Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/ed94b1-b573-45e4-9e21-3f42c71780bc/1/URh8uhF1Ii9Id0pKsBg16gFGU-o.roa
File:                     URh8uhF1Ii9Id0pKsBg16gFGU-o.roa (raw, json)
Hash identifier:          bRGvqU0laqSMsudMQbALWO5oqzFGvQZS9et9RS0eO9Q=
Subject key identifier:   51:18:7C:BA:11:75:22:2F:48:77:4A:4A:B0:18:35:EA:01:46:53:EA
Certificate issuer:       /CN=851272e4e8186b9cf3d1eb42665c53ce714f4d4b
Certificate serial:       018CC6B77A6779F82910EEA7D3699AC50337
Authority key identifier: 85:12:72:E4:E8:18:6B:9C:F3:D1:EB:42:66:5C:53:CE:71:4F:4D:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hRJy5OgYa5zz0etCZlxTznFPTUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/ed94b1-b573-45e4-9e21-3f42c71780bc/1/URh8uhF1Ii9Id0pKsBg16gFGU-o.roa
Signing time:             Mon 01 Jan 2024 20:29:22 +0000
ROA not before:           Mon 01 Jan 2024 20:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12337
IP address blocks:        195.190.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/ed94b1-b573-45e4-9e21-3f42c71780bc/1/hRJy5OgYa5zz0etCZlxTznFPTUs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/ed94b1-b573-45e4-9e21-3f42c71780bc/1/hRJy5OgYa5zz0etCZlxTznFPTUs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hRJy5OgYa5zz0etCZlxTznFPTUs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 01:02:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:7a:67:79:f8:29:10:ee:a7:d3:69:9a:c5:03:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=851272e4e8186b9cf3d1eb42665c53ce714f4d4b
        Validity
            Not Before: Jan  1 20:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51187cba1175222f48774a4ab01835ea014653ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:9e:55:17:1f:fb:aa:6d:a2:52:3a:7c:67:6b:
                    df:df:69:bf:30:6e:e3:c2:69:6f:b2:66:1f:e2:73:
                    97:ab:71:5f:ee:2b:4b:f9:f1:8a:2d:b0:a6:e1:41:
                    9f:87:41:29:d7:ce:5d:ad:70:66:a6:ff:15:9d:01:
                    da:3e:2d:4d:3d:fd:1f:0b:35:d4:e7:b9:c3:d8:e6:
                    44:47:73:04:7c:de:5f:86:a6:f3:b6:77:c0:28:02:
                    e4:6e:63:52:d9:00:27:96:3a:42:24:5c:f5:9a:07:
                    16:db:7f:bd:4b:6b:45:b4:61:76:fe:2d:92:4d:83:
                    7c:e2:a7:ee:23:0b:60:2f:45:90:7a:a1:74:4d:36:
                    99:12:d6:ee:43:a0:91:3c:97:3d:3e:b9:7d:c6:c7:
                    f9:76:2b:dd:af:d2:e4:b5:eb:3e:d1:89:40:d2:e8:
                    6d:ba:e8:d7:5d:af:44:3e:4b:3e:b5:8e:86:46:14:
                    47:5e:a4:62:9f:ef:b8:d1:36:47:17:f7:6f:6e:50:
                    ba:18:ce:86:b8:b6:0f:fb:43:08:6f:93:1b:3f:1b:
                    61:1c:9a:5c:c0:ac:ed:c7:3e:62:bf:c3:14:11:bc:
                    ca:00:9a:b3:e6:2c:72:49:26:1e:05:45:57:73:f4:
                    95:f5:ac:df:87:e5:42:3f:0d:0f:e9:6a:94:c1:62:
                    e8:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:18:7C:BA:11:75:22:2F:48:77:4A:4A:B0:18:35:EA:01:46:53:EA
            X509v3 Authority Key Identifier:
                keyid:85:12:72:E4:E8:18:6B:9C:F3:D1:EB:42:66:5C:53:CE:71:4F:4D:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hRJy5OgYa5zz0etCZlxTznFPTUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/ed94b1-b573-45e4-9e21-3f42c71780bc/1/URh8uhF1Ii9Id0pKsBg16gFGU-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/ed94b1-b573-45e4-9e21-3f42c71780bc/1/hRJy5OgYa5zz0etCZlxTznFPTUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.190.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:e7:a3:e5:2e:f2:5e:28:28:6b:e6:bd:b6:d7:de:f3:ae:0c:
         80:c0:98:f9:22:36:c8:bc:18:b1:e8:ee:75:c6:b7:d7:00:1d:
         9b:2b:e4:89:08:78:39:39:33:20:33:20:ce:44:13:a6:85:3e:
         06:c4:57:56:9c:b6:cd:ec:3b:c1:89:3e:8e:9c:b7:ad:16:b6:
         1d:49:bf:7e:b4:c7:9a:47:4f:6b:22:a0:5e:5b:68:c1:bf:0f:
         80:f9:4f:26:4a:ac:0a:a6:22:57:a7:a6:25:0d:28:1e:2c:19:
         ec:2d:a7:1b:be:4c:c4:23:7f:e9:ca:1b:d5:da:59:95:74:1e:
         09:14:b2:42:9f:33:71:3e:d3:01:c6:2a:39:46:7d:d0:c7:d8:
         34:28:09:a3:e2:7e:c1:5e:dd:eb:f8:d4:89:6d:30:aa:46:99:
         76:ca:1c:6d:8f:42:6f:48:48:ff:06:97:36:54:4d:9d:49:77:
         59:fe:68:1b:aa:7d:dc:52:59:e4:bb:c7:dc:0a:dd:4e:64:01:
         7b:a8:ad:58:c9:33:75:c4:6f:93:89:29:66:25:ba:2e:d9:14:
         8a:e2:c0:1a:70:c3:87:76:f0:21:54:7d:63:89:2a:42:60:45:
         6a:4e:e0:61:cc:59:b1:ca:89:69:db:ea:49:66:c1:98:00:a1:
         ce:03:5c:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt3pnefgpEO6n02maxQM3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MTI3MmU0ZTgxODZiOWNmM2QxZWI0MjY2NWM1M2NlNzE0
ZjRkNGIwHhcNMjQwMTAxMjAyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTE4N2NiYTExNzUyMjJmNDg3NzRhNGFiMDE4MzVlYTAxNDY1M2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp55VFx/7qm2iUjp8Z2vf32m/MG7j
wmlvsmYf4nOXq3Ff7itL+fGKLbCm4UGfh0Ep185drXBmpv8VnQHaPi1NPf0fCzXU
57nD2OZER3MEfN5fhqbztnfAKALkbmNS2QAnljpCJFz1mgcW23+9S2tFtGF2/i2S
TYN84qfuIwtgL0WQeqF0TTaZEtbuQ6CRPJc9Prl9xsf5divdr9Lktes+0YlA0uht
uujXXa9EPks+tY6GRhRHXqRin++40TZHF/dvblC6GM6GuLYP+0MIb5MbPxthHJpc
wKztxz5iv8MUEbzKAJqz5ixySSYeBUVXc/SV9azfh+VCPw0P6WqUwWLo3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFEYfLoRdSIvSHdKSrAYNeoBRlPqMB8GA1UdIwQY
MBaAFIUScuToGGuc89HrQmZcU85xT01LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFJKeTVPZ1lhNXp6MGV0Q1pseFR6bkZQVFVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lZDk0YjEtYjU3My00NWU0LTllMjEt
M2Y0MmM3MTc4MGJjLzEvVVJoOHVoRjFJaTlJZDBwS3NCZzE2Z0ZHVS1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9lZDk0YjEtYjU3My00NWU0LTllMjEtM2Y0MmM3MTc4MGJj
LzEvaFJKeTVPZ1lhNXp6MGV0Q1pseFR6bkZQVFVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw74IMA0G
CSqGSIb3DQEBCwUAA4IBAQCk56PlLvJeKChr5r22197zrgyAwJj5IjbIvBix6O51
xrfXAB2bK+SJCHg5OTMgMyDORBOmhT4GxFdWnLbN7DvBiT6OnLetFrYdSb9+tMea
R09rIqBeW2jBvw+A+U8mSqwKpiJXp6YlDSgeLBnsLacbvkzEI3/pyhvV2lmVdB4J
FLJCnzNxPtMBxio5Rn3Qx9g0KAmj4n7BXt3r+NSJbTCqRpl2yhxtj0JvSEj/Bpc2
VE2dSXdZ/mgbqn3cUlnku8fcCt1OZAF7qK1YyTN1xG+TiSlmJbou2RSK4sAacMOH
dvAhVH1jiSpCYEVqTuBhzFmxyolp2+pJZsGYAKHOA1yr
-----END CERTIFICATE-----