Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/12ff71-9e6c-40d9-9df7-773cfc4333e1/1/cXvzX-YV9-vCMA1Vyo6qcx_NrXY.roa
File:                     cXvzX-YV9-vCMA1Vyo6qcx_NrXY.roa (raw, json)
Hash identifier:          tJl//2sIIWV0+/8r4bsfUakItWeFNGKmw8lymOT9oLw=
Subject key identifier:   71:7B:F3:5F:E6:15:F7:EB:C2:30:0D:55:CA:8E:AA:73:1F:CD:AD:76
Certificate issuer:       /CN=b62b967c52145e67a4b3206b1ca492853ca0df84
Certificate serial:       018CC6B7E51C5C5E3AD7575011623503927B
Authority key identifier: B6:2B:96:7C:52:14:5E:67:A4:B3:20:6B:1C:A4:92:85:3C:A0:DF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tiuWfFIUXmeksyBrHKSShTyg34Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/12ff71-9e6c-40d9-9df7-773cfc4333e1/1/cXvzX-YV9-vCMA1Vyo6qcx_NrXY.roa
Signing time:             Mon 01 Jan 2024 20:29:49 +0000
ROA not before:           Mon 01 Jan 2024 20:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44980
IP address blocks:        195.242.156.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/12ff71-9e6c-40d9-9df7-773cfc4333e1/1/tiuWfFIUXmeksyBrHKSShTyg34Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/12ff71-9e6c-40d9-9df7-773cfc4333e1/1/tiuWfFIUXmeksyBrHKSShTyg34Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tiuWfFIUXmeksyBrHKSShTyg34Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 04:03:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:e5:1c:5c:5e:3a:d7:57:50:11:62:35:03:92:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b62b967c52145e67a4b3206b1ca492853ca0df84
        Validity
            Not Before: Jan  1 20:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=717bf35fe615f7ebc2300d55ca8eaa731fcdad76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:b8:71:e9:ae:ce:d5:69:91:ee:5f:02:30:44:
                    d1:de:52:2c:0a:d4:7c:ed:7f:92:21:58:5e:41:09:
                    fe:3c:48:3f:a6:a0:58:1d:e9:43:92:9f:14:83:bb:
                    8e:49:6a:2b:9a:48:16:ec:3c:99:60:d1:aa:b2:f6:
                    32:72:30:b7:2e:16:bd:99:00:d6:a4:07:b6:74:f0:
                    96:e8:87:27:3c:6a:20:51:52:68:4b:ce:22:b2:b2:
                    11:d3:1a:18:5d:3b:00:67:4d:59:dc:89:28:c5:67:
                    38:b8:8d:8f:98:c0:90:9f:84:6e:5f:7c:9c:1c:5b:
                    ef:d8:0c:2a:66:d6:4d:94:2d:37:32:3d:f7:56:25:
                    60:12:8b:70:b5:1f:77:19:6b:b3:1a:21:be:2b:11:
                    96:7a:b3:2a:76:83:54:aa:97:1f:19:93:ab:e6:6a:
                    a6:70:5c:5f:3c:ce:1e:83:46:e1:6c:d2:1b:55:3e:
                    13:87:04:99:fd:4e:18:17:16:60:ea:16:0d:c0:fa:
                    13:cd:97:5f:d2:d6:e5:3e:33:6f:f9:e5:45:48:b1:
                    d8:0d:17:5a:17:01:2c:3f:c2:95:bc:bd:54:51:55:
                    66:5c:24:f3:2c:61:94:32:be:3b:24:f0:50:23:c7:
                    fb:99:2e:6a:13:eb:b5:c6:f6:f6:ea:03:74:39:53:
                    12:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:7B:F3:5F:E6:15:F7:EB:C2:30:0D:55:CA:8E:AA:73:1F:CD:AD:76
            X509v3 Authority Key Identifier:
                keyid:B6:2B:96:7C:52:14:5E:67:A4:B3:20:6B:1C:A4:92:85:3C:A0:DF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tiuWfFIUXmeksyBrHKSShTyg34Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/12ff71-9e6c-40d9-9df7-773cfc4333e1/1/cXvzX-YV9-vCMA1Vyo6qcx_NrXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/12ff71-9e6c-40d9-9df7-773cfc4333e1/1/tiuWfFIUXmeksyBrHKSShTyg34Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.242.156.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8b:59:7f:7d:da:aa:83:4a:6f:11:2c:5f:32:63:cf:70:3b:a8:
         ce:90:23:2f:8a:1d:27:4b:00:8d:f7:43:e4:bb:77:b6:17:4b:
         31:f1:34:19:8c:12:15:b1:d8:c7:86:60:4d:23:d6:c8:93:e3:
         4e:ae:e8:75:78:1a:c3:d0:a8:d3:46:61:9a:eb:cf:82:5f:22:
         b7:61:83:1f:04:ec:8e:3b:0c:28:48:18:d9:5e:f9:6b:d4:83:
         23:18:77:67:5e:48:88:ed:fc:f0:0b:e2:a3:9e:09:4c:b8:a5:
         01:12:2c:bd:60:99:8a:a9:0e:e8:92:3c:b0:fd:e0:5d:d5:1d:
         5d:c5:0d:ee:7d:13:a0:8e:92:af:fb:61:79:b5:12:04:43:35:
         88:33:a6:fd:d5:94:8b:c9:fa:b1:25:0b:31:c4:23:5d:f7:8f:
         62:03:41:c8:27:c9:8b:6f:41:61:03:f6:66:7b:bc:ad:02:c8:
         ad:3c:75:7a:6b:8b:12:f2:68:0c:2f:56:d3:bd:6d:60:a4:d3:
         50:4b:da:8e:b0:8d:81:29:f0:e9:a1:f7:fe:3b:29:e7:d8:3d:
         fe:50:ed:34:ce:f7:9b:f6:fc:b7:af:2b:4b:68:5b:da:09:96:
         5f:f7:f6:11:3e:34:da:28:22:9f:88:54:74:cc:52:66:70:77:
         ce:6f:87:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt+UcXF4611dQEWI1A5J7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2MmI5NjdjNTIxNDVlNjdhNGIzMjA2YjFjYTQ5Mjg1M2Nh
MGRmODQwHhcNMjQwMTAxMjAyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTdiZjM1ZmU2MTVmN2ViYzIzMDBkNTVjYThlYWE3MzFmY2RhZDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmLhx6a7O1WmR7l8CMETR3lIsCtR8
7X+SIVheQQn+PEg/pqBYHelDkp8Ug7uOSWormkgW7DyZYNGqsvYycjC3Lha9mQDW
pAe2dPCW6IcnPGogUVJoS84isrIR0xoYXTsAZ01Z3IkoxWc4uI2PmMCQn4RuX3yc
HFvv2AwqZtZNlC03Mj33ViVgEotwtR93GWuzGiG+KxGWerMqdoNUqpcfGZOr5mqm
cFxfPM4eg0bhbNIbVT4ThwSZ/U4YFxZg6hYNwPoTzZdf0tblPjNv+eVFSLHYDRda
FwEsP8KVvL1UUVVmXCTzLGGUMr47JPBQI8f7mS5qE+u1xvb26gN0OVMSnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHF781/mFffrwjANVcqOqnMfza12MB8GA1UdIwQY
MBaAFLYrlnxSFF5npLMgaxykkoU8oN+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGl1V2ZGSVVYbWVrc3lCckhLU1NoVHlnMzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8xMmZmNzEtOWU2Yy00MGQ5LTlkZjct
NzczY2ZjNDMzM2UxLzEvY1h2elgtWVY5LXZDTUExVnlvNnFjeF9OclhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8xMmZmNzEtOWU2Yy00MGQ5LTlkZjctNzczY2ZjNDMzM2Ux
LzEvdGl1V2ZGSVVYbWVrc3lCckhLU1NoVHlnMzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw/KcMA0G
CSqGSIb3DQEBCwUAA4IBAQCLWX992qqDSm8RLF8yY89wO6jOkCMvih0nSwCN90Pk
u3e2F0sx8TQZjBIVsdjHhmBNI9bIk+NOruh1eBrD0KjTRmGa68+CXyK3YYMfBOyO
OwwoSBjZXvlr1IMjGHdnXkiI7fzwC+KjnglMuKUBEiy9YJmKqQ7okjyw/eBd1R1d
xQ3ufROgjpKv+2F5tRIEQzWIM6b91ZSLyfqxJQsxxCNd949iA0HIJ8mLb0FhA/Zm
e7ytAsitPHV6a4sS8mgML1bTvW1gpNNQS9qOsI2BKfDpoff+Oynn2D3+UO00zveb
9vy3rytLaFvaCZZf9/YRPjTaKCKfiFR0zFJmcHfOb4f7
-----END CERTIFICATE-----