Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/ndUCogck7XEZaKLa4nwekrv257E.roa
File:                     ndUCogck7XEZaKLa4nwekrv257E.roa (raw, json)
Hash identifier:          VIHU2bkuRvy7/tekqI3O64+XkxxIweCvEbUe16etUjg=
Subject key identifier:   9D:D5:02:A2:07:24:ED:71:19:68:A2:DA:E2:7C:1E:92:BB:F6:E7:B1
Certificate issuer:       /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial:       018D401CE3DCD66F21A9A25A5B5B73256247
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/ndUCogck7XEZaKLa4nwekrv257E.roa
Signing time:             Thu 25 Jan 2024 10:14:11 +0000
ROA not before:           Thu 25 Jan 2024 10:14:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21700
IP address blocks:        194.195.16.0/20 maxlen: 24
                          194.195.48.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 05:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:40:1c:e3:dc:d6:6f:21:a9:a2:5a:5b:5b:73:25:62:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
        Validity
            Not Before: Jan 25 10:14:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9dd502a20724ed711968a2dae27c1e92bbf6e7b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:47:f2:7b:eb:99:19:c1:9e:52:5d:9c:49:f7:
                    66:d1:60:09:c6:7a:a6:d6:f7:48:65:d3:68:07:81:
                    82:16:c4:ff:1c:13:73:58:2e:dd:b9:79:ac:24:c9:
                    df:8d:09:9d:d7:db:01:dc:33:ed:8b:84:e9:a9:d3:
                    0c:fc:28:11:da:25:24:56:a6:d1:80:7b:4c:ed:7a:
                    68:04:25:04:41:a9:66:14:b8:ac:6d:f9:0f:99:13:
                    e6:69:a9:f9:7c:d1:da:98:e3:57:32:d2:09:cf:3f:
                    7c:c0:bd:7a:9d:c6:0c:24:7d:d1:53:dc:98:50:6e:
                    88:b4:ad:7e:e3:f7:7a:e3:27:29:bd:3b:0c:f7:52:
                    71:ed:75:19:71:60:2f:97:60:36:50:cb:dd:28:b5:
                    60:9a:7b:9b:af:3a:15:22:4c:c6:fb:00:77:dc:b0:
                    81:49:71:2d:ab:ce:c4:0f:81:93:06:c4:4e:9b:e7:
                    4d:4e:e6:d5:0b:bc:e3:a9:f4:b2:9d:98:7a:9b:88:
                    2e:98:88:5a:b8:b8:78:9c:28:a8:57:5c:3d:80:4c:
                    36:e6:37:0e:ac:ce:b8:21:ba:f5:a8:3f:74:9c:e9:
                    0a:39:5a:9e:e1:0f:ac:26:58:f8:34:a7:0d:d3:60:
                    64:af:82:45:b9:5e:8e:a2:09:e9:b1:20:1c:09:69:
                    4b:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:D5:02:A2:07:24:ED:71:19:68:A2:DA:E2:7C:1E:92:BB:F6:E7:B1
            X509v3 Authority Key Identifier:
                keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/ndUCogck7XEZaKLa4nwekrv257E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.195.16.0/20
                  194.195.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         0c:2b:97:e5:5a:c8:07:dc:b0:ac:84:6d:2d:71:f6:aa:fb:bc:
         d0:40:70:f6:3e:86:1e:4f:25:04:a8:1a:70:34:2c:03:4b:e0:
         32:95:e6:c2:a8:66:2c:0c:61:02:5a:31:f2:75:63:05:f7:7f:
         f0:b0:fb:d3:98:ce:53:bf:92:8a:3e:e3:57:e1:bf:bd:87:1c:
         8c:d9:aa:bd:24:6d:80:ad:ce:13:83:fe:13:97:51:ce:b4:ab:
         80:3f:03:fd:a4:93:5c:a9:63:b4:90:56:99:bc:a8:9f:0f:f6:
         83:ad:d8:9e:f1:05:5e:3f:08:cc:ab:09:2a:26:47:43:97:4e:
         ac:79:40:ab:fe:a9:db:ca:68:46:d7:64:d9:05:8e:13:01:73:
         14:71:1d:2a:1f:79:b1:96:26:66:92:1e:84:7d:87:e8:0f:e6:
         3c:81:02:b6:60:4a:8b:df:8d:51:00:1a:6e:8c:be:37:06:ac:
         83:00:a8:69:30:d5:45:71:58:12:fc:9f:a5:26:3b:00:82:00:
         af:7b:49:8c:e2:20:fa:62:9b:42:8e:3b:58:ce:d4:6d:d2:2b:
         c7:1b:7b:a9:a0:6f:82:98:a2:52:9e:5d:aa:8b:9c:88:3b:1d:
         ad:f5:f9:60:b7:03:7e:f5:37:4b:16:dd:cd:5c:6c:b2:21:cb:
         fe:f1:e4:a1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY1AHOPc1m8hqaJaW1tzJWJHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NDcwMTc1NjRjNzExYmNiZDU3NjgwYTBkZmQwMGYyYTVk
MDk5ZGIwHhcNMjQwMTI1MTAxNDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGQ1MDJhMjA3MjRlZDcxMTk2OGEyZGFlMjdjMWU5MmJiZjZlN2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEfye+uZGcGeUl2cSfdm0WAJxnqm
1vdIZdNoB4GCFsT/HBNzWC7duXmsJMnfjQmd19sB3DPti4TpqdMM/CgR2iUkVqbR
gHtM7XpoBCUEQalmFLisbfkPmRPmaan5fNHamONXMtIJzz98wL16ncYMJH3RU9yY
UG6ItK1+4/d64ycpvTsM91Jx7XUZcWAvl2A2UMvdKLVgmnubrzoVIkzG+wB33LCB
SXEtq87ED4GTBsROm+dNTubVC7zjqfSynZh6m4gumIhauLh4nCioV1w9gEw25jcO
rM64Ibr1qD90nOkKOVqe4Q+sJlj4NKcN02Bkr4JFuV6OognpsSAcCWlL9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ3VAqIHJO1xGWii2uJ8HpK79uexMB8GA1UdIwQY
MBaAFNdHAXVkxxG8vVdoCg39APKl0JnbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjIt
NGYwZThjZTExYTdkLzEvbmRVQ29nY2s3WEVaYUtMYTRud2VrcnYyNTdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjItNGYwZThjZTExYTdk
LzEvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEwsMQAwQE
wsMwMA0GCSqGSIb3DQEBCwUAA4IBAQAMK5flWsgH3LCshG0tcfaq+7zQQHD2PoYe
TyUEqBpwNCwDS+AylebCqGYsDGECWjHydWMF93/wsPvTmM5Tv5KKPuNX4b+9hxyM
2aq9JG2Arc4Tg/4Tl1HOtKuAPwP9pJNcqWO0kFaZvKifD/aDrdie8QVePwjMqwkq
JkdDl06seUCr/qnbymhG12TZBY4TAXMUcR0qH3mxliZmkh6EfYfoD+Y8gQK2YEqL
341RABpujL43BqyDAKhpMNVFcVgS/J+lJjsAggCve0mM4iD6YptCjjtYztRt0ivH
G3upoG+CmKJSnl2qi5yIOx2t9flgtwN+9TdLFt3NXGyyIcv+8eSh
-----END CERTIFICATE-----