Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/192bba-1a74-4ba4-90d6-72c4c4b804a7/1/RM0wb6gwaF-GKqo3HVsl2NGChs0.roa
File:                     RM0wb6gwaF-GKqo3HVsl2NGChs0.roa (raw, json)
Hash identifier:          fYe120t0X7kEZRTgtTwPGIW6g/qVrAmTz8KoZdCYxks=
Subject key identifier:   44:CD:30:6F:A8:30:68:5F:86:2A:AA:37:1D:5B:25:D8:D1:82:86:CD
Certificate issuer:       /CN=83375b43ae8a53d48c888671e67fc17bf27f2b7e
Certificate serial:       018CC5DCC956AEBB82D3096FFC9388E68407
Authority key identifier: 83:37:5B:43:AE:8A:53:D4:8C:88:86:71:E6:7F:C1:7B:F2:7F:2B:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzdbQ66KU9SMiIZx5n_Be_J_K34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/192bba-1a74-4ba4-90d6-72c4c4b804a7/1/RM0wb6gwaF-GKqo3HVsl2NGChs0.roa
Signing time:             Mon 01 Jan 2024 16:30:30 +0000
ROA not before:           Mon 01 Jan 2024 16:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8395
IP address blocks:        195.170.32.0/19 maxlen: 19
                          2a04:dbc0::/30 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/192bba-1a74-4ba4-90d6-72c4c4b804a7/1/gzdbQ66KU9SMiIZx5n_Be_J_K34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/192bba-1a74-4ba4-90d6-72c4c4b804a7/1/gzdbQ66KU9SMiIZx5n_Be_J_K34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gzdbQ66KU9SMiIZx5n_Be_J_K34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:c9:56:ae:bb:82:d3:09:6f:fc:93:88:e6:84:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83375b43ae8a53d48c888671e67fc17bf27f2b7e
        Validity
            Not Before: Jan  1 16:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44cd306fa830685f862aaa371d5b25d8d18286cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:9d:22:c4:19:f0:00:b8:2f:c2:b5:db:7e:79:
                    51:27:15:41:39:e7:7e:26:8c:a7:3d:56:c8:69:d1:
                    aa:78:ff:62:07:76:04:4f:b8:c2:7b:2e:b7:0d:ec:
                    d6:dc:f8:f4:da:c3:3e:17:fa:ae:29:47:dd:3f:bd:
                    bc:9b:95:c5:e7:06:fc:09:17:1a:b9:8b:26:93:98:
                    d1:c2:67:6b:aa:9a:14:5c:dc:40:38:a5:ac:09:e1:
                    af:0b:a8:68:a6:64:70:5c:47:b0:a5:dd:0c:e5:a8:
                    73:88:06:5a:23:62:23:9e:74:09:f6:7a:c1:8c:a4:
                    e3:f8:32:b7:3f:04:e7:30:e1:15:b7:95:b7:42:53:
                    7a:5e:a9:0f:31:3a:b0:cd:5a:1f:c7:b9:cb:e6:fb:
                    c5:87:89:cf:34:59:77:93:9d:0d:ce:2d:f7:48:0b:
                    59:bb:8a:c5:6d:21:ae:21:b8:6e:c4:b9:4a:bf:73:
                    b0:ed:71:94:0c:be:33:46:fa:06:26:7c:b4:b5:5a:
                    1a:ff:f5:bb:b9:fe:25:95:d0:75:7a:73:15:34:37:
                    09:9f:b6:18:23:1e:7b:be:d2:f8:1c:c7:00:8f:2c:
                    15:1c:59:d2:e9:71:dc:a5:33:4f:a8:32:54:da:e6:
                    cd:da:aa:72:00:a3:d5:64:5d:29:f7:f3:32:c5:e1:
                    ce:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:CD:30:6F:A8:30:68:5F:86:2A:AA:37:1D:5B:25:D8:D1:82:86:CD
            X509v3 Authority Key Identifier:
                keyid:83:37:5B:43:AE:8A:53:D4:8C:88:86:71:E6:7F:C1:7B:F2:7F:2B:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzdbQ66KU9SMiIZx5n_Be_J_K34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/192bba-1a74-4ba4-90d6-72c4c4b804a7/1/RM0wb6gwaF-GKqo3HVsl2NGChs0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/192bba-1a74-4ba4-90d6-72c4c4b804a7/1/gzdbQ66KU9SMiIZx5n_Be_J_K34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.170.32.0/19
                IPv6:
                  2a04:dbc0::/30

    Signature Algorithm: sha256WithRSAEncryption
         56:c2:26:61:3e:53:f9:83:a9:89:ba:40:d2:66:79:88:2f:b8:
         a1:c0:b7:e7:7a:4c:03:9c:3b:4f:b6:3a:e0:57:08:be:f3:72:
         de:6f:86:26:64:47:e0:37:0a:cb:29:f1:2f:a9:62:1d:99:b8:
         f7:eb:d9:e5:d2:5a:03:6b:ba:72:3c:2b:6e:30:8c:2b:e0:7f:
         90:67:b5:c0:2b:ff:df:99:91:f5:2c:6e:b4:af:56:b2:6b:d5:
         d3:72:93:65:93:d8:e6:81:8f:e1:dc:f0:7c:12:ef:98:fb:0a:
         19:8a:37:c5:bb:18:a2:60:51:62:5e:55:dd:22:21:1e:d8:e2:
         21:ee:2c:50:0d:30:29:d2:56:99:31:39:f3:05:52:70:90:8d:
         c0:c3:06:13:b1:f1:9c:ec:d5:91:90:e8:52:89:a4:e0:c3:18:
         1b:14:a8:e9:1c:11:3f:1a:2a:ef:e7:11:8e:3e:75:13:a2:07:
         9e:aa:39:97:69:c6:70:38:10:6c:87:d7:42:d3:c3:20:fc:da:
         b0:9e:7f:9d:cc:d0:f3:ff:c5:7a:6e:e3:73:7a:62:4c:b2:80:
         41:80:d9:a4:3e:6a:6b:06:7f:b2:90:73:3a:a8:7a:14:38:7a:
         26:f4:ab:ab:13:cd:6f:44:b2:c3:8c:4f:38:c5:8e:45:56:0b:
         dc:da:6e:25
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3MlWrruC0wlv/JOI5oQHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzc1YjQzYWU4YTUzZDQ4Yzg4ODY3MWU2N2ZjMTdiZjI3
ZjJiN2UwHhcNMjQwMTAxMTYzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGNkMzA2ZmE4MzA2ODVmODYyYWFhMzcxZDViMjVkOGQxODI4NmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgJ0ixBnwALgvwrXbfnlRJxVBOed+
JoynPVbIadGqeP9iB3YET7jCey63DezW3Pj02sM+F/quKUfdP728m5XF5wb8CRca
uYsmk5jRwmdrqpoUXNxAOKWsCeGvC6hopmRwXEewpd0M5ahziAZaI2IjnnQJ9nrB
jKTj+DK3PwTnMOEVt5W3QlN6XqkPMTqwzVofx7nL5vvFh4nPNFl3k50Nzi33SAtZ
u4rFbSGuIbhuxLlKv3Ow7XGUDL4zRvoGJny0tVoa//W7uf4lldB1enMVNDcJn7YY
Ix57vtL4HMcAjywVHFnS6XHcpTNPqDJU2ubN2qpyAKPVZF0p9/MyxeHOMwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFETNMG+oMGhfhiqqNx1bJdjRgobNMB8GA1UdIwQY
MBaAFIM3W0OuilPUjIiGceZ/wXvyfyt+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pkYlE2NktVOVNNaUlaeDVuX0JlX0pfSzM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8xOTJiYmEtMWE3NC00YmE0LTkwZDYt
NzJjNGM0YjgwNGE3LzEvUk0wd2I2Z3dhRi1HS3FvM0hWc2wyTkdDaHMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8xOTJiYmEtMWE3NC00YmE0LTkwZDYtNzJjNGM0YjgwNGE3
LzEvZ3pkYlE2NktVOVNNaUlaeDVuX0JlX0pfSzM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFw6ogMA0E
AgACMAcDBQIqBNvAMA0GCSqGSIb3DQEBCwUAA4IBAQBWwiZhPlP5g6mJukDSZnmI
L7ihwLfnekwDnDtPtjrgVwi+83Leb4YmZEfgNwrLKfEvqWIdmbj369nl0loDa7py
PCtuMIwr4H+QZ7XAK//fmZH1LG60r1aya9XTcpNlk9jmgY/h3PB8Eu+Y+woZijfF
uxiiYFFiXlXdIiEe2OIh7ixQDTAp0laZMTnzBVJwkI3AwwYTsfGc7NWRkOhSiaTg
wxgbFKjpHBE/Girv5xGOPnUTogeeqjmXacZwOBBsh9dC08Mg/Nqwnn+dzNDz/8V6
buNzemJMsoBBgNmkPmprBn+ykHM6qHoUOHom9KurE81vRLLDjE84xY5FVgvc2m4l
-----END CERTIFICATE-----