Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/a13c40-dc67-423c-979e-2fad9a2fc3ef/1/saxx4tewHEu8C9BClxocYtAv8rU.roa
File:                     saxx4tewHEu8C9BClxocYtAv8rU.roa (raw, json)
Hash identifier:          eWKZw5XQDdsrl4yVs9Nm/oS7mWWwhkqKfXruPmhzKMo=
Subject key identifier:   B1:AC:71:E2:D7:B0:1C:4B:BC:0B:D0:42:97:1A:1C:62:D0:2F:F2:B5
Certificate issuer:       /CN=6b7d1f1e877c12798274e01334554f899f38eac1
Certificate serial:       018CC86F0E0D4CAD02FB47DF7B0102EEAB83
Authority key identifier: 6B:7D:1F:1E:87:7C:12:79:82:74:E0:13:34:55:4F:89:9F:38:EA:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a30fHod8EnmCdOATNFVPiZ846sE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/a13c40-dc67-423c-979e-2fad9a2fc3ef/1/saxx4tewHEu8C9BClxocYtAv8rU.roa
Signing time:             Tue 02 Jan 2024 04:29:30 +0000
ROA not before:           Tue 02 Jan 2024 04:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3257
IP address blocks:        195.160.192.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/a13c40-dc67-423c-979e-2fad9a2fc3ef/1/a30fHod8EnmCdOATNFVPiZ846sE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/a13c40-dc67-423c-979e-2fad9a2fc3ef/1/a30fHod8EnmCdOATNFVPiZ846sE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a30fHod8EnmCdOATNFVPiZ846sE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:0e:0d:4c:ad:02:fb:47:df:7b:01:02:ee:ab:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b7d1f1e877c12798274e01334554f899f38eac1
        Validity
            Not Before: Jan  2 04:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1ac71e2d7b01c4bbc0bd042971a1c62d02ff2b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:bb:04:17:0e:24:ed:c0:37:1d:8e:5b:ad:f0:
                    90:ab:00:fe:bb:a7:ca:93:93:43:cb:c6:81:38:c3:
                    2a:76:a1:0e:8f:8d:a2:0e:33:65:0f:19:ee:26:81:
                    07:36:20:d4:d8:42:44:da:ae:6e:f5:f9:1c:ab:df:
                    f0:c8:c1:0a:89:cb:f4:a2:27:7c:12:e2:be:36:d7:
                    7d:11:a4:61:87:4c:d0:7a:02:01:45:00:09:84:d4:
                    d9:e7:ea:89:90:0f:85:5b:75:f0:ca:b0:b0:34:cf:
                    f0:7e:74:9c:a7:0b:76:cd:c1:7c:36:c7:20:06:df:
                    22:72:42:3f:67:f8:b6:70:79:cc:c8:3d:a4:45:bd:
                    2c:eb:9d:51:1e:3b:87:6d:f7:8d:d5:3f:16:28:c6:
                    e4:83:75:79:4d:7b:54:01:c6:58:27:16:e4:19:31:
                    f5:7d:26:80:e6:85:86:26:b0:4e:60:27:ef:45:05:
                    2f:c9:8f:b1:fa:ee:67:f6:bf:7e:53:df:96:9c:20:
                    a8:29:2c:92:e4:9f:3f:45:2a:0b:a6:60:a8:03:97:
                    0a:b5:50:aa:04:2f:c8:d9:b9:09:7c:76:f2:f9:d5:
                    f7:c3:e7:ff:e2:f3:fe:c1:57:e2:2c:af:4f:1e:12:
                    39:bb:7d:1d:a1:e3:6d:1a:ce:f1:6c:9b:1c:ee:d8:
                    cb:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:AC:71:E2:D7:B0:1C:4B:BC:0B:D0:42:97:1A:1C:62:D0:2F:F2:B5
            X509v3 Authority Key Identifier:
                keyid:6B:7D:1F:1E:87:7C:12:79:82:74:E0:13:34:55:4F:89:9F:38:EA:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a30fHod8EnmCdOATNFVPiZ846sE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/a13c40-dc67-423c-979e-2fad9a2fc3ef/1/saxx4tewHEu8C9BClxocYtAv8rU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/a13c40-dc67-423c-979e-2fad9a2fc3ef/1/a30fHod8EnmCdOATNFVPiZ846sE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.160.192.0/23

    Signature Algorithm: sha256WithRSAEncryption
         76:0d:27:65:75:4c:94:4e:9b:3b:e6:68:2e:60:b2:b1:25:2f:
         17:11:cf:28:e1:7b:13:b7:6c:91:bc:d3:fc:b6:30:29:20:44:
         12:e6:5e:4e:63:10:be:c6:e4:a6:1b:c3:d0:d1:84:48:ed:4e:
         76:d1:9c:b5:9b:0c:ed:3f:34:b3:95:02:e2:3c:00:22:7c:a3:
         5c:7c:5c:59:03:e9:09:2e:59:38:57:6f:ae:67:12:b8:b0:93:
         1c:a4:cb:be:0a:f6:68:06:cc:30:7b:10:8f:81:3c:12:99:e2:
         30:8d:9c:26:25:c1:a8:e6:ea:1c:15:e5:7d:84:14:a3:fa:8f:
         0a:07:c1:d9:26:c1:e4:76:92:5e:25:e0:5f:07:3e:9e:09:90:
         2e:03:cf:d9:5f:f2:01:3a:83:ff:8d:24:7e:9d:ee:de:8e:12:
         48:c1:99:70:b5:b3:d7:38:42:c0:12:65:8e:dc:f9:07:d8:b2:
         62:84:37:ac:02:3a:34:3d:12:4a:f3:95:75:ef:3e:46:bb:5e:
         9d:e7:83:18:51:12:73:21:be:8a:fc:04:5e:84:af:0a:ee:e3:
         99:0d:a4:20:bd:1c:e6:1f:e2:0c:f2:39:4c:8b:8f:03:af:c1:
         82:f6:c9:69:12:65:31:ad:f8:21:55:5c:2a:f5:29:e2:75:5c:
         cf:7c:5f:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbw4NTK0C+0ffewEC7quDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiN2QxZjFlODc3YzEyNzk4Mjc0ZTAxMzM0NTU0Zjg5OWYz
OGVhYzEwHhcNMjQwMTAyMDQyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWFjNzFlMmQ3YjAxYzRiYmMwYmQwNDI5NzFhMWM2MmQwMmZmMmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLsEFw4k7cA3HY5brfCQqwD+u6fK
k5NDy8aBOMMqdqEOj42iDjNlDxnuJoEHNiDU2EJE2q5u9fkcq9/wyMEKicv0oid8
EuK+Ntd9EaRhh0zQegIBRQAJhNTZ5+qJkA+FW3XwyrCwNM/wfnScpwt2zcF8Nscg
Bt8ickI/Z/i2cHnMyD2kRb0s651RHjuHbfeN1T8WKMbkg3V5TXtUAcZYJxbkGTH1
fSaA5oWGJrBOYCfvRQUvyY+x+u5n9r9+U9+WnCCoKSyS5J8/RSoLpmCoA5cKtVCq
BC/I2bkJfHby+dX3w+f/4vP+wVfiLK9PHhI5u30doeNtGs7xbJsc7tjLLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLGsceLXsBxLvAvQQpcaHGLQL/K1MB8GA1UdIwQY
MBaAFGt9Hx6HfBJ5gnTgEzRVT4mfOOrBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTMwZkhvZDhFbm1DZE9BVE5GVlBpWjg0NnNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9hMTNjNDAtZGM2Ny00MjNjLTk3OWUt
MmZhZDlhMmZjM2VmLzEvc2F4eDR0ZXdIRXU4QzlCQ2x4b2NZdEF2OHJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9hMTNjNDAtZGM2Ny00MjNjLTk3OWUtMmZhZDlhMmZjM2Vm
LzEvYTMwZkhvZDhFbm1DZE9BVE5GVlBpWjg0NnNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw6DAMA0G
CSqGSIb3DQEBCwUAA4IBAQB2DSdldUyUTps75mguYLKxJS8XEc8o4XsTt2yRvNP8
tjApIEQS5l5OYxC+xuSmG8PQ0YRI7U520Zy1mwztPzSzlQLiPAAifKNcfFxZA+kJ
Llk4V2+uZxK4sJMcpMu+CvZoBswwexCPgTwSmeIwjZwmJcGo5uocFeV9hBSj+o8K
B8HZJsHkdpJeJeBfBz6eCZAuA8/ZX/IBOoP/jSR+ne7ejhJIwZlwtbPXOELAEmWO
3PkH2LJihDesAjo0PRJK85V17z5Gu16d54MYURJzIb6K/ARehK8K7uOZDaQgvRzm
H+IM8jlMi48Dr8GC9slpEmUxrfghVVwq9SnidVzPfF/k
-----END CERTIFICATE-----