Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/be3e00-3c96-4cde-b81a-14c6b954d976/1/CzjdzIyz7vWf4Fqvd30WIn16my8.roa
File:                     CzjdzIyz7vWf4Fqvd30WIn16my8.roa (raw, json)
Hash identifier:          yiT34A2t9ip8QFGeulwC2qKIbCbS2uaISTPL04imnkg=
Subject key identifier:   0B:38:DD:CC:8C:B3:EE:F5:9F:E0:5A:AF:77:7D:16:22:7D:7A:9B:2F
Certificate issuer:       /CN=683b33dc7218b3fe883c49505134cb39a664fd28
Certificate serial:       018CC34922B034EF23271210E3CC4C20F580
Authority key identifier: 68:3B:33:DC:72:18:B3:FE:88:3C:49:50:51:34:CB:39:A6:64:FD:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aDsz3HIYs_6IPElQUTTLOaZk_Sg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/be3e00-3c96-4cde-b81a-14c6b954d976/1/CzjdzIyz7vWf4Fqvd30WIn16my8.roa
Signing time:             Mon 01 Jan 2024 04:29:59 +0000
ROA not before:           Mon 01 Jan 2024 04:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29275
IP address blocks:        195.137.196.0/23 maxlen: 23
                          195.137.196.0/24 maxlen: 24
                          195.137.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/be3e00-3c96-4cde-b81a-14c6b954d976/1/aDsz3HIYs_6IPElQUTTLOaZk_Sg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/be3e00-3c96-4cde-b81a-14c6b954d976/1/aDsz3HIYs_6IPElQUTTLOaZk_Sg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aDsz3HIYs_6IPElQUTTLOaZk_Sg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 04:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:22:b0:34:ef:23:27:12:10:e3:cc:4c:20:f5:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=683b33dc7218b3fe883c49505134cb39a664fd28
        Validity
            Not Before: Jan  1 04:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b38ddcc8cb3eef59fe05aaf777d16227d7a9b2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:83:50:22:a8:b6:a1:4a:2f:f1:63:95:73:99:
                    97:f4:3a:08:b9:2d:c7:ed:fd:55:f7:e1:22:63:56:
                    b6:88:e5:ab:03:35:03:1e:02:e5:9e:2e:e4:23:6f:
                    70:35:65:0d:99:e8:f1:d7:e3:41:ea:57:88:1f:f4:
                    bf:63:cd:f9:3f:71:75:76:15:b5:b2:c4:b2:16:95:
                    ef:67:e2:66:1f:29:ca:ba:88:94:31:05:4b:e5:0e:
                    2a:e2:e9:cb:5b:5b:54:26:4f:b7:d7:0f:7b:e0:d0:
                    07:de:b9:4a:91:7c:15:75:e2:eb:2b:54:3f:ad:d6:
                    ac:91:54:31:ef:42:67:43:ff:7e:15:92:cf:dc:d9:
                    e1:86:ca:51:7f:08:64:11:fb:f6:e1:21:1e:1b:56:
                    3a:9a:11:4e:71:3c:fe:b7:6e:9b:bd:af:fa:e6:91:
                    6a:89:0b:d4:7d:65:ea:3b:a5:a8:30:20:0a:08:a0:
                    85:06:aa:22:40:67:34:64:9e:cd:5a:85:be:e8:72:
                    4c:b6:8e:04:22:79:9f:9c:05:bc:ed:d0:22:a6:4c:
                    9f:6b:c5:9e:b4:b7:7d:89:71:74:9f:6e:14:cb:a7:
                    4c:38:b6:2d:90:23:68:f9:ba:7f:24:56:f0:b5:0e:
                    fd:56:d7:8e:a6:2a:7c:55:d7:e9:ec:f9:d2:25:16:
                    c5:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:38:DD:CC:8C:B3:EE:F5:9F:E0:5A:AF:77:7D:16:22:7D:7A:9B:2F
            X509v3 Authority Key Identifier:
                keyid:68:3B:33:DC:72:18:B3:FE:88:3C:49:50:51:34:CB:39:A6:64:FD:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aDsz3HIYs_6IPElQUTTLOaZk_Sg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/be3e00-3c96-4cde-b81a-14c6b954d976/1/CzjdzIyz7vWf4Fqvd30WIn16my8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/be3e00-3c96-4cde-b81a-14c6b954d976/1/aDsz3HIYs_6IPElQUTTLOaZk_Sg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.137.196.0/23

    Signature Algorithm: sha256WithRSAEncryption
         83:df:5f:11:89:22:5c:ea:e8:b5:a0:cb:6c:9a:b0:91:7a:60:
         ed:f1:bd:a3:14:ad:51:ef:cf:e9:a9:51:d2:be:11:c1:15:0a:
         18:14:53:b5:50:a5:f3:39:c1:5b:1c:72:ac:74:11:a9:31:51:
         b6:f9:d4:f2:1f:bd:55:47:1a:4f:70:10:91:d1:ab:b1:9a:c2:
         f1:18:df:3f:d0:02:25:db:e5:12:9b:b9:7c:fc:de:c6:10:4a:
         a7:ee:4b:34:9c:ed:8e:ef:da:22:22:d0:75:97:8c:24:c5:8a:
         a9:b7:6b:fe:c1:bb:28:b4:b1:71:fe:5a:bd:4b:8b:44:0a:eb:
         9d:f8:f0:cd:80:a1:81:f2:c0:e0:73:38:bb:96:00:b3:03:04:
         86:ed:74:15:c6:39:9f:08:ae:91:f5:bf:b3:3b:3e:94:76:10:
         40:0b:a1:03:f0:0c:46:42:1c:2b:b7:04:d9:3b:cf:ae:3c:ef:
         62:04:3f:79:26:79:24:96:4c:70:9b:1e:4b:ce:29:4d:45:18:
         35:8d:a6:4f:46:12:dd:07:2f:28:67:c2:3e:8e:b5:63:fa:70:
         36:08:46:2d:b2:90:b7:fc:d4:a3:89:62:e8:ba:5a:2b:e7:82:
         bd:4f:f2:ec:26:8c:9a:86:40:d5:87:3b:5c:36:2d:51:1e:2b:
         44:b8:04:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSSKwNO8jJxIQ48xMIPWAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4M2IzM2RjNzIxOGIzZmU4ODNjNDk1MDUxMzRjYjM5YTY2
NGZkMjgwHhcNMjQwMTAxMDQyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjM4ZGRjYzhjYjNlZWY1OWZlMDVhYWY3NzdkMTYyMjdkN2E5YjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYNQIqi2oUov8WOVc5mX9DoIuS3H
7f1V9+EiY1a2iOWrAzUDHgLlni7kI29wNWUNmejx1+NB6leIH/S/Y835P3F1dhW1
ssSyFpXvZ+JmHynKuoiUMQVL5Q4q4unLW1tUJk+31w974NAH3rlKkXwVdeLrK1Q/
rdaskVQx70JnQ/9+FZLP3NnhhspRfwhkEfv24SEeG1Y6mhFOcTz+t26bva/65pFq
iQvUfWXqO6WoMCAKCKCFBqoiQGc0ZJ7NWoW+6HJMto4EInmfnAW87dAipkyfa8We
tLd9iXF0n24Uy6dMOLYtkCNo+bp/JFbwtQ79VteOpip8Vdfp7PnSJRbFbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAs43cyMs+71n+Bar3d9FiJ9epsvMB8GA1UdIwQY
MBaAFGg7M9xyGLP+iDxJUFE0yzmmZP0oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYURzejNISVlzXzZJUEVsUVVUVExPYVprX1NnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi9iZTNlMDAtM2M5Ni00Y2RlLWI4MWEt
MTRjNmI5NTRkOTc2LzEvQ3pqZHpJeXo3dldmNEZxdmQzMFdJbjE2bXk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi9iZTNlMDAtM2M5Ni00Y2RlLWI4MWEtMTRjNmI5NTRkOTc2
LzEvYURzejNISVlzXzZJUEVsUVVUVExPYVprX1NnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw4nEMA0G
CSqGSIb3DQEBCwUAA4IBAQCD318RiSJc6ui1oMtsmrCRemDt8b2jFK1R78/pqVHS
vhHBFQoYFFO1UKXzOcFbHHKsdBGpMVG2+dTyH71VRxpPcBCR0auxmsLxGN8/0AIl
2+USm7l8/N7GEEqn7ks0nO2O79oiItB1l4wkxYqpt2v+wbsotLFx/lq9S4tECuud
+PDNgKGB8sDgczi7lgCzAwSG7XQVxjmfCK6R9b+zOz6UdhBAC6ED8AxGQhwrtwTZ
O8+uPO9iBD95Jnkklkxwmx5LzilNRRg1jaZPRhLdBy8oZ8I+jrVj+nA2CEYtspC3
/NSjiWLoulor54K9T/LsJoyahkDVhztcNi1RHitEuARb
-----END CERTIFICATE-----