Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/b57852-1fd7-40fd-91ff-12518429fa63/1/iq9XwmtDI3DQNq_CNJaNO_CV8OA.roa
File:                     iq9XwmtDI3DQNq_CNJaNO_CV8OA.roa (raw, json)
Hash identifier:          x5F9SSdHSoC4P09UO6M94gdC/LEyoqDTrVT1yt4VP2o=
Subject key identifier:   8A:AF:57:C2:6B:43:23:70:D0:36:AF:C2:34:96:8D:3B:F0:95:F0:E0
Certificate issuer:       /CN=a15b19638611f3e1f7644a7e3bb71d0ca374919e
Certificate serial:       018D7991CB0117D8C2588B55BBBD96EDC1BB
Authority key identifier: A1:5B:19:63:86:11:F3:E1:F7:64:4A:7E:3B:B7:1D:0C:A3:74:91:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oVsZY4YR8-H3ZEp-O7cdDKN0kZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/b57852-1fd7-40fd-91ff-12518429fa63/1/iq9XwmtDI3DQNq_CNJaNO_CV8OA.roa
Signing time:             Mon 05 Feb 2024 14:00:14 +0000
ROA not before:           Mon 05 Feb 2024 14:00:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49556
IP address blocks:        195.158.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/b57852-1fd7-40fd-91ff-12518429fa63/1/oVsZY4YR8-H3ZEp-O7cdDKN0kZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/b57852-1fd7-40fd-91ff-12518429fa63/1/oVsZY4YR8-H3ZEp-O7cdDKN0kZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oVsZY4YR8-H3ZEp-O7cdDKN0kZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:79:91:cb:01:17:d8:c2:58:8b:55:bb:bd:96:ed:c1:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a15b19638611f3e1f7644a7e3bb71d0ca374919e
        Validity
            Not Before: Feb  5 14:00:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8aaf57c26b432370d036afc234968d3bf095f0e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:66:2e:9a:9a:08:14:eb:34:f1:28:40:e1:87:
                    b6:67:fd:b8:f0:20:36:8a:f3:c1:43:44:9f:52:0f:
                    46:b6:d3:37:7f:b8:2f:ed:9d:67:63:08:2c:19:06:
                    e5:b4:4d:ed:c9:b4:14:13:7a:c8:7f:c3:e2:69:df:
                    1b:3a:3a:24:13:08:ee:92:41:a3:76:d8:10:b5:53:
                    e5:9e:60:fc:5b:bb:aa:8b:df:c4:a8:10:67:41:70:
                    ec:03:ef:c7:79:46:31:5d:b1:f8:6a:1d:ed:17:47:
                    b9:78:83:0a:f2:1d:69:cb:2b:b9:b1:67:c2:00:76:
                    2c:c6:08:65:b1:79:e2:ef:5a:56:c0:13:75:5a:2d:
                    5d:5d:5e:e1:f7:2c:d0:8f:56:d4:49:60:b0:fe:81:
                    5f:f9:96:82:53:35:be:96:32:b2:b3:ad:89:33:d4:
                    58:50:fd:1f:0a:e0:d8:c7:c8:36:da:cc:93:83:a3:
                    24:96:f7:7c:ea:52:79:0d:3c:d3:9e:bd:d4:b8:9a:
                    db:9b:6e:36:43:2d:8b:2b:b8:94:47:90:a4:98:c9:
                    48:90:95:13:62:f1:67:96:8d:19:0a:7a:a8:3d:d5:
                    d4:69:25:86:c2:90:25:c9:87:c4:a7:48:89:2e:84:
                    42:19:34:f5:a9:56:42:be:ac:fa:46:cb:29:eb:12:
                    38:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:AF:57:C2:6B:43:23:70:D0:36:AF:C2:34:96:8D:3B:F0:95:F0:E0
            X509v3 Authority Key Identifier:
                keyid:A1:5B:19:63:86:11:F3:E1:F7:64:4A:7E:3B:B7:1D:0C:A3:74:91:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oVsZY4YR8-H3ZEp-O7cdDKN0kZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/b57852-1fd7-40fd-91ff-12518429fa63/1/iq9XwmtDI3DQNq_CNJaNO_CV8OA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/b57852-1fd7-40fd-91ff-12518429fa63/1/oVsZY4YR8-H3ZEp-O7cdDKN0kZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.158.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:f4:fc:0c:65:cd:f9:8d:9c:2a:47:ab:95:e9:8f:71:11:c5:
         70:82:ad:53:10:e6:30:ce:d0:e3:7f:6f:54:f0:3b:ee:fd:5b:
         ca:0b:38:c8:cf:bb:d8:89:1b:55:cd:34:44:6e:30:0c:f8:53:
         a7:84:2b:ba:f3:b6:36:12:a3:a7:1f:2c:17:0f:f2:cb:f7:61:
         1c:7b:b5:1a:35:12:50:d7:6a:e7:4b:c6:b7:5e:a2:ea:3f:b7:
         fa:2b:71:c6:16:2f:75:73:57:24:0d:bb:0d:51:c5:5c:95:24:
         cb:9f:5c:cf:90:14:12:49:e3:1e:b1:36:93:f3:eb:5c:3c:44:
         6f:6a:9c:16:32:ce:9b:4d:82:cd:a7:7b:ec:d3:42:34:52:61:
         c8:3d:50:c3:a9:fb:7f:65:26:91:eb:34:7e:e5:c2:e9:4e:93:
         b4:ef:f3:4e:c2:40:f2:52:69:2b:44:bd:65:96:52:ad:49:e8:
         3d:c7:4e:1d:e8:1c:fb:14:e1:7e:ec:40:71:27:47:26:34:36:
         7e:99:10:4b:3b:0f:fa:51:6a:f8:54:b9:9d:1c:be:d3:ba:38:
         54:cd:75:85:77:db:46:2a:6e:5e:d1:4c:d6:a1:d9:87:2f:de:
         bf:b3:3b:6d:e7:65:43:d7:08:4c:0d:73:06:3f:76:c4:32:4a:
         99:52:03:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY15kcsBF9jCWItVu72W7cG7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExNWIxOTYzODYxMWYzZTFmNzY0NGE3ZTNiYjcxZDBjYTM3
NDkxOWUwHhcNMjQwMjA1MTQwMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWFmNTdjMjZiNDMyMzcwZDAzNmFmYzIzNDk2OGQzYmYwOTVmMGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2YumpoIFOs08ShA4Ye2Z/248CA2
ivPBQ0SfUg9GttM3f7gv7Z1nYwgsGQbltE3tybQUE3rIf8Piad8bOjokEwjukkGj
dtgQtVPlnmD8W7uqi9/EqBBnQXDsA+/HeUYxXbH4ah3tF0e5eIMK8h1pyyu5sWfC
AHYsxghlsXni71pWwBN1Wi1dXV7h9yzQj1bUSWCw/oFf+ZaCUzW+ljKys62JM9RY
UP0fCuDYx8g22syTg6Mklvd86lJ5DTzTnr3UuJrbm242Qy2LK7iUR5CkmMlIkJUT
YvFnlo0ZCnqoPdXUaSWGwpAlyYfEp0iJLoRCGTT1qVZCvqz6Rssp6xI4KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIqvV8JrQyNw0DavwjSWjTvwlfDgMB8GA1UdIwQY
MBaAFKFbGWOGEfPh92RKfju3HQyjdJGeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1ZzWlk0WVI4LUgzWkVwLU83Y2RES04wa1o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9iNTc4NTItMWZkNy00MGZkLTkxZmYt
MTI1MTg0MjlmYTYzLzEvaXE5WHdtdERJM0RRTnFfQ05KYU5PX0NWOE9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9iNTc4NTItMWZkNy00MGZkLTkxZmYtMTI1MTg0MjlmYTYz
LzEvb1ZzWlk0WVI4LUgzWkVwLU83Y2RES04wa1o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw57mMA0G
CSqGSIb3DQEBCwUAA4IBAQAz9PwMZc35jZwqR6uV6Y9xEcVwgq1TEOYwztDjf29U
8Dvu/VvKCzjIz7vYiRtVzTREbjAM+FOnhCu687Y2EqOnHywXD/LL92Ece7UaNRJQ
12rnS8a3XqLqP7f6K3HGFi91c1ckDbsNUcVclSTLn1zPkBQSSeMesTaT8+tcPERv
apwWMs6bTYLNp3vs00I0UmHIPVDDqft/ZSaR6zR+5cLpTpO07/NOwkDyUmkrRL1l
llKtSeg9x04d6Bz7FOF+7EBxJ0cmNDZ+mRBLOw/6UWr4VLmdHL7TujhUzXWFd9tG
Km5e0UzWodmHL96/sztt52VD1whMDXMGP3bEMkqZUgM3
-----END CERTIFICATE-----