Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/db5101-015c-40c5-905b-657b3a7d9676/1/AJCUA3AyBL-DBJuMirtlKLpBu1o.roa
File:                     AJCUA3AyBL-DBJuMirtlKLpBu1o.roa (raw, json)
Hash identifier:          HEZXxGyj4RvHznPF5CmuRPhvWPJeLZ5mLAJQNpndrr0=
Subject key identifier:   00:90:94:03:70:32:04:BF:83:04:9B:8C:8A:BB:65:28:BA:41:BB:5A
Certificate issuer:       /CN=30f90d2520ad619ac3060b39fbd2c204e29a2a14
Certificate serial:       018CC94DF0A8A4CE690E8D487F897F335D8B
Authority key identifier: 30:F9:0D:25:20:AD:61:9A:C3:06:0B:39:FB:D2:C2:04:E2:9A:2A:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MPkNJSCtYZrDBgs5-9LCBOKaKhQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/db5101-015c-40c5-905b-657b3a7d9676/1/AJCUA3AyBL-DBJuMirtlKLpBu1o.roa
Signing time:             Tue 02 Jan 2024 08:32:57 +0000
ROA not before:           Tue 02 Jan 2024 08:32:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50277
IP address blocks:        195.5.180.0/24 maxlen: 24
                          2001:67c:1580::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/db5101-015c-40c5-905b-657b3a7d9676/1/MPkNJSCtYZrDBgs5-9LCBOKaKhQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/db5101-015c-40c5-905b-657b3a7d9676/1/MPkNJSCtYZrDBgs5-9LCBOKaKhQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MPkNJSCtYZrDBgs5-9LCBOKaKhQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:f0:a8:a4:ce:69:0e:8d:48:7f:89:7f:33:5d:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30f90d2520ad619ac3060b39fbd2c204e29a2a14
        Validity
            Not Before: Jan  2 08:32:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00909403703204bf83049b8c8abb6528ba41bb5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:cc:ad:50:1e:b0:03:d5:a3:66:32:fd:76:a6:
                    59:62:80:aa:22:df:27:db:63:d9:c6:e6:f8:cc:19:
                    05:f3:bd:58:1a:24:9a:ce:10:5e:52:d4:bd:56:a3:
                    3a:59:52:d4:fd:f9:e6:05:cf:7e:f5:a1:5f:d4:08:
                    cc:e9:86:8b:f5:48:e2:72:a7:77:28:3e:7b:b9:88:
                    83:22:93:97:71:d2:06:85:56:85:92:bb:64:47:1d:
                    8b:b6:35:a9:71:59:16:84:25:72:0a:63:c9:d6:c9:
                    79:c8:ad:a6:d8:90:11:55:80:ec:0f:73:20:f7:aa:
                    8c:ed:f8:93:16:23:1c:ab:8a:45:74:57:e4:cc:d5:
                    6c:4a:8a:9f:60:ec:35:d5:13:90:51:34:b4:e5:31:
                    08:84:09:aa:b5:5d:80:1b:73:20:3c:77:03:b4:31:
                    95:c5:60:4d:ce:2c:a5:d5:4a:97:6f:da:64:7b:6d:
                    c8:71:0f:98:b8:2e:fd:21:7a:50:d0:77:44:1c:4d:
                    cc:e8:11:fc:4d:9d:3f:ea:d9:f2:57:43:b2:db:d5:
                    f1:70:e2:6d:ec:46:bf:08:19:81:f4:0c:fb:14:af:
                    28:dc:90:34:0f:4b:b4:50:92:f1:b1:32:b3:3c:e5:
                    96:e6:76:6a:44:8f:a9:d5:18:09:10:49:a1:35:28:
                    48:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:90:94:03:70:32:04:BF:83:04:9B:8C:8A:BB:65:28:BA:41:BB:5A
            X509v3 Authority Key Identifier:
                keyid:30:F9:0D:25:20:AD:61:9A:C3:06:0B:39:FB:D2:C2:04:E2:9A:2A:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MPkNJSCtYZrDBgs5-9LCBOKaKhQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/db5101-015c-40c5-905b-657b3a7d9676/1/AJCUA3AyBL-DBJuMirtlKLpBu1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/db5101-015c-40c5-905b-657b3a7d9676/1/MPkNJSCtYZrDBgs5-9LCBOKaKhQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.5.180.0/24
                IPv6:
                  2001:67c:1580::/48

    Signature Algorithm: sha256WithRSAEncryption
         5d:90:e4:91:f1:65:1d:1f:36:19:0b:e5:95:b8:2d:a1:27:71:
         13:c9:a6:97:3e:f8:a5:e5:04:b8:4d:82:a4:83:79:c6:39:45:
         72:71:b0:95:d1:46:be:86:19:99:27:8a:46:ed:99:d6:69:e2:
         8c:b1:4d:eb:66:7b:aa:5b:67:06:87:c4:6a:b2:d1:33:b1:d5:
         38:f8:f2:13:06:fd:a3:ce:87:24:f1:64:35:99:8b:c6:f4:91:
         16:37:7c:1b:be:2a:8e:ae:d2:27:e8:be:77:6c:db:70:ea:80:
         ba:02:e5:97:b0:71:4d:be:0d:4c:24:bc:f2:81:ed:a8:70:a9:
         bb:58:51:6e:49:a6:7e:42:92:d0:14:be:e5:58:44:a7:9f:27:
         98:31:75:dd:35:52:53:21:25:f4:68:96:52:e0:ce:bf:18:cc:
         90:7a:c0:5c:1e:21:44:c2:00:5e:c0:9f:15:2e:1e:e8:91:76:
         d6:59:88:53:0e:f1:9b:38:5a:f4:1a:4e:c5:3c:10:c7:4f:f9:
         d2:2d:12:5f:37:93:a2:26:fd:3b:bc:c0:43:48:62:63:d2:c9:
         ad:db:94:e7:70:e7:c5:93:64:a4:6d:db:57:67:24:c3:a5:2e:
         cb:fc:c7:68:d3:c1:56:8d:78:8a:b7:e4:d9:90:f8:82:77:21:
         c1:fc:4c:1f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJTfCopM5pDo1If4l/M12LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwZjkwZDI1MjBhZDYxOWFjMzA2MGIzOWZiZDJjMjA0ZTI5
YTJhMTQwHhcNMjQwMTAyMDgzMjU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDkwOTQwMzcwMzIwNGJmODMwNDliOGM4YWJiNjUyOGJhNDFiYjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsytUB6wA9WjZjL9dqZZYoCqIt8n
22PZxub4zBkF871YGiSazhBeUtS9VqM6WVLU/fnmBc9+9aFf1AjM6YaL9Ujicqd3
KD57uYiDIpOXcdIGhVaFkrtkRx2LtjWpcVkWhCVyCmPJ1sl5yK2m2JARVYDsD3Mg
96qM7fiTFiMcq4pFdFfkzNVsSoqfYOw11ROQUTS05TEIhAmqtV2AG3MgPHcDtDGV
xWBNziyl1UqXb9pke23IcQ+YuC79IXpQ0HdEHE3M6BH8TZ0/6tnyV0Oy29XxcOJt
7Ea/CBmB9Az7FK8o3JA0D0u0UJLxsTKzPOWW5nZqRI+p1RgJEEmhNShIKwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFACQlANwMgS/gwSbjIq7ZSi6QbtaMB8GA1UdIwQY
MBaAFDD5DSUgrWGawwYLOfvSwgTimioUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVBrTkpTQ3RZWnJEQmdzNS05TENCT0thS2hRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9kYjUxMDEtMDE1Yy00MGM1LTkwNWIt
NjU3YjNhN2Q5Njc2LzEvQUpDVUEzQXlCTC1EQkp1TWlydGxLTHBCdTFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9kYjUxMDEtMDE1Yy00MGM1LTkwNWItNjU3YjNhN2Q5Njc2
LzEvTVBrTkpTQ3RZWnJEQmdzNS05TENCT0thS2hRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwwW0MA8E
AgACMAkDBwAgAQZ8FYAwDQYJKoZIhvcNAQELBQADggEBAF2Q5JHxZR0fNhkL5ZW4
LaEncRPJppc++KXlBLhNgqSDecY5RXJxsJXRRr6GGZknikbtmdZp4oyxTetme6pb
ZwaHxGqy0TOx1Tj48hMG/aPOhyTxZDWZi8b0kRY3fBu+Ko6u0ifovnds23DqgLoC
5ZewcU2+DUwkvPKB7ahwqbtYUW5Jpn5CktAUvuVYRKefJ5gxdd01UlMhJfRollLg
zr8YzJB6wFweIUTCAF7AnxUuHuiRdtZZiFMO8Zs4WvQaTsU8EMdP+dItEl83k6Im
/Tu8wENIYmPSya3blOdw58WTZKRt21dnJMOlLsv8x2jTwVaNeIq35NmQ+IJ3IcH8
TB8=
-----END CERTIFICATE-----