Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/2f45ae-75c0-439c-a311-671d68188688/1/sU57-kAFS3RBv5oa4nnSUQuKBpA.roa
File:                     sU57-kAFS3RBv5oa4nnSUQuKBpA.roa (raw, json)
Hash identifier:          yYkIUdShAboEAMGur19e8gKBwgA6CPtPSAFxBOcGHrU=
Subject key identifier:   B1:4E:7B:FA:40:05:4B:74:41:BF:9A:1A:E2:79:D2:51:0B:8A:06:90
Certificate issuer:       /CN=b7601d7cc820dc71915ea930673ef47f241a71c8
Certificate serial:       018CC802C0521EAC6FA4A286540E70178EAE
Authority key identifier: B7:60:1D:7C:C8:20:DC:71:91:5E:A9:30:67:3E:F4:7F:24:1A:71:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t2AdfMgg3HGRXqkwZz70fyQaccg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/2f45ae-75c0-439c-a311-671d68188688/1/sU57-kAFS3RBv5oa4nnSUQuKBpA.roa
Signing time:             Tue 02 Jan 2024 02:31:12 +0000
ROA not before:           Tue 02 Jan 2024 02:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51695
IP address blocks:        195.191.118.0/24 maxlen: 24
                          193.202.120.0/24 maxlen: 24
                          193.23.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/2f45ae-75c0-439c-a311-671d68188688/1/t2AdfMgg3HGRXqkwZz70fyQaccg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/2f45ae-75c0-439c-a311-671d68188688/1/t2AdfMgg3HGRXqkwZz70fyQaccg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t2AdfMgg3HGRXqkwZz70fyQaccg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 30 Jun 2024 01:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:c0:52:1e:ac:6f:a4:a2:86:54:0e:70:17:8e:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b7601d7cc820dc71915ea930673ef47f241a71c8
        Validity
            Not Before: Jan  2 02:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b14e7bfa40054b7441bf9a1ae279d2510b8a0690
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:44:ba:d7:d5:02:fd:c2:7c:99:bb:60:ff:93:
                    78:28:22:c6:e1:9f:aa:84:91:c1:56:90:3c:41:1f:
                    e2:1b:11:73:72:6d:0f:d2:5d:d3:c5:ca:91:98:6d:
                    02:e2:e4:64:1f:95:22:b0:d3:94:96:9b:14:61:61:
                    eb:5a:25:fe:15:64:81:2b:3a:b2:f2:d4:b2:0b:ea:
                    e9:a5:26:d8:bc:00:65:36:c7:f9:5e:87:42:17:0b:
                    4b:63:f6:d7:7c:31:56:40:2e:37:97:b9:28:00:08:
                    23:c9:19:b4:31:63:ac:69:64:1d:6c:b9:a2:2f:21:
                    f0:7a:a3:1e:ea:18:8c:a9:eb:1e:c1:7f:97:84:2d:
                    16:43:b0:e0:6d:85:1c:77:45:6b:98:4a:94:fb:47:
                    d4:71:b5:6c:98:9a:b2:89:61:a7:7f:19:29:d8:f9:
                    db:86:33:45:45:45:83:35:61:f9:fb:46:bf:b5:c0:
                    5f:f2:f5:4f:13:0f:dd:42:c0:bf:ec:43:f9:2a:36:
                    a6:ad:0c:6e:58:a7:80:53:bf:9b:49:65:07:1a:21:
                    2e:7c:bc:7a:ba:66:ac:93:b2:91:6f:7e:c7:b9:65:
                    e4:20:01:04:85:75:6c:d1:d0:d2:91:df:72:9b:6c:
                    be:3a:c6:1d:cf:7a:cb:e3:8b:71:a9:72:ed:2a:46:
                    2d:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:4E:7B:FA:40:05:4B:74:41:BF:9A:1A:E2:79:D2:51:0B:8A:06:90
            X509v3 Authority Key Identifier:
                keyid:B7:60:1D:7C:C8:20:DC:71:91:5E:A9:30:67:3E:F4:7F:24:1A:71:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t2AdfMgg3HGRXqkwZz70fyQaccg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/2f45ae-75c0-439c-a311-671d68188688/1/sU57-kAFS3RBv5oa4nnSUQuKBpA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/2f45ae-75c0-439c-a311-671d68188688/1/t2AdfMgg3HGRXqkwZz70fyQaccg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.156.0/24
                  193.202.120.0/24
                  195.191.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:46:df:ee:2c:fb:fc:07:bf:49:07:e3:9c:df:1c:54:af:e0:
         3e:f4:a1:1f:1c:5d:1b:3d:f4:d9:a8:20:59:97:29:2b:e2:52:
         8f:b2:46:e6:66:46:3a:0e:56:5f:74:1a:37:6a:3b:42:5b:03:
         95:6c:25:da:cd:7a:ef:3c:10:19:ba:9a:0b:26:ea:e6:da:07:
         8a:2c:26:60:5f:bd:d2:cc:0d:1e:89:68:4f:ba:4f:98:d6:c7:
         b0:2d:ac:1b:34:b1:43:86:fa:e3:01:ce:ec:1d:eb:3b:df:20:
         0a:12:d8:bb:33:26:c2:0a:00:08:b3:24:21:cf:1e:cb:ea:9b:
         b3:64:d4:cc:ae:42:5a:94:41:fa:ba:32:01:86:ac:b0:e3:3a:
         34:2c:d2:7b:49:cb:a9:0e:11:6c:e4:02:38:de:82:cf:66:19:
         e3:16:b8:7a:97:67:c3:28:9f:11:92:7d:7f:df:28:c9:81:de:
         0f:c5:41:e9:0d:08:e0:52:85:a6:be:b1:c0:f8:f5:6e:85:fb:
         5e:57:4e:8c:f2:e1:23:05:1a:79:73:d9:3d:bd:0b:e2:aa:27:
         f0:43:3f:ae:55:cc:8c:2a:14:39:87:59:b8:ad:4c:7a:07:cf:
         cd:c4:92:1d:2d:9c:8c:2b:80:7b:f7:a0:f6:ef:ad:ab:98:59:
         65:fd:e2:df
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzIAsBSHqxvpKKGVA5wF46uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3NjAxZDdjYzgyMGRjNzE5MTVlYTkzMDY3M2VmNDdmMjQx
YTcxYzgwHhcNMjQwMTAyMDIzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTRlN2JmYTQwMDU0Yjc0NDFiZjlhMWFlMjc5ZDI1MTBiOGEwNjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvkS619UC/cJ8mbtg/5N4KCLG4Z+q
hJHBVpA8QR/iGxFzcm0P0l3TxcqRmG0C4uRkH5UisNOUlpsUYWHrWiX+FWSBKzqy
8tSyC+rppSbYvABlNsf5XodCFwtLY/bXfDFWQC43l7koAAgjyRm0MWOsaWQdbLmi
LyHweqMe6hiMqesewX+XhC0WQ7DgbYUcd0VrmEqU+0fUcbVsmJqyiWGnfxkp2Pnb
hjNFRUWDNWH5+0a/tcBf8vVPEw/dQsC/7EP5KjamrQxuWKeAU7+bSWUHGiEufLx6
umask7KRb37HuWXkIAEEhXVs0dDSkd9ym2y+OsYdz3rL44txqXLtKkYtKQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLFOe/pABUt0Qb+aGuJ50lELigaQMB8GA1UdIwQY
MBaAFLdgHXzIINxxkV6pMGc+9H8kGnHIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDJBZGZNZ2czSEdSWHFrd1p6NzBmeVFhY2NnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8yZjQ1YWUtNzVjMC00MzljLWEzMTEt
NjcxZDY4MTg4Njg4LzEvc1U1Ny1rQUZTM1JCdjVvYTRublNVUXVLQnBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8yZjQ1YWUtNzVjMC00MzljLWEzMTEtNjcxZDY4MTg4Njg4
LzEvdDJBZGZNZ2czSEdSWHFrd1p6NzBmeVFhY2NnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwRecAwQA
wcp4AwQAw792MA0GCSqGSIb3DQEBCwUAA4IBAQCiRt/uLPv8B79JB+Oc3xxUr+A+
9KEfHF0bPfTZqCBZlykr4lKPskbmZkY6DlZfdBo3ajtCWwOVbCXazXrvPBAZupoL
Jurm2geKLCZgX73SzA0eiWhPuk+Y1sewLawbNLFDhvrjAc7sHes73yAKEti7MybC
CgAIsyQhzx7L6puzZNTMrkJalEH6ujIBhqyw4zo0LNJ7ScupDhFs5AI43oLPZhnj
Frh6l2fDKJ8Rkn1/3yjJgd4PxUHpDQjgUoWmvrHA+PVuhfteV06M8uEjBRp5c9k9
vQviqifwQz+uVcyMKhQ5h1m4rUx6B8/NxJIdLZyMK4B796D2762rmFll/eLf
-----END CERTIFICATE-----