Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/F8QaDtgH9XkFi5vPA8lr7ztzrhg.roa
File:                     F8QaDtgH9XkFi5vPA8lr7ztzrhg.roa (raw, json)
Hash identifier:          4jbPNgMj7nNtndcUpXvqYIXtsLIe7lxcFyn4S7byWIE=
Subject key identifier:   17:C4:1A:0E:D8:07:F5:79:05:8B:9B:CF:03:C9:6B:EF:3B:73:AE:18
Certificate issuer:       /CN=52dc9c218b510c07bc6659b09fbd32afe68abfd2
Certificate serial:       018CC5011A835CCE0F8765E01C175E0EA633
Authority key identifier: 52:DC:9C:21:8B:51:0C:07:BC:66:59:B0:9F:BD:32:AF:E6:8A:BF:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/F8QaDtgH9XkFi5vPA8lr7ztzrhg.roa
Signing time:             Mon 01 Jan 2024 12:30:33 +0000
ROA not before:           Mon 01 Jan 2024 12:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206150
IP address blocks:        195.191.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:1a:83:5c:ce:0f:87:65:e0:1c:17:5e:0e:a6:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52dc9c218b510c07bc6659b09fbd32afe68abfd2
        Validity
            Not Before: Jan  1 12:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=17c41a0ed807f579058b9bcf03c96bef3b73ae18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:db:18:65:ec:9b:8d:05:68:55:32:ac:7f:2d:
                    8e:aa:0a:33:d4:46:c9:ae:da:bf:aa:fd:5f:63:e7:
                    a6:76:02:0d:7c:c4:4f:32:8c:6b:f3:40:62:98:13:
                    37:87:e8:45:d3:61:4a:87:80:3f:12:fb:2c:3b:de:
                    f1:99:09:b6:5d:7f:35:44:63:e4:de:d7:f5:71:02:
                    f2:42:31:fd:10:05:0c:58:1c:4b:46:2b:4f:9c:6b:
                    d7:f0:69:b1:ac:e2:af:49:13:6d:f0:ea:aa:8a:e6:
                    f2:5d:4e:c5:57:cb:3b:73:d3:2f:89:9d:48:ae:d3:
                    c5:d3:f6:bb:67:cc:19:3d:e8:24:53:77:a7:27:0b:
                    37:40:98:0f:5b:64:21:0f:4b:6c:a7:d5:a5:aa:d8:
                    84:9e:b8:ee:82:99:40:6a:a8:5f:5b:b6:5f:4e:62:
                    92:de:06:44:b6:dc:ec:0f:75:ef:a3:96:7d:cf:5e:
                    ef:81:22:e9:87:f0:cd:6c:f6:b0:78:a2:b5:9d:6f:
                    f6:68:dd:50:4d:fe:14:a6:2e:14:79:6b:dc:29:e0:
                    26:e6:04:a7:7c:0c:5d:fc:c6:e8:dd:28:9c:b9:6f:
                    e2:fe:28:62:17:f6:70:ad:e1:a7:a8:2f:21:54:89:
                    40:e0:3d:b6:98:26:25:fd:0e:04:61:94:99:b4:9f:
                    9b:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:C4:1A:0E:D8:07:F5:79:05:8B:9B:CF:03:C9:6B:EF:3B:73:AE:18
            X509v3 Authority Key Identifier:
                keyid:52:DC:9C:21:8B:51:0C:07:BC:66:59:B0:9F:BD:32:AF:E6:8A:BF:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/F8QaDtgH9XkFi5vPA8lr7ztzrhg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.191.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:3c:b0:61:3e:77:53:d8:3d:f1:b8:da:e0:c2:c7:ac:62:62:
         90:68:08:52:25:9f:2d:1d:17:68:9e:cc:24:d7:ee:97:0a:aa:
         7d:29:a8:9a:e9:53:9a:67:4c:29:9e:39:84:da:be:63:bf:5c:
         c1:ed:83:f5:34:df:c7:b8:57:bd:12:09:cc:9f:8c:1f:ec:0e:
         99:19:9b:29:af:9e:c0:72:8b:ad:27:86:3e:ce:d9:52:16:e5:
         34:79:9e:e6:b6:2a:2e:a2:0a:fa:4f:cf:77:89:6a:15:27:ba:
         23:98:36:d1:11:72:b1:c8:eb:f1:d2:61:a1:18:27:ef:9a:31:
         b9:d2:da:bc:59:be:f3:60:c1:c1:57:2c:b9:d0:26:ed:93:0e:
         cd:6e:31:e2:2d:40:04:d1:bf:35:9a:a4:ff:26:88:fd:fc:cd:
         e0:b4:c0:9c:47:c2:05:59:be:31:60:ff:52:eb:28:60:1f:83:
         73:5d:ac:2c:c7:d5:b7:d6:16:51:28:f1:47:e7:1b:00:81:30:
         aa:d1:2d:d1:62:b2:fd:2a:f3:16:14:d2:1e:7c:18:36:04:97:
         35:c3:0b:ea:94:bb:b4:89:53:a8:3b:92:32:5b:27:b1:b2:dd:
         43:58:a2:a4:28:2b:4d:30:b9:a8:9f:7a:84:8e:97:76:42:e4:
         f0:fb:b2:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFARqDXM4Ph2XgHBdeDqYzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyZGM5YzIxOGI1MTBjMDdiYzY2NTliMDlmYmQzMmFmZTY4
YWJmZDIwHhcNMjQwMTAxMTIzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2M0MWEwZWQ4MDdmNTc5MDU4YjliY2YwM2M5NmJlZjNiNzNhZTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstsYZeybjQVoVTKsfy2Oqgoz1EbJ
rtq/qv1fY+emdgINfMRPMoxr80BimBM3h+hF02FKh4A/EvssO97xmQm2XX81RGPk
3tf1cQLyQjH9EAUMWBxLRitPnGvX8GmxrOKvSRNt8OqqiubyXU7FV8s7c9MviZ1I
rtPF0/a7Z8wZPegkU3enJws3QJgPW2QhD0tsp9WlqtiEnrjugplAaqhfW7ZfTmKS
3gZEttzsD3Xvo5Z9z17vgSLph/DNbPaweKK1nW/2aN1QTf4Upi4UeWvcKeAm5gSn
fAxd/Mbo3SicuW/i/ihiF/ZwreGnqC8hVIlA4D22mCYl/Q4EYZSZtJ+bPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBfEGg7YB/V5BYubzwPJa+87c64YMB8GA1UdIwQY
MBaAFFLcnCGLUQwHvGZZsJ+9Mq/mir/SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXR5Y0lZdFJEQWU4Wmxtd243MHlyLWFLdjlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC80MDliN2UtMTI3NS00M2VkLWFmMGYt
NTJmOTdiMjc3ZDFmLzEvRjhRYUR0Z0g5WGtGaTV2UEE4bHI3enR6cmhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC80MDliN2UtMTI3NS00M2VkLWFmMGYtNTJmOTdiMjc3ZDFm
LzEvVXR5Y0lZdFJEQWU4Wmxtd243MHlyLWFLdjlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7+QMA0G
CSqGSIb3DQEBCwUAA4IBAQBgPLBhPndT2D3xuNrgwsesYmKQaAhSJZ8tHRdonswk
1+6XCqp9Kaia6VOaZ0wpnjmE2r5jv1zB7YP1NN/HuFe9EgnMn4wf7A6ZGZspr57A
coutJ4Y+ztlSFuU0eZ7mtiouogr6T893iWoVJ7ojmDbREXKxyOvx0mGhGCfvmjG5
0tq8Wb7zYMHBVyy50Cbtkw7NbjHiLUAE0b81mqT/Joj9/M3gtMCcR8IFWb4xYP9S
6yhgH4NzXawsx9W31hZRKPFH5xsAgTCq0S3RYrL9KvMWFNIefBg2BJc1wwvqlLu0
iVOoO5IyWyexst1DWKKkKCtNMLmon3qEjpd2QuTw+7KU
-----END CERTIFICATE-----