Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/93804e-b1f2-4034-9b26-3cef8a8d6ea1/1/jQ7i8xOPOygwLdhB_Cs-EVJK7-U.roa
File:                     jQ7i8xOPOygwLdhB_Cs-EVJK7-U.roa (raw, json)
Hash identifier:          7X7HxxrXSlyFcrRy2hHx5Fkzm5/DzxHteeqg3/apAyQ=
Subject key identifier:   8D:0E:E2:F3:13:8F:3B:28:30:2D:D8:41:FC:2B:3E:11:52:4A:EF:E5
Certificate issuer:       /CN=af2acebc761caf37656dbd7153c00499fb737777
Certificate serial:       018CCA9974D3C6C86854B6F991AA3D5BA2EE
Authority key identifier: AF:2A:CE:BC:76:1C:AF:37:65:6D:BD:71:53:C0:04:99:FB:73:77:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ryrOvHYcrzdlbb1xU8AEmftzd3c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/93804e-b1f2-4034-9b26-3cef8a8d6ea1/1/jQ7i8xOPOygwLdhB_Cs-EVJK7-U.roa
Signing time:             Tue 02 Jan 2024 14:35:03 +0000
ROA not before:           Tue 02 Jan 2024 14:35:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60631
IP address blocks:        195.177.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/93804e-b1f2-4034-9b26-3cef8a8d6ea1/1/ryrOvHYcrzdlbb1xU8AEmftzd3c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/93804e-b1f2-4034-9b26-3cef8a8d6ea1/1/ryrOvHYcrzdlbb1xU8AEmftzd3c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ryrOvHYcrzdlbb1xU8AEmftzd3c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 07:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:74:d3:c6:c8:68:54:b6:f9:91:aa:3d:5b:a2:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af2acebc761caf37656dbd7153c00499fb737777
        Validity
            Not Before: Jan  2 14:35:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d0ee2f3138f3b28302dd841fc2b3e11524aefe5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:20:6e:d3:66:04:8a:b4:8f:6d:c1:bf:44:bd:
                    ee:54:13:33:f4:c5:9f:89:41:cc:fd:1d:06:c9:a5:
                    6d:5b:b7:a8:c8:9b:01:92:92:f5:e0:d9:c4:d7:de:
                    fe:a9:ae:b0:be:e7:c3:a6:54:a1:9a:69:55:15:de:
                    b2:d6:58:85:66:01:4b:50:3a:ce:db:d6:d5:43:7e:
                    16:44:5f:5c:3e:38:ee:88:1c:2b:56:b9:1b:8f:7e:
                    40:13:f6:f4:1c:3d:fa:43:c0:95:f3:a5:0b:89:cf:
                    6d:aa:8a:73:39:d0:6a:1b:bf:b4:e5:de:db:4c:10:
                    98:70:6c:b2:d4:c0:bc:32:c6:0d:b0:0e:3a:64:fd:
                    dc:eb:5e:d1:71:e0:94:04:ca:da:ec:eb:23:b6:35:
                    7d:55:2a:6a:e1:80:e5:ad:c8:17:40:03:a5:25:c3:
                    ea:b8:36:00:e3:51:d9:7e:39:34:c6:10:73:82:4a:
                    6e:82:df:11:f6:94:d5:ef:98:9c:a0:bc:99:ff:46:
                    12:ca:e0:3e:25:60:bc:d0:be:9f:0e:fc:b2:62:e8:
                    37:ed:f5:23:e9:32:c7:89:70:d8:de:3c:4d:df:c6:
                    e1:08:fa:eb:a6:6b:73:ac:14:ac:e4:6e:23:be:ca:
                    a3:cc:3c:6c:96:79:e7:64:b1:da:7a:5c:b0:f6:e0:
                    60:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:0E:E2:F3:13:8F:3B:28:30:2D:D8:41:FC:2B:3E:11:52:4A:EF:E5
            X509v3 Authority Key Identifier:
                keyid:AF:2A:CE:BC:76:1C:AF:37:65:6D:BD:71:53:C0:04:99:FB:73:77:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ryrOvHYcrzdlbb1xU8AEmftzd3c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/93804e-b1f2-4034-9b26-3cef8a8d6ea1/1/jQ7i8xOPOygwLdhB_Cs-EVJK7-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/93804e-b1f2-4034-9b26-3cef8a8d6ea1/1/ryrOvHYcrzdlbb1xU8AEmftzd3c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.177.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:d6:14:eb:ab:49:4b:70:93:29:69:58:59:fc:51:da:9d:2f:
         8e:32:d1:bb:1b:f1:df:00:62:14:1a:6b:70:d8:0b:06:4d:bf:
         16:02:e1:9e:00:bc:29:a5:12:d1:02:61:b3:2f:52:6f:d9:ed:
         06:b4:42:42:a6:a3:31:57:03:86:32:d8:db:57:72:5a:d5:25:
         28:c7:6f:84:f5:18:ae:f1:20:75:ec:b4:44:6c:b5:14:2e:63:
         db:09:92:34:07:9c:9f:93:8f:73:9e:2c:67:33:79:d9:49:60:
         9e:4d:97:97:8c:88:bb:5f:09:ce:ef:87:01:e1:24:fd:18:cd:
         2c:20:8c:f0:ac:fe:e1:f0:dc:93:5f:39:b1:6a:94:10:eb:09:
         b5:05:86:0a:79:ed:9b:de:7c:7d:31:46:e3:78:2f:06:cd:1b:
         2b:7a:c5:4b:99:4a:20:72:e2:4b:7b:8d:25:81:2a:e6:3a:72:
         b0:45:df:69:f1:30:8b:4f:d2:59:96:9a:e1:8e:02:1f:b5:8f:
         06:64:af:87:81:85:25:d3:db:32:c1:98:3b:c6:4b:ec:b2:b3:
         44:32:0e:09:fe:96:fe:b4:f3:d1:59:ee:68:ff:11:c0:3c:fd:
         f6:72:b9:6d:5f:6e:3b:67:6b:30:3b:aa:c1:3f:4a:38:6c:21:
         07:b2:e2:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmXTTxshoVLb5kao9W6LuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMmFjZWJjNzYxY2FmMzc2NTZkYmQ3MTUzYzAwNDk5ZmI3
Mzc3NzcwHhcNMjQwMTAyMTQzNTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDBlZTJmMzEzOGYzYjI4MzAyZGQ4NDFmYzJiM2UxMTUyNGFlZmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSBu02YEirSPbcG/RL3uVBMz9MWf
iUHM/R0GyaVtW7eoyJsBkpL14NnE197+qa6wvufDplShmmlVFd6y1liFZgFLUDrO
29bVQ34WRF9cPjjuiBwrVrkbj35AE/b0HD36Q8CV86ULic9tqopzOdBqG7+05d7b
TBCYcGyy1MC8MsYNsA46ZP3c617RceCUBMra7OsjtjV9VSpq4YDlrcgXQAOlJcPq
uDYA41HZfjk0xhBzgkpugt8R9pTV75icoLyZ/0YSyuA+JWC80L6fDvyyYug37fUj
6TLHiXDY3jxN38bhCPrrpmtzrBSs5G4jvsqjzDxslnnnZLHaelyw9uBgMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI0O4vMTjzsoMC3YQfwrPhFSSu/lMB8GA1UdIwQY
MBaAFK8qzrx2HK83ZW29cVPABJn7c3d3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnlyT3ZIWWNyemRsYmIxeFU4QUVtZnR6ZDNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi85MzgwNGUtYjFmMi00MDM0LTliMjYt
M2NlZjhhOGQ2ZWExLzEvalE3aTh4T1BPeWd3TGRoQl9Dcy1FVkpLNy1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi85MzgwNGUtYjFmMi00MDM0LTliMjYtM2NlZjhhOGQ2ZWEx
LzEvcnlyT3ZIWWNyemRsYmIxeFU4QUVtZnR6ZDNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7H/MA0G
CSqGSIb3DQEBCwUAA4IBAQB71hTrq0lLcJMpaVhZ/FHanS+OMtG7G/HfAGIUGmtw
2AsGTb8WAuGeALwppRLRAmGzL1Jv2e0GtEJCpqMxVwOGMtjbV3Ja1SUox2+E9Riu
8SB17LREbLUULmPbCZI0B5yfk49znixnM3nZSWCeTZeXjIi7XwnO74cB4ST9GM0s
IIzwrP7h8NyTXzmxapQQ6wm1BYYKee2b3nx9MUbjeC8GzRsresVLmUogcuJLe40l
gSrmOnKwRd9p8TCLT9JZlprhjgIftY8GZK+HgYUl09sywZg7xkvssrNEMg4J/pb+
tPPRWe5o/xHAPP32crltX247Z2swO6rBP0o4bCEHsuKx
-----END CERTIFICATE-----