Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/s-CvqNrabh3hh0-ycVQCRq80IVw.roa
File:                     s-CvqNrabh3hh0-ycVQCRq80IVw.roa (raw, json)
Hash identifier:          1huhsro+kPLSVEOQN8q7R3qbFiXLNEpImHEWq1xRjB0=
Subject key identifier:   B3:E0:AF:A8:DA:DA:6E:1D:E1:87:4F:B2:71:54:02:46:AF:34:21:5C
Certificate issuer:       /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial:       018CC79353FDFBBECE82D555B686F7246D54
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/s-CvqNrabh3hh0-ycVQCRq80IVw.roa
Signing time:             Tue 02 Jan 2024 00:29:30 +0000
ROA not before:           Tue 02 Jan 2024 00:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        194.195.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:53:fd:fb:be:ce:82:d5:55:b6:86:f7:24:6d:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
        Validity
            Not Before: Jan  2 00:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3e0afa8dada6e1de1874fb271540246af34215c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:f5:e8:5a:75:d0:93:35:3c:e5:90:ad:6e:b3:
                    a4:03:97:a8:e0:6c:c9:27:b7:fa:8d:44:bb:f9:37:
                    98:23:0d:0a:9d:77:71:1a:fc:04:a4:5b:58:f5:fa:
                    6f:d0:67:1b:d5:31:de:3d:ab:30:46:4f:6b:ad:26:
                    a9:45:43:9d:76:f7:9b:69:c5:60:3c:78:1b:c5:8e:
                    20:4e:d6:d4:97:f0:8c:de:99:b7:a0:ad:db:6f:65:
                    93:57:4f:f1:97:86:83:39:45:7e:37:58:92:b0:f8:
                    63:bf:19:b5:8f:1d:d4:e3:b3:99:b3:f8:00:e2:b1:
                    d2:43:37:5b:f8:c4:17:93:47:83:88:4c:31:7c:9e:
                    c5:a3:2c:ee:d3:0f:04:ea:0d:67:fd:77:9d:f7:91:
                    68:ae:e6:78:88:5f:92:40:9f:7a:26:d3:c8:2a:40:
                    bb:91:1e:ea:bb:36:7b:4e:8e:83:ba:18:db:51:f4:
                    3f:7a:86:44:cd:47:44:26:ab:83:5b:6b:e3:f8:2a:
                    17:b7:df:3f:30:7f:c6:e3:4f:6f:3a:99:ce:4c:52:
                    00:c9:e6:57:c0:45:4a:40:c1:6d:80:ff:e4:2f:03:
                    9f:86:61:05:6c:15:4d:26:6d:d4:9c:52:43:06:8c:
                    bc:9b:8f:bd:3a:5b:7d:88:c6:1e:14:d8:a0:54:13:
                    7e:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:E0:AF:A8:DA:DA:6E:1D:E1:87:4F:B2:71:54:02:46:AF:34:21:5C
            X509v3 Authority Key Identifier:
                keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/s-CvqNrabh3hh0-ycVQCRq80IVw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.195.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:2e:a4:bc:9e:e4:7e:35:aa:1e:ee:26:86:7a:bf:ac:ed:72:
         ce:35:5f:2e:7b:5a:c6:fb:aa:f8:a3:f0:92:25:7e:b7:37:5a:
         fa:51:ec:4a:73:f4:82:5d:4f:d6:0a:19:62:57:00:e0:08:8c:
         9e:81:a8:6f:8c:e5:1c:dd:f9:f1:f7:dd:74:48:28:b8:e7:1e:
         96:4e:9f:cd:ff:de:e7:31:df:e1:47:46:79:2f:e3:ed:3d:27:
         b1:88:93:e5:2a:ad:45:b8:26:54:91:65:51:20:5f:c2:46:69:
         9e:7b:11:56:26:f4:d4:ce:b2:f8:e1:51:60:d8:35:37:94:ea:
         ad:69:82:2a:f4:8e:cb:fa:81:6e:57:8e:12:6e:5a:9a:30:b5:
         27:12:73:6c:c5:2c:71:5e:ae:f0:c7:28:07:6f:b4:07:02:45:
         fb:9e:e9:c0:fd:21:73:d1:90:39:0b:c1:d8:b7:97:e8:d3:02:
         3f:1f:f8:14:e8:c6:7e:83:61:08:61:00:cd:05:15:49:a5:7c:
         f7:87:42:9f:be:91:5a:03:c7:3c:3c:31:7f:d9:4d:ab:5f:08:
         f3:0c:77:5d:10:32:66:94:c2:3a:c6:ed:c8:b4:3b:4e:93:96:
         ac:c4:a9:09:06:95:f6:02:89:a3:1f:aa:15:37:4e:e2:51:ee:
         3d:81:f8:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk1P9+77OgtVVtob3JG1UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NDcwMTc1NjRjNzExYmNiZDU3NjgwYTBkZmQwMGYyYTVk
MDk5ZGIwHhcNMjQwMTAyMDAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2UwYWZhOGRhZGE2ZTFkZTE4NzRmYjI3MTU0MDI0NmFmMzQyMTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAifXoWnXQkzU85ZCtbrOkA5eo4GzJ
J7f6jUS7+TeYIw0KnXdxGvwEpFtY9fpv0Gcb1THePaswRk9rrSapRUOddvebacVg
PHgbxY4gTtbUl/CM3pm3oK3bb2WTV0/xl4aDOUV+N1iSsPhjvxm1jx3U47OZs/gA
4rHSQzdb+MQXk0eDiEwxfJ7Foyzu0w8E6g1n/Xed95ForuZ4iF+SQJ96JtPIKkC7
kR7quzZ7To6DuhjbUfQ/eoZEzUdEJquDW2vj+CoXt98/MH/G409vOpnOTFIAyeZX
wEVKQMFtgP/kLwOfhmEFbBVNJm3UnFJDBoy8m4+9Olt9iMYeFNigVBN+iwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLPgr6ja2m4d4YdPsnFUAkavNCFcMB8GA1UdIwQY
MBaAFNdHAXVkxxG8vVdoCg39APKl0JnbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjIt
NGYwZThjZTExYTdkLzEvcy1DdnFOcmFiaDNoaDAteWNWUUNScTgwSVZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjItNGYwZThjZTExYTdk
LzEvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwsNlMA0G
CSqGSIb3DQEBCwUAA4IBAQBvLqS8nuR+Naoe7iaGer+s7XLONV8ue1rG+6r4o/CS
JX63N1r6UexKc/SCXU/WChliVwDgCIyegahvjOUc3fnx9910SCi45x6WTp/N/97n
Md/hR0Z5L+PtPSexiJPlKq1FuCZUkWVRIF/CRmmeexFWJvTUzrL44VFg2DU3lOqt
aYIq9I7L+oFuV44SblqaMLUnEnNsxSxxXq7wxygHb7QHAkX7nunA/SFz0ZA5C8HY
t5fo0wI/H/gU6MZ+g2EIYQDNBRVJpXz3h0KfvpFaA8c8PDF/2U2rXwjzDHddEDJm
lMI6xu3ItDtOk5asxKkJBpX2AomjH6oVN07iUe49gfgA
-----END CERTIFICATE-----