Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/hMjqsaY7YI-PTS1hszIX34Cy1QM.roa
File:                     hMjqsaY7YI-PTS1hszIX34Cy1QM.roa (raw, json)
Hash identifier:          qaQihvuGqh9csZ+9XFTy2gFkUFapg2aZ++Zl/bNHc/4=
Subject key identifier:   84:C8:EA:B1:A6:3B:60:8F:8F:4D:2D:61:B3:32:17:DF:80:B2:D5:03
Certificate issuer:       /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial:       018CC79357F9173E2BEDD8942C6FC856210D
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/hMjqsaY7YI-PTS1hszIX34Cy1QM.roa
Signing time:             Tue 02 Jan 2024 00:29:31 +0000
ROA not before:           Tue 02 Jan 2024 00:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64267
IP address blocks:        195.180.137.0/24 maxlen: 24
                          195.180.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:57:f9:17:3e:2b:ed:d8:94:2c:6f:c8:56:21:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
        Validity
            Not Before: Jan  2 00:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84c8eab1a63b608f8f4d2d61b33217df80b2d503
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:27:70:a1:24:32:67:eb:65:7f:fc:f8:98:4d:
                    e9:e6:ff:a0:de:40:d0:59:22:2f:87:61:52:de:cc:
                    dd:7f:b7:6b:93:73:3e:ee:d0:41:66:24:23:33:46:
                    08:a3:22:cd:5b:03:fc:5e:b9:2c:da:cf:af:85:b9:
                    e7:ca:8c:a1:96:46:90:3f:11:ef:96:69:60:31:f3:
                    61:ae:77:2f:89:a4:8c:89:82:c0:fe:9c:32:d9:c3:
                    d3:d5:b0:9f:bf:de:f9:cc:36:6c:35:10:2f:1c:c3:
                    16:b3:d2:61:84:e2:37:39:bb:7b:38:bb:5f:b4:a7:
                    7c:ab:f9:bd:20:99:83:45:f8:e8:bf:c3:76:fe:d1:
                    9a:a5:0f:2a:8f:ae:9d:e0:61:f8:0b:5c:37:5b:de:
                    d4:26:40:2f:7a:a9:d3:fc:80:f1:86:0a:13:b3:e7:
                    32:25:c4:ea:21:63:3a:13:81:46:80:9c:71:2e:7d:
                    9b:f0:9b:c9:03:fe:67:91:c1:b2:3f:d7:50:f5:ae:
                    8b:4b:cb:7a:93:b7:4d:63:33:a7:06:81:b0:1f:9f:
                    0c:44:56:5e:27:16:6f:75:c7:c4:f4:65:d2:52:be:
                    18:86:7f:7a:66:5a:d8:58:61:49:92:a5:71:77:dc:
                    7e:27:f1:19:52:e3:93:02:a1:a9:e8:e0:15:88:cc:
                    9e:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:C8:EA:B1:A6:3B:60:8F:8F:4D:2D:61:B3:32:17:DF:80:B2:D5:03
            X509v3 Authority Key Identifier:
                keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/hMjqsaY7YI-PTS1hszIX34Cy1QM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.180.137.0/24
                  195.180.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:c5:35:10:17:b0:35:ce:20:b9:80:c8:6d:2a:2d:a8:67:8b:
         2c:6c:76:11:03:03:1a:3b:d4:f3:0c:0c:4f:63:e2:c6:88:7a:
         61:97:bb:f5:8c:d2:58:58:20:de:fe:63:bd:b3:f3:61:62:ad:
         80:8f:7d:29:e5:ce:00:ce:b7:1c:aa:94:67:4f:6d:05:32:45:
         32:8e:ab:c2:e1:33:bf:d7:76:7c:2c:80:da:ae:fd:e6:12:35:
         40:37:a5:58:4e:8c:77:51:ff:47:23:43:26:50:c1:88:32:ff:
         8c:37:2d:46:c2:9e:c9:58:3b:42:7d:c5:71:8c:fb:59:7a:7d:
         7c:e9:52:2a:86:9b:b2:44:1d:52:99:b9:88:a2:6f:a1:81:29:
         4c:c6:0c:8e:98:d5:63:f7:07:9f:53:76:db:5f:5c:d4:1b:26:
         c5:0c:c6:e8:75:e5:06:ad:9f:d3:e0:56:c1:10:a5:82:fa:d3:
         03:0c:1d:8b:97:7b:91:e2:33:45:6b:78:1f:c3:c2:ad:f2:90:
         25:da:46:bb:70:49:bc:62:c2:9c:ab:83:a8:18:4f:72:a3:8a:
         f6:e3:f8:77:22:34:9b:07:38:c4:7b:6b:24:9b:04:33:47:d6:
         79:bb:70:60:8b:59:fb:01:06:e5:7f:55:da:96:85:40:0c:82:
         de:ee:04:28
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHk1f5Fz4r7diULG/IViENMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NDcwMTc1NjRjNzExYmNiZDU3NjgwYTBkZmQwMGYyYTVk
MDk5ZGIwHhcNMjQwMTAyMDAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGM4ZWFiMWE2M2I2MDhmOGY0ZDJkNjFiMzMyMTdkZjgwYjJkNTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvSdwoSQyZ+tlf/z4mE3p5v+g3kDQ
WSIvh2FS3szdf7drk3M+7tBBZiQjM0YIoyLNWwP8Xrks2s+vhbnnyoyhlkaQPxHv
lmlgMfNhrncviaSMiYLA/pwy2cPT1bCfv975zDZsNRAvHMMWs9JhhOI3Obt7OLtf
tKd8q/m9IJmDRfjov8N2/tGapQ8qj66d4GH4C1w3W97UJkAveqnT/IDxhgoTs+cy
JcTqIWM6E4FGgJxxLn2b8JvJA/5nkcGyP9dQ9a6LS8t6k7dNYzOnBoGwH58MRFZe
JxZvdcfE9GXSUr4Yhn96ZlrYWGFJkqVxd9x+J/EZUuOTAqGp6OAViMyefwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFITI6rGmO2CPj00tYbMyF9+AstUDMB8GA1UdIwQY
MBaAFNdHAXVkxxG8vVdoCg39APKl0JnbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjIt
NGYwZThjZTExYTdkLzEvaE1qcXNhWTdZSS1QVFMxaHN6SVgzNEN5MVFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjItNGYwZThjZTExYTdk
LzEvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw7SJAwQA
w7SVMA0GCSqGSIb3DQEBCwUAA4IBAQAOxTUQF7A1ziC5gMhtKi2oZ4ssbHYRAwMa
O9TzDAxPY+LGiHphl7v1jNJYWCDe/mO9s/NhYq2Aj30p5c4AzrccqpRnT20FMkUy
jqvC4TO/13Z8LIDarv3mEjVAN6VYTox3Uf9HI0MmUMGIMv+MNy1Gwp7JWDtCfcVx
jPtZen186VIqhpuyRB1SmbmIom+hgSlMxgyOmNVj9wefU3bbX1zUGybFDMbodeUG
rZ/T4FbBEKWC+tMDDB2Ll3uR4jNFa3gfw8Kt8pAl2ka7cEm8YsKcq4OoGE9yo4r2
4/h3IjSbBzjEe2skmwQzR9Z5u3Bgi1n7AQblf1XaloVADILe7gQo
-----END CERTIFICATE-----