Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/56f2a3-7eb7-4513-9f55-677871a03355/1/iHgd1zezjt9_MfnMXWr7BDtlSCc.roa
File:                     iHgd1zezjt9_MfnMXWr7BDtlSCc.roa (raw, json)
Hash identifier:          aZ7uOrpvdOe/tmS1CIT4VYfXiHP5SesjVsiFy3Lucok=
Subject key identifier:   88:78:1D:D7:37:B3:8E:DF:7F:31:F9:CC:5D:6A:FB:04:3B:65:48:27
Certificate issuer:       /CN=ac08815e8c6503601f254cab371bec471bd7eaa6
Certificate serial:       018CC64B07497A660FB60442255EF00F93FD
Authority key identifier: AC:08:81:5E:8C:65:03:60:1F:25:4C:AB:37:1B:EC:47:1B:D7:EA:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rAiBXoxlA2AfJUyrNxvsRxvX6qY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/56f2a3-7eb7-4513-9f55-677871a03355/1/iHgd1zezjt9_MfnMXWr7BDtlSCc.roa
Signing time:             Mon 01 Jan 2024 18:30:54 +0000
ROA not before:           Mon 01 Jan 2024 18:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42356
IP address blocks:        195.200.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/56f2a3-7eb7-4513-9f55-677871a03355/1/rAiBXoxlA2AfJUyrNxvsRxvX6qY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/56f2a3-7eb7-4513-9f55-677871a03355/1/rAiBXoxlA2AfJUyrNxvsRxvX6qY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rAiBXoxlA2AfJUyrNxvsRxvX6qY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:07:49:7a:66:0f:b6:04:42:25:5e:f0:0f:93:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac08815e8c6503601f254cab371bec471bd7eaa6
        Validity
            Not Before: Jan  1 18:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88781dd737b38edf7f31f9cc5d6afb043b654827
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:5d:30:53:e6:cb:c9:65:00:1d:74:21:14:22:
                    5c:9c:d2:c1:fe:02:0d:16:1c:5e:0a:05:3a:35:dc:
                    4e:b1:7a:e7:ce:71:5a:ac:a3:ea:c6:95:75:20:1e:
                    43:08:33:80:47:c8:fe:f8:49:f8:ff:01:b7:6a:ca:
                    d8:70:8a:1a:06:d5:ee:14:6a:ef:05:f4:43:67:12:
                    b8:5d:45:60:35:4e:79:2a:16:24:df:7a:9c:bb:f6:
                    76:8c:3c:84:46:d6:49:da:c4:6d:00:28:64:35:b3:
                    00:f3:8a:62:64:12:63:06:b7:81:47:77:e1:e2:f2:
                    23:ff:7b:f4:17:68:c9:73:23:98:5a:4d:85:b0:9c:
                    48:a4:c8:05:78:85:bb:8e:52:76:8e:f0:87:bd:4c:
                    00:ca:34:dc:c8:9e:36:86:42:ef:43:a3:12:53:9b:
                    57:49:38:49:0b:5e:ed:35:a8:8a:76:19:0e:c7:c7:
                    0f:a8:45:83:71:8a:05:95:79:bf:81:0b:54:eb:84:
                    a6:b6:eb:a2:7d:5c:f1:2b:d6:74:fc:cd:e5:f1:bf:
                    12:51:d2:41:f0:27:0f:0f:ab:5e:09:0b:d0:0a:5c:
                    3d:db:09:fe:3c:17:f0:ec:ec:ab:ff:e1:c4:11:7a:
                    28:e8:14:db:7a:bc:ae:97:b2:88:51:63:e6:9d:06:
                    cc:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:78:1D:D7:37:B3:8E:DF:7F:31:F9:CC:5D:6A:FB:04:3B:65:48:27
            X509v3 Authority Key Identifier:
                keyid:AC:08:81:5E:8C:65:03:60:1F:25:4C:AB:37:1B:EC:47:1B:D7:EA:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rAiBXoxlA2AfJUyrNxvsRxvX6qY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/56f2a3-7eb7-4513-9f55-677871a03355/1/iHgd1zezjt9_MfnMXWr7BDtlSCc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/56f2a3-7eb7-4513-9f55-677871a03355/1/rAiBXoxlA2AfJUyrNxvsRxvX6qY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.200.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:7a:4f:d7:e5:43:65:c9:fb:1e:f7:72:b5:86:f4:03:5b:49:
         35:44:9b:ed:c6:ad:39:93:ed:04:60:3a:85:e9:2c:e3:d6:af:
         31:be:80:f9:a3:53:a6:3d:7d:57:3f:1c:94:c1:ce:46:a1:42:
         20:bb:24:66:23:7d:20:26:6a:d2:25:de:bc:39:fc:42:19:fb:
         4e:63:22:79:a9:cc:a5:84:69:2b:74:f0:16:64:60:6c:0e:99:
         82:65:be:cd:ff:3a:80:b3:75:8d:0e:fc:95:7e:82:1a:22:43:
         0d:d9:20:e1:01:ef:ca:03:1d:89:a4:73:82:86:8f:49:3b:cd:
         86:d2:0a:c2:49:25:79:70:66:5c:4b:d0:2e:1a:55:87:ae:db:
         14:36:03:5d:90:2f:a9:f8:35:11:21:88:b4:59:aa:ab:d0:51:
         b4:fc:e5:b6:3e:f1:44:44:09:67:4a:c8:1f:0c:f8:c5:cc:6a:
         24:b5:6c:fa:9c:78:99:10:30:d7:7e:27:24:92:10:4d:15:c6:
         71:53:bf:e3:e1:fe:9f:92:80:ea:2a:98:3d:a4:0b:20:0e:9d:
         ed:7b:75:a8:f0:71:e7:02:68:7d:b9:23:6d:76:4b:9e:4c:30:
         db:fa:33:18:b9:74:30:6d:8c:28:ea:c2:99:5f:19:65:7c:f4:
         7c:12:c5:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSwdJemYPtgRCJV7wD5P9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjMDg4MTVlOGM2NTAzNjAxZjI1NGNhYjM3MWJlYzQ3MWJk
N2VhYTYwHhcNMjQwMTAxMTgzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODc4MWRkNzM3YjM4ZWRmN2YzMWY5Y2M1ZDZhZmIwNDNiNjU0ODI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkV0wU+bLyWUAHXQhFCJcnNLB/gIN
FhxeCgU6NdxOsXrnznFarKPqxpV1IB5DCDOAR8j++En4/wG3asrYcIoaBtXuFGrv
BfRDZxK4XUVgNU55KhYk33qcu/Z2jDyERtZJ2sRtAChkNbMA84piZBJjBreBR3fh
4vIj/3v0F2jJcyOYWk2FsJxIpMgFeIW7jlJ2jvCHvUwAyjTcyJ42hkLvQ6MSU5tX
SThJC17tNaiKdhkOx8cPqEWDcYoFlXm/gQtU64SmtuuifVzxK9Z0/M3l8b8SUdJB
8CcPD6teCQvQClw92wn+PBfw7Oyr/+HEEXoo6BTberyul7KIUWPmnQbMewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIh4Hdc3s47ffzH5zF1q+wQ7ZUgnMB8GA1UdIwQY
MBaAFKwIgV6MZQNgHyVMqzcb7Ecb1+qmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckFpQlhveGxBMkFmSlV5ck54dnNSeHZYNnFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC81NmYyYTMtN2ViNy00NTEzLTlmNTUt
Njc3ODcxYTAzMzU1LzEvaUhnZDF6ZXpqdDlfTWZuTVhXcjdCRHRsU0NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC81NmYyYTMtN2ViNy00NTEzLTlmNTUtNjc3ODcxYTAzMzU1
LzEvckFpQlhveGxBMkFmSlV5ck54dnNSeHZYNnFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw8jQMA0G
CSqGSIb3DQEBCwUAA4IBAQBhek/X5UNlyfse93K1hvQDW0k1RJvtxq05k+0EYDqF
6Szj1q8xvoD5o1OmPX1XPxyUwc5GoUIguyRmI30gJmrSJd68OfxCGftOYyJ5qcyl
hGkrdPAWZGBsDpmCZb7N/zqAs3WNDvyVfoIaIkMN2SDhAe/KAx2JpHOCho9JO82G
0grCSSV5cGZcS9AuGlWHrtsUNgNdkC+p+DURIYi0Waqr0FG0/OW2PvFERAlnSsgf
DPjFzGoktWz6nHiZEDDXfickkhBNFcZxU7/j4f6fkoDqKpg9pAsgDp3te3Wo8HHn
Amh9uSNtdkueTDDb+jMYuXQwbYwo6sKZXxllfPR8EsVF
-----END CERTIFICATE-----