Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/4LvtncqEFesDlDPW3orxvk46CKw.roa
File:                     4LvtncqEFesDlDPW3orxvk46CKw.roa (raw, json)
Hash identifier:          +Msj2SUJelttK6OS1vAXcu3OrZo5W/VY0j9O8AddocI=
Subject key identifier:   E0:BB:ED:9D:CA:84:15:EB:03:94:33:D6:DE:8A:F1:BE:4E:3A:08:AC
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       018CC5DC50A50352341B420BE009EECCAEA0
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/4LvtncqEFesDlDPW3orxvk46CKw.roa
Signing time:             Mon 01 Jan 2024 16:29:59 +0000
ROA not before:           Mon 01 Jan 2024 16:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205221
IP address blocks:        195.19.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:50:a5:03:52:34:1b:42:0b:e0:09:ee:cc:ae:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  1 16:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0bbed9dca8415eb039433d6de8af1be4e3a08ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ff:c5:f8:61:9b:ec:ea:91:bf:2c:2c:a4:28:
                    5a:54:2d:59:59:88:d8:63:22:e9:31:b6:f3:ec:a6:
                    d1:10:ec:06:76:4b:75:6a:e6:b5:33:3d:d1:80:48:
                    b0:4c:a6:90:5d:2d:a2:1c:de:d1:c1:e4:69:1a:06:
                    bf:48:fe:83:61:f8:18:58:be:ee:db:84:ce:37:f4:
                    fc:db:8d:a1:21:b0:b7:6f:0a:1f:c3:0c:d1:ba:0e:
                    62:c8:39:15:f8:9c:cd:78:bc:37:9e:75:5c:6a:f0:
                    d9:a9:e9:ce:1f:ea:21:41:cc:cf:06:f9:3f:db:e9:
                    34:3f:e3:7f:dc:15:83:f2:f7:41:db:ec:ca:54:93:
                    20:f0:91:03:54:e2:b2:75:b3:49:e0:85:67:f9:65:
                    ee:86:eb:68:83:e1:58:0a:b4:0e:1f:19:01:e7:01:
                    a5:9f:dc:87:34:22:f8:ab:29:fe:a8:74:c7:75:05:
                    72:8c:62:29:ea:dd:e7:ed:ee:ca:01:a8:21:ff:1e:
                    6d:8f:12:71:48:c5:99:1a:ba:e5:c6:fd:90:b8:75:
                    80:5c:c4:5a:2b:35:5c:88:c5:a3:c2:3b:dd:da:14:
                    2f:7a:bf:d6:aa:c1:2b:55:55:aa:dc:a0:1e:d3:58:
                    1c:f4:9f:4d:88:76:0f:69:a8:00:f2:9b:21:e5:b2:
                    b3:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:BB:ED:9D:CA:84:15:EB:03:94:33:D6:DE:8A:F1:BE:4E:3A:08:AC
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/4LvtncqEFesDlDPW3orxvk46CKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.19.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:a6:a6:58:84:48:54:04:3e:7e:02:e1:c2:d3:52:53:d2:79:
         75:fe:68:80:82:da:97:e6:e2:e9:90:91:4b:1f:79:50:c5:fb:
         88:16:24:2b:76:16:24:3f:8a:b0:af:87:1a:7a:8f:8d:3a:f1:
         46:5a:f2:ef:33:67:d2:d1:ce:57:ec:da:f5:fa:07:7a:fb:d8:
         69:ad:b5:9b:63:7c:5d:52:84:18:fe:e7:c5:f2:a5:96:6c:63:
         f4:c7:17:a6:94:7f:e2:d0:db:b0:02:1b:bf:57:b7:9a:74:ac:
         dd:73:1e:a8:b8:13:5f:0b:49:58:21:e9:35:e6:63:06:34:d4:
         54:30:d0:48:4c:ab:79:d6:d2:c3:b8:15:fd:1e:3a:51:71:f3:
         c1:2d:e4:bd:ce:28:c6:97:f7:a6:5a:55:a7:d2:55:ee:d7:90:
         9c:6a:11:da:4a:94:54:56:ae:47:51:e8:27:a1:b7:4d:74:39:
         51:2a:2b:fb:2d:10:0a:66:70:dd:98:b3:d1:d3:dd:5d:bd:17:
         b3:f9:99:01:be:40:d5:63:f8:5e:8d:0c:4a:49:db:70:2d:03:
         6d:ca:f8:d8:17:96:a1:b6:cd:81:ac:a9:5c:ad:48:45:68:ae:
         28:91:30:43:80:fa:f9:a5:0e:48:ff:f8:33:32:37:d4:f0:4c:
         46:36:60:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3FClA1I0G0IL4AnuzK6gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjQwMTAxMTYyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGJiZWQ5ZGNhODQxNWViMDM5NDMzZDZkZThhZjFiZTRlM2EwOGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAof/F+GGb7OqRvywspChaVC1ZWYjY
YyLpMbbz7KbREOwGdkt1aua1Mz3RgEiwTKaQXS2iHN7RweRpGga/SP6DYfgYWL7u
24TON/T8242hIbC3bwofwwzRug5iyDkV+JzNeLw3nnVcavDZqenOH+ohQczPBvk/
2+k0P+N/3BWD8vdB2+zKVJMg8JEDVOKydbNJ4IVn+WXuhutog+FYCrQOHxkB5wGl
n9yHNCL4qyn+qHTHdQVyjGIp6t3n7e7KAagh/x5tjxJxSMWZGrrlxv2QuHWAXMRa
KzVciMWjwjvd2hQver/WqsErVVWq3KAe01gc9J9NiHYPaagA8psh5bKzgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOC77Z3KhBXrA5Qz1t6K8b5OOgisMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvNEx2dG5jcUVGZXNEbERQVzNvcnh2azQ2Q0t3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxPPMA0G
CSqGSIb3DQEBCwUAA4IBAQCSpqZYhEhUBD5+AuHC01JT0nl1/miAgtqX5uLpkJFL
H3lQxfuIFiQrdhYkP4qwr4caeo+NOvFGWvLvM2fS0c5X7Nr1+gd6+9hprbWbY3xd
UoQY/ufF8qWWbGP0xxemlH/i0NuwAhu/V7eadKzdcx6ouBNfC0lYIek15mMGNNRU
MNBITKt51tLDuBX9HjpRcfPBLeS9zijGl/emWlWn0lXu15CcahHaSpRUVq5HUegn
obdNdDlRKiv7LRAKZnDdmLPR091dvRez+ZkBvkDVY/hejQxKSdtwLQNtyvjYF5ah
ts2BrKlcrUhFaK4okTBDgPr5pQ5I//gzMjfU8ExGNmCc
-----END CERTIFICATE-----