Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/77f99c-35cb-47a6-bac3-caba81c9a152/1/xquxBBIS_4dha5xOk8dT19MoMog.roa
File:                     xquxBBIS_4dha5xOk8dT19MoMog.roa (raw, json)
Hash identifier:          g50AJBxeiPOmpUZD67NYfFfwsP9zRIi3K+tmd//V4Dg=
Subject key identifier:   C6:AB:B1:04:12:12:FF:87:61:6B:9C:4E:93:C7:53:D7:D3:28:32:88
Certificate issuer:       /CN=b5cafe1e3aea2f6d911ed107a08aafee979a4f51
Certificate serial:       018CC26CF4C9FDFE45F492AF578D036CDB4D
Authority key identifier: B5:CA:FE:1E:3A:EA:2F:6D:91:1E:D1:07:A0:8A:AF:EE:97:9A:4F:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tcr-HjrqL22RHtEHoIqv7peaT1E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/77f99c-35cb-47a6-bac3-caba81c9a152/1/xquxBBIS_4dha5xOk8dT19MoMog.roa
Signing time:             Mon 01 Jan 2024 00:29:29 +0000
ROA not before:           Mon 01 Jan 2024 00:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20546
IP address blocks:        195.234.1.0/24 maxlen: 24
                          195.234.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/77f99c-35cb-47a6-bac3-caba81c9a152/1/tcr-HjrqL22RHtEHoIqv7peaT1E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/77f99c-35cb-47a6-bac3-caba81c9a152/1/tcr-HjrqL22RHtEHoIqv7peaT1E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tcr-HjrqL22RHtEHoIqv7peaT1E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:02:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f4:c9:fd:fe:45:f4:92:af:57:8d:03:6c:db:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5cafe1e3aea2f6d911ed107a08aafee979a4f51
        Validity
            Not Before: Jan  1 00:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6abb1041212ff87616b9c4e93c753d7d3283288
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:0a:85:77:af:bb:fe:bc:0a:26:00:e4:34:80:
                    ff:d8:00:c1:92:8c:b8:cc:6d:21:49:8b:2c:07:0b:
                    5d:24:0a:36:a9:53:dd:a0:a2:f7:36:6e:16:bd:e9:
                    cd:3f:d0:8c:43:be:fd:fb:0c:70:bd:a3:d2:86:9b:
                    79:44:34:d2:2b:54:9e:14:39:b3:1b:ba:d6:2b:d2:
                    c3:85:25:3b:8a:bc:af:48:91:76:0b:ac:41:32:0e:
                    00:01:b4:3e:95:cd:e3:f9:65:f3:f8:41:c6:71:8a:
                    ad:1e:43:d3:04:81:4c:da:64:6e:97:ae:8e:6b:69:
                    30:64:e5:9f:2c:0c:df:20:64:2e:f4:78:47:84:b2:
                    b9:a7:26:7a:b4:91:51:81:a5:5e:d7:6f:b6:2e:82:
                    8f:6f:f7:61:73:aa:55:a1:37:cf:02:f8:dc:14:23:
                    fb:b4:86:30:36:6d:1d:56:12:8e:e5:2e:0e:e9:16:
                    9a:6e:67:9f:05:e7:9f:97:86:e4:e7:fc:e2:e5:f4:
                    06:0e:a5:f5:b8:90:37:22:22:28:0f:9f:df:2a:6f:
                    85:ed:33:78:fd:2e:28:3d:11:b7:c6:fe:4e:6f:04:
                    cd:6f:5e:b1:55:19:dc:2b:e2:aa:52:0e:e7:f9:b3:
                    c0:63:15:b1:6b:ed:a0:56:9b:e4:03:12:65:da:67:
                    e8:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:AB:B1:04:12:12:FF:87:61:6B:9C:4E:93:C7:53:D7:D3:28:32:88
            X509v3 Authority Key Identifier:
                keyid:B5:CA:FE:1E:3A:EA:2F:6D:91:1E:D1:07:A0:8A:AF:EE:97:9A:4F:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tcr-HjrqL22RHtEHoIqv7peaT1E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/77f99c-35cb-47a6-bac3-caba81c9a152/1/xquxBBIS_4dha5xOk8dT19MoMog.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/77f99c-35cb-47a6-bac3-caba81c9a152/1/tcr-HjrqL22RHtEHoIqv7peaT1E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.234.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b7:4a:44:e7:30:a2:1e:fc:9a:19:73:fa:02:17:0f:0c:a3:fe:
         88:bd:0b:4e:37:46:72:25:ad:e3:fe:7b:bf:56:9c:92:19:1e:
         04:5c:35:27:ae:90:4f:98:3b:11:a2:29:f4:a4:0a:2a:55:6a:
         95:c9:89:bd:fb:7a:3e:97:e1:6e:2a:51:37:50:f2:d9:77:22:
         21:9d:cd:b9:e6:64:1d:94:19:4c:17:cd:ba:fb:d6:5b:a0:aa:
         76:41:be:27:20:5c:a8:a0:ca:60:87:f8:02:ee:d1:87:22:b1:
         1e:e3:3a:f9:b7:07:78:68:56:9d:75:3e:06:dc:0d:14:52:89:
         92:8c:b7:8b:22:b6:7a:cf:83:33:08:1d:37:3c:97:ef:15:20:
         70:e3:8d:57:6e:49:7c:d4:0d:69:c3:ca:33:31:26:89:cb:57:
         66:07:ec:0e:51:6e:52:a6:9b:1b:ae:97:98:e0:1b:55:6b:5d:
         67:62:71:4b:6a:81:ac:c0:84:3c:1c:00:91:ae:68:1c:ae:5c:
         16:9c:85:4b:37:68:07:59:cd:82:d5:20:10:cf:e0:cb:2e:9c:
         12:c2:55:51:35:6e:70:25:64:d3:ff:fa:80:c0:3e:20:4f:7d:
         3f:4c:b1:1b:71:c4:a7:29:55:05:95:8e:5b:b3:93:ed:74:2f:
         ed:5e:50:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbPTJ/f5F9JKvV40DbNtNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1Y2FmZTFlM2FlYTJmNmQ5MTFlZDEwN2EwOGFhZmVlOTc5
YTRmNTEwHhcNMjQwMTAxMDAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmFiYjEwNDEyMTJmZjg3NjE2YjljNGU5M2M3NTNkN2QzMjgzMjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQqFd6+7/rwKJgDkNID/2ADBkoy4
zG0hSYssBwtdJAo2qVPdoKL3Nm4WvenNP9CMQ779+wxwvaPShpt5RDTSK1SeFDmz
G7rWK9LDhSU7iryvSJF2C6xBMg4AAbQ+lc3j+WXz+EHGcYqtHkPTBIFM2mRul66O
a2kwZOWfLAzfIGQu9HhHhLK5pyZ6tJFRgaVe12+2LoKPb/dhc6pVoTfPAvjcFCP7
tIYwNm0dVhKO5S4O6RaabmefBeefl4bk5/zi5fQGDqX1uJA3IiIoD5/fKm+F7TN4
/S4oPRG3xv5ObwTNb16xVRncK+KqUg7n+bPAYxWxa+2gVpvkAxJl2mfoswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMarsQQSEv+HYWucTpPHU9fTKDKIMB8GA1UdIwQY
MBaAFLXK/h466i9tkR7RB6CKr+6Xmk9RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGNyLUhqcnFMMjJSSHRFSG9JcXY3cGVhVDFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi83N2Y5OWMtMzVjYi00N2E2LWJhYzMt
Y2FiYTgxYzlhMTUyLzEveHF1eEJCSVNfNGRoYTV4T2s4ZFQxOU1vTW9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi83N2Y5OWMtMzVjYi00N2E2LWJhYzMtY2FiYTgxYzlhMTUy
LzEvdGNyLUhqcnFMMjJSSHRFSG9JcXY3cGVhVDFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw+oAMA0G
CSqGSIb3DQEBCwUAA4IBAQC3SkTnMKIe/JoZc/oCFw8Mo/6IvQtON0ZyJa3j/nu/
VpySGR4EXDUnrpBPmDsRoin0pAoqVWqVyYm9+3o+l+FuKlE3UPLZdyIhnc255mQd
lBlMF826+9ZboKp2Qb4nIFyooMpgh/gC7tGHIrEe4zr5twd4aFaddT4G3A0UUomS
jLeLIrZ6z4MzCB03PJfvFSBw441Xbkl81A1pw8ozMSaJy1dmB+wOUW5SppsbrpeY
4BtVa11nYnFLaoGswIQ8HACRrmgcrlwWnIVLN2gHWc2C1SAQz+DLLpwSwlVRNW5w
JWTT//qAwD4gT30/TLEbccSnKVUFlY5bs5PtdC/tXlDL
-----END CERTIFICATE-----