Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/b8bd3b-0026-4d56-bb25-6a5c9c0d91e9/1/Rdz2IeDR8FRdh_3nl3km5Lnv8js.roa
File:                     Rdz2IeDR8FRdh_3nl3km5Lnv8js.roa (raw, json)
Hash identifier:          HJzZAlGXurpN/qQchiNfOe20MpWjwwZnoAEYG5je414=
Subject key identifier:   45:DC:F6:21:E0:D1:F0:54:5D:87:FD:E7:97:79:26:E4:B9:EF:F2:3B
Certificate issuer:       /CN=283648aff886185ffce3626f090f119a3e4ede35
Certificate serial:       018CC26D6712B041D0A4BC369704C34FA767
Authority key identifier: 28:36:48:AF:F8:86:18:5F:FC:E3:62:6F:09:0F:11:9A:3E:4E:DE:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KDZIr_iGGF_842JvCQ8Rmj5O3jU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/b8bd3b-0026-4d56-bb25-6a5c9c0d91e9/1/Rdz2IeDR8FRdh_3nl3km5Lnv8js.roa
Signing time:             Mon 01 Jan 2024 00:29:58 +0000
ROA not before:           Mon 01 Jan 2024 00:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25365
IP address blocks:        195.190.136.0/24 maxlen: 24
                          2001:67c:2f24::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/b8bd3b-0026-4d56-bb25-6a5c9c0d91e9/1/KDZIr_iGGF_842JvCQ8Rmj5O3jU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/b8bd3b-0026-4d56-bb25-6a5c9c0d91e9/1/KDZIr_iGGF_842JvCQ8Rmj5O3jU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KDZIr_iGGF_842JvCQ8Rmj5O3jU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:67:12:b0:41:d0:a4:bc:36:97:04:c3:4f:a7:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=283648aff886185ffce3626f090f119a3e4ede35
        Validity
            Not Before: Jan  1 00:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45dcf621e0d1f0545d87fde7977926e4b9eff23b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:b4:3a:37:86:01:b4:2c:fd:f6:74:8b:b1:99:
                    ab:7a:11:44:0f:6e:9f:99:79:8c:e1:4f:db:10:d5:
                    c5:fd:5c:86:e0:91:ca:58:ed:16:28:5f:13:f0:47:
                    4f:78:c8:e4:8f:63:d6:6e:95:88:60:ac:3b:81:d5:
                    bf:aa:a8:bd:dc:4a:60:5b:b4:09:5e:1c:bc:55:a4:
                    5d:db:8a:6d:64:88:61:20:c4:46:10:51:ea:4c:ed:
                    6d:3f:a1:b5:ce:70:0a:a3:f2:31:64:bc:fb:36:82:
                    d7:d0:9b:11:a5:02:14:94:e6:2b:da:6b:31:b9:b8:
                    bf:15:b2:53:9e:2f:05:e8:21:df:9a:58:7a:57:3e:
                    34:d2:fb:ce:8b:84:a1:66:d1:9e:c4:e3:cc:26:f4:
                    d3:c8:09:22:d4:b3:0d:fa:9c:f8:e5:10:d8:84:2b:
                    5a:0d:75:24:db:33:6c:8b:e0:83:31:c1:6f:47:18:
                    ee:4c:83:21:5d:ed:93:da:cd:b0:0b:4b:ba:e0:2c:
                    2b:4c:11:05:36:da:33:56:97:68:5b:8b:e3:9f:95:
                    b4:b6:75:08:08:e3:5d:d9:0f:13:b7:0b:6c:6e:65:
                    12:14:0f:a9:62:8d:be:ac:df:ac:c6:d8:f3:ed:d9:
                    f1:c6:34:04:ac:14:55:8d:1d:fe:31:cf:17:2c:1d:
                    b2:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:DC:F6:21:E0:D1:F0:54:5D:87:FD:E7:97:79:26:E4:B9:EF:F2:3B
            X509v3 Authority Key Identifier:
                keyid:28:36:48:AF:F8:86:18:5F:FC:E3:62:6F:09:0F:11:9A:3E:4E:DE:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KDZIr_iGGF_842JvCQ8Rmj5O3jU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/b8bd3b-0026-4d56-bb25-6a5c9c0d91e9/1/Rdz2IeDR8FRdh_3nl3km5Lnv8js.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/b8bd3b-0026-4d56-bb25-6a5c9c0d91e9/1/KDZIr_iGGF_842JvCQ8Rmj5O3jU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.190.136.0/24
                IPv6:
                  2001:67c:2f24::/48

    Signature Algorithm: sha256WithRSAEncryption
         17:f6:36:e0:fc:68:1a:85:b3:e4:df:4f:14:1c:b5:fa:01:91:
         7e:69:5d:49:f3:fd:df:38:d6:1b:82:d2:fb:c2:55:f5:36:db:
         12:64:97:5a:2e:c4:4b:62:e8:20:05:93:82:db:98:83:67:71:
         aa:5b:ec:4e:ff:62:a9:bb:8f:c6:52:5c:8c:03:7e:32:1c:f4:
         4a:2a:de:c4:c2:4f:01:3f:ca:69:f0:fe:b5:38:56:a3:4f:8d:
         28:ce:85:96:27:c2:75:74:7c:99:43:17:70:ad:48:15:c2:6d:
         42:7a:5e:df:d8:df:85:09:3b:ed:e9:f2:80:ca:36:93:b2:bf:
         2a:0e:5f:b1:12:04:f1:81:ac:89:b3:d4:2a:b5:fc:bf:c7:73:
         00:06:44:6f:6a:ed:32:16:74:73:4d:58:74:82:92:5b:78:37:
         c1:7c:f4:33:7d:6f:7b:41:a9:69:54:55:b0:62:5f:8e:01:97:
         bc:25:6f:23:38:71:7d:e9:df:ee:93:d3:87:9e:7a:9d:87:e0:
         97:09:64:34:17:b4:2e:1d:86:37:cb:3c:c6:74:f5:57:2d:40:
         35:c3:43:0a:0f:cc:5f:c7:05:43:b1:e5:8e:39:0a:36:31:15:
         3e:0b:94:17:5d:ff:07:fb:f3:e1:71:da:ee:75:46:03:39:59:
         3f:bf:6e:e0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzCbWcSsEHQpLw2lwTDT6dnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MzY0OGFmZjg4NjE4NWZmY2UzNjI2ZjA5MGYxMTlhM2U0
ZWRlMzUwHhcNMjQwMTAxMDAyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWRjZjYyMWUwZDFmMDU0NWQ4N2ZkZTc5Nzc5MjZlNGI5ZWZmMjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmLQ6N4YBtCz99nSLsZmrehFED26f
mXmM4U/bENXF/VyG4JHKWO0WKF8T8EdPeMjkj2PWbpWIYKw7gdW/qqi93EpgW7QJ
Xhy8VaRd24ptZIhhIMRGEFHqTO1tP6G1znAKo/IxZLz7NoLX0JsRpQIUlOYr2msx
ubi/FbJTni8F6CHfmlh6Vz400vvOi4ShZtGexOPMJvTTyAki1LMN+pz45RDYhCta
DXUk2zNsi+CDMcFvRxjuTIMhXe2T2s2wC0u64CwrTBEFNtozVpdoW4vjn5W0tnUI
CONd2Q8TtwtsbmUSFA+pYo2+rN+sxtjz7dnxxjQErBRVjR3+Mc8XLB2ySwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEXc9iHg0fBUXYf955d5JuS57/I7MB8GA1UdIwQY
MBaAFCg2SK/4hhhf/ONibwkPEZo+Tt41MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0RaSXJfaUdHRl84NDJKdkNROFJtajVPM2pVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9iOGJkM2ItMDAyNi00ZDU2LWJiMjUt
NmE1YzljMGQ5MWU5LzEvUmR6MkllRFI4RlJkaF8zbmwza201TG52OGpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9iOGJkM2ItMDAyNi00ZDU2LWJiMjUtNmE1YzljMGQ5MWU5
LzEvS0RaSXJfaUdHRl84NDJKdkNROFJtajVPM2pVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAw76IMA8E
AgACMAkDBwAgAQZ8LyQwDQYJKoZIhvcNAQELBQADggEBABf2NuD8aBqFs+TfTxQc
tfoBkX5pXUnz/d841huC0vvCVfU22xJkl1ouxEti6CAFk4LbmINncapb7E7/Yqm7
j8ZSXIwDfjIc9Eoq3sTCTwE/ymnw/rU4VqNPjSjOhZYnwnV0fJlDF3CtSBXCbUJ6
Xt/Y34UJO+3p8oDKNpOyvyoOX7ESBPGBrImz1Cq1/L/HcwAGRG9q7TIWdHNNWHSC
klt4N8F89DN9b3tBqWlUVbBiX44Bl7wlbyM4cX3p3+6T04eeep2H4JcJZDQXtC4d
hjfLPMZ09VctQDXDQwoPzF/HBUOx5Y45CjYxFT4LlBdd/wf78+Fx2u51RgM5WT+/
buA=
-----END CERTIFICATE-----