Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/a89b3c-972c-4bee-80f2-5c2919da8df3/1/TZ9nI7PNWsFJVTyYcbBJE2Y3L7s.roa
File:                     TZ9nI7PNWsFJVTyYcbBJE2Y3L7s.roa (raw, json)
Hash identifier:          blf20sYxiiLbd3PcfFjue1C3dlRJyzHB9TFJNVnEglI=
Subject key identifier:   4D:9F:67:23:B3:CD:5A:C1:49:55:3C:98:71:B0:49:13:66:37:2F:BB
Certificate issuer:       /CN=82e22da9bf0a74171eebb4cd98fc25f3041add2f
Certificate serial:       018CC50115FBEDC58ED816E9AEEB8146251D
Authority key identifier: 82:E2:2D:A9:BF:0A:74:17:1E:EB:B4:CD:98:FC:25:F3:04:1A:DD:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/guItqb8KdBce67TNmPwl8wQa3S8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/a89b3c-972c-4bee-80f2-5c2919da8df3/1/TZ9nI7PNWsFJVTyYcbBJE2Y3L7s.roa
Signing time:             Mon 01 Jan 2024 12:30:31 +0000
ROA not before:           Mon 01 Jan 2024 12:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29445
IP address blocks:        195.149.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/a89b3c-972c-4bee-80f2-5c2919da8df3/1/guItqb8KdBce67TNmPwl8wQa3S8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/a89b3c-972c-4bee-80f2-5c2919da8df3/1/guItqb8KdBce67TNmPwl8wQa3S8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/guItqb8KdBce67TNmPwl8wQa3S8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:15:fb:ed:c5:8e:d8:16:e9:ae:eb:81:46:25:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=82e22da9bf0a74171eebb4cd98fc25f3041add2f
        Validity
            Not Before: Jan  1 12:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d9f6723b3cd5ac149553c9871b0491366372fbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:8a:2b:a3:f1:09:54:04:0b:bb:c0:e4:04:b5:
                    3e:64:cf:f2:2b:c5:d4:c7:dd:84:a4:4c:7d:b5:43:
                    ee:05:1a:79:c0:0c:ce:2e:87:15:40:90:69:3c:bb:
                    5d:f0:11:31:26:de:38:87:85:b2:7d:c8:19:b4:64:
                    e3:71:a3:63:65:e3:8f:63:28:cd:47:f2:42:dc:ca:
                    72:7d:da:b9:42:3d:67:13:66:57:6a:72:2a:48:02:
                    91:12:d0:63:69:84:2d:1e:0b:42:3f:58:01:1d:60:
                    fb:d8:c2:f9:fd:ba:a6:72:6d:33:8a:04:53:b8:9f:
                    22:04:6e:29:22:03:8b:e9:39:38:ed:d1:38:53:5d:
                    78:fd:6a:d4:fc:72:52:ed:c1:96:53:69:0d:e6:85:
                    4c:10:53:c9:8a:36:66:10:a9:fa:e4:8d:23:10:6e:
                    4b:84:09:6a:8f:5c:22:83:46:8d:70:bf:27:cb:a4:
                    f8:b6:87:ef:85:90:3e:6e:3c:32:e6:b2:90:46:87:
                    36:10:b8:4d:8a:16:42:ff:c5:88:5f:85:1b:d8:da:
                    e7:b6:4b:0e:cf:51:12:5e:5b:4b:10:a2:67:e0:27:
                    1b:83:5f:f3:94:62:9a:58:95:24:2e:3a:6d:b9:41:
                    fb:a7:fa:98:34:5b:ed:5b:fd:b0:e5:a8:ca:be:6e:
                    bb:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:9F:67:23:B3:CD:5A:C1:49:55:3C:98:71:B0:49:13:66:37:2F:BB
            X509v3 Authority Key Identifier:
                keyid:82:E2:2D:A9:BF:0A:74:17:1E:EB:B4:CD:98:FC:25:F3:04:1A:DD:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/guItqb8KdBce67TNmPwl8wQa3S8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/a89b3c-972c-4bee-80f2-5c2919da8df3/1/TZ9nI7PNWsFJVTyYcbBJE2Y3L7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/a89b3c-972c-4bee-80f2-5c2919da8df3/1/guItqb8KdBce67TNmPwl8wQa3S8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.149.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:93:c3:f7:e4:d5:55:71:52:87:c3:09:20:3e:22:90:0c:cf:
         6f:41:9a:8d:ae:3b:b0:e9:5b:6f:5b:1a:45:c7:2c:aa:fb:a0:
         d0:ba:9c:ff:e2:ad:bf:6b:b8:81:70:c4:ae:1d:e3:d7:71:0f:
         96:23:29:e1:2c:7a:48:bc:3d:47:8f:9c:01:31:d4:6b:82:7b:
         ac:0e:a7:dd:2b:80:98:c9:19:46:29:a2:87:9a:ae:11:6b:c1:
         65:56:fe:ee:fc:b1:8d:8e:f9:9c:bd:c0:b3:50:b4:48:f6:88:
         c1:d5:50:81:41:77:2d:b6:dc:38:99:c5:bb:d1:cb:70:b6:5a:
         0f:8c:eb:88:5b:c0:b6:9d:55:c9:6b:56:e8:82:29:93:f5:e3:
         cd:e1:06:94:92:31:00:83:57:58:35:27:69:4f:1a:60:c7:2d:
         da:13:21:05:b2:42:d3:d7:6a:2d:a6:c7:8d:21:2d:a2:68:3c:
         63:8d:7a:7d:8f:c1:3f:b3:5c:70:6f:9f:67:b4:a4:5e:ab:06:
         9e:0f:b9:5b:b9:75:b6:7f:cf:88:3e:a0:9d:48:f3:a5:39:a3:
         29:15:a4:77:da:67:8d:39:4b:a5:60:37:ca:a4:71:5b:28:a5:
         43:d0:e7:08:b5:ff:25:5a:3a:e7:2e:0a:84:7d:03:e8:45:ab:
         cc:9d:67:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFARX77cWO2BbpruuBRiUdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyZTIyZGE5YmYwYTc0MTcxZWViYjRjZDk4ZmMyNWYzMDQx
YWRkMmYwHhcNMjQwMTAxMTIzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDlmNjcyM2IzY2Q1YWMxNDk1NTNjOTg3MWIwNDkxMzY2MzcyZmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn4oro/EJVAQLu8DkBLU+ZM/yK8XU
x92EpEx9tUPuBRp5wAzOLocVQJBpPLtd8BExJt44h4WyfcgZtGTjcaNjZeOPYyjN
R/JC3Mpyfdq5Qj1nE2ZXanIqSAKREtBjaYQtHgtCP1gBHWD72ML5/bqmcm0zigRT
uJ8iBG4pIgOL6Tk47dE4U114/WrU/HJS7cGWU2kN5oVMEFPJijZmEKn65I0jEG5L
hAlqj1wig0aNcL8ny6T4tofvhZA+bjwy5rKQRoc2ELhNihZC/8WIX4Ub2NrntksO
z1ESXltLEKJn4Ccbg1/zlGKaWJUkLjptuUH7p/qYNFvtW/2w5ajKvm67lQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE2fZyOzzVrBSVU8mHGwSRNmNy+7MB8GA1UdIwQY
MBaAFILiLam/CnQXHuu0zZj8JfMEGt0vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3VJdHFiOEtkQmNlNjdUTm1Qd2w4d1FhM1M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC9hODliM2MtOTcyYy00YmVlLTgwZjIt
NWMyOTE5ZGE4ZGYzLzEvVFo5bkk3UE5Xc0ZKVlR5WWNiQkpFMlkzTDdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC9hODliM2MtOTcyYy00YmVlLTgwZjItNWMyOTE5ZGE4ZGYz
LzEvZ3VJdHFiOEtkQmNlNjdUTm1Qd2w4d1FhM1M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw5VfMA0G
CSqGSIb3DQEBCwUAA4IBAQAPk8P35NVVcVKHwwkgPiKQDM9vQZqNrjuw6VtvWxpF
xyyq+6DQupz/4q2/a7iBcMSuHePXcQ+WIynhLHpIvD1Hj5wBMdRrgnusDqfdK4CY
yRlGKaKHmq4Ra8FlVv7u/LGNjvmcvcCzULRI9ojB1VCBQXctttw4mcW70ctwtloP
jOuIW8C2nVXJa1bogimT9ePN4QaUkjEAg1dYNSdpTxpgxy3aEyEFskLT12otpseN
IS2iaDxjjXp9j8E/s1xwb59ntKReqwaeD7lbuXW2f8+IPqCdSPOlOaMpFaR32meN
OUulYDfKpHFbKKVD0OcItf8lWjrnLgqEfQPoRavMnWcr
-----END CERTIFICATE-----