Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/My3pNWkv9Z001KnKtrgMKqqEhNI.roa
File:                     My3pNWkv9Z001KnKtrgMKqqEhNI.roa (raw, json)
Hash identifier:          ol9oVnnvIz+BxxU9KBWsvYx0kvz2Z90UpUWHBxij/3U=
Subject key identifier:   33:2D:E9:35:69:2F:F5:9D:34:D4:A9:CA:B6:B8:0C:2A:AA:84:84:D2
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348DFE06E729B21EFD8FA484FCDAC81
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/My3pNWkv9Z001KnKtrgMKqqEhNI.roa
Signing time:             Mon 01 Jan 2024 04:29:42 +0000
ROA not before:           Mon 01 Jan 2024 04:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201870
IP address blocks:        195.65.24.0/24 maxlen: 24
                          195.65.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:df:e0:6e:72:9b:21:ef:d8:fa:48:4f:cd:ac:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=332de935692ff59d34d4a9cab6b80c2aaa8484d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:80:a8:8d:90:95:0c:86:4c:1d:67:8b:9f:40:
                    27:2f:00:b0:8e:5f:43:f6:bd:6a:da:a8:d4:27:77:
                    19:10:3b:e8:d8:9b:76:1f:0e:44:1e:60:dc:16:04:
                    98:c9:ff:d2:21:81:3d:72:ac:af:c6:b0:b4:c0:6f:
                    7a:fb:1e:0d:4c:0f:cb:10:96:5d:a0:11:2a:ca:c4:
                    bb:95:3d:6b:4c:87:65:42:b7:6c:70:64:64:79:66:
                    7f:8a:ef:1f:55:c6:61:45:69:80:2d:c4:88:10:40:
                    bf:2f:17:ad:df:8c:52:e7:10:be:75:61:48:4d:2d:
                    f4:b1:c0:63:a9:e4:bc:62:f2:70:91:0a:09:2f:be:
                    07:3c:4a:fd:43:ac:8a:79:76:bc:a7:03:30:b4:86:
                    72:28:8c:6b:e4:89:f1:fd:2e:61:02:5c:4b:79:79:
                    58:ed:a0:13:30:89:f0:7e:1c:43:56:ab:75:9a:37:
                    95:20:26:48:22:c9:d0:6b:51:09:48:d0:b0:1f:a2:
                    e4:b7:3d:f6:f6:94:60:c0:f2:07:e9:83:5a:58:f5:
                    1c:bf:d6:b5:31:cc:6c:3d:86:e9:fd:cb:7d:58:58:
                    be:51:82:dd:14:fd:9b:af:9b:4c:51:61:fa:2b:40:
                    d0:0f:65:15:c4:01:96:84:23:fd:b5:23:3a:de:13:
                    c5:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:2D:E9:35:69:2F:F5:9D:34:D4:A9:CA:B6:B8:0C:2A:AA:84:84:D2
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/My3pNWkv9Z001KnKtrgMKqqEhNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.65.24.0/24
                  195.65.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:a1:57:3d:8b:62:b9:3a:a0:d5:77:83:10:a1:e3:b7:c4:b3:
         39:67:e7:88:4b:cd:58:26:2d:aa:3a:58:88:e6:e2:9b:59:b5:
         b1:4a:d6:62:da:0c:c3:79:9c:d1:ac:b2:81:f9:80:40:00:f9:
         cb:93:f2:be:46:19:eb:c1:68:b6:a5:e1:cb:b9:b5:b6:3e:45:
         de:ee:96:1c:08:85:77:37:f0:94:7e:8c:04:bf:d2:a5:47:3b:
         f1:de:38:2d:bd:5f:2e:a8:11:68:ed:96:e7:8f:54:61:b3:73:
         8f:6e:eb:c0:46:af:34:f9:5e:32:1f:c1:7b:eb:f5:56:37:40:
         18:6e:b2:6f:26:6d:64:27:5c:8a:a0:ea:62:b9:b2:cc:e0:f9:
         8f:f3:da:c0:74:fb:df:01:48:91:68:fd:bf:99:77:cb:1c:11:
         05:77:fc:69:d7:ff:34:97:21:ae:46:1f:1b:ab:af:75:e0:71:
         d0:d5:0c:c9:4e:4f:0b:02:22:e5:f8:d6:c7:67:7a:5f:f5:9f:
         d7:9d:6d:71:e6:8f:4e:e2:a5:01:3c:89:e5:c4:f8:39:df:be:
         15:49:4d:43:01:22:ef:bc:9f:65:30:9a:cd:22:77:99:05:34:
         c1:57:9b:d9:50:c4:a1:b7:23:3b:9b:f5:be:2c:4f:d4:bd:7f:
         be:cf:51:ac
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSN/gbnKbIe/Y+khPzayBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzJkZTkzNTY5MmZmNTlkMzRkNGE5Y2FiNmI4MGMyYWFhODQ4NGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk4CojZCVDIZMHWeLn0AnLwCwjl9D
9r1q2qjUJ3cZEDvo2Jt2Hw5EHmDcFgSYyf/SIYE9cqyvxrC0wG96+x4NTA/LEJZd
oBEqysS7lT1rTIdlQrdscGRkeWZ/iu8fVcZhRWmALcSIEEC/Lxet34xS5xC+dWFI
TS30scBjqeS8YvJwkQoJL74HPEr9Q6yKeXa8pwMwtIZyKIxr5Inx/S5hAlxLeXlY
7aATMInwfhxDVqt1mjeVICZIIsnQa1EJSNCwH6Lktz329pRgwPIH6YNaWPUcv9a1
McxsPYbp/ct9WFi+UYLdFP2br5tMUWH6K0DQD2UVxAGWhCP9tSM63hPF9wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDMt6TVpL/WdNNSpyra4DCqqhITSMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvTXkzcE5Xa3Y5WjAwMUtuS3RyZ01LcXFFaE5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw0EYAwQA
w0EhMA0GCSqGSIb3DQEBCwUAA4IBAQB6oVc9i2K5OqDVd4MQoeO3xLM5Z+eIS81Y
Ji2qOliI5uKbWbWxStZi2gzDeZzRrLKB+YBAAPnLk/K+RhnrwWi2peHLubW2PkXe
7pYcCIV3N/CUfowEv9KlRzvx3jgtvV8uqBFo7Zbnj1Rhs3OPbuvARq80+V4yH8F7
6/VWN0AYbrJvJm1kJ1yKoOpiubLM4PmP89rAdPvfAUiRaP2/mXfLHBEFd/xp1/80
lyGuRh8bq6914HHQ1QzJTk8LAiLl+NbHZ3pf9Z/XnW1x5o9O4qUBPInlxPg5374V
SU1DASLvvJ9lMJrNIneZBTTBV5vZUMShtyM7m/W+LE/UvX++z1Gs
-----END CERTIFICATE-----