Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/d6c86d-6c65-4a25-a8fa-38d4f3211896/1/J9qATCPGlCfGRTdrjVM6Zb5f4yA.roa
File:                     J9qATCPGlCfGRTdrjVM6Zb5f4yA.roa (raw, json)
Hash identifier:          wQD5rmC93BXZa2Zn2pTl7gGRK6E/CWPM1YTB5UnfH7c=
Subject key identifier:   27:DA:80:4C:23:C6:94:27:C6:45:37:6B:8D:53:3A:65:BE:5F:E3:20
Certificate issuer:       /CN=1a4f8001c30cac546e3f92103b4b12732dfcbf52
Certificate serial:       018CC7257865519961127DA099943542D49D
Authority key identifier: 1A:4F:80:01:C3:0C:AC:54:6E:3F:92:10:3B:4B:12:73:2D:FC:BF:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gk-AAcMMrFRuP5IQO0sScy38v1I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/d6c86d-6c65-4a25-a8fa-38d4f3211896/1/J9qATCPGlCfGRTdrjVM6Zb5f4yA.roa
Signing time:             Mon 01 Jan 2024 22:29:30 +0000
ROA not before:           Mon 01 Jan 2024 22:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34984
IP address blocks:        195.49.236.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/d6c86d-6c65-4a25-a8fa-38d4f3211896/1/Gk-AAcMMrFRuP5IQO0sScy38v1I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/d6c86d-6c65-4a25-a8fa-38d4f3211896/1/Gk-AAcMMrFRuP5IQO0sScy38v1I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gk-AAcMMrFRuP5IQO0sScy38v1I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:78:65:51:99:61:12:7d:a0:99:94:35:42:d4:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a4f8001c30cac546e3f92103b4b12732dfcbf52
        Validity
            Not Before: Jan  1 22:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=27da804c23c69427c645376b8d533a65be5fe320
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:fb:14:4b:19:ef:ad:99:12:92:c5:f5:e2:c7:
                    fe:dc:9b:7d:fc:89:54:45:ab:0e:0c:51:75:e6:73:
                    f4:70:46:66:5e:21:c1:e6:03:75:0d:68:e9:4c:65:
                    61:29:5e:e9:66:e7:b7:3b:86:09:1b:5e:03:a8:d3:
                    42:ec:a6:a9:df:54:b5:69:99:61:52:07:a3:26:9c:
                    a6:64:d9:87:48:aa:ac:87:00:48:9b:c2:23:11:36:
                    0d:57:22:73:14:a1:6e:06:67:38:a9:71:44:d3:24:
                    3f:be:c8:d2:3c:e6:de:a1:c3:b2:89:51:01:b8:97:
                    23:be:39:0d:2f:bb:05:75:f8:9a:cf:0b:0c:eb:0a:
                    4c:8d:1c:dd:c2:2b:31:a9:c3:8b:4d:36:e7:7b:39:
                    08:b1:16:51:3e:5d:ff:c0:16:ba:de:26:c3:d2:9f:
                    b5:45:67:e4:ca:3a:78:5d:00:e6:2b:da:11:b3:b8:
                    9a:38:26:45:18:68:6e:f6:ac:73:c6:ba:87:41:04:
                    20:92:7f:d5:4c:47:c5:48:0e:de:0d:db:8f:c0:bb:
                    13:3a:65:d2:64:b9:ad:5f:ff:a8:2d:5b:e9:7a:62:
                    a7:6d:0f:9e:73:a1:8f:4c:3c:57:e9:68:89:d3:d0:
                    d8:14:0b:7b:c5:46:59:c6:56:9f:d7:49:29:15:93:
                    41:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:DA:80:4C:23:C6:94:27:C6:45:37:6B:8D:53:3A:65:BE:5F:E3:20
            X509v3 Authority Key Identifier:
                keyid:1A:4F:80:01:C3:0C:AC:54:6E:3F:92:10:3B:4B:12:73:2D:FC:BF:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gk-AAcMMrFRuP5IQO0sScy38v1I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/d6c86d-6c65-4a25-a8fa-38d4f3211896/1/J9qATCPGlCfGRTdrjVM6Zb5f4yA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/d6c86d-6c65-4a25-a8fa-38d4f3211896/1/Gk-AAcMMrFRuP5IQO0sScy38v1I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.49.236.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5f:a2:cd:eb:fb:73:f7:21:28:c9:89:65:a9:dc:38:15:41:3d:
         f5:62:9b:66:5d:48:a0:f5:e4:ba:2b:58:00:c8:90:1b:5c:a2:
         65:68:d3:89:5e:92:72:9a:66:41:0f:2e:a0:55:1b:d8:14:2f:
         79:69:df:e2:18:f8:8d:2f:88:59:f9:6f:1f:87:b7:a6:b3:38:
         e2:14:bf:b0:66:51:3b:db:3c:f0:25:6a:d5:a0:07:e8:fb:15:
         a2:68:9d:88:1f:cc:78:26:6e:e0:b6:ab:11:5d:a6:5a:c5:1d:
         8e:9c:1f:5b:52:30:2a:75:c3:ca:03:28:05:8b:99:3b:3e:51:
         01:81:6a:09:b5:17:7a:d4:ad:a3:61:b6:80:4a:60:1d:b9:9e:
         6b:a9:5c:e0:b2:b0:9c:ab:63:c5:6a:6c:f3:cc:35:47:eb:f7:
         36:69:92:5c:b4:0f:58:69:23:fb:9a:06:34:7a:c3:92:a7:0b:
         4b:41:f9:f8:54:4d:d6:6a:bf:c3:7c:1a:c0:28:6d:0f:45:1a:
         b2:03:70:6f:6a:dd:d5:20:8c:96:66:1c:63:d4:b3:1d:c4:e4:
         a3:ff:44:2d:45:51:28:da:83:21:f9:66:d4:af:8b:ba:74:a5:
         00:f1:42:a1:f2:b2:87:48:e9:3a:34:6a:36:62:af:53:9a:11:
         19:c2:68:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJXhlUZlhEn2gmZQ1QtSdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNGY4MDAxYzMwY2FjNTQ2ZTNmOTIxMDNiNGIxMjczMmRm
Y2JmNTIwHhcNMjQwMTAxMjIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2RhODA0YzIzYzY5NDI3YzY0NTM3NmI4ZDUzM2E2NWJlNWZlMzIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvsUSxnvrZkSksX14sf+3Jt9/IlU
RasODFF15nP0cEZmXiHB5gN1DWjpTGVhKV7pZue3O4YJG14DqNNC7Kap31S1aZlh
UgejJpymZNmHSKqshwBIm8IjETYNVyJzFKFuBmc4qXFE0yQ/vsjSPObeocOyiVEB
uJcjvjkNL7sFdfiazwsM6wpMjRzdwisxqcOLTTbnezkIsRZRPl3/wBa63ibD0p+1
RWfkyjp4XQDmK9oRs7iaOCZFGGhu9qxzxrqHQQQgkn/VTEfFSA7eDduPwLsTOmXS
ZLmtX/+oLVvpemKnbQ+ec6GPTDxX6WiJ09DYFAt7xUZZxlaf10kpFZNB9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCfagEwjxpQnxkU3a41TOmW+X+MgMB8GA1UdIwQY
MBaAFBpPgAHDDKxUbj+SEDtLEnMt/L9SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2stQUFjTU1yRlJ1UDVJUU8wc1NjeTM4djFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9kNmM4NmQtNmM2NS00YTI1LWE4ZmEt
MzhkNGYzMjExODk2LzEvSjlxQVRDUEdsQ2ZHUlRkcmpWTTZaYjVmNHlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9kNmM4NmQtNmM2NS00YTI1LWE4ZmEtMzhkNGYzMjExODk2
LzEvR2stQUFjTU1yRlJ1UDVJUU8wc1NjeTM4djFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwzHsMA0G
CSqGSIb3DQEBCwUAA4IBAQBfos3r+3P3ISjJiWWp3DgVQT31YptmXUig9eS6K1gA
yJAbXKJlaNOJXpJymmZBDy6gVRvYFC95ad/iGPiNL4hZ+W8fh7emszjiFL+wZlE7
2zzwJWrVoAfo+xWiaJ2IH8x4Jm7gtqsRXaZaxR2OnB9bUjAqdcPKAygFi5k7PlEB
gWoJtRd61K2jYbaASmAduZ5rqVzgsrCcq2PFamzzzDVH6/c2aZJctA9YaSP7mgY0
esOSpwtLQfn4VE3War/DfBrAKG0PRRqyA3Bvat3VIIyWZhxj1LMdxOSj/0QtRVEo
2oMh+WbUr4u6dKUA8UKh8rKHSOk6NGo2Yq9TmhEZwmh/
-----END CERTIFICATE-----