Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/d42abb-3342-4887-af40-9cd68f221e21/1/meioddi_bz00iSxxVWYXRsgnbVs.roa
File:                     meioddi_bz00iSxxVWYXRsgnbVs.roa (raw, json)
Hash identifier:          Z4IPODByqoTYZB4JJc6M2c/VrA17/2toE9Ct9n22EjE=
Subject key identifier:   99:E8:A8:75:D8:BF:6F:3D:34:89:2C:71:55:66:17:46:C8:27:6D:5B
Certificate issuer:       /CN=099a1f2dbf7b7a84ae57b8d67426b7e4e420fab5
Certificate serial:       018CC3489098E86A609E355BC5E8A0120552
Authority key identifier: 09:9A:1F:2D:BF:7B:7A:84:AE:57:B8:D6:74:26:B7:E4:E4:20:FA:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CZofLb97eoSuV7jWdCa35OQg-rU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/d42abb-3342-4887-af40-9cd68f221e21/1/meioddi_bz00iSxxVWYXRsgnbVs.roa
Signing time:             Mon 01 Jan 2024 04:29:21 +0000
ROA not before:           Mon 01 Jan 2024 04:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25697
IP address blocks:        95.111.212.0/22 maxlen: 22
                          194.113.72.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/d42abb-3342-4887-af40-9cd68f221e21/1/CZofLb97eoSuV7jWdCa35OQg-rU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/d42abb-3342-4887-af40-9cd68f221e21/1/CZofLb97eoSuV7jWdCa35OQg-rU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CZofLb97eoSuV7jWdCa35OQg-rU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 19:51:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:90:98:e8:6a:60:9e:35:5b:c5:e8:a0:12:05:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=099a1f2dbf7b7a84ae57b8d67426b7e4e420fab5
        Validity
            Not Before: Jan  1 04:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99e8a875d8bf6f3d34892c7155661746c8276d5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:5e:36:d4:96:14:64:b2:d9:54:51:00:94:41:
                    d0:db:f6:e3:6f:04:3e:13:76:7e:92:0f:e6:53:8a:
                    63:3c:26:44:22:8f:c5:db:66:42:df:21:11:ac:5a:
                    8e:fc:7e:8e:0a:91:4a:ac:62:04:63:e3:c1:c4:ef:
                    5d:9e:50:39:cc:05:98:1f:7a:e9:03:a4:a4:b3:01:
                    98:a6:11:44:3e:c5:b8:fe:06:8a:f7:a0:c5:a5:b6:
                    f0:8d:cc:d1:0a:03:90:62:48:5e:c1:a3:a3:98:b6:
                    8d:ae:da:1a:4f:d7:ca:65:6b:97:37:dc:3f:07:49:
                    bb:f4:e0:57:ef:fb:42:14:f7:3b:ba:40:14:79:ad:
                    bf:a3:57:ad:0c:e6:b1:cf:99:8e:c2:98:38:12:0e:
                    05:b1:26:dc:a8:f8:eb:17:f2:ea:3c:a4:3a:ae:13:
                    3c:ff:df:f5:1e:5b:8a:bd:e1:53:8e:87:e5:0b:94:
                    b3:ca:f7:77:da:78:1d:b4:a4:03:13:45:f8:3a:94:
                    89:fc:b8:76:5d:fc:b2:66:2f:3e:ca:7f:d6:08:4e:
                    9c:2b:b2:75:47:77:67:ae:4e:7b:e4:55:38:cf:87:
                    33:d1:26:dd:08:67:e6:e3:10:c9:47:e4:d8:f3:cd:
                    11:1e:8f:06:b5:2e:64:aa:83:73:a7:d2:5a:2b:83:
                    59:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:E8:A8:75:D8:BF:6F:3D:34:89:2C:71:55:66:17:46:C8:27:6D:5B
            X509v3 Authority Key Identifier:
                keyid:09:9A:1F:2D:BF:7B:7A:84:AE:57:B8:D6:74:26:B7:E4:E4:20:FA:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CZofLb97eoSuV7jWdCa35OQg-rU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/d42abb-3342-4887-af40-9cd68f221e21/1/meioddi_bz00iSxxVWYXRsgnbVs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/d42abb-3342-4887-af40-9cd68f221e21/1/CZofLb97eoSuV7jWdCa35OQg-rU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.111.212.0/22
                  194.113.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         17:99:a0:c8:b8:b8:8c:87:2d:94:b5:98:b6:43:0a:61:0b:e6:
         5c:29:c1:16:a3:07:72:9e:d2:da:d3:b7:aa:dc:5a:8e:7d:da:
         92:2f:9c:cb:0b:db:c8:3f:1b:d0:68:45:b4:ff:31:6c:4a:6e:
         f8:cb:df:7b:c4:c7:6f:ca:b8:35:76:0f:b4:61:dc:33:c8:ec:
         41:d1:be:9a:62:0d:2c:01:5b:88:53:1d:0c:a7:6d:2c:08:be:
         c5:96:cf:90:b2:e9:0f:c7:09:3e:e2:aa:3d:06:f0:85:dc:a4:
         d2:37:f1:71:f9:c6:14:de:20:0e:1f:b3:ab:98:f4:08:34:6f:
         40:0e:8e:0f:c2:70:45:51:b5:7d:51:8b:30:4c:f4:cd:1c:4a:
         61:4a:9d:b8:d8:99:6d:5a:d3:70:9f:b8:aa:d0:1c:04:01:6a:
         58:2e:d5:d3:b5:18:fa:85:ee:69:d8:5a:13:12:55:5b:33:38:
         e2:7c:54:03:91:de:c2:41:eb:cf:8b:97:3f:f7:fd:e6:e9:5d:
         65:cf:b4:d5:9c:71:09:5a:d8:ca:3f:9c:ab:da:aa:cf:65:38:
         ae:c0:42:87:50:ed:48:e6:31:d9:50:c7:bd:e0:2c:80:f5:0d:
         e6:b6:d1:87:2e:c6:90:a9:1c:14:b6:d9:d5:c5:80:99:b9:80:
         a5:9c:d3:b0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSJCY6GpgnjVbxeigEgVSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5OWExZjJkYmY3YjdhODRhZTU3YjhkNjc0MjZiN2U0ZTQy
MGZhYjUwHhcNMjQwMTAxMDQyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWU4YTg3NWQ4YmY2ZjNkMzQ4OTJjNzE1NTY2MTc0NmM4Mjc2ZDViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiF421JYUZLLZVFEAlEHQ2/bjbwQ+
E3Z+kg/mU4pjPCZEIo/F22ZC3yERrFqO/H6OCpFKrGIEY+PBxO9dnlA5zAWYH3rp
A6SkswGYphFEPsW4/gaK96DFpbbwjczRCgOQYkhewaOjmLaNrtoaT9fKZWuXN9w/
B0m79OBX7/tCFPc7ukAUea2/o1etDOaxz5mOwpg4Eg4FsSbcqPjrF/LqPKQ6rhM8
/9/1HluKveFTjoflC5Szyvd32ngdtKQDE0X4OpSJ/Lh2XfyyZi8+yn/WCE6cK7J1
R3dnrk575FU4z4cz0SbdCGfm4xDJR+TY880RHo8GtS5kqoNzp9JaK4NZNQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJnoqHXYv289NIkscVVmF0bIJ21bMB8GA1UdIwQY
MBaAFAmaHy2/e3qErle41nQmt+TkIPq1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1pvZkxiOTdlb1N1VjdqV2RDYTM1T1FnLXJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9kNDJhYmItMzM0Mi00ODg3LWFmNDAt
OWNkNjhmMjIxZTIxLzEvbWVpb2RkaV9iejAwaVN4eFZXWVhSc2duYlZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9kNDJhYmItMzM0Mi00ODg3LWFmNDAtOWNkNjhmMjIxZTIx
LzEvQ1pvZkxiOTdlb1N1VjdqV2RDYTM1T1FnLXJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCX2/UAwQC
wnFIMA0GCSqGSIb3DQEBCwUAA4IBAQAXmaDIuLiMhy2UtZi2QwphC+ZcKcEWowdy
ntLa07eq3FqOfdqSL5zLC9vIPxvQaEW0/zFsSm74y997xMdvyrg1dg+0YdwzyOxB
0b6aYg0sAVuIUx0Mp20sCL7Fls+QsukPxwk+4qo9BvCF3KTSN/Fx+cYU3iAOH7Or
mPQING9ADo4PwnBFUbV9UYswTPTNHEphSp242JltWtNwn7iq0BwEAWpYLtXTtRj6
he5p2FoTElVbMzjifFQDkd7CQevPi5c/9/3m6V1lz7TVnHEJWtjKP5yr2qrPZTiu
wEKHUO1I5jHZUMe94CyA9Q3mttGHLsaQqRwUttnVxYCZuYClnNOw
-----END CERTIFICATE-----