Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/4d6b88-20c6-4c42-8799-4b917592357c/1/jdR3XAe03YrfNCLEGzgN8Ph3YX4.roa
File:                     jdR3XAe03YrfNCLEGzgN8Ph3YX4.roa (raw, json)
Hash identifier:          zPn9My7kljcm4wOZvIBW1hCUzbFiqqgnzEi7EcmUEXs=
Subject key identifier:   8D:D4:77:5C:07:B4:DD:8A:DF:34:22:C4:1B:38:0D:F0:F8:77:61:7E
Certificate issuer:       /CN=e45b9daeaa034255ea33114f58b88c1c3e3c7caf
Certificate serial:       018CC6B779D340BD1B72D4B3D50683BEB239
Authority key identifier: E4:5B:9D:AE:AA:03:42:55:EA:33:11:4F:58:B8:8C:1C:3E:3C:7C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5FudrqoDQlXqMxFPWLiMHD48fK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/4d6b88-20c6-4c42-8799-4b917592357c/1/jdR3XAe03YrfNCLEGzgN8Ph3YX4.roa
Signing time:             Mon 01 Jan 2024 20:29:22 +0000
ROA not before:           Mon 01 Jan 2024 20:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41632
IP address blocks:        195.138.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/4d6b88-20c6-4c42-8799-4b917592357c/1/5FudrqoDQlXqMxFPWLiMHD48fK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/4d6b88-20c6-4c42-8799-4b917592357c/1/5FudrqoDQlXqMxFPWLiMHD48fK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5FudrqoDQlXqMxFPWLiMHD48fK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:01:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:79:d3:40:bd:1b:72:d4:b3:d5:06:83:be:b2:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e45b9daeaa034255ea33114f58b88c1c3e3c7caf
        Validity
            Not Before: Jan  1 20:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8dd4775c07b4dd8adf3422c41b380df0f877617e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:65:02:47:ac:3b:4a:19:42:e3:36:f9:b9:cc:
                    88:49:e6:78:27:c1:42:b0:65:eb:60:3b:46:ea:e3:
                    f7:62:51:5e:bb:20:05:89:b6:b9:6d:dd:2c:6b:59:
                    32:f8:60:10:4a:13:80:1b:01:8e:8e:aa:be:19:92:
                    f9:da:2a:11:af:94:0a:46:72:a6:c0:e9:5d:d4:c4:
                    68:f0:5e:11:f0:9a:b5:97:fe:40:af:59:0a:b1:99:
                    48:3e:e8:28:4c:07:3e:c9:f0:8c:65:ef:b8:55:ce:
                    54:8d:95:ff:e1:4a:ad:35:f0:95:d3:65:8a:d7:7f:
                    c6:0f:73:2c:3d:fb:9d:08:af:b9:02:a6:1d:9d:fb:
                    82:71:8d:c8:2e:29:94:77:0f:62:10:10:de:85:58:
                    20:d0:41:4a:ab:42:b1:0c:7a:42:ef:b0:e8:fa:80:
                    07:f5:27:d4:ca:ca:93:fb:b1:47:9a:f3:6d:a8:39:
                    69:3b:77:7d:95:e3:fb:32:a3:25:6a:7f:87:63:73:
                    b3:b7:24:85:c1:d9:dc:23:1e:6a:99:48:f0:b2:c2:
                    17:5d:72:fe:40:7e:c5:89:d7:63:55:7c:10:8a:8e:
                    fe:2d:32:7c:cd:45:37:e7:6e:86:bc:ed:18:39:e4:
                    7d:28:02:0e:d7:8d:98:90:38:d7:07:fa:4b:1a:f6:
                    c5:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:D4:77:5C:07:B4:DD:8A:DF:34:22:C4:1B:38:0D:F0:F8:77:61:7E
            X509v3 Authority Key Identifier:
                keyid:E4:5B:9D:AE:AA:03:42:55:EA:33:11:4F:58:B8:8C:1C:3E:3C:7C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5FudrqoDQlXqMxFPWLiMHD48fK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/4d6b88-20c6-4c42-8799-4b917592357c/1/jdR3XAe03YrfNCLEGzgN8Ph3YX4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/4d6b88-20c6-4c42-8799-4b917592357c/1/5FudrqoDQlXqMxFPWLiMHD48fK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.138.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:45:4f:50:ac:9c:4d:01:b2:ee:f6:ca:db:3c:57:67:89:28:
         72:56:c2:cc:e7:0f:7a:77:21:ae:0f:c9:93:47:e5:27:70:a8:
         5e:bc:93:bd:46:00:33:e0:37:21:56:d7:31:8a:fe:7c:ab:ff:
         7d:03:9e:3b:71:62:43:23:ae:bc:ca:ad:4e:e3:12:0b:20:6b:
         e5:2d:85:f3:aa:9b:a6:36:86:22:3c:f8:75:90:69:5b:20:78:
         59:5d:18:7b:6e:e0:46:70:cc:c6:63:3f:8e:88:ce:29:c7:ad:
         6e:20:f8:de:35:2f:8c:80:f4:da:a0:a6:07:14:42:72:f1:13:
         84:49:1b:38:ec:df:f3:f0:65:26:e1:65:d3:6f:e0:4b:d4:26:
         e8:34:93:a4:d5:f6:42:a4:5f:bd:02:46:e5:eb:5a:1f:93:b8:
         b9:14:85:d5:24:71:7d:f8:fd:fd:96:d3:28:61:5d:66:b3:d6:
         06:d4:84:09:08:ce:fb:2f:e4:88:04:6d:f2:37:61:58:53:87:
         44:88:dd:72:3f:7c:4c:09:34:25:85:79:e9:69:31:60:54:86:
         96:85:d5:15:03:b6:9e:a8:d4:a6:3c:57:bc:5f:54:61:62:04:
         a9:44:6b:38:06:71:c5:a9:68:70:8b:70:45:d3:66:81:32:0f:
         69:a1:ed:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt3nTQL0bctSz1QaDvrI5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0NWI5ZGFlYWEwMzQyNTVlYTMzMTE0ZjU4Yjg4YzFjM2Uz
YzdjYWYwHhcNMjQwMTAxMjAyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGQ0Nzc1YzA3YjRkZDhhZGYzNDIyYzQxYjM4MGRmMGY4Nzc2MTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmUCR6w7ShlC4zb5ucyISeZ4J8FC
sGXrYDtG6uP3YlFeuyAFiba5bd0sa1ky+GAQShOAGwGOjqq+GZL52ioRr5QKRnKm
wOld1MRo8F4R8Jq1l/5Ar1kKsZlIPugoTAc+yfCMZe+4Vc5UjZX/4UqtNfCV02WK
13/GD3MsPfudCK+5AqYdnfuCcY3ILimUdw9iEBDehVgg0EFKq0KxDHpC77Do+oAH
9SfUysqT+7FHmvNtqDlpO3d9leP7MqMlan+HY3OztySFwdncIx5qmUjwssIXXXL+
QH7FiddjVXwQio7+LTJ8zUU3526GvO0YOeR9KAIO142YkDjXB/pLGvbF/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI3Ud1wHtN2K3zQixBs4DfD4d2F+MB8GA1UdIwQY
MBaAFORbna6qA0JV6jMRT1i4jBw+PHyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUZ1ZHJxb0RRbFhxTXhGUFdMaU1IRDQ4Zks4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy80ZDZiODgtMjBjNi00YzQyLTg3OTkt
NGI5MTc1OTIzNTdjLzEvamRSM1hBZTAzWXJmTkNMRUd6Z044UGgzWVg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy80ZDZiODgtMjBjNi00YzQyLTg3OTktNGI5MTc1OTIzNTdj
LzEvNUZ1ZHJxb0RRbFhxTXhGUFdMaU1IRDQ4Zks4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4rXMA0G
CSqGSIb3DQEBCwUAA4IBAQBzRU9QrJxNAbLu9srbPFdniShyVsLM5w96dyGuD8mT
R+UncKhevJO9RgAz4DchVtcxiv58q/99A547cWJDI668yq1O4xILIGvlLYXzqpum
NoYiPPh1kGlbIHhZXRh7buBGcMzGYz+OiM4px61uIPjeNS+MgPTaoKYHFEJy8ROE
SRs47N/z8GUm4WXTb+BL1CboNJOk1fZCpF+9Akbl61ofk7i5FIXVJHF9+P39ltMo
YV1ms9YG1IQJCM77L+SIBG3yN2FYU4dEiN1yP3xMCTQlhXnpaTFgVIaWhdUVA7ae
qNSmPFe8X1RhYgSpRGs4BnHFqWhwi3BF02aBMg9poe3F
-----END CERTIFICATE-----