Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/57b891-a912-4c6a-8e3b-d41fcdf57598/1/tYjA70ZZuilBmqlOohdOI6JLHKo.roa
File:                     tYjA70ZZuilBmqlOohdOI6JLHKo.roa (raw, json)
Hash identifier:          PECqLqkHLJE6zy86na+6dfULVx22XsoZe+uQfg0Hx10=
Subject key identifier:   B5:88:C0:EF:46:59:BA:29:41:9A:A9:4E:A2:17:4E:23:A2:4B:1C:AA
Certificate issuer:       /CN=5d83b5a67d92ffa8476c9321aa7bf6d4a20d3dab
Certificate serial:       018CCA2B2A391073039923F13376508A01D8
Authority key identifier: 5D:83:B5:A6:7D:92:FF:A8:47:6C:93:21:AA:7B:F6:D4:A2:0D:3D:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XYO1pn2S_6hHbJMhqnv21KINPas.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/57b891-a912-4c6a-8e3b-d41fcdf57598/1/tYjA70ZZuilBmqlOohdOI6JLHKo.roa
Signing time:             Tue 02 Jan 2024 12:34:35 +0000
ROA not before:           Tue 02 Jan 2024 12:34:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34367
IP address blocks:        195.245.106.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/57b891-a912-4c6a-8e3b-d41fcdf57598/1/XYO1pn2S_6hHbJMhqnv21KINPas.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/57b891-a912-4c6a-8e3b-d41fcdf57598/1/XYO1pn2S_6hHbJMhqnv21KINPas.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XYO1pn2S_6hHbJMhqnv21KINPas.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 13:02:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:2a:39:10:73:03:99:23:f1:33:76:50:8a:01:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d83b5a67d92ffa8476c9321aa7bf6d4a20d3dab
        Validity
            Not Before: Jan  2 12:34:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b588c0ef4659ba29419aa94ea2174e23a24b1caa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:bd:56:a7:89:d0:28:2c:0a:34:1b:c0:a9:ea:
                    03:0c:a3:5e:62:c9:a5:48:d6:9b:0c:22:69:3b:da:
                    2f:32:ec:47:01:ce:a4:fd:26:bf:93:4b:f4:35:26:
                    4f:11:ff:26:29:ff:a6:17:4e:7d:fa:1c:68:f4:89:
                    69:f8:90:93:78:32:70:97:84:36:bc:5d:d9:d6:f7:
                    96:b4:47:be:2e:58:b2:c3:d7:b4:ed:01:9d:33:42:
                    4f:39:7d:85:9b:df:91:77:88:ec:2e:e7:54:3b:5c:
                    3a:eb:4f:5e:67:b9:b5:2e:f8:6d:46:b0:7b:a3:86:
                    06:40:ef:8d:57:bc:c0:1c:09:09:ac:95:25:38:02:
                    0c:80:63:68:66:c3:d3:4f:0e:b0:6a:5f:01:15:ad:
                    2b:a5:a2:62:79:6e:8b:e5:04:ba:2a:7c:4b:bb:ad:
                    37:eb:3f:3c:ce:d8:b8:c1:17:fe:f8:b7:6c:1a:66:
                    d2:9d:61:e3:31:03:1d:24:67:e7:14:68:1f:66:58:
                    cb:0d:88:0e:20:dd:56:35:7d:46:5c:a1:e6:95:ca:
                    e4:64:f2:76:fc:af:39:23:78:64:84:4a:aa:75:65:
                    6c:93:10:dd:9d:e8:86:ee:73:4a:37:44:df:b6:15:
                    dd:7d:fc:a7:87:59:dd:e1:e0:63:b0:0c:83:e0:f6:
                    0a:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:88:C0:EF:46:59:BA:29:41:9A:A9:4E:A2:17:4E:23:A2:4B:1C:AA
            X509v3 Authority Key Identifier:
                keyid:5D:83:B5:A6:7D:92:FF:A8:47:6C:93:21:AA:7B:F6:D4:A2:0D:3D:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XYO1pn2S_6hHbJMhqnv21KINPas.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/57b891-a912-4c6a-8e3b-d41fcdf57598/1/tYjA70ZZuilBmqlOohdOI6JLHKo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/57b891-a912-4c6a-8e3b-d41fcdf57598/1/XYO1pn2S_6hHbJMhqnv21KINPas.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.245.106.0/23

    Signature Algorithm: sha256WithRSAEncryption
         bf:c9:68:b4:ca:01:22:b2:99:3c:b3:5d:5c:eb:ed:6e:b8:88:
         93:ff:c4:c6:84:14:16:4e:d2:15:9f:57:a5:85:1a:19:15:13:
         cb:78:9d:cc:c6:f4:17:19:3a:f7:6e:3d:2c:cd:83:df:4a:7e:
         b6:51:a0:26:f9:66:ec:e2:f4:b5:ff:18:e3:b4:ec:f0:34:5b:
         02:25:51:15:73:85:11:29:69:9c:d5:01:91:34:e2:93:28:ae:
         d7:9e:60:fd:b2:dd:a8:ca:3b:96:7c:a5:fa:3e:30:52:7d:71:
         c5:89:f4:22:36:73:ab:4b:bb:3e:de:15:d3:4a:20:cc:80:82:
         5c:7a:f6:8b:4c:2c:48:ea:8e:8c:eb:c8:ed:ba:ea:93:da:9f:
         ff:4c:c3:bd:9d:6a:92:fb:77:fd:39:2e:14:39:23:e1:35:40:
         7a:59:60:c1:40:8c:6a:7f:6c:cd:7a:52:b3:9f:6d:67:db:5e:
         73:2c:ad:65:cc:c9:a6:15:1e:27:7e:d1:cc:ea:ec:ac:b1:6b:
         ab:32:a2:52:0e:d3:03:b2:36:2a:c9:be:87:4f:95:17:6e:a3:
         d9:3b:f0:6d:be:81:6d:93:53:13:4b:e3:f6:9e:c8:3d:ee:e2:
         c9:4a:82:d4:4f:18:72:9f:f8:76:73:c8:39:92:61:75:80:f4:
         39:04:86:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKyo5EHMDmSPxM3ZQigHYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkODNiNWE2N2Q5MmZmYTg0NzZjOTMyMWFhN2JmNmQ0YTIw
ZDNkYWIwHhcNMjQwMTAyMTIzNDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTg4YzBlZjQ2NTliYTI5NDE5YWE5NGVhMjE3NGUyM2EyNGIxY2FhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnb1Wp4nQKCwKNBvAqeoDDKNeYsml
SNabDCJpO9ovMuxHAc6k/Sa/k0v0NSZPEf8mKf+mF059+hxo9Ilp+JCTeDJwl4Q2
vF3Z1veWtEe+Lliyw9e07QGdM0JPOX2Fm9+Rd4jsLudUO1w6609eZ7m1LvhtRrB7
o4YGQO+NV7zAHAkJrJUlOAIMgGNoZsPTTw6wal8BFa0rpaJieW6L5QS6KnxLu603
6z88zti4wRf++LdsGmbSnWHjMQMdJGfnFGgfZljLDYgOIN1WNX1GXKHmlcrkZPJ2
/K85I3hkhEqqdWVskxDdneiG7nNKN0TfthXdffynh1nd4eBjsAyD4PYKSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLWIwO9GWbopQZqpTqIXTiOiSxyqMB8GA1UdIwQY
MBaAFF2DtaZ9kv+oR2yTIap79tSiDT2rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFlPMXBuMlNfNmhIYkpNaHFudjIxS0lOUGFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi81N2I4OTEtYTkxMi00YzZhLThlM2It
ZDQxZmNkZjU3NTk4LzEvdFlqQTcwWlp1aWxCbXFsT29oZE9JNkpMSEtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi81N2I4OTEtYTkxMi00YzZhLThlM2ItZDQxZmNkZjU3NTk4
LzEvWFlPMXBuMlNfNmhIYkpNaHFudjIxS0lOUGFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw/VqMA0G
CSqGSIb3DQEBCwUAA4IBAQC/yWi0ygEispk8s11c6+1uuIiT/8TGhBQWTtIVn1el
hRoZFRPLeJ3MxvQXGTr3bj0szYPfSn62UaAm+Wbs4vS1/xjjtOzwNFsCJVEVc4UR
KWmc1QGRNOKTKK7XnmD9st2oyjuWfKX6PjBSfXHFifQiNnOrS7s+3hXTSiDMgIJc
evaLTCxI6o6M68jtuuqT2p//TMO9nWqS+3f9OS4UOSPhNUB6WWDBQIxqf2zNelKz
n21n215zLK1lzMmmFR4nftHM6uyssWurMqJSDtMDsjYqyb6HT5UXbqPZO/BtvoFt
k1MTS+P2nsg97uLJSoLUTxhyn/h2c8g5kmF1gPQ5BIZb
-----END CERTIFICATE-----