Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/25b6ce-c211-4668-9a47-fe58f84dd3fd/1/1CqdgnBv1ZBCon6OG6SPMurrNFA.roa
File:                     1CqdgnBv1ZBCon6OG6SPMurrNFA.roa (raw, json)
Hash identifier:          w9PtvLvkFOzFC9hy+KTjfhiAFxYTe7nn2tlOIBkg0LA=
Subject key identifier:   D4:2A:9D:82:70:6F:D5:90:42:A2:7E:8E:1B:A4:8F:32:EA:EB:34:50
Certificate issuer:       /CN=056f4a43e0b0651247fc3629c627b9c385f0c376
Certificate serial:       018CC86F108734764D8552B9E3032119D5ED
Authority key identifier: 05:6F:4A:43:E0:B0:65:12:47:FC:36:29:C6:27:B9:C3:85:F0:C3:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BW9KQ-CwZRJH_DYpxie5w4Xww3Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/25b6ce-c211-4668-9a47-fe58f84dd3fd/1/1CqdgnBv1ZBCon6OG6SPMurrNFA.roa
Signing time:             Tue 02 Jan 2024 04:29:31 +0000
ROA not before:           Tue 02 Jan 2024 04:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56595
IP address blocks:        195.95.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/25b6ce-c211-4668-9a47-fe58f84dd3fd/1/BW9KQ-CwZRJH_DYpxie5w4Xww3Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/25b6ce-c211-4668-9a47-fe58f84dd3fd/1/BW9KQ-CwZRJH_DYpxie5w4Xww3Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BW9KQ-CwZRJH_DYpxie5w4Xww3Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:10:87:34:76:4d:85:52:b9:e3:03:21:19:d5:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=056f4a43e0b0651247fc3629c627b9c385f0c376
        Validity
            Not Before: Jan  2 04:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d42a9d82706fd59042a27e8e1ba48f32eaeb3450
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:e3:5b:2a:99:8f:dc:f4:2a:18:73:66:4b:f6:
                    79:1e:3e:b6:e3:7f:8d:e9:99:7d:cb:63:be:c9:ee:
                    ec:d4:fc:50:c5:5c:88:f4:0e:69:bd:6f:38:9a:d6:
                    31:c6:c4:a2:c7:f4:bb:09:7f:95:2e:69:73:e7:eb:
                    9a:d5:60:31:e6:4c:eb:65:96:a1:e7:96:5b:85:a6:
                    03:76:71:24:2e:6c:0b:7f:1a:e7:68:b7:68:77:8e:
                    22:6d:a0:cf:d3:cf:b1:51:eb:c9:29:6b:5a:06:c7:
                    ef:59:68:ef:17:e2:9d:4e:3d:b0:4c:e5:3f:01:82:
                    ff:b8:10:b8:f8:1b:b8:a1:e6:e4:a0:64:fc:cb:14:
                    59:1a:bf:0e:95:af:91:18:66:fa:02:7b:ac:3b:b6:
                    af:21:e5:9d:93:2d:14:f5:f1:a4:c6:56:a0:bd:4a:
                    b0:6a:a7:41:5e:58:cd:f7:b5:10:54:4a:a5:49:6a:
                    1c:8d:22:48:cf:ee:c5:8e:87:c1:cc:f5:7d:3a:19:
                    fe:1b:96:8a:19:b4:09:7d:c2:b1:6f:d7:37:e2:18:
                    77:16:47:d0:59:a7:a0:68:c4:0e:bd:4f:b6:b6:18:
                    71:fd:c7:24:38:a4:af:ee:97:38:f4:a9:08:64:0f:
                    da:11:dd:69:f2:4a:a3:ca:0c:53:dd:60:17:12:12:
                    ff:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:2A:9D:82:70:6F:D5:90:42:A2:7E:8E:1B:A4:8F:32:EA:EB:34:50
            X509v3 Authority Key Identifier:
                keyid:05:6F:4A:43:E0:B0:65:12:47:FC:36:29:C6:27:B9:C3:85:F0:C3:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BW9KQ-CwZRJH_DYpxie5w4Xww3Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/25b6ce-c211-4668-9a47-fe58f84dd3fd/1/1CqdgnBv1ZBCon6OG6SPMurrNFA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/25b6ce-c211-4668-9a47-fe58f84dd3fd/1/BW9KQ-CwZRJH_DYpxie5w4Xww3Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:ea:c7:bb:72:1c:78:2b:a8:12:ee:40:a3:da:be:cd:16:0a:
         15:28:1e:d2:76:18:ba:fd:96:bb:b0:25:28:56:5e:3a:fd:2f:
         d9:6c:2a:c1:e2:7f:9d:7f:5a:27:10:d2:45:88:f1:fa:b8:b2:
         de:8d:ae:af:57:93:4c:b3:2f:77:a7:13:fb:ad:40:57:ee:fa:
         74:e8:25:3a:9c:35:27:62:b5:18:39:75:d9:0a:74:11:ea:48:
         c2:3c:11:b1:6a:5b:04:e0:af:44:5b:b4:59:2c:53:93:9f:2b:
         7a:81:d0:d4:6f:68:24:13:8f:f3:25:16:19:62:29:5e:e0:6e:
         b6:75:4e:b7:f3:db:09:8b:2c:7f:44:12:fd:73:0a:87:18:d1:
         28:93:6c:f8:6a:e0:2d:5e:da:7a:a6:c1:d2:45:ed:52:19:c0:
         27:6b:88:57:9d:a9:bc:75:50:69:73:6d:bd:07:ab:39:09:f0:
         ae:ad:67:6a:af:e0:46:14:81:92:25:d4:bd:d4:a6:fb:82:8e:
         7f:c0:73:c7:cd:e0:26:d6:b8:e2:a2:69:3d:30:a1:ee:10:ec:
         e3:c6:5d:c0:bb:50:0e:19:c9:80:4f:3e:8f:08:bd:c0:5c:c2:
         68:52:00:ad:dd:e6:ef:5f:42:14:1e:37:02:cb:24:db:66:be:
         26:ca:e3:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbxCHNHZNhVK54wMhGdXtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NmY0YTQzZTBiMDY1MTI0N2ZjMzYyOWM2MjdiOWMzODVm
MGMzNzYwHhcNMjQwMTAyMDQyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDJhOWQ4MjcwNmZkNTkwNDJhMjdlOGUxYmE0OGYzMmVhZWIzNDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkONbKpmP3PQqGHNmS/Z5Hj6243+N
6Zl9y2O+ye7s1PxQxVyI9A5pvW84mtYxxsSix/S7CX+VLmlz5+ua1WAx5kzrZZah
55ZbhaYDdnEkLmwLfxrnaLdod44ibaDP08+xUevJKWtaBsfvWWjvF+KdTj2wTOU/
AYL/uBC4+Bu4oebkoGT8yxRZGr8Ola+RGGb6AnusO7avIeWdky0U9fGkxlagvUqw
aqdBXljN97UQVEqlSWocjSJIz+7FjofBzPV9Ohn+G5aKGbQJfcKxb9c34hh3FkfQ
WaegaMQOvU+2thhx/cckOKSv7pc49KkIZA/aEd1p8kqjygxT3WAXEhL/GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNQqnYJwb9WQQqJ+jhukjzLq6zRQMB8GA1UdIwQY
MBaAFAVvSkPgsGUSR/w2KcYnucOF8MN2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlc5S1EtQ3daUkpIX0RZcHhpZTV3NFh3dzNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8yNWI2Y2UtYzIxMS00NjY4LTlhNDct
ZmU1OGY4NGRkM2ZkLzEvMUNxZGduQnYxWkJDb242T0c2U1BNdXJyTkZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8yNWI2Y2UtYzIxMS00NjY4LTlhNDctZmU1OGY4NGRkM2Zk
LzEvQlc5S1EtQ3daUkpIX0RZcHhpZTV3NFh3dzNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1+GMA0G
CSqGSIb3DQEBCwUAA4IBAQAX6se7chx4K6gS7kCj2r7NFgoVKB7Sdhi6/Za7sCUo
Vl46/S/ZbCrB4n+df1onENJFiPH6uLLeja6vV5NMsy93pxP7rUBX7vp06CU6nDUn
YrUYOXXZCnQR6kjCPBGxalsE4K9EW7RZLFOTnyt6gdDUb2gkE4/zJRYZYile4G62
dU6389sJiyx/RBL9cwqHGNEok2z4auAtXtp6psHSRe1SGcAna4hXnam8dVBpc229
B6s5CfCurWdqr+BGFIGSJdS91Kb7go5/wHPHzeAm1rjiomk9MKHuEOzjxl3Au1AO
GcmATz6PCL3AXMJoUgCt3ebvX0IUHjcCyyTbZr4myuM/
-----END CERTIFICATE-----