Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/d6c86d-6c65-4a25-a8fa-38d4f3211896/1/Vo82ABbh79ku_YvUWXah5iIZCd0.roa
File:                     Vo82ABbh79ku_YvUWXah5iIZCd0.roa (raw, json)
Hash identifier:          n8T10wI17uTKFuhXoTuBedzRKSxVhAzom5LZZY5qPsg=
Subject key identifier:   56:8F:36:00:16:E1:EF:D9:2E:FD:8B:D4:59:76:A1:E6:22:19:09:DD
Certificate issuer:       /CN=1a4f8001c30cac546e3f92103b4b12732dfcbf52
Certificate serial:       018CC72578B06064F5D1E3844D6A832DC797
Authority key identifier: 1A:4F:80:01:C3:0C:AC:54:6E:3F:92:10:3B:4B:12:73:2D:FC:BF:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gk-AAcMMrFRuP5IQO0sScy38v1I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/d6c86d-6c65-4a25-a8fa-38d4f3211896/1/Vo82ABbh79ku_YvUWXah5iIZCd0.roa
Signing time:             Mon 01 Jan 2024 22:29:30 +0000
ROA not before:           Mon 01 Jan 2024 22:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48737
IP address blocks:        195.49.238.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/d6c86d-6c65-4a25-a8fa-38d4f3211896/1/Gk-AAcMMrFRuP5IQO0sScy38v1I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/d6c86d-6c65-4a25-a8fa-38d4f3211896/1/Gk-AAcMMrFRuP5IQO0sScy38v1I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gk-AAcMMrFRuP5IQO0sScy38v1I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:78:b0:60:64:f5:d1:e3:84:4d:6a:83:2d:c7:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a4f8001c30cac546e3f92103b4b12732dfcbf52
        Validity
            Not Before: Jan  1 22:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=568f360016e1efd92efd8bd45976a1e6221909dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:2e:62:77:9e:b0:98:a0:74:e7:0d:a4:32:5d:
                    5e:fc:f2:46:03:69:0b:04:8f:29:a2:48:c8:25:a6:
                    8d:1d:fc:8f:03:86:92:94:53:25:66:b3:88:15:db:
                    58:88:42:e2:13:57:72:de:3e:50:4e:e8:ce:ab:66:
                    95:3f:f7:8d:0e:0b:14:99:b9:6f:6b:b3:e7:68:7e:
                    c2:6c:e6:dc:02:62:16:f7:f6:23:50:f4:83:fc:17:
                    0f:ba:2d:66:00:64:d7:f2:e9:7d:bc:6b:32:51:b2:
                    92:d0:2a:bb:3c:1e:41:3b:ac:08:29:54:71:1e:23:
                    08:a4:56:d2:19:5c:bf:74:86:0c:b1:fe:42:f3:81:
                    34:96:ab:12:86:fc:c0:b7:52:6d:4d:28:d7:10:bc:
                    f5:dd:d8:0a:8c:9a:7e:3a:78:9b:8c:89:9a:ec:19:
                    9e:36:16:0f:c5:b9:e7:85:6b:63:bd:c4:d7:41:a6:
                    a9:38:af:43:95:3e:21:d7:a4:08:91:0b:fb:b6:05:
                    fb:ae:35:23:49:47:3f:78:97:34:09:57:a6:f7:71:
                    7d:5f:9d:9c:17:44:73:15:51:88:a6:b3:12:3d:77:
                    df:d4:67:2f:3a:75:5c:04:71:2c:bc:38:53:33:1d:
                    a4:c9:9b:33:09:c8:13:31:ab:9b:79:df:4b:1c:0e:
                    11:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:8F:36:00:16:E1:EF:D9:2E:FD:8B:D4:59:76:A1:E6:22:19:09:DD
            X509v3 Authority Key Identifier:
                keyid:1A:4F:80:01:C3:0C:AC:54:6E:3F:92:10:3B:4B:12:73:2D:FC:BF:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gk-AAcMMrFRuP5IQO0sScy38v1I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/d6c86d-6c65-4a25-a8fa-38d4f3211896/1/Vo82ABbh79ku_YvUWXah5iIZCd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/d6c86d-6c65-4a25-a8fa-38d4f3211896/1/Gk-AAcMMrFRuP5IQO0sScy38v1I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.49.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:ed:00:6a:a6:02:cd:28:a4:96:2b:25:70:41:30:4c:d1:51:
         2d:69:ad:71:8f:20:fa:e0:69:af:fd:f3:ed:24:74:34:37:fb:
         9a:90:a0:fb:7e:b4:12:63:81:bd:e9:ba:3a:5c:8d:18:23:fe:
         26:b7:74:80:11:e0:e9:55:36:28:d7:2c:a2:46:7b:2c:5d:ac:
         6b:f4:db:8a:2b:68:e6:59:1b:62:27:a2:12:cc:09:d9:37:a4:
         c6:fb:8c:b8:f1:80:99:ab:38:80:b8:b0:e8:04:d1:e3:2e:ee:
         64:79:20:bf:0e:da:e4:ed:e1:b3:cf:fa:0a:27:c5:e0:8e:bd:
         f0:c2:51:aa:6d:d5:2a:ec:b3:4e:b1:f5:33:13:2e:a0:f7:ff:
         78:15:6c:0e:c5:4f:7e:6b:21:2e:c7:e1:9f:ef:40:c1:10:c8:
         65:5e:f4:ce:45:0f:37:25:b5:e3:e4:4e:df:fe:59:eb:09:c4:
         b6:9a:bf:9f:92:c2:7c:16:49:83:86:d0:cc:76:1f:af:47:7c:
         bf:51:2e:f4:f6:1d:6e:6b:69:3c:58:07:a5:aa:62:fa:c6:34:
         49:23:39:bd:af:37:ef:35:3c:6e:fc:ec:82:3f:7c:61:af:32:
         e8:98:09:66:09:b7:0e:d3:ae:50:af:1d:a9:bb:59:41:0c:07:
         92:5e:13:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJXiwYGT10eOETWqDLceXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNGY4MDAxYzMwY2FjNTQ2ZTNmOTIxMDNiNGIxMjczMmRm
Y2JmNTIwHhcNMjQwMTAxMjIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjhmMzYwMDE2ZTFlZmQ5MmVmZDhiZDQ1OTc2YTFlNjIyMTkwOWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzC5id56wmKB05w2kMl1e/PJGA2kL
BI8pokjIJaaNHfyPA4aSlFMlZrOIFdtYiELiE1dy3j5QTujOq2aVP/eNDgsUmblv
a7PnaH7CbObcAmIW9/YjUPSD/BcPui1mAGTX8ul9vGsyUbKS0Cq7PB5BO6wIKVRx
HiMIpFbSGVy/dIYMsf5C84E0lqsShvzAt1JtTSjXELz13dgKjJp+OnibjIma7Bme
NhYPxbnnhWtjvcTXQaapOK9DlT4h16QIkQv7tgX7rjUjSUc/eJc0CVem93F9X52c
F0RzFVGIprMSPXff1GcvOnVcBHEsvDhTMx2kyZszCcgTMaubed9LHA4RZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFaPNgAW4e/ZLv2L1Fl2oeYiGQndMB8GA1UdIwQY
MBaAFBpPgAHDDKxUbj+SEDtLEnMt/L9SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2stQUFjTU1yRlJ1UDVJUU8wc1NjeTM4djFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9kNmM4NmQtNmM2NS00YTI1LWE4ZmEt
MzhkNGYzMjExODk2LzEvVm84MkFCYmg3OWt1X1l2VVdYYWg1aUlaQ2QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9kNmM4NmQtNmM2NS00YTI1LWE4ZmEtMzhkNGYzMjExODk2
LzEvR2stQUFjTU1yRlJ1UDVJUU8wc1NjeTM4djFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwzHuMA0G
CSqGSIb3DQEBCwUAA4IBAQCo7QBqpgLNKKSWKyVwQTBM0VEtaa1xjyD64Gmv/fPt
JHQ0N/uakKD7frQSY4G96bo6XI0YI/4mt3SAEeDpVTYo1yyiRnssXaxr9NuKK2jm
WRtiJ6ISzAnZN6TG+4y48YCZqziAuLDoBNHjLu5keSC/Dtrk7eGzz/oKJ8Xgjr3w
wlGqbdUq7LNOsfUzEy6g9/94FWwOxU9+ayEux+Gf70DBEMhlXvTORQ83JbXj5E7f
/lnrCcS2mr+fksJ8FkmDhtDMdh+vR3y/US709h1ua2k8WAelqmL6xjRJIzm9rzfv
NTxu/OyCP3xhrzLomAlmCbcO065Qrx2pu1lBDAeSXhNW
-----END CERTIFICATE-----