Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/Nm65lGuUUymkpXTTQTZB0fRUNIw.roa
File:                     Nm65lGuUUymkpXTTQTZB0fRUNIw.roa (raw, json)
Hash identifier:          atTIaYltxI4gXCLGOZMdrfMhtlurFnFIu6Ede1esEiE=
Subject key identifier:   36:6E:B9:94:6B:94:53:29:A4:A5:74:D3:41:36:41:D1:F4:54:34:8C
Certificate issuer:       /CN=653f55629121b60fb19c97f99c75dd6f015dd6e8
Certificate serial:       018CC726DD16548C74D5FF5FEA9D7C70C6D6
Authority key identifier: 65:3F:55:62:91:21:B6:0F:B1:9C:97:F9:9C:75:DD:6F:01:5D:D6:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/Nm65lGuUUymkpXTTQTZB0fRUNIw.roa
Signing time:             Mon 01 Jan 2024 22:31:02 +0000
ROA not before:           Mon 01 Jan 2024 22:31:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31712
IP address blocks:        195.153.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:dd:16:54:8c:74:d5:ff:5f:ea:9d:7c:70:c6:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=653f55629121b60fb19c97f99c75dd6f015dd6e8
        Validity
            Not Before: Jan  1 22:31:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=366eb9946b945329a4a574d3413641d1f454348c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:33:4c:f2:0c:15:27:44:1f:a2:92:b1:1c:14:
                    51:b0:15:e4:20:0c:d1:66:1b:69:10:51:2b:88:38:
                    4a:b4:1f:62:c5:26:ee:17:ba:03:dc:6d:41:7d:b4:
                    4f:88:5d:70:bc:22:f5:3f:90:b6:0b:a2:03:6e:36:
                    8a:85:da:3d:bc:9a:00:eb:13:eb:c7:02:65:9e:2b:
                    9b:9d:e4:43:ce:ec:00:27:e3:43:19:f3:52:5b:85:
                    87:18:54:38:62:6b:c8:92:16:7b:2b:37:e1:c5:bb:
                    33:6d:19:43:6e:92:ec:31:31:a1:a4:de:cd:9b:d7:
                    d1:aa:87:8f:0e:be:b0:71:8d:6f:09:a9:2d:e2:8f:
                    e9:9a:9a:75:58:8c:21:27:0f:07:f4:8d:c0:25:f2:
                    f3:54:e1:a3:78:6b:8c:4d:c1:4e:00:af:b5:4d:4a:
                    38:9d:f0:0c:d7:fe:9e:c3:7c:bb:ba:55:6d:b2:18:
                    3b:10:aa:bf:4c:22:59:e2:de:53:ea:ac:7c:a8:29:
                    fe:7c:7c:e8:5c:81:89:76:cf:89:c2:ec:8d:36:90:
                    ea:13:82:93:d5:48:11:24:ce:b6:fb:78:0b:4e:d6:
                    90:56:69:43:1a:bd:ea:fd:d0:7c:6c:ff:df:11:31:
                    12:aa:bc:7e:db:64:93:06:9e:fd:3c:f6:60:e9:cf:
                    d6:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:6E:B9:94:6B:94:53:29:A4:A5:74:D3:41:36:41:D1:F4:54:34:8C
            X509v3 Authority Key Identifier:
                keyid:65:3F:55:62:91:21:B6:0F:B1:9C:97:F9:9C:75:DD:6F:01:5D:D6:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/Nm65lGuUUymkpXTTQTZB0fRUNIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.153.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:87:d5:3d:64:6b:b9:6b:54:53:86:16:67:77:08:17:80:c1:
         f3:a9:ed:7b:a0:ba:ce:a3:74:01:f1:cf:1f:d4:18:86:53:31:
         70:0d:f6:e4:05:45:a9:f5:1d:e9:36:08:d6:ef:01:5b:ef:a1:
         40:ac:74:5a:dd:4d:1d:4a:e0:e7:80:39:c7:0e:38:86:4e:c5:
         23:9f:82:7c:b5:f8:f8:d5:2b:78:d6:ed:5d:7d:ab:fa:37:26:
         5e:d1:01:47:f0:3c:54:fb:3d:03:d8:45:de:fd:51:2c:7e:d4:
         34:14:6f:92:7f:dd:b2:0c:08:32:88:c9:99:85:a3:93:da:da:
         fa:1f:b3:03:4c:02:b2:43:54:6a:7b:ea:15:25:ee:f5:a0:29:
         2e:aa:c4:73:b4:8b:6d:a2:cc:ff:21:60:0b:29:42:fb:33:fc:
         fe:f6:eb:aa:67:0c:2b:2d:60:51:2e:bf:fe:f9:87:24:dd:2f:
         a0:99:e1:11:59:4f:d3:15:d7:f9:4c:0d:d0:08:a4:0f:ba:23:
         81:ff:21:4c:85:f3:77:ff:b3:94:5f:e3:c5:b6:01:85:ee:51:
         48:19:a3:be:27:1c:c5:32:23:14:94:6c:ed:94:ab:db:77:ee:
         00:fb:4d:6e:7e:53:d0:f2:45:47:c0:4b:25:72:07:0d:19:b1:
         92:86:63:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJt0WVIx01f9f6p18cMbWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1M2Y1NTYyOTEyMWI2MGZiMTljOTdmOTljNzVkZDZmMDE1
ZGQ2ZTgwHhcNMjQwMTAxMjIzMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjZlYjk5NDZiOTQ1MzI5YTRhNTc0ZDM0MTM2NDFkMWY0NTQzNDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTNM8gwVJ0QfopKxHBRRsBXkIAzR
ZhtpEFEriDhKtB9ixSbuF7oD3G1BfbRPiF1wvCL1P5C2C6IDbjaKhdo9vJoA6xPr
xwJlniubneRDzuwAJ+NDGfNSW4WHGFQ4YmvIkhZ7KzfhxbszbRlDbpLsMTGhpN7N
m9fRqoePDr6wcY1vCakt4o/pmpp1WIwhJw8H9I3AJfLzVOGjeGuMTcFOAK+1TUo4
nfAM1/6ew3y7ulVtshg7EKq/TCJZ4t5T6qx8qCn+fHzoXIGJds+JwuyNNpDqE4KT
1UgRJM62+3gLTtaQVmlDGr3q/dB8bP/fETESqrx+22STBp79PPZg6c/WdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDZuuZRrlFMppKV000E2QdH0VDSMMB8GA1UdIwQY
MBaAFGU/VWKRIbYPsZyX+Zx13W8BXdboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlQ5VllwRWh0Zy14bkpmNW5IWGRid0ZkMXVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83NGNmM2ItOWY1Yy00ZjVlLTk2YzQt
MjkyNmQyODFiNTE0LzEvTm02NWxHdVVVeW1rcFhUVFFUWkIwZlJVTkl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83NGNmM2ItOWY1Yy00ZjVlLTk2YzQtMjkyNmQyODFiNTE0
LzEvWlQ5VllwRWh0Zy14bkpmNW5IWGRid0ZkMXVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw5kTMA0G
CSqGSIb3DQEBCwUAA4IBAQBwh9U9ZGu5a1RThhZndwgXgMHzqe17oLrOo3QB8c8f
1BiGUzFwDfbkBUWp9R3pNgjW7wFb76FArHRa3U0dSuDngDnHDjiGTsUjn4J8tfj4
1St41u1dfav6NyZe0QFH8DxU+z0D2EXe/VEsftQ0FG+Sf92yDAgyiMmZhaOT2tr6
H7MDTAKyQ1Rqe+oVJe71oCkuqsRztIttosz/IWALKUL7M/z+9uuqZwwrLWBRLr/+
+Yck3S+gmeERWU/TFdf5TA3QCKQPuiOB/yFMhfN3/7OUX+PFtgGF7lFIGaO+JxzF
MiMUlGztlKvbd+4A+01uflPQ8kVHwEslcgcNGbGShmPy
-----END CERTIFICATE-----