Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/8b5f7c-b3ae-4b58-81bb-25a40c075f12/1/cpmcqEkiElTb72sko05fp48X-FM.roa
File:                     cpmcqEkiElTb72sko05fp48X-FM.roa (raw, json)
Hash identifier:          xqlsImmQ/9E7U68AUDQtcRJOydRd1Euow8hua9KaN+Y=
Subject key identifier:   72:99:9C:A8:49:22:12:54:DB:EF:6B:24:A3:4E:5F:A7:8F:17:F8:53
Certificate issuer:       /CN=463f917077f8f3d0e338c742ea21d64358d19d52
Certificate serial:       01942521ABF10D2DC493C391B0C6AA61A6AC
Authority key identifier: 46:3F:91:70:77:F8:F3:D0:E3:38:C7:42:EA:21:D6:43:58:D1:9D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rj-RcHf489DjOMdC6iHWQ1jRnVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/8b5f7c-b3ae-4b58-81bb-25a40c075f12/1/cpmcqEkiElTb72sko05fp48X-FM.roa
Signing time:             Thu 02 Jan 2025 03:49:11 +0000
ROA not before:           Thu 02 Jan 2025 03:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        195.2.202.0/23 maxlen: 24
                          195.93.132.0/24 maxlen: 24
                          195.93.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/8b5f7c-b3ae-4b58-81bb-25a40c075f12/1/Rj-RcHf489DjOMdC6iHWQ1jRnVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/8b5f7c-b3ae-4b58-81bb-25a40c075f12/1/Rj-RcHf489DjOMdC6iHWQ1jRnVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rj-RcHf489DjOMdC6iHWQ1jRnVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 03:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:ab:f1:0d:2d:c4:93:c3:91:b0:c6:aa:61:a6:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=463f917077f8f3d0e338c742ea21d64358d19d52
        Validity
            Not Before: Jan  2 03:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=72999ca849221254dbef6b24a34e5fa78f17f853
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:15:19:94:63:8e:94:05:bd:84:9d:f3:7d:cf:
                    d5:86:6a:c8:06:07:46:7e:a1:d5:4c:c4:3d:ae:e6:
                    01:d8:b8:89:4a:5a:1b:70:1f:4a:23:54:f7:f9:d5:
                    3c:23:d6:45:21:ad:71:d6:31:e4:61:ba:b5:15:43:
                    36:46:1e:e8:5d:33:46:11:3b:14:92:82:17:41:25:
                    74:72:6c:b9:59:b9:8c:2c:e5:10:11:9d:e2:79:f7:
                    89:67:34:9a:2a:b2:f3:4b:34:4a:bf:c3:92:44:69:
                    0d:e8:f5:11:44:0a:50:51:05:e3:bf:ef:8d:84:4b:
                    75:83:c2:96:ec:02:79:bd:d8:2b:ed:2a:5a:a2:c7:
                    46:3a:cb:13:14:47:70:1f:86:1b:a4:e5:fe:e1:9d:
                    f1:4a:ea:20:36:f8:0f:9b:cf:67:fa:77:30:2a:6e:
                    23:0f:97:da:89:25:80:b8:42:ef:59:c7:7e:f9:af:
                    07:7c:a8:03:ba:0c:c2:dd:73:11:7c:79:83:8b:5c:
                    ca:5f:15:40:34:80:7a:ff:85:5b:e2:cf:55:fb:7a:
                    58:24:6f:d9:39:2b:3b:84:9f:aa:d5:db:74:47:9b:
                    db:de:e0:c4:6a:37:d8:d5:50:ef:f7:fa:6c:6a:28:
                    f6:56:8c:0a:0f:cc:39:c7:d9:d6:22:ea:31:d5:0f:
                    31:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:99:9C:A8:49:22:12:54:DB:EF:6B:24:A3:4E:5F:A7:8F:17:F8:53
            X509v3 Authority Key Identifier:
                keyid:46:3F:91:70:77:F8:F3:D0:E3:38:C7:42:EA:21:D6:43:58:D1:9D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rj-RcHf489DjOMdC6iHWQ1jRnVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/8b5f7c-b3ae-4b58-81bb-25a40c075f12/1/cpmcqEkiElTb72sko05fp48X-FM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/8b5f7c-b3ae-4b58-81bb-25a40c075f12/1/Rj-RcHf489DjOMdC6iHWQ1jRnVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.2.202.0/23
                  195.93.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2f:13:a4:d3:7c:49:1e:42:1c:57:30:53:60:35:8a:74:d8:7f:
         15:c0:19:93:3e:e8:a1:a4:78:58:df:58:e8:c3:7c:2e:ba:f1:
         91:e7:ee:63:0b:14:45:70:d1:d0:dd:b7:82:a0:1d:3a:2b:fd:
         77:1f:6e:a5:50:8a:ef:c9:fb:7f:4c:9f:33:1b:5c:79:5f:e9:
         d5:c9:0d:7b:28:7e:be:a8:2a:79:87:c2:59:24:6b:a7:7f:6e:
         8d:c5:67:ac:98:df:50:c2:e2:92:55:47:af:36:4d:28:28:b0:
         b4:e6:5d:13:c5:b9:53:2e:37:b1:39:11:ef:8f:09:6a:57:ea:
         9d:ad:25:5e:3f:21:ea:3c:ad:10:06:8e:03:0f:c2:bb:b8:da:
         17:e9:75:ee:f3:63:07:fc:43:eb:7f:f3:69:ad:d3:bb:e1:dd:
         d6:ae:eb:2e:b6:86:30:d2:db:c7:7b:7e:47:c1:29:9f:53:60:
         b6:b1:9c:f9:a3:ed:6a:c0:72:6c:21:fd:bf:40:ff:b8:e5:90:
         35:ae:ae:dc:cd:66:8c:de:3b:4f:2b:61:15:6d:14:38:c9:45:
         f4:1b:d7:21:f7:fb:4a:a5:c8:fd:5d:f8:01:3e:ec:71:17:94:
         b1:fe:fb:33:87:9b:36:21:01:d2:b6:3a:14:76:a7:0c:c0:f8:
         77:a3:85:0c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQlIavxDS3Ek8ORsMaqYaasMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2M2Y5MTcwNzdmOGYzZDBlMzM4Yzc0MmVhMjFkNjQzNThk
MTlkNTIwHhcNMjUwMTAyMDM0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Mjk5OWNhODQ5MjIxMjU0ZGJlZjZiMjRhMzRlNWZhNzhmMTdmODUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzBUZlGOOlAW9hJ3zfc/VhmrIBgdG
fqHVTMQ9ruYB2LiJSlobcB9KI1T3+dU8I9ZFIa1x1jHkYbq1FUM2Rh7oXTNGETsU
koIXQSV0cmy5WbmMLOUQEZ3iefeJZzSaKrLzSzRKv8OSRGkN6PURRApQUQXjv++N
hEt1g8KW7AJ5vdgr7SpaosdGOssTFEdwH4YbpOX+4Z3xSuogNvgPm89n+ncwKm4j
D5faiSWAuELvWcd++a8HfKgDugzC3XMRfHmDi1zKXxVANIB6/4Vb4s9V+3pYJG/Z
OSs7hJ+q1dt0R5vb3uDEajfY1VDv9/psaij2VowKD8w5x9nWIuox1Q8xNQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHKZnKhJIhJU2+9rJKNOX6ePF/hTMB8GA1UdIwQY
MBaAFEY/kXB3+PPQ4zjHQuoh1kNY0Z1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmotUmNIZjQ4OURqT01kQzZpSFdRMWpSblZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC84YjVmN2MtYjNhZS00YjU4LTgxYmIt
MjVhNDBjMDc1ZjEyLzEvY3BtY3FFa2lFbFRiNzJza28wNWZwNDhYLUZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC84YjVmN2MtYjNhZS00YjU4LTgxYmItMjVhNDBjMDc1ZjEy
LzEvUmotUmNIZjQ4OURqT01kQzZpSFdRMWpSblZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwwLKAwQB
w12EMA0GCSqGSIb3DQEBCwUAA4IBAQAvE6TTfEkeQhxXMFNgNYp02H8VwBmTPuih
pHhY31jow3wuuvGR5+5jCxRFcNHQ3beCoB06K/13H26lUIrvyft/TJ8zG1x5X+nV
yQ17KH6+qCp5h8JZJGunf26NxWesmN9QwuKSVUevNk0oKLC05l0TxblTLjexORHv
jwlqV+qdrSVePyHqPK0QBo4DD8K7uNoX6XXu82MH/EPrf/NprdO74d3WrusutoYw
0tvHe35HwSmfU2C2sZz5o+1qwHJsIf2/QP+45ZA1rq7czWaM3jtPK2EVbRQ4yUX0
G9ch9/tKpcj9XfgBPuxxF5Sx/vszh5s2IQHStjoUdqcMwPh3o4UM
-----END CERTIFICATE-----