Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/a3fbf8-45a7-49c2-a4b8-8e1514ccaa4a/1/1-CkwHWEmMBU63E9I-IjrIAjWEAI.roa
File:                     1-CkwHWEmMBU63E9I-IjrIAjWEAI.roa (raw, json)
Hash identifier:          Gjnn4wUFa/m46lY2BQ3lxeIczB/aFTLH4zrOMulGIbM=
Subject key identifier:   F8:29:30:1D:61:26:30:15:3A:DC:4F:48:F8:88:EB:20:08:D6:10:02
Certificate issuer:       /CN=ad054036dad32d17a8c916dc2dfbb3ce8a36452c
Certificate serial:       018CC26D06C3C56FFD90A1BB258AC351F1CB
Authority key identifier: AD:05:40:36:DA:D3:2D:17:A8:C9:16:DC:2D:FB:B3:CE:8A:36:45:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rQVANtrTLReoyRbcLfuzzoo2RSw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/a3fbf8-45a7-49c2-a4b8-8e1514ccaa4a/1/1-CkwHWEmMBU63E9I-IjrIAjWEAI.roa
Signing time:             Mon 01 Jan 2024 00:29:34 +0000
ROA not before:           Mon 01 Jan 2024 00:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13278
IP address blocks:        195.234.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/a3fbf8-45a7-49c2-a4b8-8e1514ccaa4a/1/rQVANtrTLReoyRbcLfuzzoo2RSw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/a3fbf8-45a7-49c2-a4b8-8e1514ccaa4a/1/rQVANtrTLReoyRbcLfuzzoo2RSw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rQVANtrTLReoyRbcLfuzzoo2RSw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:06:c3:c5:6f:fd:90:a1:bb:25:8a:c3:51:f1:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad054036dad32d17a8c916dc2dfbb3ce8a36452c
        Validity
            Not Before: Jan  1 00:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f829301d612630153adc4f48f888eb2008d61002
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:cc:d8:b4:6f:f9:11:1f:f0:b0:6c:98:cc:b1:
                    8e:35:78:d8:22:e7:79:f7:f2:8b:68:f3:c3:04:55:
                    b0:36:fc:aa:50:ae:6a:0f:ad:b3:f5:2e:82:bc:a7:
                    0e:74:9d:25:25:43:e8:b3:8f:5b:e5:9c:85:33:30:
                    a4:d8:d0:3f:4f:fd:95:09:8f:64:4c:9f:9f:82:0a:
                    a9:6f:57:04:27:8c:f1:84:a0:82:45:57:11:84:06:
                    ea:71:a5:19:74:ba:60:cb:8d:0b:8a:10:da:92:26:
                    fa:c9:f7:99:f1:2e:6a:82:a7:56:57:75:6c:28:61:
                    c3:51:63:57:01:69:f7:81:31:5f:4f:18:de:65:68:
                    73:dd:67:df:47:37:de:a5:b8:8f:1b:39:2a:44:65:
                    ae:99:ca:1c:64:9f:a1:a6:5f:e6:69:96:17:54:f7:
                    33:60:2f:27:e5:35:00:da:df:5d:44:74:73:30:73:
                    77:d4:ba:3d:6d:a4:ac:61:05:9e:8c:7d:a8:ea:0e:
                    6e:38:2e:ad:7e:2c:2d:de:b7:88:17:f6:a2:82:ed:
                    a4:eb:fd:f1:5e:6a:eb:fb:83:0d:67:49:6a:90:22:
                    68:05:16:ea:55:a2:b4:25:9c:b6:ba:b0:61:06:9b:
                    89:d8:2c:f0:f7:b7:15:65:7a:6d:6c:7d:fd:97:c8:
                    d3:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:29:30:1D:61:26:30:15:3A:DC:4F:48:F8:88:EB:20:08:D6:10:02
            X509v3 Authority Key Identifier:
                keyid:AD:05:40:36:DA:D3:2D:17:A8:C9:16:DC:2D:FB:B3:CE:8A:36:45:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rQVANtrTLReoyRbcLfuzzoo2RSw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/a3fbf8-45a7-49c2-a4b8-8e1514ccaa4a/1/1-CkwHWEmMBU63E9I-IjrIAjWEAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/a3fbf8-45a7-49c2-a4b8-8e1514ccaa4a/1/rQVANtrTLReoyRbcLfuzzoo2RSw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.234.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ce:1c:f0:11:6b:dc:f5:c6:93:1a:4c:d2:e5:2f:92:d8:f8:7b:
         eb:1f:3c:f6:21:a1:ed:3e:59:6b:fe:bf:c8:f1:68:f9:dc:55:
         64:98:b9:d0:62:f2:22:4e:04:2b:83:5d:79:36:e8:25:a8:1c:
         ea:6d:61:a5:6e:6b:33:b9:af:3b:1c:a2:ac:ea:c3:96:74:1e:
         dc:82:38:7d:13:b9:77:b9:fd:7a:72:b3:38:c3:b2:33:fe:da:
         65:22:97:73:df:25:6c:ba:7b:ff:32:2a:3e:7b:73:f6:2f:58:
         ae:01:d6:24:f9:38:83:9c:29:8a:ee:d3:56:87:29:a3:45:b4:
         16:b3:8c:14:04:c8:d5:0b:74:27:b7:f7:51:24:ad:78:23:c1:
         7d:b0:bd:b2:ce:e3:a9:c2:01:81:12:9b:e2:99:a5:40:ea:6a:
         81:1a:5d:4b:da:b0:ca:8f:56:9a:e9:b3:ec:0a:ca:19:1b:f0:
         66:53:be:79:a9:5f:02:4b:bc:ba:95:03:36:cc:15:99:f5:bb:
         6e:0e:50:4e:d3:df:4d:26:a2:59:5e:2a:55:90:2f:eb:2d:da:
         03:60:38:b7:e0:b3:24:ec:6c:da:e6:d2:a2:b3:e1:51:dd:5f:
         3f:50:b9:f5:12:be:e0:0b:6e:94:6c:0e:d1:6b:13:47:13:40:
         7f:21:a2:5e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzCbQbDxW/9kKG7JYrDUfHLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMDU0MDM2ZGFkMzJkMTdhOGM5MTZkYzJkZmJiM2NlOGEz
NjQ1MmMwHhcNMjQwMTAxMDAyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODI5MzAxZDYxMjYzMDE1M2FkYzRmNDhmODg4ZWIyMDA4ZDYxMDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmczYtG/5ER/wsGyYzLGONXjYIud5
9/KLaPPDBFWwNvyqUK5qD62z9S6CvKcOdJ0lJUPos49b5ZyFMzCk2NA/T/2VCY9k
TJ+fggqpb1cEJ4zxhKCCRVcRhAbqcaUZdLpgy40LihDakib6yfeZ8S5qgqdWV3Vs
KGHDUWNXAWn3gTFfTxjeZWhz3WffRzfepbiPGzkqRGWumcocZJ+hpl/maZYXVPcz
YC8n5TUA2t9dRHRzMHN31Lo9baSsYQWejH2o6g5uOC6tfiwt3reIF/aigu2k6/3x
Xmrr+4MNZ0lqkCJoBRbqVaK0JZy2urBhBpuJ2Czw97cVZXptbH39l8jTVwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPgpMB1hJjAVOtxPSPiI6yAI1hACMB8GA1UdIwQY
MBaAFK0FQDba0y0XqMkW3C37s86KNkUsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclFWQU50clRMUmVveVJiY0xmdXp6b28yUlN3LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9hM2ZiZjgtNDVhNy00OWMyLWE0Yjgt
OGUxNTE0Y2NhYTRhLzEvMS1Da3dIV0VtTUJVNjNFOUktSWpySUFqV0VBSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjAvYTNmYmY4LTQ1YTctNDljMi1hNGI4LThlMTUxNGNjYWE0
YS8xL3JRVkFOdHJUTFJlb3lSYmNMZnV6em9vMlJTdy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMPqpTAN
BgkqhkiG9w0BAQsFAAOCAQEAzhzwEWvc9caTGkzS5S+S2Ph76x889iGh7T5Za/6/
yPFo+dxVZJi50GLyIk4EK4NdeTboJagc6m1hpW5rM7mvOxyirOrDlnQe3II4fRO5
d7n9enKzOMOyM/7aZSKXc98lbLp7/zIqPntz9i9YrgHWJPk4g5wpiu7TVocpo0W0
FrOMFATI1Qt0J7f3USSteCPBfbC9ss7jqcIBgRKb4pmlQOpqgRpdS9qwyo9Wmumz
7ArKGRvwZlO+ealfAku8upUDNswVmfW7bg5QTtPfTSaiWV4qVZAv6y3aA2A4t+Cz
JOxs2ubSorPhUd1fP1C59RK+4AtulGwO0WsTRxNAfyGiXg==
-----END CERTIFICATE-----