Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/IZLTmqwMCwHAsgacnkhFsSfV154.roa
File:                     IZLTmqwMCwHAsgacnkhFsSfV154.roa (raw, json)
Hash identifier:          L1MwWKG3ICZNjOTbGQQTZQWNXVl/NE/sRNBLKaBSM7M=
Subject key identifier:   21:92:D3:9A:AC:0C:0B:01:C0:B2:06:9C:9E:48:45:B1:27:D5:D7:9E
Certificate issuer:       /CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
Certificate serial:       018CC9BCBBB46F8E59C2CD1956F13FE0D03A
Authority key identifier: 30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/IZLTmqwMCwHAsgacnkhFsSfV154.roa
Signing time:             Tue 02 Jan 2024 10:33:58 +0000
ROA not before:           Tue 02 Jan 2024 10:33:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57117
IP address blocks:        195.53.82.0/24 maxlen: 24
                          195.235.162.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:bb:b4:6f:8e:59:c2:cd:19:56:f1:3f:e0:d0:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
        Validity
            Not Before: Jan  2 10:33:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2192d39aac0c0b01c0b2069c9e4845b127d5d79e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:bd:dc:34:de:3d:6a:21:6d:4e:2a:21:0d:85:
                    9c:f0:85:9c:61:6a:1d:d1:4c:13:27:f5:96:22:6b:
                    f9:91:f2:fa:5d:6d:54:f9:b1:19:fa:74:48:89:92:
                    7d:c6:11:95:86:b1:fb:7a:75:06:17:b9:2e:97:6e:
                    ae:ce:66:27:71:bc:25:18:9d:1b:33:47:76:30:5f:
                    32:79:ec:76:b0:4e:33:e4:4c:9f:f9:ca:0c:4d:d1:
                    9e:53:13:69:47:ee:4b:89:ca:b9:b9:ca:6d:25:b0:
                    20:21:e8:02:0f:3c:26:61:37:d7:f7:48:bb:56:f7:
                    bb:10:21:19:01:84:a4:60:cd:c8:b3:7e:a0:fc:aa:
                    ed:92:66:3a:11:78:f0:9c:e9:60:8e:c8:34:ed:64:
                    da:52:07:d7:3c:24:64:d4:6f:d2:05:77:d1:46:61:
                    5f:fa:bc:24:9c:33:8e:af:a3:77:28:da:49:dd:67:
                    6e:ba:94:19:7e:55:91:7f:df:d9:fe:97:3c:3e:a0:
                    49:f8:fd:b9:8d:d1:77:ce:c9:37:4a:06:97:7e:d1:
                    b1:5e:af:2f:ce:67:73:ee:7b:63:06:4e:0f:b5:3c:
                    f9:14:ba:38:ee:1a:31:64:1b:8e:1b:03:2c:7e:d5:
                    37:e7:a2:da:23:ae:2b:ea:4c:1b:c5:a0:37:bb:d4:
                    b0:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:92:D3:9A:AC:0C:0B:01:C0:B2:06:9C:9E:48:45:B1:27:D5:D7:9E
            X509v3 Authority Key Identifier:
                keyid:30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/IZLTmqwMCwHAsgacnkhFsSfV154.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.53.82.0/24
                  195.235.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d6:d2:f9:ed:db:70:a1:c8:18:db:4d:93:c9:ff:8e:1c:c1:90:
         b7:32:f2:83:b7:12:b1:4f:34:58:a1:78:f9:99:db:ce:27:de:
         a9:ff:44:c1:9a:e0:70:9f:ff:a5:8c:c9:9e:b7:35:2a:23:d2:
         97:a6:0b:f8:f0:7b:de:fc:14:63:2c:62:1a:8f:77:a3:eb:14:
         64:49:e0:5c:02:c0:02:3a:13:7e:15:db:1c:5b:70:30:13:cf:
         87:9e:4e:24:fd:bd:74:eb:e9:fd:c9:ab:9a:02:ea:7f:c1:68:
         3a:a4:7b:0a:a8:f9:e0:fd:e0:a0:99:ad:dd:fe:02:97:9d:0b:
         9e:f4:ea:e0:6b:9e:2d:3a:6b:aa:63:0f:c1:3b:2a:32:2e:80:
         7d:7d:ad:ae:4b:5b:19:87:40:45:02:3c:a1:f1:93:a9:34:f6:
         ea:91:d6:ac:43:40:b2:b8:c1:13:59:5e:c8:a4:26:11:8f:7e:
         50:11:0f:8d:04:c8:1d:dc:2e:19:ae:fd:7f:91:16:3a:fc:ae:
         60:e1:c4:45:3d:80:a2:ef:61:f6:cc:a7:45:d8:a4:b7:79:b2:
         cf:87:6d:06:ce:86:f8:68:15:a8:b9:2f:64:10:b7:95:1d:dd:
         c0:60:33:03:3c:39:78:2d:5d:c7:da:6a:09:2f:a0:73:06:c3:
         df:ec:10:42
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJvLu0b45Zws0ZVvE/4NA6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwN2Y1ZmUyNzQwYTJiNmRlNGMzNzA5ZDI5NjQxMTViM2M5
NjdkYTEwHhcNMjQwMTAyMTAzMzU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTkyZDM5YWFjMGMwYjAxYzBiMjA2OWM5ZTQ4NDViMTI3ZDVkNzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkL3cNN49aiFtTiohDYWc8IWcYWod
0UwTJ/WWImv5kfL6XW1U+bEZ+nRIiZJ9xhGVhrH7enUGF7kul26uzmYncbwlGJ0b
M0d2MF8yeex2sE4z5Eyf+coMTdGeUxNpR+5Licq5ucptJbAgIegCDzwmYTfX90i7
Vve7ECEZAYSkYM3Is36g/KrtkmY6EXjwnOlgjsg07WTaUgfXPCRk1G/SBXfRRmFf
+rwknDOOr6N3KNpJ3WduupQZflWRf9/Z/pc8PqBJ+P25jdF3zsk3SgaXftGxXq8v
zmdz7ntjBk4PtTz5FLo47hoxZBuOGwMsftU356LaI64r6kwbxaA3u9Sw/wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCGS05qsDAsBwLIGnJ5IRbEn1deeMB8GA1UdIwQY
MBaAFDB/X+J0Citt5MNwnSlkEVs8ln2hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQt
NGJhMmY4ZjFmODNiLzEvSVpMVG1xd01Dd0hBc2dhY25raEZzU2ZWMTU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQtNGJhMmY4ZjFmODNi
LzEvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwzVSAwQA
w+uiMA0GCSqGSIb3DQEBCwUAA4IBAQDW0vnt23ChyBjbTZPJ/44cwZC3MvKDtxKx
TzRYoXj5mdvOJ96p/0TBmuBwn/+ljMmetzUqI9KXpgv48Hve/BRjLGIaj3ej6xRk
SeBcAsACOhN+FdscW3AwE8+Hnk4k/b106+n9yauaAup/wWg6pHsKqPng/eCgma3d
/gKXnQue9Orga54tOmuqYw/BOyoyLoB9fa2uS1sZh0BFAjyh8ZOpNPbqkdasQ0Cy
uMETWV7IpCYRj35QEQ+NBMgd3C4Zrv1/kRY6/K5g4cRFPYCi72H2zKdF2KS3ebLP
h20Gzob4aBWouS9kELeVHd3AYDMDPDl4LV3H2moJL6BzBsPf7BBC
-----END CERTIFICATE-----