNMHNISVFpcnJvOHlIc1RNNTBsTUVQRHZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC85ZjU1MjMtMjY5Yy00NWIwLWFhNmUt
MTEwNmIwNDdmNmUwLzEvNTNrYmFRZzdGVFNCOTRVbVBGSnVCeDkzUEdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC85ZjU1MjMtMjY5Yy00NWIwLWFhNmUtMTEwNmIwNDdmNmUw
LzEvNldNMHNISVFpcnJvOHlIc1RNNTBsTUVQRHZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX9cIMA0G
CSqGSIb3DQEBCwUAA4IBAQAFBNPlUZMv/WOc8I1aax13ovyYnGqoI+umL8JeTPQY
Cb2FRDUlrnoVZ4y2DiDtKZbiY3mIXU0MQakdu2wxKr7GCR9kEV3wM8eJ80qYs01x
US/fFO5Rdo+RQ7eJGPG7FPRlJqyfU1DA41DgfiEGlllG6YNQOP8+9snabqAIB3Hy
RN6gtcZO14O2+kBxmQs/8LTk3GwvfYaOSbFSQ+XN+Wbx5p40TTWa0+EQ7xbCIpRl
5qH3CjbpauRIb4t/4NYL/d3rYUZfAlIK9u40l3G3SUhD99ki6WLWq1tiHZkhIrfh
jHEKj6aq02jw+O9MOOZrIzc465IH60OohZ9xvT6XJd/j
-----END CERTIFICATE-----