Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/bZbCHXFzaUzVLJWPf-iubNRS-CI.roa
File:                     bZbCHXFzaUzVLJWPf-iubNRS-CI.roa (raw, json)
Hash identifier:          YctsaxnUZdagvmkeP1QrDezFdco7nF79OByhg7u3iPo=
Subject key identifier:   6D:96:C2:1D:71:73:69:4C:D5:2C:95:8F:7F:E8:AE:6C:D4:52:F8:22
Certificate issuer:       /CN=f440e5eba2f8bfc8fe8fe56cc88a4289652390ba
Certificate serial:       018DAC2461EA6FF74A33FDD2637EF4E9EC66
Authority key identifier: F4:40:E5:EB:A2:F8:BF:C8:FE:8F:E5:6C:C8:8A:42:89:65:23:90:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9EDl66L4v8j-j-VsyIpCiWUjkLo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/bZbCHXFzaUzVLJWPf-iubNRS-CI.roa
Signing time:             Thu 15 Feb 2024 09:41:21 +0000
ROA not before:           Thu 15 Feb 2024 09:41:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48781
IP address blocks:        195.225.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/9EDl66L4v8j-j-VsyIpCiWUjkLo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/9EDl66L4v8j-j-VsyIpCiWUjkLo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9EDl66L4v8j-j-VsyIpCiWUjkLo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ac:24:61:ea:6f:f7:4a:33:fd:d2:63:7e:f4:e9:ec:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f440e5eba2f8bfc8fe8fe56cc88a4289652390ba
        Validity
            Not Before: Feb 15 09:41:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d96c21d7173694cd52c958f7fe8ae6cd452f822
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:30:a9:3f:79:f1:c1:f1:77:7a:82:61:00:f7:
                    a5:7c:9b:ed:3c:68:42:8e:25:31:f4:76:2f:62:7f:
                    72:1c:93:83:25:c9:81:5c:37:35:d4:88:e1:2d:cc:
                    3c:c5:52:c7:70:f7:71:f5:3c:63:33:7f:f5:a8:a1:
                    ec:18:2b:74:b6:98:9d:f2:54:eb:b5:3c:f6:a9:b2:
                    69:c6:01:c9:2d:f9:25:bd:78:cb:3b:de:32:f7:87:
                    6b:c6:e6:31:d4:ee:17:27:a6:00:29:0a:cd:a0:c7:
                    75:ae:74:08:53:02:f9:4e:06:26:52:12:f8:32:ce:
                    2d:8a:f3:89:01:65:d6:c7:5b:96:22:50:c9:59:33:
                    08:a2:80:6b:3f:61:bc:74:7e:aa:57:cb:04:b8:28:
                    a4:db:4d:a2:af:31:64:2f:7d:9d:16:61:69:2f:5c:
                    40:70:bb:20:f8:15:ef:b5:27:23:80:a8:02:e4:1c:
                    ae:64:40:e8:cf:32:27:b5:c2:e1:17:bd:9d:70:d9:
                    d9:7b:3c:0d:63:12:af:bd:68:e5:71:6c:bd:01:56:
                    56:b5:06:2f:28:8b:e1:b4:75:46:5b:58:d9:04:9f:
                    f1:f6:ea:8c:5d:d1:55:fb:9a:db:e2:33:f5:a5:2c:
                    c2:d0:6f:a0:80:40:c1:5d:21:aa:87:4f:3d:1a:95:
                    f9:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:96:C2:1D:71:73:69:4C:D5:2C:95:8F:7F:E8:AE:6C:D4:52:F8:22
            X509v3 Authority Key Identifier:
                keyid:F4:40:E5:EB:A2:F8:BF:C8:FE:8F:E5:6C:C8:8A:42:89:65:23:90:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9EDl66L4v8j-j-VsyIpCiWUjkLo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/bZbCHXFzaUzVLJWPf-iubNRS-CI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/9EDl66L4v8j-j-VsyIpCiWUjkLo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.225.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:a6:61:af:9d:95:14:5a:5b:1e:22:8c:a3:cb:91:99:34:80:
         2c:92:cd:01:41:b6:ed:58:97:15:8b:f5:f5:ab:33:a5:4e:a5:
         c7:70:d5:6d:02:2f:99:a5:22:97:2b:fc:6a:18:96:82:cc:0a:
         56:b9:e7:03:1d:53:e3:bc:3f:90:1f:ec:44:31:67:21:17:44:
         86:00:b0:56:a9:23:ad:67:40:f7:99:4c:1c:8a:49:5e:64:66:
         8e:3c:d9:8d:22:8e:11:00:9d:7e:05:c6:43:16:f2:e3:53:b7:
         c7:df:7b:e0:d2:aa:c6:9e:21:1d:a8:e3:87:86:3c:d0:b8:bc:
         26:bb:f5:69:4f:d8:f3:f7:77:92:07:e8:40:29:11:a3:99:7d:
         6a:8a:73:32:9f:2a:33:b4:fa:55:fa:ce:04:bd:77:37:c3:49:
         e6:a7:09:4e:c7:da:29:d2:26:a9:c1:1d:c4:c4:03:47:43:80:
         02:f9:3f:c6:ae:db:b2:9b:25:2d:3c:74:cf:25:8b:8d:46:4f:
         69:06:4a:bf:1c:0b:18:6b:72:e6:f1:fb:44:29:46:8d:93:c1:
         f9:a1:0c:e1:f7:f3:6e:17:5c:e5:5b:e8:3e:eb:2c:31:56:4e:
         d9:7b:86:0e:9c:2d:72:8a:ea:37:2f:0e:d6:f6:df:e6:c9:3b:
         7f:4a:32:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2sJGHqb/dKM/3SY3706exmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0NDBlNWViYTJmOGJmYzhmZThmZTU2Y2M4OGE0Mjg5NjUy
MzkwYmEwHhcNMjQwMjE1MDk0MTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDk2YzIxZDcxNzM2OTRjZDUyYzk1OGY3ZmU4YWU2Y2Q0NTJmODIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTCpP3nxwfF3eoJhAPelfJvtPGhC
jiUx9HYvYn9yHJODJcmBXDc11IjhLcw8xVLHcPdx9TxjM3/1qKHsGCt0tpid8lTr
tTz2qbJpxgHJLfklvXjLO94y94drxuYx1O4XJ6YAKQrNoMd1rnQIUwL5TgYmUhL4
Ms4tivOJAWXWx1uWIlDJWTMIooBrP2G8dH6qV8sEuCik202irzFkL32dFmFpL1xA
cLsg+BXvtScjgKgC5ByuZEDozzIntcLhF72dcNnZezwNYxKvvWjlcWy9AVZWtQYv
KIvhtHVGW1jZBJ/x9uqMXdFV+5rb4jP1pSzC0G+ggEDBXSGqh089GpX5FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG2Wwh1xc2lM1SyVj3/ormzUUvgiMB8GA1UdIwQY
MBaAFPRA5eui+L/I/o/lbMiKQollI5C6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUVEbDY2TDR2OGotai1Wc3lJcENpV1Vqa0xvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC9kZTg2NjItOTkzZi00N2Y3LWEyN2Yt
MDBiOTJjMWMxZWY0LzEvYlpiQ0hYRnphVXpWTEpXUGYtaXViTlJTLUNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC9kZTg2NjItOTkzZi00N2Y3LWEyN2YtMDBiOTJjMWMxZWY0
LzEvOUVEbDY2TDR2OGotai1Wc3lJcENpV1Vqa0xvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+GDMA0G
CSqGSIb3DQEBCwUAA4IBAQBspmGvnZUUWlseIoyjy5GZNIAsks0BQbbtWJcVi/X1
qzOlTqXHcNVtAi+ZpSKXK/xqGJaCzApWuecDHVPjvD+QH+xEMWchF0SGALBWqSOt
Z0D3mUwcikleZGaOPNmNIo4RAJ1+BcZDFvLjU7fH33vg0qrGniEdqOOHhjzQuLwm
u/VpT9jz93eSB+hAKRGjmX1qinMynyoztPpV+s4EvXc3w0nmpwlOx9op0iapwR3E
xANHQ4AC+T/GrtuymyUtPHTPJYuNRk9pBkq/HAsYa3Lm8ftEKUaNk8H5oQzh9/Nu
F1zlW+g+6ywxVk7Ze4YOnC1yiuo3Lw7W9t/myTt/SjKV
-----END CERTIFICATE-----