Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/4f0269-9818-4123-bcbf-7a652303a28a/1/iYN-eM1qyxJqy8tzPSYcL3ugwZc.roa
File:                     iYN-eM1qyxJqy8tzPSYcL3ugwZc.roa (raw, json)
Hash identifier:          LkDDxDbD1kjkP0QRvBxLmj7DvnAxIvFzKB45c368ePg=
Subject key identifier:   89:83:7E:78:CD:6A:CB:12:6A:CB:CB:73:3D:26:1C:2F:7B:A0:C1:97
Certificate issuer:       /CN=feae54afce51545479c0da03f201a74e29927d78
Certificate serial:       018CC8DF737396B299A55497C27ACD5CF254
Authority key identifier: FE:AE:54:AF:CE:51:54:54:79:C0:DA:03:F2:01:A7:4E:29:92:7D:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_q5Ur85RVFR5wNoD8gGnTimSfXg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/4f0269-9818-4123-bcbf-7a652303a28a/1/iYN-eM1qyxJqy8tzPSYcL3ugwZc.roa
Signing time:             Tue 02 Jan 2024 06:32:16 +0000
ROA not before:           Tue 02 Jan 2024 06:32:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20847
IP address blocks:        195.62.82.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/4f0269-9818-4123-bcbf-7a652303a28a/1/_q5Ur85RVFR5wNoD8gGnTimSfXg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/4f0269-9818-4123-bcbf-7a652303a28a/1/_q5Ur85RVFR5wNoD8gGnTimSfXg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_q5Ur85RVFR5wNoD8gGnTimSfXg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 06:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:73:73:96:b2:99:a5:54:97:c2:7a:cd:5c:f2:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=feae54afce51545479c0da03f201a74e29927d78
        Validity
            Not Before: Jan  2 06:32:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89837e78cd6acb126acbcb733d261c2f7ba0c197
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:6f:f6:a4:31:a6:0f:12:be:05:ca:83:21:21:
                    e0:c1:9f:af:32:7c:07:ee:bd:45:f8:e2:94:b1:91:
                    fa:74:a1:5f:c6:73:af:98:73:1e:38:d2:5b:bb:15:
                    10:d2:fd:58:63:5c:e2:ca:ba:60:80:ea:d4:28:86:
                    b4:95:7c:46:b8:a6:58:79:94:f7:95:8e:7e:30:84:
                    28:f4:cc:fc:97:75:4b:9b:e9:c9:97:01:ca:37:16:
                    38:6e:52:ed:83:ee:34:e8:47:b8:06:13:68:ec:22:
                    6e:61:5f:92:f3:49:b2:ae:f6:6f:f2:db:59:23:35:
                    48:2b:54:65:81:f8:43:df:cf:be:58:bf:4d:6e:59:
                    ad:39:66:e3:8d:55:38:07:fe:ad:19:96:02:86:33:
                    4a:3e:45:cf:d3:20:24:49:ce:66:00:d1:85:13:33:
                    f0:5b:d5:b4:0b:ad:c3:68:e4:41:c7:84:31:50:96:
                    49:81:1b:d5:31:99:54:2e:10:24:be:c7:65:4a:4d:
                    0c:48:79:01:a7:c8:9e:a4:35:78:7e:c0:f0:c2:cb:
                    f4:45:94:69:d1:d6:84:2c:09:51:d3:49:11:1f:2d:
                    e0:ce:62:dd:3e:f2:3a:b2:a1:27:88:42:5e:bd:60:
                    8d:75:a3:c3:19:f2:69:26:b7:9b:28:13:ef:5a:74:
                    1d:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:83:7E:78:CD:6A:CB:12:6A:CB:CB:73:3D:26:1C:2F:7B:A0:C1:97
            X509v3 Authority Key Identifier:
                keyid:FE:AE:54:AF:CE:51:54:54:79:C0:DA:03:F2:01:A7:4E:29:92:7D:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_q5Ur85RVFR5wNoD8gGnTimSfXg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/4f0269-9818-4123-bcbf-7a652303a28a/1/iYN-eM1qyxJqy8tzPSYcL3ugwZc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/4f0269-9818-4123-bcbf-7a652303a28a/1/_q5Ur85RVFR5wNoD8gGnTimSfXg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.62.82.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3d:8c:a2:42:5d:26:2b:25:f4:e5:6a:f5:5a:97:92:46:97:f9:
         65:9c:2c:46:67:72:94:ab:a9:9f:f4:39:35:b7:ac:6b:39:69:
         3c:b3:16:79:ae:bf:45:7c:0b:cd:ca:12:ee:83:47:78:77:8a:
         11:e7:d2:aa:cf:b3:63:03:03:7c:f1:5b:93:ee:ae:7e:3e:3b:
         1f:a8:a1:a3:11:ce:30:e2:9a:a2:23:32:67:8e:78:c4:46:1d:
         6d:42:80:59:8b:e6:16:47:e4:93:b5:79:72:16:4e:b0:90:31:
         33:5f:55:ce:c5:55:ba:94:62:23:35:d4:82:29:eb:bc:ac:3d:
         a7:50:00:69:4c:d5:49:c5:ed:9e:b7:08:8f:42:02:45:52:0f:
         66:26:a3:4f:39:2b:df:14:9e:bb:e0:18:09:7f:ed:ed:31:8e:
         e7:37:fc:8a:9b:05:82:fc:b1:10:6a:29:0b:21:f1:4f:b4:1c:
         4b:fe:39:23:6d:b5:57:91:d1:de:d7:c3:a1:9a:7e:7f:9d:74:
         31:54:4a:a6:d2:07:7a:a5:0d:e2:62:df:8e:70:dc:21:47:fb:
         ba:c6:f8:ac:a7:28:3f:a1:e8:ee:ec:a3:8e:af:1f:7d:23:ad:
         55:cc:9c:0a:74:e9:a8:a9:f9:53:10:40:5e:f0:7b:18:b6:a6:
         e6:50:d9:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI33NzlrKZpVSXwnrNXPJUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYWU1NGFmY2U1MTU0NTQ3OWMwZGEwM2YyMDFhNzRlMjk5
MjdkNzgwHhcNMjQwMTAyMDYzMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTgzN2U3OGNkNmFjYjEyNmFjYmNiNzMzZDI2MWMyZjdiYTBjMTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsm/2pDGmDxK+BcqDISHgwZ+vMnwH
7r1F+OKUsZH6dKFfxnOvmHMeONJbuxUQ0v1YY1ziyrpggOrUKIa0lXxGuKZYeZT3
lY5+MIQo9Mz8l3VLm+nJlwHKNxY4blLtg+406Ee4BhNo7CJuYV+S80myrvZv8ttZ
IzVIK1RlgfhD38++WL9NblmtOWbjjVU4B/6tGZYChjNKPkXP0yAkSc5mANGFEzPw
W9W0C63DaORBx4QxUJZJgRvVMZlULhAkvsdlSk0MSHkBp8iepDV4fsDwwsv0RZRp
0daELAlR00kRHy3gzmLdPvI6sqEniEJevWCNdaPDGfJpJrebKBPvWnQdUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFImDfnjNassSasvLcz0mHC97oMGXMB8GA1UdIwQY
MBaAFP6uVK/OUVRUecDaA/IBp04pkn14MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3E1VXI4NVJWRlI1d05vRDhnR25UaW1TZlhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS80ZjAyNjktOTgxOC00MTIzLWJjYmYt
N2E2NTIzMDNhMjhhLzEvaVlOLWVNMXF5eEpxeTh0elBTWWNMM3Vnd1pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS80ZjAyNjktOTgxOC00MTIzLWJjYmYtN2E2NTIzMDNhMjhh
LzEvX3E1VXI4NVJWRlI1d05vRDhnR25UaW1TZlhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwz5SMA0G
CSqGSIb3DQEBCwUAA4IBAQA9jKJCXSYrJfTlavVal5JGl/llnCxGZ3KUq6mf9Dk1
t6xrOWk8sxZ5rr9FfAvNyhLug0d4d4oR59Kqz7NjAwN88VuT7q5+PjsfqKGjEc4w
4pqiIzJnjnjERh1tQoBZi+YWR+STtXlyFk6wkDEzX1XOxVW6lGIjNdSCKeu8rD2n
UABpTNVJxe2etwiPQgJFUg9mJqNPOSvfFJ674BgJf+3tMY7nN/yKmwWC/LEQaikL
IfFPtBxL/jkjbbVXkdHe18Ohmn5/nXQxVEqm0gd6pQ3iYt+OcNwhR/u6xvispyg/
oeju7KOOrx99I61VzJwKdOmoqflTEEBe8HsYtqbmUNmk
-----END CERTIFICATE-----