Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/1e63a3-b306-413a-adf4-d3f265ad514f/1/ECqMs6VIPHUv8R9W46V90uzXyO0.roa
File:                     ECqMs6VIPHUv8R9W46V90uzXyO0.roa (raw, json)
Hash identifier:          ei0hr+LEmmO16gf+boVgIH5V2Wh28bMvS9lNBGVj4gA=
Subject key identifier:   10:2A:8C:B3:A5:48:3C:75:2F:F1:1F:56:E3:A5:7D:D2:EC:D7:C8:ED
Certificate issuer:       /CN=b6817762d9fc8f11b01cf5234b6e431cfbec1bcd
Certificate serial:       018CC79427CC75C89FE6CEA01EC9A297FB1D
Authority key identifier: B6:81:77:62:D9:FC:8F:11:B0:1C:F5:23:4B:6E:43:1C:FB:EC:1B:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toF3Ytn8jxGwHPUjS25DHPvsG80.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/1e63a3-b306-413a-adf4-d3f265ad514f/1/ECqMs6VIPHUv8R9W46V90uzXyO0.roa
Signing time:             Tue 02 Jan 2024 00:30:24 +0000
ROA not before:           Tue 02 Jan 2024 00:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29316
IP address blocks:        195.137.198.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/1e63a3-b306-413a-adf4-d3f265ad514f/1/toF3Ytn8jxGwHPUjS25DHPvsG80.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/1e63a3-b306-413a-adf4-d3f265ad514f/1/toF3Ytn8jxGwHPUjS25DHPvsG80.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toF3Ytn8jxGwHPUjS25DHPvsG80.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 05:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:27:cc:75:c8:9f:e6:ce:a0:1e:c9:a2:97:fb:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6817762d9fc8f11b01cf5234b6e431cfbec1bcd
        Validity
            Not Before: Jan  2 00:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=102a8cb3a5483c752ff11f56e3a57dd2ecd7c8ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:d0:33:76:32:7f:74:50:a4:9a:8e:db:d3:f7:
                    cd:da:b4:38:3b:03:c2:5d:0a:f5:ca:11:ff:c8:3a:
                    b0:f9:8d:e2:b1:be:16:97:16:b9:e5:31:f1:df:17:
                    53:74:35:b5:9b:f8:ae:89:12:e5:1f:f0:f3:57:6a:
                    a5:8a:1f:39:a6:71:52:00:be:e5:44:98:d5:c2:60:
                    0a:1e:bd:e5:fc:cf:ea:fb:e8:c7:2b:12:52:cf:65:
                    81:72:fa:70:76:c6:f2:87:08:88:c4:e7:f4:ee:87:
                    9b:8d:15:49:c5:e1:52:7c:a8:d5:f8:89:d5:09:fd:
                    e1:8d:8a:ab:13:09:ae:6a:0e:3c:3a:a9:9b:0a:65:
                    20:3b:e8:03:13:7e:35:b2:fd:9c:39:17:ba:6b:6f:
                    d6:4c:1e:1c:29:69:f5:25:8b:1f:21:1b:18:82:35:
                    18:50:5c:3a:70:e2:d3:9a:66:65:75:1c:35:b9:8e:
                    0c:dd:93:cf:29:c8:bb:5c:b1:33:69:80:b5:e3:d6:
                    12:4b:cc:c7:02:98:dd:fe:bb:7c:ee:b1:14:d9:56:
                    25:05:5b:45:58:8c:2e:c4:7f:ad:cf:2c:a1:19:8a:
                    4b:65:93:cd:98:67:a8:2a:aa:11:b2:1c:18:ba:86:
                    fa:91:5c:cb:04:0c:de:40:75:b7:e4:5c:02:ba:68:
                    fc:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:2A:8C:B3:A5:48:3C:75:2F:F1:1F:56:E3:A5:7D:D2:EC:D7:C8:ED
            X509v3 Authority Key Identifier:
                keyid:B6:81:77:62:D9:FC:8F:11:B0:1C:F5:23:4B:6E:43:1C:FB:EC:1B:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toF3Ytn8jxGwHPUjS25DHPvsG80.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/1e63a3-b306-413a-adf4-d3f265ad514f/1/ECqMs6VIPHUv8R9W46V90uzXyO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/1e63a3-b306-413a-adf4-d3f265ad514f/1/toF3Ytn8jxGwHPUjS25DHPvsG80.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.137.198.0/23

    Signature Algorithm: sha256WithRSAEncryption
         74:73:32:40:46:c6:dd:70:32:90:04:4e:c5:3c:af:f6:ea:e0:
         96:a6:06:cb:ec:e8:35:87:b9:3d:f8:3c:21:72:85:9e:d3:70:
         23:4a:10:5b:68:63:3c:7e:0e:c3:94:81:b6:eb:5b:5b:11:89:
         a3:e6:0c:e4:6a:55:bc:36:d8:b4:a1:5f:01:df:0e:fb:24:2a:
         50:4b:fb:54:25:82:a0:51:fc:bd:10:86:bd:d8:49:42:bb:7b:
         df:4e:29:74:9c:60:0f:f9:8a:41:1d:fe:ab:3f:d8:16:86:dd:
         5b:97:de:7a:42:ae:f2:f2:c8:f4:0c:9a:3e:d3:a9:90:00:ad:
         0d:5d:74:d4:4b:59:87:53:c8:8b:d5:4a:f7:c6:7e:1b:06:f8:
         68:6c:b1:2f:85:4b:f4:f9:53:02:f4:e3:d2:57:d0:e9:b8:6c:
         6a:1e:b8:2b:a9:36:bc:33:0b:b7:b2:86:48:65:b0:9a:73:8e:
         ca:a4:63:df:d0:05:bf:55:54:a8:d5:78:17:6d:71:6f:7f:1f:
         5d:b7:6a:1b:17:2f:58:51:bf:68:dc:c6:3f:56:3d:ca:cc:d6:
         a4:89:ba:12:dd:e8:82:c4:25:2d:3d:d5:5f:7b:2e:f0:e9:a5:
         99:df:b0:b8:33:c2:6a:33:fc:b0:d5:6e:61:6f:df:cc:55:44:
         68:7d:22:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlCfMdcif5s6gHsmil/sdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2ODE3NzYyZDlmYzhmMTFiMDFjZjUyMzRiNmU0MzFjZmJl
YzFiY2QwHhcNMjQwMTAyMDAzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDJhOGNiM2E1NDgzYzc1MmZmMTFmNTZlM2E1N2RkMmVjZDdjOGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAndAzdjJ/dFCkmo7b0/fN2rQ4OwPC
XQr1yhH/yDqw+Y3isb4Wlxa55THx3xdTdDW1m/iuiRLlH/DzV2qlih85pnFSAL7l
RJjVwmAKHr3l/M/q++jHKxJSz2WBcvpwdsbyhwiIxOf07oebjRVJxeFSfKjV+InV
Cf3hjYqrEwmuag48OqmbCmUgO+gDE341sv2cORe6a2/WTB4cKWn1JYsfIRsYgjUY
UFw6cOLTmmZldRw1uY4M3ZPPKci7XLEzaYC149YSS8zHApjd/rt87rEU2VYlBVtF
WIwuxH+tzyyhGYpLZZPNmGeoKqoRshwYuob6kVzLBAzeQHW35FwCumj8uwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBAqjLOlSDx1L/EfVuOlfdLs18jtMB8GA1UdIwQY
MBaAFLaBd2LZ/I8RsBz1I0tuQxz77BvNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdG9GM1l0bjhqeEd3SFBValMyNURIUHZzRzgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy8xZTYzYTMtYjMwNi00MTNhLWFkZjQt
ZDNmMjY1YWQ1MTRmLzEvRUNxTXM2VklQSFV2OFI5VzQ2VjkwdXpYeU8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy8xZTYzYTMtYjMwNi00MTNhLWFkZjQtZDNmMjY1YWQ1MTRm
LzEvdG9GM1l0bjhqeEd3SFBValMyNURIUHZzRzgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw4nGMA0G
CSqGSIb3DQEBCwUAA4IBAQB0czJARsbdcDKQBE7FPK/26uCWpgbL7Og1h7k9+Dwh
coWe03AjShBbaGM8fg7DlIG261tbEYmj5gzkalW8Nti0oV8B3w77JCpQS/tUJYKg
Ufy9EIa92ElCu3vfTil0nGAP+YpBHf6rP9gWht1bl956Qq7y8sj0DJo+06mQAK0N
XXTUS1mHU8iL1Ur3xn4bBvhobLEvhUv0+VMC9OPSV9DpuGxqHrgrqTa8Mwu3soZI
ZbCac47KpGPf0AW/VVSo1XgXbXFvfx9dt2obFy9YUb9o3MY/Vj3KzNakiboS3eiC
xCUtPdVfey7w6aWZ37C4M8JqM/yw1W5hb9/MVURofSJ/
-----END CERTIFICATE-----