Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/P6wovKJ4HsIFeyW9yX4-rJo9t24.roa
File:                     P6wovKJ4HsIFeyW9yX4-rJo9t24.roa (raw, json)
Hash identifier:          vbWytlAXub0qbj8J0dOT08uTe/PxZEK+8YMLhE0S0vo=
Subject key identifier:   3F:AC:28:BC:A2:78:1E:C2:05:7B:25:BD:C9:7E:3E:AC:9A:3D:B7:6E
Certificate issuer:       /CN=4dd1b2587490ad061cb207176bdeec81a531588c
Certificate serial:       018CC86F23021F3D7F234ECC4A2697DBEFA4
Authority key identifier: 4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/P6wovKJ4HsIFeyW9yX4-rJo9t24.roa
Signing time:             Tue 02 Jan 2024 04:29:35 +0000
ROA not before:           Tue 02 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42298
IP address blocks:        195.219.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 14:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:23:02:1f:3d:7f:23:4e:cc:4a:26:97:db:ef:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd1b2587490ad061cb207176bdeec81a531588c
        Validity
            Not Before: Jan  2 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3fac28bca2781ec2057b25bdc97e3eac9a3db76e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:63:db:7d:21:36:2a:08:3e:fe:dc:68:2b:32:
                    23:cc:e8:f5:db:51:81:e1:5b:3f:d8:7e:40:95:30:
                    0d:4f:47:09:47:b9:0c:4b:1e:54:31:76:39:86:dd:
                    32:44:28:b8:f0:06:b2:56:bf:0b:b5:82:e7:f9:16:
                    e4:6d:e7:3d:7d:7a:3a:0d:c5:69:cd:3f:99:5b:95:
                    a5:2e:e2:99:72:b7:7d:69:05:79:da:09:c7:cf:e8:
                    c5:7c:27:83:e8:ee:b6:6e:ca:d2:b2:b7:23:9f:fc:
                    1f:4d:d7:d6:c7:d9:b6:ce:cd:1b:c0:91:dc:23:88:
                    ae:a7:13:a4:c1:57:c6:36:d9:20:16:b1:4b:08:e1:
                    57:95:82:af:a8:73:f8:eb:09:3d:1c:76:83:83:6d:
                    1a:0c:e6:6e:7b:91:10:6a:ed:40:11:06:fb:66:ba:
                    89:27:78:04:8f:59:03:51:09:2d:c7:6e:b2:05:ef:
                    66:3b:a6:0e:aa:f0:65:33:83:41:24:86:f1:1d:6f:
                    ef:8e:92:d0:83:ef:92:72:c0:5b:39:d2:db:8c:bb:
                    14:10:bd:e6:56:90:5b:a7:80:aa:63:fd:58:59:77:
                    ba:bb:30:1d:7c:b1:c6:2d:1d:71:2b:24:95:0a:b5:
                    fa:55:2d:a9:fd:19:d1:a1:52:db:1c:6e:23:0f:00:
                    b4:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:AC:28:BC:A2:78:1E:C2:05:7B:25:BD:C9:7E:3E:AC:9A:3D:B7:6E
            X509v3 Authority Key Identifier:
                keyid:4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/P6wovKJ4HsIFeyW9yX4-rJo9t24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.219.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:38:b2:ba:b9:49:2a:be:0b:d6:59:2d:ec:b2:01:94:fd:4c:
         6c:2f:0f:0b:5a:03:3b:f9:cf:29:f4:af:aa:86:b4:33:4d:aa:
         b4:ad:8c:6b:78:e0:99:d1:4c:df:09:57:88:e7:f6:c9:9d:6c:
         9e:31:e6:c1:f3:1c:a3:c3:97:90:f5:4c:71:86:da:58:86:1c:
         53:c6:2a:20:b4:91:ad:b3:78:95:9d:e9:cc:ed:07:ce:e9:57:
         ee:28:29:b1:37:87:35:ce:61:8a:6d:75:d3:6b:78:fb:5f:91:
         ca:b5:e7:8e:67:ca:39:51:98:9c:31:99:ce:a7:28:c0:48:71:
         42:76:ed:d2:fc:4e:ac:eb:b5:67:55:4a:b6:73:a2:0d:c7:d0:
         66:98:9a:10:46:70:85:90:5a:58:06:fa:fb:71:cd:3a:c0:fb:
         c9:1f:0c:ba:ad:8c:11:9e:c1:7f:44:fd:21:74:cf:89:90:40:
         ef:b9:83:dd:2e:38:ed:cf:61:00:a6:93:47:ac:71:fe:cd:05:
         64:32:cb:23:58:95:f3:1f:cd:a2:df:17:59:b0:3d:46:f9:b3:
         77:f1:0f:96:a9:dd:83:bb:ac:5a:4c:a2:d4:fa:e6:76:07:ce:
         98:90:3d:ef:c2:a4:06:73:c0:94:85:f9:1e:ce:40:71:4f:eb:
         4a:d0:8a:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbyMCHz1/I07MSiaX2++kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDFiMjU4NzQ5MGFkMDYxY2IyMDcxNzZiZGVlYzgxYTUz
MTU4OGMwHhcNMjQwMTAyMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmFjMjhiY2EyNzgxZWMyMDU3YjI1YmRjOTdlM2VhYzlhM2RiNzZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg2PbfSE2Kgg+/txoKzIjzOj121GB
4Vs/2H5AlTANT0cJR7kMSx5UMXY5ht0yRCi48AayVr8LtYLn+Rbkbec9fXo6DcVp
zT+ZW5WlLuKZcrd9aQV52gnHz+jFfCeD6O62bsrSsrcjn/wfTdfWx9m2zs0bwJHc
I4iupxOkwVfGNtkgFrFLCOFXlYKvqHP46wk9HHaDg20aDOZue5EQau1AEQb7ZrqJ
J3gEj1kDUQktx26yBe9mO6YOqvBlM4NBJIbxHW/vjpLQg++ScsBbOdLbjLsUEL3m
VpBbp4CqY/1YWXe6uzAdfLHGLR1xKySVCrX6VS2p/RnRoVLbHG4jDwC0ywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD+sKLyieB7CBXslvcl+PqyaPbduMB8GA1UdIwQY
MBaAFE3Rslh0kK0GHLIHF2ve7IGlMViMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUt
ZGI0NjNjNWZiMGI0LzEvUDZ3b3ZLSjRIc0lGZXlXOXlYNC1ySm85dDI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUtZGI0NjNjNWZiMGI0
LzEvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9sqMA0G
CSqGSIb3DQEBCwUAA4IBAQC+OLK6uUkqvgvWWS3ssgGU/UxsLw8LWgM7+c8p9K+q
hrQzTaq0rYxreOCZ0UzfCVeI5/bJnWyeMebB8xyjw5eQ9UxxhtpYhhxTxiogtJGt
s3iVnenM7QfO6VfuKCmxN4c1zmGKbXXTa3j7X5HKteeOZ8o5UZicMZnOpyjASHFC
du3S/E6s67VnVUq2c6INx9BmmJoQRnCFkFpYBvr7cc06wPvJHwy6rYwRnsF/RP0h
dM+JkEDvuYPdLjjtz2EAppNHrHH+zQVkMssjWJXzH82i3xdZsD1G+bN38Q+Wqd2D
u6xaTKLU+uZ2B86YkD3vwqQGc8CUhfkezkBxT+tK0Irm
-----END CERTIFICATE-----