Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/f53da4-02e8-48f4-80b3-3a1595fc86ef/1/n4MwGtztoVDatiBkB_Vhs206CdI.roa
File:                     n4MwGtztoVDatiBkB_Vhs206CdI.roa (raw, json)
Hash identifier:          LUYQxNvcTqubF002CqmWfwoXjEzxxdTGccJ7vPTkyQw=
Subject key identifier:   9F:83:30:1A:DC:ED:A1:50:DA:B6:20:64:07:F5:61:B3:6D:3A:09:D2
Certificate issuer:       /CN=28ab22fb2da473c5426bfcc1f880861004017087
Certificate serial:       018CC79571570AE0D1356B7E28A95296C9D3
Authority key identifier: 28:AB:22:FB:2D:A4:73:C5:42:6B:FC:C1:F8:80:86:10:04:01:70:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KKsi-y2kc8VCa_zB-ICGEAQBcIc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/f53da4-02e8-48f4-80b3-3a1595fc86ef/1/n4MwGtztoVDatiBkB_Vhs206CdI.roa
Signing time:             Tue 02 Jan 2024 00:31:48 +0000
ROA not before:           Tue 02 Jan 2024 00:31:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        195.85.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/f53da4-02e8-48f4-80b3-3a1595fc86ef/1/KKsi-y2kc8VCa_zB-ICGEAQBcIc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/f53da4-02e8-48f4-80b3-3a1595fc86ef/1/KKsi-y2kc8VCa_zB-ICGEAQBcIc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KKsi-y2kc8VCa_zB-ICGEAQBcIc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:71:57:0a:e0:d1:35:6b:7e:28:a9:52:96:c9:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28ab22fb2da473c5426bfcc1f880861004017087
        Validity
            Not Before: Jan  2 00:31:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f83301adceda150dab6206407f561b36d3a09d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:74:a2:75:86:33:62:15:b6:67:7e:96:e1:32:
                    4f:69:73:e5:f4:66:7f:d6:91:77:ad:f1:99:2a:78:
                    62:dd:89:bd:29:07:25:d6:3d:e4:10:5c:71:2b:34:
                    be:86:72:ce:72:15:cc:a9:ad:60:07:df:6a:44:d9:
                    aa:f0:66:75:ea:0b:4b:58:09:7f:2c:9e:e1:b9:86:
                    a9:69:10:a8:94:bd:14:ac:72:d5:a6:ab:6d:43:fa:
                    cb:aa:96:c6:64:ca:34:30:28:57:79:45:3c:d3:5a:
                    19:e6:a3:a8:68:c1:0a:f6:90:a8:08:b9:6c:62:64:
                    7f:c9:63:4c:5f:98:85:20:40:8b:13:58:ce:1f:d9:
                    7e:05:c8:4c:f7:9f:e5:9a:4e:c6:8a:b7:d6:3a:6f:
                    77:b0:8e:18:73:96:b6:5c:f3:15:ee:ab:17:15:f1:
                    54:bf:d0:b5:c3:7d:8e:35:87:f9:5f:93:70:5a:4e:
                    96:3e:e8:d2:b9:5d:da:44:ee:fc:3d:1a:2e:1d:35:
                    65:81:04:2b:44:bc:11:30:09:25:49:14:73:db:fd:
                    b4:bc:6d:f1:d3:75:ac:1f:62:49:5c:ed:40:45:3d:
                    d6:fe:0e:65:6f:68:a8:2b:88:63:c2:37:c3:4a:96:
                    9a:bc:0c:83:71:df:f4:02:a0:d4:02:6f:41:85:b2:
                    4c:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:83:30:1A:DC:ED:A1:50:DA:B6:20:64:07:F5:61:B3:6D:3A:09:D2
            X509v3 Authority Key Identifier:
                keyid:28:AB:22:FB:2D:A4:73:C5:42:6B:FC:C1:F8:80:86:10:04:01:70:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KKsi-y2kc8VCa_zB-ICGEAQBcIc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f53da4-02e8-48f4-80b3-3a1595fc86ef/1/n4MwGtztoVDatiBkB_Vhs206CdI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f53da4-02e8-48f4-80b3-3a1595fc86ef/1/KKsi-y2kc8VCa_zB-ICGEAQBcIc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.85.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:71:79:cb:21:13:01:bc:68:ef:1f:da:ef:3f:96:5f:e6:94:
         72:b4:66:e4:67:14:97:27:35:22:4f:9e:1e:80:62:7f:5a:64:
         74:39:78:8e:ef:f2:a8:0a:99:12:10:44:57:be:35:0f:7d:ad:
         c0:ff:5c:78:81:3c:a9:92:f8:ea:83:2c:04:eb:b8:da:64:a1:
         6a:63:ec:4f:69:ea:c5:5b:99:ee:61:55:5b:9d:89:d7:bf:7b:
         bc:e7:29:b9:e3:91:63:0a:d4:89:0f:b0:ac:40:d5:4d:b0:49:
         92:3b:ce:cb:25:53:cd:87:66:97:66:f1:0d:cd:97:ff:d3:10:
         04:2a:cf:a6:ee:7f:46:1f:4a:cc:75:72:0e:98:bf:ed:e8:f8:
         c0:5b:b3:c1:02:c9:b8:c2:19:96:1b:27:e8:42:ae:24:fd:75:
         40:58:d8:bf:27:fc:52:22:b8:94:68:92:ba:f8:e4:78:28:02:
         73:1e:cc:bd:47:04:8c:c9:7c:81:70:dc:e7:e4:4c:a0:1c:93:
         28:7a:b1:e7:83:58:61:2c:07:b3:2e:7b:19:ee:9c:3d:34:6a:
         9a:d6:e9:e7:d2:0f:db:f1:dc:c9:44:41:3a:7c:01:ae:f6:bb:
         91:6f:ca:47:2c:0b:37:89:01:44:14:69:4e:05:da:cd:c1:a3:
         7c:3d:50:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlXFXCuDRNWt+KKlSlsnTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4YWIyMmZiMmRhNDczYzU0MjZiZmNjMWY4ODA4NjEwMDQw
MTcwODcwHhcNMjQwMTAyMDAzMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjgzMzAxYWRjZWRhMTUwZGFiNjIwNjQwN2Y1NjFiMzZkM2EwOWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiHSidYYzYhW2Z36W4TJPaXPl9GZ/
1pF3rfGZKnhi3Ym9KQcl1j3kEFxxKzS+hnLOchXMqa1gB99qRNmq8GZ16gtLWAl/
LJ7huYapaRColL0UrHLVpqttQ/rLqpbGZMo0MChXeUU801oZ5qOoaMEK9pCoCLls
YmR/yWNMX5iFIECLE1jOH9l+BchM95/lmk7GirfWOm93sI4Yc5a2XPMV7qsXFfFU
v9C1w32ONYf5X5NwWk6WPujSuV3aRO78PRouHTVlgQQrRLwRMAklSRRz2/20vG3x
03WsH2JJXO1ART3W/g5lb2ioK4hjwjfDSpaavAyDcd/0AqDUAm9BhbJMowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ+DMBrc7aFQ2rYgZAf1YbNtOgnSMB8GA1UdIwQY
MBaAFCirIvstpHPFQmv8wfiAhhAEAXCHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0tzaS15MmtjOFZDYV96Qi1JQ0dFQVFCY0ljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9mNTNkYTQtMDJlOC00OGY0LTgwYjMt
M2ExNTk1ZmM4NmVmLzEvbjRNd0d0enRvVkRhdGlCa0JfVmhzMjA2Q2RJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9mNTNkYTQtMDJlOC00OGY0LTgwYjMtM2ExNTk1ZmM4NmVm
LzEvS0tzaS15MmtjOFZDYV96Qi1JQ0dFQVFCY0ljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1UMMA0G
CSqGSIb3DQEBCwUAA4IBAQBvcXnLIRMBvGjvH9rvP5Zf5pRytGbkZxSXJzUiT54e
gGJ/WmR0OXiO7/KoCpkSEERXvjUPfa3A/1x4gTypkvjqgywE67jaZKFqY+xPaerF
W5nuYVVbnYnXv3u85ym545FjCtSJD7CsQNVNsEmSO87LJVPNh2aXZvENzZf/0xAE
Ks+m7n9GH0rMdXIOmL/t6PjAW7PBAsm4whmWGyfoQq4k/XVAWNi/J/xSIriUaJK6
+OR4KAJzHsy9RwSMyXyBcNzn5EygHJMoerHng1hhLAezLnsZ7pw9NGqa1unn0g/b
8dzJREE6fAGu9ruRb8pHLAs3iQFEFGlOBdrNwaN8PVA2
-----END CERTIFICATE-----