Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/70ddc4-f9c4-498b-85ee-16fc9d44ec7d/1/R_KxB2Z07D3Lxp4aSo7eqsDwQ_g.roa
File:                     R_KxB2Z07D3Lxp4aSo7eqsDwQ_g.roa (raw, json)
Hash identifier:          4tU2ou12JSfTAhelVCgGPV4Ee7/k70e8DYdPF5QRNGg=
Subject key identifier:   47:F2:B1:07:66:74:EC:3D:CB:C6:9E:1A:4A:8E:DE:AA:C0:F0:43:F8
Certificate issuer:       /CN=9c0d5540bdcd33052bc00fff266338bf3cc82a80
Certificate serial:       018CC802CDA966591FCDCD650EA32555F7BB
Authority key identifier: 9C:0D:55:40:BD:CD:33:05:2B:C0:0F:FF:26:63:38:BF:3C:C8:2A:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nA1VQL3NMwUrwA__JmM4vzzIKoA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/70ddc4-f9c4-498b-85ee-16fc9d44ec7d/1/R_KxB2Z07D3Lxp4aSo7eqsDwQ_g.roa
Signing time:             Tue 02 Jan 2024 02:31:16 +0000
ROA not before:           Tue 02 Jan 2024 02:31:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400161
IP address blocks:        195.96.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/70ddc4-f9c4-498b-85ee-16fc9d44ec7d/1/nA1VQL3NMwUrwA__JmM4vzzIKoA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/70ddc4-f9c4-498b-85ee-16fc9d44ec7d/1/nA1VQL3NMwUrwA__JmM4vzzIKoA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nA1VQL3NMwUrwA__JmM4vzzIKoA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:cd:a9:66:59:1f:cd:cd:65:0e:a3:25:55:f7:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c0d5540bdcd33052bc00fff266338bf3cc82a80
        Validity
            Not Before: Jan  2 02:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47f2b1076674ec3dcbc69e1a4a8edeaac0f043f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:27:27:18:07:c1:34:32:7d:33:68:66:f1:f7:
                    dc:09:a0:b2:e7:21:a2:77:bd:e1:21:ea:b9:d2:98:
                    e9:31:e8:90:77:22:86:19:d5:03:3b:fa:82:d6:7a:
                    54:2d:1b:06:65:aa:27:82:f0:34:23:3f:48:94:b6:
                    ab:a8:b4:4f:58:f9:76:80:aa:44:01:73:12:ed:61:
                    f5:56:86:9a:a6:a9:dc:e5:28:a3:a4:ed:fd:79:bd:
                    d6:b0:c6:6c:42:49:aa:ee:54:13:05:95:72:00:2f:
                    42:cf:9d:02:ce:aa:df:47:32:ae:e1:be:0c:41:99:
                    db:2a:18:d8:45:6b:30:8a:8d:b3:4f:c9:64:05:6b:
                    5d:af:81:6e:e5:2d:94:a2:19:9a:2e:92:69:72:55:
                    aa:7e:ec:fb:7c:a4:a7:a4:0d:7c:48:b3:4f:1e:d5:
                    8b:64:14:d3:96:8b:1c:7e:33:9a:48:a9:66:cb:e7:
                    a5:06:31:02:58:c3:45:c0:1a:9d:aa:e2:87:d7:33:
                    f6:ac:7b:25:50:50:57:76:6d:1b:f9:bc:80:e1:26:
                    7f:0b:7d:e2:e3:e7:92:a1:a2:1f:cc:76:d3:37:5c:
                    c4:ea:34:28:43:2e:6c:74:12:42:c5:bf:ff:c5:fb:
                    54:9d:89:c1:1d:4e:26:cf:f8:dd:83:67:37:0e:7f:
                    57:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:F2:B1:07:66:74:EC:3D:CB:C6:9E:1A:4A:8E:DE:AA:C0:F0:43:F8
            X509v3 Authority Key Identifier:
                keyid:9C:0D:55:40:BD:CD:33:05:2B:C0:0F:FF:26:63:38:BF:3C:C8:2A:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nA1VQL3NMwUrwA__JmM4vzzIKoA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/70ddc4-f9c4-498b-85ee-16fc9d44ec7d/1/R_KxB2Z07D3Lxp4aSo7eqsDwQ_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/70ddc4-f9c4-498b-85ee-16fc9d44ec7d/1/nA1VQL3NMwUrwA__JmM4vzzIKoA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.96.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:ce:a9:e4:3f:79:41:c8:b5:a0:4c:20:fd:9a:7d:a6:7a:6e:
         f6:4b:d0:e9:76:88:78:c2:da:f2:ff:7a:29:94:91:27:96:e1:
         28:9c:56:c9:15:50:58:3e:f9:64:c1:1f:28:d4:3b:64:cf:3a:
         ab:70:0e:86:a9:d1:c0:5e:25:93:2e:78:cd:f5:ac:64:85:9a:
         db:b7:32:11:ea:e7:8b:47:bc:dc:77:76:74:2c:5c:9a:d5:08:
         85:9e:bf:0f:7a:f9:e7:56:1e:a3:ec:dc:c6:2c:b1:eb:45:96:
         74:e1:89:d6:b8:8c:0a:0b:b4:a8:21:5b:7b:da:b8:39:bf:15:
         6a:03:54:70:29:ed:b3:5e:0d:2c:78:06:a4:e9:c3:d8:f3:21:
         3b:9a:5d:3d:75:6a:97:66:6f:01:64:8e:42:b3:10:1b:37:6e:
         a4:26:df:72:a6:a5:64:df:ee:e8:8b:d9:eb:25:71:ff:80:0a:
         bc:64:b4:94:d5:97:64:46:59:d5:01:8c:77:fd:67:92:bf:e4:
         75:d4:52:2a:ee:76:aa:69:ce:aa:b9:8e:88:df:8a:38:f7:8c:
         d8:24:f1:1d:da:b8:d5:32:5b:0a:45:41:ec:d7:1c:27:39:81:
         44:45:00:75:0f:54:27:b2:c6:3a:02:cb:fd:dc:48:b0:4b:f5:
         2f:71:eb:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAs2pZlkfzc1lDqMlVfe7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljMGQ1NTQwYmRjZDMzMDUyYmMwMGZmZjI2NjMzOGJmM2Nj
ODJhODAwHhcNMjQwMTAyMDIzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2YyYjEwNzY2NzRlYzNkY2JjNjllMWE0YThlZGVhYWMwZjA0M2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlScnGAfBNDJ9M2hm8ffcCaCy5yGi
d73hIeq50pjpMeiQdyKGGdUDO/qC1npULRsGZaongvA0Iz9IlLarqLRPWPl2gKpE
AXMS7WH1Voaapqnc5SijpO39eb3WsMZsQkmq7lQTBZVyAC9Cz50CzqrfRzKu4b4M
QZnbKhjYRWswio2zT8lkBWtdr4Fu5S2UohmaLpJpclWqfuz7fKSnpA18SLNPHtWL
ZBTTloscfjOaSKlmy+elBjECWMNFwBqdquKH1zP2rHslUFBXdm0b+byA4SZ/C33i
4+eSoaIfzHbTN1zE6jQoQy5sdBJCxb//xftUnYnBHU4mz/jdg2c3Dn9XWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEfysQdmdOw9y8aeGkqO3qrA8EP4MB8GA1UdIwQY
MBaAFJwNVUC9zTMFK8AP/yZjOL88yCqAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkExVlFMM05Nd1Vyd0FfX0ptTTR2enpJS29BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi83MGRkYzQtZjljNC00OThiLTg1ZWUt
MTZmYzlkNDRlYzdkLzEvUl9LeEIyWjA3RDNMeHA0YVNvN2Vxc0R3UV9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi83MGRkYzQtZjljNC00OThiLTg1ZWUtMTZmYzlkNDRlYzdk
LzEvbkExVlFMM05Nd1Vyd0FfX0ptTTR2enpJS29BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw2CJMA0G
CSqGSIb3DQEBCwUAA4IBAQAFzqnkP3lByLWgTCD9mn2mem72S9Dpdoh4wtry/3op
lJEnluEonFbJFVBYPvlkwR8o1DtkzzqrcA6GqdHAXiWTLnjN9axkhZrbtzIR6ueL
R7zcd3Z0LFya1QiFnr8PevnnVh6j7NzGLLHrRZZ04YnWuIwKC7SoIVt72rg5vxVq
A1RwKe2zXg0seAak6cPY8yE7ml09dWqXZm8BZI5CsxAbN26kJt9ypqVk3+7oi9nr
JXH/gAq8ZLSU1ZdkRlnVAYx3/WeSv+R11FIq7naqac6quY6I34o494zYJPEd2rjV
MlsKRUHs1xwnOYFERQB1D1QnssY6Asv93EiwS/UvcetZ
-----END CERTIFICATE-----