Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/aLpteBs82kK-wsKrVNG5a1Q-ooU.roa
File:                     aLpteBs82kK-wsKrVNG5a1Q-ooU.roa (raw, json)
Hash identifier:          +26D8Q4dQeHKI/IlGb0xRIeJAoG2E5YZ9Bg5ZtB+zIk=
Subject key identifier:   68:BA:6D:78:1B:3C:DA:42:BE:C2:C2:AB:54:D1:B9:6B:54:3E:A2:85
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       018EF50801992AD5B508815001516A312DA5
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/aLpteBs82kK-wsKrVNG5a1Q-ooU.roa
Signing time:             Fri 19 Apr 2024 06:25:26 +0000
ROA not before:           Fri 19 Apr 2024 06:25:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35125
IP address blocks:        95.158.192.0/18 maxlen: 18
                          212.3.128.0/19 maxlen: 19
                          212.3.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f5:08:01:99:2a:d5:b5:08:81:50:01:51:6a:31:2d:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Apr 19 06:25:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68ba6d781b3cda42bec2c2ab54d1b96b543ea285
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:14:6d:63:dd:c1:5f:77:dc:a3:23:82:8d:9a:
                    ce:ca:5e:5b:e9:45:df:49:bb:e6:f7:4c:24:1f:ac:
                    49:01:ed:52:2a:42:6e:8b:89:f3:7b:8c:33:b8:f7:
                    e0:16:c2:b4:16:10:7e:62:94:32:aa:67:97:ff:9f:
                    0b:f6:78:d4:38:20:b5:41:df:88:0e:d9:91:d4:77:
                    df:9b:0c:2a:e4:75:c4:43:78:f2:85:db:6c:1a:24:
                    93:18:b6:ff:fa:5a:7e:e1:e0:c8:1d:a3:82:65:eb:
                    42:f7:fe:1d:7e:bb:71:63:a1:99:9a:8f:51:25:90:
                    70:bd:3c:0d:3e:e4:d7:37:5b:61:36:3d:df:de:00:
                    e2:ca:33:ab:86:4e:60:95:f4:27:f1:c4:44:81:e4:
                    94:1f:4f:97:7f:cd:e7:84:6b:97:04:de:4f:85:70:
                    6e:b8:74:e9:d7:cc:eb:ec:3a:e8:12:2d:3f:a6:0b:
                    86:7e:80:f2:a8:9e:b4:4e:e5:d4:81:cc:b9:08:80:
                    04:a1:87:49:8e:60:e2:9e:0a:03:3c:cb:55:0f:9b:
                    bd:cc:80:55:1f:68:90:8f:65:ea:d7:ee:e3:6e:d8:
                    b1:11:20:01:e5:ec:e3:03:f6:23:71:5c:c1:2f:0d:
                    ce:49:f3:56:fa:7d:be:56:20:56:54:68:ab:69:50:
                    be:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:BA:6D:78:1B:3C:DA:42:BE:C2:C2:AB:54:D1:B9:6B:54:3E:A2:85
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/aLpteBs82kK-wsKrVNG5a1Q-ooU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.158.192.0/18
                  212.3.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         8d:8d:cb:14:47:23:34:7d:38:43:c6:61:12:f7:98:54:d0:0f:
         b9:d8:8e:78:74:cf:2f:8e:de:1a:20:25:ff:3a:1a:3b:2e:e2:
         2b:a3:72:13:86:f7:66:0a:2e:a2:57:42:67:0c:cb:c8:6f:ad:
         fd:07:48:e1:12:d3:58:6a:ab:bc:40:b8:6b:f9:e6:41:fe:85:
         f0:5c:4f:bf:38:e4:b9:70:bf:69:47:83:54:0d:90:d4:c4:6e:
         7b:f8:c7:3d:e3:c9:eb:a5:02:41:cd:b2:ca:e0:69:7a:ef:31:
         af:8d:7b:27:c9:c8:80:58:64:46:e9:5e:50:6b:07:14:83:65:
         ba:b5:d5:a9:ab:f6:e0:88:0c:43:2e:09:43:b5:df:b6:0c:61:
         54:fc:02:3f:e7:02:dc:27:c0:70:f7:c2:56:2e:44:95:42:d4:
         15:b4:77:d3:3b:e6:6a:8d:a7:9f:65:3b:8b:46:29:c5:9b:1b:
         f4:dc:a2:3b:30:fe:06:1e:68:1c:aa:e3:ae:fd:34:e9:66:f6:
         ce:8b:4b:4c:19:c4:57:8e:62:67:a5:af:b5:4e:2e:7a:3d:09:
         f3:b5:f4:e7:87:46:e8:07:e3:26:df:ca:fe:fa:cf:1b:6d:ff:
         c4:35:07:e4:cd:11:c1:33:bb:d4:0d:d3:28:85:0e:aa:b7:df:
         f0:85:b0:48
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY71CAGZKtW1CIFQAVFqMS2lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQwNDE5MDYyNTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGJhNmQ3ODFiM2NkYTQyYmVjMmMyYWI1NGQxYjk2YjU0M2VhMjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBRtY93BX3fcoyOCjZrOyl5b6UXf
Sbvm90wkH6xJAe1SKkJui4nze4wzuPfgFsK0FhB+YpQyqmeX/58L9njUOCC1Qd+I
DtmR1Hffmwwq5HXEQ3jyhdtsGiSTGLb/+lp+4eDIHaOCZetC9/4dfrtxY6GZmo9R
JZBwvTwNPuTXN1thNj3f3gDiyjOrhk5glfQn8cREgeSUH0+Xf83nhGuXBN5PhXBu
uHTp18zr7DroEi0/pguGfoDyqJ60TuXUgcy5CIAEoYdJjmDingoDPMtVD5u9zIBV
H2iQj2Xq1+7jbtixESAB5ezjA/YjcVzBLw3OSfNW+n2+ViBWVGiraVC+hwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGi6bXgbPNpCvsLCq1TRuWtUPqKFMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvYUxwdGVCczgya0std3NLclZORzVhMVEtb29VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQGX57AAwQF
1AOAMA0GCSqGSIb3DQEBCwUAA4IBAQCNjcsURyM0fThDxmES95hU0A+52I54dM8v
jt4aICX/Oho7LuIro3IThvdmCi6iV0JnDMvIb639B0jhEtNYaqu8QLhr+eZB/oXw
XE+/OOS5cL9pR4NUDZDUxG57+Mc948nrpQJBzbLK4Gl67zGvjXsnyciAWGRG6V5Q
awcUg2W6tdWpq/bgiAxDLglDtd+2DGFU/AI/5wLcJ8Bw98JWLkSVQtQVtHfTO+Zq
jaefZTuLRinFmxv03KI7MP4GHmgcquOu/TTpZvbOi0tMGcRXjmJnpa+1Ti56PQnz
tfTnh0boB+Mm38r++s8bbf/ENQfkzRHBM7vUDdMohQ6qt9/whbBI
-----END CERTIFICATE-----