Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/DKXvI4nnsGnG1tDIIou9qKr9TMw.roa
File:                     DKXvI4nnsGnG1tDIIou9qKr9TMw.roa (raw, json)
Hash identifier:          cNWfyUHbgIXu66MZiIkGK/a7qOSlONSlscfUV54YkVc=
Subject key identifier:   0C:A5:EF:23:89:E7:B0:69:C6:D6:D0:C8:22:8B:BD:A8:AA:FD:4C:CC
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018CCA2A840652C653D7B9260110D86634D8
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/DKXvI4nnsGnG1tDIIou9qKr9TMw.roa
Signing time:             Tue 02 Jan 2024 12:33:53 +0000
ROA not before:           Tue 02 Jan 2024 12:33:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202984
IP address blocks:        195.133.60.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:84:06:52:c6:53:d7:b9:26:01:10:d8:66:34:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 12:33:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ca5ef2389e7b069c6d6d0c8228bbda8aafd4ccc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:72:17:9a:03:19:ef:28:4d:fe:cc:ac:19:ff:
                    84:1a:23:05:53:fc:b0:dc:03:5e:1d:ec:46:ee:f4:
                    df:76:66:67:fd:b8:08:30:83:46:80:65:32:34:16:
                    5f:c0:2e:b7:3c:6c:f5:ad:fd:4c:f3:88:29:8d:b0:
                    dc:b1:68:d6:2d:d0:91:17:e1:4a:c4:03:14:6a:d6:
                    7f:79:2b:38:b1:6d:66:c2:43:17:3d:31:20:09:ac:
                    1d:0a:e7:55:e1:62:90:5e:7b:f6:06:2e:d3:e7:8a:
                    d5:b7:1d:65:fc:38:b4:7a:75:f1:30:c8:37:88:d1:
                    f9:83:8f:12:6d:6e:e8:16:d9:d3:9f:74:a6:dd:24:
                    bd:2c:5d:3a:86:d1:46:05:65:5b:af:6d:25:b6:3c:
                    65:3e:aa:93:c1:93:39:f4:25:96:a9:45:23:a3:e8:
                    01:93:78:21:ea:82:a1:fa:c7:6e:97:4b:93:0c:b6:
                    c8:d6:5e:8f:23:21:23:36:0b:1b:b9:88:f0:51:d1:
                    8b:68:96:15:15:78:4f:b9:a8:b8:61:e5:43:da:6b:
                    3a:cc:80:fe:7c:7f:69:46:cd:7d:40:10:71:ba:a6:
                    96:e0:7b:cc:42:56:fc:44:6b:ab:34:ed:31:db:b2:
                    d1:f2:af:c1:c4:e0:17:02:c4:02:c3:76:e0:d3:71:
                    e3:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:A5:EF:23:89:E7:B0:69:C6:D6:D0:C8:22:8B:BD:A8:AA:FD:4C:CC
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/DKXvI4nnsGnG1tDIIou9qKr9TMw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.133.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         36:08:fa:39:a9:8a:c5:1a:55:ca:ba:e6:48:6e:8a:77:af:8b:
         bc:f4:eb:b3:be:d4:4f:b5:dc:c4:8c:b7:df:1f:c0:11:ee:9c:
         d3:ba:bd:87:f2:c1:b5:8a:5f:70:12:c5:66:9e:2e:14:83:0b:
         a7:79:09:1c:dc:3d:42:fa:ba:c0:9b:e3:bd:c4:a7:56:b6:63:
         d2:23:c0:bb:65:36:28:b6:19:7b:67:f8:41:3f:3d:87:7f:0a:
         3e:00:98:a9:1b:8f:44:53:e1:5a:e2:a2:27:49:18:32:89:87:
         b7:25:4a:e6:93:6e:14:ed:bd:1b:dd:53:ac:c1:15:5e:fd:93:
         ff:6e:76:16:6e:ff:ec:a9:cc:0c:b1:6f:0e:79:be:8c:04:6c:
         fb:8f:c5:00:98:8e:f7:b3:84:34:6d:db:88:c6:10:67:1a:33:
         47:33:cb:22:6f:87:28:f4:35:99:f2:3e:5d:9f:91:bb:6e:7a:
         df:e4:ee:13:93:08:48:42:82:c2:d0:d5:29:34:1d:da:18:81:
         53:10:f7:5c:94:12:cc:61:a9:61:ba:8b:f6:cf:2f:d7:a2:14:
         6f:56:d9:12:d6:36:c3:23:ef:c3:b7:43:44:a8:c2:c0:d9:6b:
         d6:0e:20:c9:69:f1:08:85:71:2e:a8:9c:da:e0:a7:c0:45:b6:
         6a:3d:d4:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKoQGUsZT17kmARDYZjTYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMTAyMTIzMzUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2E1ZWYyMzg5ZTdiMDY5YzZkNmQwYzgyMjhiYmRhOGFhZmQ0Y2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgXIXmgMZ7yhN/sysGf+EGiMFU/yw
3ANeHexG7vTfdmZn/bgIMINGgGUyNBZfwC63PGz1rf1M84gpjbDcsWjWLdCRF+FK
xAMUatZ/eSs4sW1mwkMXPTEgCawdCudV4WKQXnv2Bi7T54rVtx1l/Di0enXxMMg3
iNH5g48SbW7oFtnTn3Sm3SS9LF06htFGBWVbr20ltjxlPqqTwZM59CWWqUUjo+gB
k3gh6oKh+sdul0uTDLbI1l6PIyEjNgsbuYjwUdGLaJYVFXhPuai4YeVD2ms6zID+
fH9pRs19QBBxuqaW4HvMQlb8RGurNO0x27LR8q/BxOAXAsQCw3bg03Hj4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAyl7yOJ57BpxtbQyCKLvaiq/UzMMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvREtYdkk0bm5zR25HMXRESUlvdTlxS3I5VE13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw4U8MA0G
CSqGSIb3DQEBCwUAA4IBAQA2CPo5qYrFGlXKuuZIbop3r4u89OuzvtRPtdzEjLff
H8AR7pzTur2H8sG1il9wEsVmni4UgwuneQkc3D1C+rrAm+O9xKdWtmPSI8C7ZTYo
thl7Z/hBPz2Hfwo+AJipG49EU+Fa4qInSRgyiYe3JUrmk24U7b0b3VOswRVe/ZP/
bnYWbv/sqcwMsW8Oeb6MBGz7j8UAmI73s4Q0bduIxhBnGjNHM8sib4co9DWZ8j5d
n5G7bnrf5O4TkwhIQoLC0NUpNB3aGIFTEPdclBLMYalhuov2zy/XohRvVtkS1jbD
I+/Dt0NEqMLA2WvWDiDJafEIhXEuqJza4KfARbZqPdRl
-----END CERTIFICATE-----