Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/tz73bHfk6lkyUVzMDxrqeXqmF_4.roa
File:                     tz73bHfk6lkyUVzMDxrqeXqmF_4.roa (raw, json)
Hash identifier:          /ufN8cuUwifcbZRfRjvd0dOgUngjqpzBoHaUjbO30a8=
Subject key identifier:   B7:3E:F7:6C:77:E4:EA:59:32:51:5C:CC:0F:1A:EA:79:7A:A6:17:FE
Certificate issuer:       /CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
Certificate serial:       018CC9BBCB6BE7625E05A68D9D183DA35EB3
Authority key identifier: F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/tz73bHfk6lkyUVzMDxrqeXqmF_4.roa
Signing time:             Tue 02 Jan 2024 10:32:56 +0000
ROA not before:           Tue 02 Jan 2024 10:32:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28924
IP address blocks:        195.56.147.0/24 maxlen: 24
                          195.56.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:cb:6b:e7:62:5e:05:a6:8d:9d:18:3d:a3:5e:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
        Validity
            Not Before: Jan  2 10:32:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b73ef76c77e4ea5932515ccc0f1aea797aa617fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:3c:3f:fd:ac:a4:9c:00:1b:b3:db:74:03:24:
                    03:b4:74:bc:b6:87:df:8c:b0:ce:06:a1:c6:e7:aa:
                    10:2f:26:96:2c:1e:81:89:59:bd:ff:2d:5f:14:59:
                    ee:86:bc:78:05:17:7e:24:51:b0:0f:9d:23:3c:00:
                    7a:73:33:77:bf:b3:4c:21:35:f8:51:eb:80:8a:b9:
                    65:d6:19:2f:fd:2b:bc:4d:7f:7e:ff:bb:f3:bc:c1:
                    b9:c1:c0:cf:dd:de:d5:b9:e8:91:46:56:59:d4:e8:
                    8c:7b:c9:fe:82:a2:37:50:cb:43:6b:30:0a:12:d7:
                    b5:a3:4a:fc:a7:e3:c3:3a:ae:83:65:b2:75:82:bb:
                    63:ec:f4:a2:f8:20:3f:7c:b9:c2:3b:ba:25:e8:84:
                    d5:07:f7:9c:2c:fa:8d:a6:17:82:62:41:a0:16:51:
                    7b:e4:99:bb:32:95:b0:cc:dd:28:95:ff:69:d3:c5:
                    86:f6:b0:d4:8a:72:e6:c0:0a:f4:b5:4b:82:44:ab:
                    26:0e:84:84:cd:fa:07:47:72:a8:5e:f2:4b:2e:b8:
                    44:f7:b1:d6:b6:6f:27:c1:d7:de:2a:b9:09:9e:93:
                    25:46:44:56:02:cd:e1:4c:58:ca:13:df:54:7b:7a:
                    68:69:e3:e0:b4:01:a7:25:fb:a4:b2:12:c0:56:01:
                    89:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:3E:F7:6C:77:E4:EA:59:32:51:5C:CC:0F:1A:EA:79:7A:A6:17:FE
            X509v3 Authority Key Identifier:
                keyid:F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/tz73bHfk6lkyUVzMDxrqeXqmF_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.56.44.0/24
                  195.56.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:15:26:55:ef:4a:03:44:5f:72:1a:ea:b3:51:ec:99:95:b8:
         a1:18:7d:5c:2e:c6:79:11:33:be:83:82:97:6c:74:92:41:51:
         0b:fd:1f:56:26:da:32:ce:9a:cc:9a:54:1a:20:45:a6:71:84:
         77:5c:7e:be:cd:73:f0:c0:bb:bf:42:2f:38:a3:ba:ef:c8:4a:
         d9:0b:3d:82:1f:46:b1:0c:0c:13:de:d7:d4:f4:26:b6:9c:f2:
         1a:53:4f:7f:82:db:87:ec:0f:9b:39:3f:75:2e:d0:bf:ac:f3:
         5d:69:d4:e6:46:17:e2:c1:78:3d:0e:1d:ff:2a:45:60:ca:ca:
         c2:0b:3b:c7:17:03:e4:af:c5:4e:00:fc:e0:1e:13:2f:b6:d1:
         88:5f:33:a1:95:33:56:5b:07:6b:15:f4:b8:67:5e:9d:0b:93:
         a0:bd:41:96:71:76:fa:ac:f1:69:87:4b:6f:8c:53:e6:f5:31:
         f1:63:7c:bd:13:9d:50:69:9d:4a:da:3f:0f:3f:d2:2b:aa:f4:
         41:0f:12:24:e7:2b:6c:3b:5f:4e:8a:13:5f:4f:5e:77:14:79:
         70:fd:d5:7f:47:1f:35:77:1e:8c:4e:85:90:2b:63:c9:7c:32:
         09:69:d2:5e:00:4f:3a:47:19:6e:9b:74:62:ba:81:a7:c6:f0:
         32:36:a4:e2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJu8tr52JeBaaNnRg9o16zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMmRhYzYwNWY0NjU5NzE4YzBhMTVlMWY3MzJjYmQ0ZjQ4
YWFlN2IwHhcNMjQwMTAyMTAzMjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzNlZjc2Yzc3ZTRlYTU5MzI1MTVjY2MwZjFhZWE3OTdhYTYxN2ZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojw//ayknAAbs9t0AyQDtHS8toff
jLDOBqHG56oQLyaWLB6BiVm9/y1fFFnuhrx4BRd+JFGwD50jPAB6czN3v7NMITX4
UeuAirll1hkv/Su8TX9+/7vzvMG5wcDP3d7VueiRRlZZ1OiMe8n+gqI3UMtDazAK
Ete1o0r8p+PDOq6DZbJ1grtj7PSi+CA/fLnCO7ol6ITVB/ecLPqNpheCYkGgFlF7
5Jm7MpWwzN0olf9p08WG9rDUinLmwAr0tUuCRKsmDoSEzfoHR3KoXvJLLrhE97HW
tm8nwdfeKrkJnpMlRkRWAs3hTFjKE99Ue3poaePgtAGnJfukshLAVgGJcQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLc+92x35OpZMlFczA8a6nl6phf+MB8GA1UdIwQY
MBaAFPAtrGBfRllxjAoV4fcyy9T0iq57MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYt
MjkyYWU0NmU2MzAyLzEvdHo3M2JIZms2bGt5VVZ6TUR4cnFlWHFtRl80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYtMjkyYWU0NmU2MzAy
LzEvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwzgsAwQA
wziTMA0GCSqGSIb3DQEBCwUAA4IBAQBlFSZV70oDRF9yGuqzUeyZlbihGH1cLsZ5
ETO+g4KXbHSSQVEL/R9WJtoyzprMmlQaIEWmcYR3XH6+zXPwwLu/Qi84o7rvyErZ
Cz2CH0axDAwT3tfU9Ca2nPIaU09/gtuH7A+bOT91LtC/rPNdadTmRhfiwXg9Dh3/
KkVgysrCCzvHFwPkr8VOAPzgHhMvttGIXzOhlTNWWwdrFfS4Z16dC5OgvUGWcXb6
rPFph0tvjFPm9THxY3y9E51QaZ1K2j8PP9IrqvRBDxIk5ytsO19OihNfT153FHlw
/dV/Rx81dx6MToWQK2PJfDIJadJeAE86Rxlum3RiuoGnxvAyNqTi
-----END CERTIFICATE-----