Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/1eff17-65ec-45ea-a75d-96eb07f7825b/1/AX84LoaLPUZ-Iv8evwGZY946S8k.roa
File:                     AX84LoaLPUZ-Iv8evwGZY946S8k.roa (raw, json)
Hash identifier:          DjcaWTclAS7sglW7qoOFCYJ7YPxKfznG2Xa6Jnl1fIQ=
Subject key identifier:   01:7F:38:2E:86:8B:3D:46:7E:22:FF:1E:BF:01:99:63:DE:3A:4B:C9
Certificate issuer:       /CN=68e3ba87e3a93468cc3b3c3f60fa63d5e853c314
Certificate serial:       018CC86F61E23F405E81072B1133487B148C
Authority key identifier: 68:E3:BA:87:E3:A9:34:68:CC:3B:3C:3F:60:FA:63:D5:E8:53:C3:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aOO6h-OpNGjMOzw_YPpj1ehTwxQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/1eff17-65ec-45ea-a75d-96eb07f7825b/1/AX84LoaLPUZ-Iv8evwGZY946S8k.roa
Signing time:             Tue 02 Jan 2024 04:29:51 +0000
ROA not before:           Tue 02 Jan 2024 04:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48803
IP address blocks:        195.49.240.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/1eff17-65ec-45ea-a75d-96eb07f7825b/1/aOO6h-OpNGjMOzw_YPpj1ehTwxQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/1eff17-65ec-45ea-a75d-96eb07f7825b/1/aOO6h-OpNGjMOzw_YPpj1ehTwxQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aOO6h-OpNGjMOzw_YPpj1ehTwxQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 04:02:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:61:e2:3f:40:5e:81:07:2b:11:33:48:7b:14:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68e3ba87e3a93468cc3b3c3f60fa63d5e853c314
        Validity
            Not Before: Jan  2 04:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=017f382e868b3d467e22ff1ebf019963de3a4bc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:c0:85:de:7e:af:53:17:7a:5f:0f:bb:81:d5:
                    1d:92:e5:ee:6b:86:ed:55:85:55:38:36:61:33:f4:
                    d8:61:db:49:bd:52:d1:a7:86:87:e5:2f:0d:c4:ba:
                    4d:29:be:be:47:bc:9e:1c:5f:73:6d:91:85:2d:dd:
                    56:1d:59:e9:a1:67:83:5b:12:50:15:42:cb:04:a7:
                    a7:11:77:d1:cc:42:30:a2:54:03:9a:bf:a9:ef:47:
                    23:ca:f9:d7:3e:ab:ba:3a:06:6a:d8:4c:b3:f9:3d:
                    ba:3e:c7:9f:d5:7d:84:ae:72:5b:96:d6:58:b5:83:
                    9d:1f:be:ab:a3:2b:fd:cd:24:e3:d6:99:79:99:2a:
                    f9:f2:46:db:b9:61:37:36:37:32:3b:35:e6:1e:78:
                    cd:b2:8d:d8:2a:2c:38:30:0a:c7:8d:07:64:98:83:
                    47:ce:3e:c0:c8:bf:5b:d0:1b:d2:a3:96:af:5a:0e:
                    d8:42:5e:0a:40:e1:5c:28:57:2f:0b:b7:61:5c:c9:
                    49:d3:00:6a:40:51:78:c0:5a:69:23:8f:4f:e6:70:
                    36:28:e8:5d:f8:44:19:11:87:3b:3d:6b:6b:b6:94:
                    ae:93:bf:72:48:01:58:f7:4f:d1:2d:d2:41:95:20:
                    a9:83:ac:1e:e0:12:b3:35:0d:dc:22:bc:81:5c:b7:
                    f1:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:7F:38:2E:86:8B:3D:46:7E:22:FF:1E:BF:01:99:63:DE:3A:4B:C9
            X509v3 Authority Key Identifier:
                keyid:68:E3:BA:87:E3:A9:34:68:CC:3B:3C:3F:60:FA:63:D5:E8:53:C3:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aOO6h-OpNGjMOzw_YPpj1ehTwxQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/1eff17-65ec-45ea-a75d-96eb07f7825b/1/AX84LoaLPUZ-Iv8evwGZY946S8k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/1eff17-65ec-45ea-a75d-96eb07f7825b/1/aOO6h-OpNGjMOzw_YPpj1ehTwxQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.49.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         20:d9:48:f8:3e:59:64:2e:a3:d0:d4:45:74:64:a4:63:55:04:
         58:0b:af:60:7c:fe:6a:e9:a5:cd:98:d8:13:c1:d2:87:52:2e:
         76:02:13:b1:33:a7:5b:c3:05:1d:2c:52:fd:68:e2:24:cf:7e:
         12:0e:eb:43:70:2f:4f:52:c7:3c:11:b1:67:4a:fc:f5:36:e2:
         21:6f:40:8e:f6:5e:17:92:52:4a:36:76:3d:28:2d:1e:2a:af:
         50:e3:5c:fb:39:7d:de:23:7c:b6:38:56:05:9b:5f:be:84:e5:
         90:1b:d9:44:18:f4:18:6c:d1:94:3c:06:e6:39:5d:25:ea:4d:
         61:a3:05:87:89:13:30:93:a7:f1:c4:05:f4:2f:1b:4c:42:d1:
         5d:bb:2f:b7:5a:d1:2f:a1:c6:e7:8c:a6:4e:a9:a1:24:8e:e9:
         b5:88:c3:ee:d2:d9:23:b5:a1:1f:96:7c:d7:d4:24:92:b4:96:
         e3:14:39:e3:cd:d8:1f:da:e6:0f:3c:9a:d9:ed:06:6b:9d:6d:
         24:47:a4:17:08:89:73:91:9c:87:b1:0d:74:46:cc:09:23:67:
         e0:ad:fe:9d:f7:1d:31:fb:a8:d5:c1:10:e2:48:1b:08:e7:ac:
         6e:26:a8:da:b1:2f:f0:4f:cb:22:57:bb:39:6c:77:2d:8d:9f:
         89:cd:53:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb2HiP0BegQcrETNIexSMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4ZTNiYTg3ZTNhOTM0NjhjYzNiM2MzZjYwZmE2M2Q1ZTg1
M2MzMTQwHhcNMjQwMTAyMDQyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTdmMzgyZTg2OGIzZDQ2N2UyMmZmMWViZjAxOTk2M2RlM2E0YmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg8CF3n6vUxd6Xw+7gdUdkuXua4bt
VYVVODZhM/TYYdtJvVLRp4aH5S8NxLpNKb6+R7yeHF9zbZGFLd1WHVnpoWeDWxJQ
FULLBKenEXfRzEIwolQDmr+p70cjyvnXPqu6OgZq2Eyz+T26Psef1X2ErnJbltZY
tYOdH76royv9zSTj1pl5mSr58kbbuWE3NjcyOzXmHnjNso3YKiw4MArHjQdkmINH
zj7AyL9b0BvSo5avWg7YQl4KQOFcKFcvC7dhXMlJ0wBqQFF4wFppI49P5nA2KOhd
+EQZEYc7PWtrtpSuk79ySAFY90/RLdJBlSCpg6we4BKzNQ3cIryBXLfxfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAF/OC6Giz1GfiL/Hr8BmWPeOkvJMB8GA1UdIwQY
MBaAFGjjuofjqTRozDs8P2D6Y9XoU8MUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU9PNmgtT3BOR2pNT3p3X1lQcGoxZWhUd3hRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC8xZWZmMTctNjVlYy00NWVhLWE3NWQt
OTZlYjA3Zjc4MjViLzEvQVg4NExvYUxQVVotSXY4ZXZ3R1pZOTQ2UzhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC8xZWZmMTctNjVlYy00NWVhLWE3NWQtOTZlYjA3Zjc4MjVi
LzEvYU9PNmgtT3BOR2pNT3p3X1lQcGoxZWhUd3hRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwzHwMA0G
CSqGSIb3DQEBCwUAA4IBAQAg2Uj4PllkLqPQ1EV0ZKRjVQRYC69gfP5q6aXNmNgT
wdKHUi52AhOxM6dbwwUdLFL9aOIkz34SDutDcC9PUsc8EbFnSvz1NuIhb0CO9l4X
klJKNnY9KC0eKq9Q41z7OX3eI3y2OFYFm1++hOWQG9lEGPQYbNGUPAbmOV0l6k1h
owWHiRMwk6fxxAX0LxtMQtFduy+3WtEvocbnjKZOqaEkjum1iMPu0tkjtaEflnzX
1CSStJbjFDnjzdgf2uYPPJrZ7QZrnW0kR6QXCIlzkZyHsQ10RswJI2fgrf6d9x0x
+6jVwRDiSBsI56xuJqjasS/wT8siV7s5bHctjZ+JzVNo
-----END CERTIFICATE-----