Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/d16463-89be-4f5b-b2f2-acc41cacf7e1/1/pbjzFHS5NSz6XJ_0aHT1l-ZWwsg.roa
File:                     pbjzFHS5NSz6XJ_0aHT1l-ZWwsg.roa (raw, json)
Hash identifier:          rDNUn4eLdMncQNTJQB1+IhtS5YxPejUn6rr/hf/ptjc=
Subject key identifier:   A5:B8:F3:14:74:B9:35:2C:FA:5C:9F:F4:68:74:F5:97:E6:56:C2:C8
Certificate issuer:       /CN=cbd95ead6d2a1daf2ef687acb4c29e76076b2809
Certificate serial:       019073C4897721510839EB09FA70EFB74C22
Authority key identifier: CB:D9:5E:AD:6D:2A:1D:AF:2E:F6:87:AC:B4:C2:9E:76:07:6B:28:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y9lerW0qHa8u9oestMKedgdrKAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/d16463-89be-4f5b-b2f2-acc41cacf7e1/1/pbjzFHS5NSz6XJ_0aHT1l-ZWwsg.roa
Signing time:             Tue 02 Jul 2024 14:06:18 +0000
ROA not before:           Tue 02 Jul 2024 14:06:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200259
IP address blocks:        195.189.176.0/24 maxlen: 24
                          2001:67c:2ebc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/d16463-89be-4f5b-b2f2-acc41cacf7e1/1/y9lerW0qHa8u9oestMKedgdrKAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/d16463-89be-4f5b-b2f2-acc41cacf7e1/1/y9lerW0qHa8u9oestMKedgdrKAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y9lerW0qHa8u9oestMKedgdrKAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jul 2024 02:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:73:c4:89:77:21:51:08:39:eb:09:fa:70:ef:b7:4c:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbd95ead6d2a1daf2ef687acb4c29e76076b2809
        Validity
            Not Before: Jul  2 14:06:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5b8f31474b9352cfa5c9ff46874f597e656c2c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:9d:b4:66:cd:11:60:46:bc:29:59:9a:8b:f6:
                    6b:a1:40:a3:7d:07:bf:bd:2a:b7:a1:48:93:90:4b:
                    04:cc:09:2d:bf:33:86:39:43:2e:80:b3:ff:a4:4e:
                    f9:d5:7f:b9:27:37:dc:97:5f:1c:80:b9:e9:dc:8e:
                    22:70:56:eb:4f:23:3f:47:b6:2b:88:ac:91:00:72:
                    ad:09:34:d9:35:61:5b:14:7d:d1:d8:f2:21:8d:85:
                    90:41:37:8b:d9:fc:d7:1c:28:48:b8:2b:a9:00:a1:
                    a4:e0:e8:44:d1:a8:aa:a3:cc:df:fe:cf:19:8f:e3:
                    e5:cd:37:26:b0:c3:5d:73:21:44:51:a8:11:cf:91:
                    35:e6:15:f6:0c:42:97:de:5b:e2:2b:73:f9:5f:48:
                    ef:2d:31:87:d2:37:67:60:3e:13:91:90:70:84:38:
                    c4:f3:2a:94:44:08:a8:43:d7:c0:3f:15:a9:8a:d7:
                    14:a1:53:3e:7c:6f:92:39:ac:4b:25:af:9f:6c:59:
                    d7:65:f6:d1:bf:9a:fd:b3:ad:c5:11:29:53:d3:c8:
                    8d:df:4f:b9:9a:1d:f5:f5:32:8a:b1:9d:be:3b:8b:
                    a8:56:03:09:d8:e6:93:0c:2f:60:b8:22:dd:7a:af:
                    36:94:92:a7:a0:fa:ce:d7:1a:f7:79:7f:6f:80:e9:
                    b3:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:B8:F3:14:74:B9:35:2C:FA:5C:9F:F4:68:74:F5:97:E6:56:C2:C8
            X509v3 Authority Key Identifier:
                keyid:CB:D9:5E:AD:6D:2A:1D:AF:2E:F6:87:AC:B4:C2:9E:76:07:6B:28:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y9lerW0qHa8u9oestMKedgdrKAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/d16463-89be-4f5b-b2f2-acc41cacf7e1/1/pbjzFHS5NSz6XJ_0aHT1l-ZWwsg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/d16463-89be-4f5b-b2f2-acc41cacf7e1/1/y9lerW0qHa8u9oestMKedgdrKAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.189.176.0/24
                IPv6:
                  2001:67c:2ebc::/48

    Signature Algorithm: sha256WithRSAEncryption
         63:31:0b:6c:52:2d:9b:58:55:e4:43:e9:de:db:af:c0:cb:d3:
         2e:84:0f:47:81:4c:73:22:dc:0c:52:d8:59:5c:b9:9c:53:de:
         0d:07:19:43:d8:f6:de:85:5c:a7:42:a0:32:36:d7:58:1c:8d:
         a1:7f:cb:6b:69:0d:19:46:8c:67:aa:6b:69:53:35:42:be:80:
         84:95:66:b0:aa:68:cd:b7:8c:a8:3a:ac:70:87:d2:81:cd:aa:
         ad:89:e3:e8:a1:01:4f:bf:10:41:44:7a:29:1d:e0:d6:70:6c:
         fd:92:5d:35:3d:92:1a:7c:df:18:95:9a:ef:2c:30:1c:93:0c:
         38:6b:9c:7f:b3:57:2a:ba:0d:43:11:2c:d6:b8:01:40:8b:e7:
         ec:28:81:04:72:fa:d5:ec:7e:d4:dc:24:45:55:2d:3d:72:94:
         76:76:cd:96:66:0b:6e:e2:13:63:fa:6f:6a:8f:fa:af:e3:d4:
         19:dc:33:b1:7b:cc:e6:f2:9c:97:ab:f9:e5:e0:1e:e0:84:f7:
         70:49:e8:06:89:e0:52:f6:1c:7e:77:a1:8a:bc:6f:b4:c6:da:
         dd:1e:ba:9d:b9:99:bd:9f:bb:b1:ef:57:8e:36:8b:35:e5:70:
         2c:ac:08:84:d4:86:e7:55:73:97:3f:49:3e:da:86:61:22:a9:
         e0:20:f5:a3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZBzxIl3IVEIOesJ+nDvt0wiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiZDk1ZWFkNmQyYTFkYWYyZWY2ODdhY2I0YzI5ZTc2MDc2
YjI4MDkwHhcNMjQwNzAyMTQwNjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWI4ZjMxNDc0YjkzNTJjZmE1YzlmZjQ2ODc0ZjU5N2U2NTZjMmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJ20Zs0RYEa8KVmai/ZroUCjfQe/
vSq3oUiTkEsEzAktvzOGOUMugLP/pE751X+5Jzfcl18cgLnp3I4icFbrTyM/R7Yr
iKyRAHKtCTTZNWFbFH3R2PIhjYWQQTeL2fzXHChIuCupAKGk4OhE0aiqo8zf/s8Z
j+PlzTcmsMNdcyFEUagRz5E15hX2DEKX3lviK3P5X0jvLTGH0jdnYD4TkZBwhDjE
8yqURAioQ9fAPxWpitcUoVM+fG+SOaxLJa+fbFnXZfbRv5r9s63FESlT08iN30+5
mh319TKKsZ2+O4uoVgMJ2OaTDC9guCLdeq82lJKnoPrO1xr3eX9vgOmzFwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKW48xR0uTUs+lyf9Gh09ZfmVsLIMB8GA1UdIwQY
MBaAFMvZXq1tKh2vLvaHrLTCnnYHaygJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTlsZXJXMHFIYTh1OW9lc3RNS2VkZ2RyS0FrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9kMTY0NjMtODliZS00ZjViLWIyZjIt
YWNjNDFjYWNmN2UxLzEvcGJqekZIUzVOU3o2WEpfMGFIVDFsLVpXd3NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9kMTY0NjMtODliZS00ZjViLWIyZjItYWNjNDFjYWNmN2Ux
LzEveTlsZXJXMHFIYTh1OW9lc3RNS2VkZ2RyS0FrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAw72wMA8E
AgACMAkDBwAgAQZ8LrwwDQYJKoZIhvcNAQELBQADggEBAGMxC2xSLZtYVeRD6d7b
r8DL0y6ED0eBTHMi3AxS2FlcuZxT3g0HGUPY9t6FXKdCoDI211gcjaF/y2tpDRlG
jGeqa2lTNUK+gISVZrCqaM23jKg6rHCH0oHNqq2J4+ihAU+/EEFEeikd4NZwbP2S
XTU9khp83xiVmu8sMByTDDhrnH+zVyq6DUMRLNa4AUCL5+wogQRy+tXsftTcJEVV
LT1ylHZ2zZZmC27iE2P6b2qP+q/j1BncM7F7zObynJer+eXgHuCE93BJ6AaJ4FL2
HH53oYq8b7TG2t0eup25mb2fu7HvV442izXlcCysCITUhudVc5c/ST7ahmEiqeAg
9aM=
-----END CERTIFICATE-----