Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/ee9c81-6d67-4e33-bd1f-1348ec97b902/1/h5FQOS5ERlEirzhpib9nvJDaoIM.roa
File:                     h5FQOS5ERlEirzhpib9nvJDaoIM.roa (raw, json)
Hash identifier:          XdWJx/KbXDwDnj5v/YPQ9AGVduc2tUZsyG9lb02T5Tc=
Subject key identifier:   87:91:50:39:2E:44:46:51:22:AF:38:69:89:BF:67:BC:90:DA:A0:83
Certificate issuer:       /CN=f174a1a42d40a7fb82a6c08ce97651cb66abf370
Certificate serial:       018CC79347F3628575AC243C02DD8EC61CE1
Authority key identifier: F1:74:A1:A4:2D:40:A7:FB:82:A6:C0:8C:E9:76:51:CB:66:AB:F3:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8XShpC1Ap_uCpsCM6XZRy2ar83A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/ee9c81-6d67-4e33-bd1f-1348ec97b902/1/h5FQOS5ERlEirzhpib9nvJDaoIM.roa
Signing time:             Tue 02 Jan 2024 00:29:27 +0000
ROA not before:           Tue 02 Jan 2024 00:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197320
IP address blocks:        195.20.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/ee9c81-6d67-4e33-bd1f-1348ec97b902/1/8XShpC1Ap_uCpsCM6XZRy2ar83A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/ee9c81-6d67-4e33-bd1f-1348ec97b902/1/8XShpC1Ap_uCpsCM6XZRy2ar83A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8XShpC1Ap_uCpsCM6XZRy2ar83A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 14:49:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:47:f3:62:85:75:ac:24:3c:02:dd:8e:c6:1c:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f174a1a42d40a7fb82a6c08ce97651cb66abf370
        Validity
            Not Before: Jan  2 00:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=879150392e44465122af386989bf67bc90daa083
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c8:f0:39:3e:97:61:d8:07:de:1e:a4:d4:ef:
                    50:7b:e4:05:01:63:cc:1b:2c:e6:75:c1:d6:46:6e:
                    29:17:48:60:01:e6:4d:27:f2:7b:77:60:07:af:32:
                    b3:fb:d2:ca:5d:c2:05:3f:21:5b:00:3f:66:b1:ae:
                    24:f5:18:88:37:58:2a:d0:40:f2:fb:e7:40:c6:16:
                    fd:76:a5:26:a9:55:4a:db:94:0e:7c:bc:bb:dc:46:
                    ef:e4:87:4f:76:a6:ab:b4:25:80:a3:17:49:3f:5a:
                    23:b4:07:1d:66:54:97:da:64:e9:4c:fb:a8:5d:c1:
                    f4:c4:e4:ad:bb:73:05:48:e7:74:b5:ef:9e:c3:c5:
                    98:d5:8f:52:06:52:57:17:33:1e:47:a6:24:05:fc:
                    83:cf:d6:5f:05:1a:bc:18:ed:6e:17:21:a9:0e:19:
                    0c:c7:bb:0e:eb:95:9a:7c:b7:da:28:e7:eb:77:66:
                    dc:fd:91:46:e6:08:24:9a:dc:2d:4f:89:b9:c6:bd:
                    6b:09:84:ce:07:84:93:ec:75:8c:ed:07:17:c4:69:
                    9b:2f:43:7b:15:35:2a:e9:f3:d6:8b:ae:b3:08:8e:
                    88:31:9a:9c:17:66:28:2e:a1:7a:53:c0:13:17:23:
                    d0:7e:ec:d9:a3:9e:ff:00:21:a3:62:18:ea:8c:4f:
                    60:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:91:50:39:2E:44:46:51:22:AF:38:69:89:BF:67:BC:90:DA:A0:83
            X509v3 Authority Key Identifier:
                keyid:F1:74:A1:A4:2D:40:A7:FB:82:A6:C0:8C:E9:76:51:CB:66:AB:F3:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8XShpC1Ap_uCpsCM6XZRy2ar83A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/ee9c81-6d67-4e33-bd1f-1348ec97b902/1/h5FQOS5ERlEirzhpib9nvJDaoIM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/ee9c81-6d67-4e33-bd1f-1348ec97b902/1/8XShpC1Ap_uCpsCM6XZRy2ar83A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.20.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:4e:1e:14:af:42:48:8c:1d:ff:2d:ec:82:80:39:14:3c:72:
         ed:5d:2d:52:48:a0:96:93:57:54:c5:b3:fb:ab:1c:85:fe:4c:
         f6:ec:e3:db:c1:2a:91:41:65:0e:b2:e0:95:d1:94:d1:fd:f3:
         0e:7a:93:cc:47:db:21:f5:ed:88:7a:0b:b4:b2:52:61:65:eb:
         76:77:3f:80:d0:f9:f0:82:a4:19:00:4c:c0:8f:e0:57:c6:45:
         c5:fe:b3:5e:2f:73:c8:d0:80:bb:7c:45:a1:7a:62:c2:fd:56:
         fe:4b:45:ed:bd:00:0c:c2:63:87:27:10:fa:64:a2:13:31:44:
         6a:9d:81:25:48:cf:a2:f3:94:e9:12:96:fb:6d:a4:b2:27:f6:
         c7:62:81:b5:00:1e:ce:d1:06:e9:85:e2:ef:45:18:62:8e:4c:
         d8:27:fa:72:fb:4a:6e:86:4c:5d:e0:cb:49:6d:8e:dd:0e:f5:
         55:44:b9:b8:d1:d3:2c:35:bb:e0:2f:81:c1:28:13:3f:c5:88:
         2a:13:4b:ad:9b:07:95:c8:5e:49:17:d4:95:db:9a:64:23:47:
         a3:f1:bf:2f:ab:7a:6f:e6:6a:26:f4:4b:3b:63:a7:f1:31:26:
         ea:84:be:59:1b:7a:d9:1f:df:a3:5f:5d:62:c7:86:de:02:10:
         f2:97:3e:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk0fzYoV1rCQ8At2OxhzhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxNzRhMWE0MmQ0MGE3ZmI4MmE2YzA4Y2U5NzY1MWNiNjZh
YmYzNzAwHhcNMjQwMTAyMDAyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzkxNTAzOTJlNDQ0NjUxMjJhZjM4Njk4OWJmNjdiYzkwZGFhMDgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqcjwOT6XYdgH3h6k1O9Qe+QFAWPM
GyzmdcHWRm4pF0hgAeZNJ/J7d2AHrzKz+9LKXcIFPyFbAD9msa4k9RiIN1gq0EDy
++dAxhb9dqUmqVVK25QOfLy73Ebv5IdPdqartCWAoxdJP1ojtAcdZlSX2mTpTPuo
XcH0xOStu3MFSOd0te+ew8WY1Y9SBlJXFzMeR6YkBfyDz9ZfBRq8GO1uFyGpDhkM
x7sO65WafLfaKOfrd2bc/ZFG5ggkmtwtT4m5xr1rCYTOB4ST7HWM7QcXxGmbL0N7
FTUq6fPWi66zCI6IMZqcF2YoLqF6U8ATFyPQfuzZo57/ACGjYhjqjE9g7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIeRUDkuREZRIq84aYm/Z7yQ2qCDMB8GA1UdIwQY
MBaAFPF0oaQtQKf7gqbAjOl2Uctmq/NwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFhTaHBDMUFwX3VDcHNDTTZYWlJ5MmFyODNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9lZTljODEtNmQ2Ny00ZTMzLWJkMWYt
MTM0OGVjOTdiOTAyLzEvaDVGUU9TNUVSbEVpcnpocGliOW52SkRhb0lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9lZTljODEtNmQ2Ny00ZTMzLWJkMWYtMTM0OGVjOTdiOTAy
LzEvOFhTaHBDMUFwX3VDcHNDTTZYWlJ5MmFyODNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxSbMA0G
CSqGSIb3DQEBCwUAA4IBAQCsTh4Ur0JIjB3/LeyCgDkUPHLtXS1SSKCWk1dUxbP7
qxyF/kz27OPbwSqRQWUOsuCV0ZTR/fMOepPMR9sh9e2Iegu0slJhZet2dz+A0Pnw
gqQZAEzAj+BXxkXF/rNeL3PI0IC7fEWhemLC/Vb+S0XtvQAMwmOHJxD6ZKITMURq
nYElSM+i85TpEpb7baSyJ/bHYoG1AB7O0QbpheLvRRhijkzYJ/py+0puhkxd4MtJ
bY7dDvVVRLm40dMsNbvgL4HBKBM/xYgqE0utmweVyF5JF9SV25pkI0ej8b8vq3pv
5mom9Es7Y6fxMSbqhL5ZG3rZH9+jX11ix4beAhDylz5C
-----END CERTIFICATE-----