Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/40a1e5-7d2a-48d6-a50e-f96fb4ea7e70/1/PipX-fEr0RLBb0-Q9kg46QNdhtI.roa
File:                     PipX-fEr0RLBb0-Q9kg46QNdhtI.roa (raw, json)
Hash identifier:          g85sHlOfJ11WZWV/SAxtKYMmuHv2b1TdmnlDwy0sqPk=
Subject key identifier:   3E:2A:57:F9:F1:2B:D1:12:C1:6F:4F:90:F6:48:38:E9:03:5D:86:D2
Certificate issuer:       /CN=2c75f35d256cc4a5b88319bb7e4bbba329e49341
Certificate serial:       018CC86F1F0995F3471AF128E8FDD673165B
Authority key identifier: 2C:75:F3:5D:25:6C:C4:A5:B8:83:19:BB:7E:4B:BB:A3:29:E4:93:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LHXzXSVsxKW4gxm7fku7oynkk0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/40a1e5-7d2a-48d6-a50e-f96fb4ea7e70/1/PipX-fEr0RLBb0-Q9kg46QNdhtI.roa
Signing time:             Tue 02 Jan 2024 04:29:34 +0000
ROA not before:           Tue 02 Jan 2024 04:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200044
IP address blocks:        195.22.123.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/40a1e5-7d2a-48d6-a50e-f96fb4ea7e70/1/LHXzXSVsxKW4gxm7fku7oynkk0E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/40a1e5-7d2a-48d6-a50e-f96fb4ea7e70/1/LHXzXSVsxKW4gxm7fku7oynkk0E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LHXzXSVsxKW4gxm7fku7oynkk0E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:1f:09:95:f3:47:1a:f1:28:e8:fd:d6:73:16:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c75f35d256cc4a5b88319bb7e4bbba329e49341
        Validity
            Not Before: Jan  2 04:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e2a57f9f12bd112c16f4f90f64838e9035d86d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:7f:c8:41:8c:d6:b5:ee:34:cc:42:74:c0:15:
                    e4:44:40:9e:42:31:01:a8:2a:e1:fa:11:07:45:80:
                    27:74:07:b6:bc:52:c0:d2:44:87:8c:a8:71:ce:f7:
                    1d:a2:56:36:45:1c:0c:01:8f:81:ac:06:8c:38:04:
                    6e:0d:1a:17:89:1d:14:d9:a4:85:9c:17:7b:e3:5d:
                    4c:fb:df:e7:2a:95:90:cb:a1:0e:03:2b:8c:46:45:
                    ce:63:27:e0:4b:cd:8c:64:28:90:01:9f:74:3d:25:
                    c2:ee:ed:b4:2d:12:03:f3:28:40:f8:59:76:dd:fd:
                    1d:90:bc:20:bc:22:47:b5:85:7d:06:95:47:04:d5:
                    5a:b6:12:d5:21:07:e9:2b:b8:ff:40:8a:6f:43:bf:
                    02:77:71:86:2a:a9:69:f6:9b:33:4f:af:29:cd:cc:
                    fa:f1:eb:63:9e:ed:b4:26:5e:24:6b:12:13:5d:e3:
                    0f:ab:45:9b:c2:3e:56:5d:02:de:8a:7a:b1:1b:62:
                    33:d5:fb:e4:0c:1e:21:cd:f3:5c:53:e7:43:97:e0:
                    ef:2f:15:92:dd:58:7c:ca:40:6d:f5:e3:3b:09:df:
                    76:0e:74:aa:90:54:3e:79:5d:11:e8:ab:94:16:ab:
                    11:6a:01:d3:c1:e3:df:a5:15:6c:b2:1c:f2:b7:b4:
                    88:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:2A:57:F9:F1:2B:D1:12:C1:6F:4F:90:F6:48:38:E9:03:5D:86:D2
            X509v3 Authority Key Identifier:
                keyid:2C:75:F3:5D:25:6C:C4:A5:B8:83:19:BB:7E:4B:BB:A3:29:E4:93:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LHXzXSVsxKW4gxm7fku7oynkk0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/40a1e5-7d2a-48d6-a50e-f96fb4ea7e70/1/PipX-fEr0RLBb0-Q9kg46QNdhtI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/40a1e5-7d2a-48d6-a50e-f96fb4ea7e70/1/LHXzXSVsxKW4gxm7fku7oynkk0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.22.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:d4:01:cf:a9:e5:0c:96:24:53:c2:38:dd:4e:f8:8e:93:32:
         b7:b0:2c:49:af:c1:c9:51:b9:79:ff:7e:b1:fd:e7:34:d3:9c:
         06:a5:0a:7a:91:bd:7f:cc:9c:77:27:b0:b2:97:a6:e6:02:4f:
         5c:c9:87:d2:ec:7b:fc:26:a9:0d:ed:94:14:89:30:75:c3:83:
         c0:7c:b2:f8:80:1c:1e:a7:c5:79:e1:22:52:51:d1:fe:a1:16:
         33:0e:d9:3f:79:2b:b8:88:60:ea:f4:d7:f4:f0:3a:ec:43:59:
         c5:cc:8c:b8:57:31:a9:50:c3:d9:0c:4f:54:e3:25:86:98:a5:
         5d:ab:df:9c:bf:fa:7e:d8:85:37:1e:34:61:e6:ec:fa:55:e0:
         fb:26:a2:9d:f0:e9:40:a7:19:90:a9:f6:07:45:45:b5:44:88:
         23:ce:b1:54:ec:a8:9a:3a:c9:2a:d4:80:a2:ee:ce:c4:e3:a0:
         19:a3:2c:bf:a9:e9:00:31:7b:89:96:70:54:48:cc:b8:02:6d:
         70:4d:b6:46:00:c0:f9:7d:b1:90:7d:8d:44:91:09:60:76:43:
         80:f0:fb:69:3f:02:46:5a:a6:51:a9:83:7f:cc:ac:16:10:df:
         c9:4e:ad:ed:61:06:d9:83:fa:0e:65:4d:0c:a8:28:d7:f6:9f:
         68:b1:15:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbx8JlfNHGvEo6P3WcxZbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjNzVmMzVkMjU2Y2M0YTViODgzMTliYjdlNGJiYmEzMjll
NDkzNDEwHhcNMjQwMTAyMDQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTJhNTdmOWYxMmJkMTEyYzE2ZjRmOTBmNjQ4MzhlOTAzNWQ4NmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3/IQYzWte40zEJ0wBXkRECeQjEB
qCrh+hEHRYAndAe2vFLA0kSHjKhxzvcdolY2RRwMAY+BrAaMOARuDRoXiR0U2aSF
nBd7411M+9/nKpWQy6EOAyuMRkXOYyfgS82MZCiQAZ90PSXC7u20LRID8yhA+Fl2
3f0dkLwgvCJHtYV9BpVHBNVathLVIQfpK7j/QIpvQ78Cd3GGKqlp9pszT68pzcz6
8etjnu20Jl4kaxITXeMPq0Wbwj5WXQLeinqxG2Iz1fvkDB4hzfNcU+dDl+DvLxWS
3Vh8ykBt9eM7Cd92DnSqkFQ+eV0R6KuUFqsRagHTwePfpRVsshzyt7SI7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD4qV/nxK9ESwW9PkPZIOOkDXYbSMB8GA1UdIwQY
MBaAFCx1810lbMSluIMZu35Lu6Mp5JNBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEhYelhTVnN4S1c0Z3htN2ZrdTdveW5razBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC80MGExZTUtN2QyYS00OGQ2LWE1MGUt
Zjk2ZmI0ZWE3ZTcwLzEvUGlwWC1mRXIwUkxCYjAtUTlrZzQ2UU5kaHRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC80MGExZTUtN2QyYS00OGQ2LWE1MGUtZjk2ZmI0ZWE3ZTcw
LzEvTEhYelhTVnN4S1c0Z3htN2ZrdTdveW5razBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxZ7MA0G
CSqGSIb3DQEBCwUAA4IBAQA/1AHPqeUMliRTwjjdTviOkzK3sCxJr8HJUbl5/36x
/ec005wGpQp6kb1/zJx3J7Cyl6bmAk9cyYfS7Hv8JqkN7ZQUiTB1w4PAfLL4gBwe
p8V54SJSUdH+oRYzDtk/eSu4iGDq9Nf08DrsQ1nFzIy4VzGpUMPZDE9U4yWGmKVd
q9+cv/p+2IU3HjRh5uz6VeD7JqKd8OlApxmQqfYHRUW1RIgjzrFU7KiaOskq1ICi
7s7E46AZoyy/qekAMXuJlnBUSMy4Am1wTbZGAMD5fbGQfY1EkQlgdkOA8PtpPwJG
WqZRqYN/zKwWEN/JTq3tYQbZg/oOZU0MqCjX9p9osRWy
-----END CERTIFICATE-----