Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/dKyALph2FnmPNlp3SIirFMmQ9xs.roa
File:                     dKyALph2FnmPNlp3SIirFMmQ9xs.roa (raw, json)
Hash identifier:          mw5I8aFpRbCsYXqzUxmf2QDrrw+Vq5NaQwMWVftpKII=
Subject key identifier:   74:AC:80:2E:98:76:16:79:8F:36:5A:77:48:88:AB:14:C9:90:F7:1B
Certificate issuer:       /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial:       018CC7935537749297FB0744D01A78070149
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/dKyALph2FnmPNlp3SIirFMmQ9xs.roa
Signing time:             Tue 02 Jan 2024 00:29:30 +0000
ROA not before:           Tue 02 Jan 2024 00:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42962
IP address blocks:        195.180.150.0/23 maxlen: 24
                          194.163.80.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:55:37:74:92:97:fb:07:44:d0:1a:78:07:01:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
        Validity
            Not Before: Jan  2 00:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=74ac802e987616798f365a774888ab14c990f71b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:1d:23:6b:8a:29:9a:69:3c:02:7f:d8:70:98:
                    32:e1:1c:ba:17:dc:12:86:20:4e:b0:01:bd:c3:b7:
                    54:bb:d5:0d:83:c9:c3:92:6c:5e:11:22:5b:2b:f1:
                    4b:5f:05:de:53:8a:7d:4c:0e:3f:6e:7c:61:a0:fd:
                    7a:66:b5:31:5c:40:7a:64:d5:9d:d7:9d:7c:ff:00:
                    19:80:ec:11:50:37:02:bb:f8:41:4b:42:06:62:5e:
                    93:66:81:c5:bb:b9:99:5e:fa:a0:47:bf:a2:63:f7:
                    a0:a9:29:30:1a:1c:20:a2:96:60:74:7b:b4:e7:e4:
                    74:e7:a8:f4:05:c5:55:8b:85:d7:39:90:f4:81:32:
                    56:5e:18:56:1b:3c:56:55:1e:60:5a:51:9e:e1:8b:
                    e8:25:07:f3:2c:bf:17:f0:cf:a6:8f:d2:02:e5:fc:
                    67:54:20:36:67:16:f6:3d:c8:33:ec:b1:08:ec:dc:
                    25:18:fe:c9:c4:f7:af:8c:1a:8f:bd:a2:5a:78:3f:
                    52:b2:78:e3:de:93:25:e6:cf:09:44:61:7c:7a:98:
                    56:98:5b:81:3e:90:53:7a:58:cd:b2:36:83:58:57:
                    6a:75:25:00:1b:03:81:44:5f:64:e1:28:01:8e:ac:
                    d3:1c:a5:dc:cb:36:66:23:85:13:e4:51:c1:b5:76:
                    f8:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:AC:80:2E:98:76:16:79:8F:36:5A:77:48:88:AB:14:C9:90:F7:1B
            X509v3 Authority Key Identifier:
                keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/dKyALph2FnmPNlp3SIirFMmQ9xs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.163.80.0/22
                  195.180.150.0/23

    Signature Algorithm: sha256WithRSAEncryption
         70:22:98:67:9f:60:6d:59:63:ee:94:86:6b:71:97:9e:25:fd:
         40:4b:84:c4:ea:8e:d0:68:5d:c8:46:33:21:00:5a:b8:9b:5d:
         92:2e:4d:47:6e:15:e1:eb:31:09:5c:5b:15:a1:1e:fa:a9:29:
         7b:c9:3f:97:98:8f:8d:25:11:cd:5a:e0:83:c9:f8:39:d5:39:
         9c:04:c1:29:7a:55:f2:d1:bf:14:de:6c:35:5d:92:d9:12:40:
         4b:10:07:7c:3d:75:d7:fe:47:4f:d7:51:7c:2e:e2:f7:2f:0f:
         fa:59:df:52:9d:a0:5b:7a:38:ef:4f:96:a9:35:31:fa:88:23:
         bb:e1:c9:3f:9e:c1:00:5e:32:a9:89:c9:87:87:f4:e4:fd:d3:
         a9:05:fe:fe:c0:5d:bf:ab:ad:ca:5e:c7:13:4e:e7:59:07:37:
         82:cb:30:f6:b6:22:f0:67:2f:c1:d3:b7:1b:d5:75:57:08:fe:
         43:44:ee:f3:6e:da:72:3b:b9:37:9a:c5:fc:71:01:d1:1d:28:
         02:ec:b7:cb:d7:5c:7c:bc:64:00:69:f6:e0:c3:18:b8:f7:2a:
         59:f7:f2:39:04:65:45:da:9d:b4:90:1c:5f:cc:c9:9a:44:66:
         14:b7:1f:db:75:2e:14:1f:63:a5:d9:71:1f:fc:e7:94:e2:88:
         6c:72:d7:13
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHk1U3dJKX+wdE0Bp4BwFJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NDcwMTc1NjRjNzExYmNiZDU3NjgwYTBkZmQwMGYyYTVk
MDk5ZGIwHhcNMjQwMTAyMDAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGFjODAyZTk4NzYxNjc5OGYzNjVhNzc0ODg4YWIxNGM5OTBmNzFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsR0ja4opmmk8An/YcJgy4Ry6F9wS
hiBOsAG9w7dUu9UNg8nDkmxeESJbK/FLXwXeU4p9TA4/bnxhoP16ZrUxXEB6ZNWd
1518/wAZgOwRUDcCu/hBS0IGYl6TZoHFu7mZXvqgR7+iY/egqSkwGhwgopZgdHu0
5+R056j0BcVVi4XXOZD0gTJWXhhWGzxWVR5gWlGe4YvoJQfzLL8X8M+mj9IC5fxn
VCA2Zxb2Pcgz7LEI7NwlGP7JxPevjBqPvaJaeD9Ssnjj3pMl5s8JRGF8ephWmFuB
PpBTeljNsjaDWFdqdSUAGwOBRF9k4SgBjqzTHKXcyzZmI4UT5FHBtXb4qwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHSsgC6YdhZ5jzZad0iIqxTJkPcbMB8GA1UdIwQY
MBaAFNdHAXVkxxG8vVdoCg39APKl0JnbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjIt
NGYwZThjZTExYTdkLzEvZEt5QUxwaDJGbm1QTmxwM1NJaXJGTW1ROXhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjItNGYwZThjZTExYTdk
LzEvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCwqNQAwQB
w7SWMA0GCSqGSIb3DQEBCwUAA4IBAQBwIphnn2BtWWPulIZrcZeeJf1AS4TE6o7Q
aF3IRjMhAFq4m12SLk1HbhXh6zEJXFsVoR76qSl7yT+XmI+NJRHNWuCDyfg51Tmc
BMEpelXy0b8U3mw1XZLZEkBLEAd8PXXX/kdP11F8LuL3Lw/6Wd9SnaBbejjvT5ap
NTH6iCO74ck/nsEAXjKpicmHh/Tk/dOpBf7+wF2/q63KXscTTudZBzeCyzD2tiLw
Zy/B07cb1XVXCP5DRO7zbtpyO7k3msX8cQHRHSgC7LfL11x8vGQAafbgwxi49ypZ
9/I5BGVF2p20kBxfzMmaRGYUtx/bdS4UH2Ol2XEf/OeU4ohsctcT
-----END CERTIFICATE-----