Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/731f82-b18f-4d5c-b122-452badfd5a6d/1/pKu87mpUDF5CGv97gL3-9c44yS4.roa
File:                     pKu87mpUDF5CGv97gL3-9c44yS4.roa (raw, json)
Hash identifier:          9UhM4gGXCaC/4sSgryKXcW/EYySJOkz1lmpSHXoWAY0=
Subject key identifier:   A4:AB:BC:EE:6A:54:0C:5E:42:1A:FF:7B:80:BD:FE:F5:CE:38:C9:2E
Certificate issuer:       /CN=4f149b847d31293f701e1cf99dd8ca0ebbb0b5bd
Certificate serial:       018CC5000CB4F3DA8558C2BD6E0DC8895D00
Authority key identifier: 4F:14:9B:84:7D:31:29:3F:70:1E:1C:F9:9D:D8:CA:0E:BB:B0:B5:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxSbhH0xKT9wHhz5ndjKDruwtb0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/731f82-b18f-4d5c-b122-452badfd5a6d/1/pKu87mpUDF5CGv97gL3-9c44yS4.roa
Signing time:             Mon 01 Jan 2024 12:29:23 +0000
ROA not before:           Mon 01 Jan 2024 12:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202311
IP address blocks:        195.26.68.0/22 maxlen: 24
                          2a07:f680::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/731f82-b18f-4d5c-b122-452badfd5a6d/1/TxSbhH0xKT9wHhz5ndjKDruwtb0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/731f82-b18f-4d5c-b122-452badfd5a6d/1/TxSbhH0xKT9wHhz5ndjKDruwtb0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxSbhH0xKT9wHhz5ndjKDruwtb0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:0c:b4:f3:da:85:58:c2:bd:6e:0d:c8:89:5d:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f149b847d31293f701e1cf99dd8ca0ebbb0b5bd
        Validity
            Not Before: Jan  1 12:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4abbcee6a540c5e421aff7b80bdfef5ce38c92e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:9c:9d:9b:ea:41:b8:21:7d:92:b8:24:3d:f1:
                    6d:77:43:47:0a:5d:05:98:f4:c6:7c:e4:93:57:be:
                    bf:6e:c0:90:0a:d2:b1:dd:4a:80:11:a6:8c:a3:ac:
                    2e:d9:5f:e4:30:06:84:48:b5:82:88:cd:f8:53:8b:
                    e2:be:25:8b:7c:b4:2e:ed:41:a3:8e:5b:93:8a:1f:
                    59:3d:6c:07:d0:8d:c8:b7:2b:29:ef:19:87:5d:1b:
                    0d:50:ec:0f:f2:1a:3c:2e:b9:7a:bd:47:d2:a9:06:
                    75:49:14:c8:52:56:db:15:96:c7:e0:76:d1:de:9d:
                    82:d8:86:cc:20:5e:77:9b:f8:67:d4:02:6b:98:18:
                    c2:99:19:3e:e9:aa:b1:43:d8:d9:14:56:ff:84:7f:
                    9d:ac:7d:df:7e:7d:9b:15:38:44:6e:6e:3a:15:18:
                    8b:9a:c5:59:87:1e:0a:f3:95:90:82:04:6a:39:c5:
                    f7:4f:96:91:34:57:d5:fb:85:04:52:5e:7f:91:28:
                    c6:9a:41:34:d9:5f:36:17:73:15:e3:54:ef:42:cd:
                    4c:19:6a:94:9a:15:f9:dd:93:48:4f:43:73:9e:04:
                    d9:36:2e:c1:07:97:81:4d:fc:5c:ab:ed:55:62:16:
                    2a:4f:09:7b:10:1b:05:26:63:1d:dc:8e:17:d9:18:
                    82:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:AB:BC:EE:6A:54:0C:5E:42:1A:FF:7B:80:BD:FE:F5:CE:38:C9:2E
            X509v3 Authority Key Identifier:
                keyid:4F:14:9B:84:7D:31:29:3F:70:1E:1C:F9:9D:D8:CA:0E:BB:B0:B5:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxSbhH0xKT9wHhz5ndjKDruwtb0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/731f82-b18f-4d5c-b122-452badfd5a6d/1/pKu87mpUDF5CGv97gL3-9c44yS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/731f82-b18f-4d5c-b122-452badfd5a6d/1/TxSbhH0xKT9wHhz5ndjKDruwtb0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.26.68.0/22
                IPv6:
                  2a07:f680::/29

    Signature Algorithm: sha256WithRSAEncryption
         48:bb:26:d0:76:33:3e:93:6e:34:b4:b8:03:6a:34:20:7b:66:
         04:61:d8:7e:e4:ff:9f:9b:e4:21:04:da:be:3a:33:dd:5a:a7:
         f8:5d:72:ab:0c:73:f6:d3:71:8f:ea:8b:59:0c:0f:75:89:c0:
         ba:1e:bf:42:14:88:23:37:07:a6:0b:e4:13:56:a4:5b:f7:8e:
         54:1f:6c:0c:e6:84:d4:49:3d:71:a4:af:55:c5:d6:cc:7a:cf:
         7f:17:b7:33:25:14:47:42:bc:b5:ad:a3:c0:a4:43:73:ab:45:
         85:0d:da:4e:27:fc:24:82:23:35:43:15:e9:3b:aa:4f:28:a2:
         43:ec:c0:25:de:74:b1:1e:54:1d:a3:b6:f3:78:f6:8c:4a:96:
         48:8f:48:a0:02:08:41:ce:c8:db:be:37:b3:fd:9a:d8:56:7e:
         34:f7:97:b1:53:31:72:8e:57:28:b2:fa:19:db:e5:7b:cd:f0:
         59:0f:69:33:f6:3c:b7:24:5d:89:c9:40:15:11:23:1c:f2:56:
         0a:1f:a2:cb:cb:8d:31:c7:ef:b9:32:8a:c0:07:cb:5d:a3:dc:
         f5:67:c3:cd:74:c0:ec:00:3e:0a:bf:af:05:42:e1:06:e5:65:
         5e:3b:c4:b4:eb:43:4c:dc:7a:38:85:e4:ac:90:40:79:f3:92:
         78:c4:7b:95
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAAy089qFWMK9bg3IiV0AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQ5Yjg0N2QzMTI5M2Y3MDFlMWNmOTlkZDhjYTBlYmJi
MGI1YmQwHhcNMjQwMTAxMTIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGFiYmNlZTZhNTQwYzVlNDIxYWZmN2I4MGJkZmVmNWNlMzhjOTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJydm+pBuCF9krgkPfFtd0NHCl0F
mPTGfOSTV76/bsCQCtKx3UqAEaaMo6wu2V/kMAaESLWCiM34U4viviWLfLQu7UGj
jluTih9ZPWwH0I3Itysp7xmHXRsNUOwP8ho8Lrl6vUfSqQZ1SRTIUlbbFZbH4HbR
3p2C2IbMIF53m/hn1AJrmBjCmRk+6aqxQ9jZFFb/hH+drH3ffn2bFThEbm46FRiL
msVZhx4K85WQggRqOcX3T5aRNFfV+4UEUl5/kSjGmkE02V82F3MV41TvQs1MGWqU
mhX53ZNIT0NzngTZNi7BB5eBTfxcq+1VYhYqTwl7EBsFJmMd3I4X2RiCNwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKSrvO5qVAxeQhr/e4C9/vXOOMkuMB8GA1UdIwQY
MBaAFE8Um4R9MSk/cB4c+Z3Yyg67sLW9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhTYmhIMHhLVDl3SGh6NW5kaktEcnV3dGIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy83MzFmODItYjE4Zi00ZDVjLWIxMjIt
NDUyYmFkZmQ1YTZkLzEvcEt1ODdtcFVERjVDR3Y5N2dMMy05YzQ0eVM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy83MzFmODItYjE4Zi00ZDVjLWIxMjItNDUyYmFkZmQ1YTZk
LzEvVHhTYmhIMHhLVDl3SGh6NW5kaktEcnV3dGIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwxpEMA0E
AgACMAcDBQMqB/aAMA0GCSqGSIb3DQEBCwUAA4IBAQBIuybQdjM+k240tLgDajQg
e2YEYdh+5P+fm+QhBNq+OjPdWqf4XXKrDHP203GP6otZDA91icC6Hr9CFIgjNwem
C+QTVqRb945UH2wM5oTUST1xpK9VxdbMes9/F7czJRRHQry1raPApENzq0WFDdpO
J/wkgiM1QxXpO6pPKKJD7MAl3nSxHlQdo7bzePaMSpZIj0igAghBzsjbvjez/ZrY
Vn4095exUzFyjlcosvoZ2+V7zfBZD2kz9jy3JF2JyUAVESMc8lYKH6LLy40xx++5
MorAB8tdo9z1Z8PNdMDsAD4Kv68FQuEG5WVeO8S060NM3Ho4heSskEB585J4xHuV
-----END CERTIFICATE-----