Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/f7a560-8873-40ee-a7c5-2aadc5c3c57d/1/cpeWY9w0VhY8Jk_vHKWWr4pCsDM.roa
File:                     cpeWY9w0VhY8Jk_vHKWWr4pCsDM.roa (raw, json)
Hash identifier:          WZCwQ4H1KRrTJTS5HU63OafhdJPQc7+SvoDz7cOMSgw=
Subject key identifier:   72:97:96:63:DC:34:56:16:3C:26:4F:EF:1C:A5:96:AF:8A:42:B0:33
Certificate issuer:       /CN=b1859f3d2cd283e7db90f02fe1b0d4f615605947
Certificate serial:       018CC72724CC8E06C3B72A851CB8681BEBE4
Authority key identifier: B1:85:9F:3D:2C:D2:83:E7:DB:90:F0:2F:E1:B0:D4:F6:15:60:59:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sYWfPSzSg-fbkPAv4bDU9hVgWUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/f7a560-8873-40ee-a7c5-2aadc5c3c57d/1/cpeWY9w0VhY8Jk_vHKWWr4pCsDM.roa
Signing time:             Mon 01 Jan 2024 22:31:20 +0000
ROA not before:           Mon 01 Jan 2024 22:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39330
IP address blocks:        195.238.70.0/23 maxlen: 23
                          193.228.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/f7a560-8873-40ee-a7c5-2aadc5c3c57d/1/sYWfPSzSg-fbkPAv4bDU9hVgWUc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/f7a560-8873-40ee-a7c5-2aadc5c3c57d/1/sYWfPSzSg-fbkPAv4bDU9hVgWUc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sYWfPSzSg-fbkPAv4bDU9hVgWUc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Oct 2024 14:56:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:24:cc:8e:06:c3:b7:2a:85:1c:b8:68:1b:eb:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1859f3d2cd283e7db90f02fe1b0d4f615605947
        Validity
            Not Before: Jan  1 22:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72979663dc3456163c264fef1ca596af8a42b033
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:53:89:35:65:e9:ce:8c:12:d4:98:ec:9e:0e:
                    1a:db:e6:2c:9a:bf:57:36:18:77:ce:99:0d:9c:e3:
                    8f:86:48:c3:51:8b:21:51:6e:89:d9:61:d1:07:c1:
                    39:cc:93:94:f2:9f:d9:d6:81:a9:1c:1d:1c:45:1f:
                    61:7a:34:0f:fe:d9:e5:a1:b9:ca:5a:6e:40:6f:78:
                    dd:80:1f:dd:7b:2e:3c:c3:6d:47:6b:2c:7f:6c:25:
                    3a:2a:44:2e:d7:1e:b8:1c:74:82:66:ab:fb:06:d4:
                    1b:fe:7a:f0:71:3e:6e:a7:35:c0:4a:51:94:3c:19:
                    47:6f:f2:35:c7:d2:39:5f:2a:a2:9e:2c:17:64:cf:
                    93:67:e5:e9:c1:b0:96:01:a5:fa:85:84:d0:f7:aa:
                    fb:ef:6c:6e:dc:ff:8d:60:f4:be:5b:97:a7:d3:c7:
                    e1:75:aa:fa:9a:09:4b:41:3a:19:7a:5d:c6:3a:b0:
                    f2:24:61:37:e2:42:13:d2:ec:2e:4b:26:ea:4f:36:
                    ac:c1:f9:c5:b6:db:8f:9e:88:cb:75:0a:67:ea:9c:
                    b8:b5:b4:cd:9c:23:bd:42:28:f4:68:50:5a:6d:c1:
                    69:bd:23:f7:3f:e9:49:ea:18:0a:c9:87:ec:14:25:
                    59:6c:5c:97:ff:ab:53:c6:65:b8:f6:a6:00:ae:c3:
                    c9:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:97:96:63:DC:34:56:16:3C:26:4F:EF:1C:A5:96:AF:8A:42:B0:33
            X509v3 Authority Key Identifier:
                keyid:B1:85:9F:3D:2C:D2:83:E7:DB:90:F0:2F:E1:B0:D4:F6:15:60:59:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sYWfPSzSg-fbkPAv4bDU9hVgWUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/f7a560-8873-40ee-a7c5-2aadc5c3c57d/1/cpeWY9w0VhY8Jk_vHKWWr4pCsDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/f7a560-8873-40ee-a7c5-2aadc5c3c57d/1/sYWfPSzSg-fbkPAv4bDU9hVgWUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.228.174.0/24
                  195.238.70.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:e5:29:95:32:56:10:66:1a:45:2b:f0:a7:fb:24:46:73:54:
         39:91:60:90:b7:d4:26:5b:9a:05:50:62:83:89:49:d4:dd:a3:
         1f:78:67:7b:6c:81:bd:02:75:10:cb:63:ea:e5:c6:b0:8e:d8:
         06:79:02:9e:63:b4:0b:cf:fe:02:b0:e0:9f:a6:18:1d:1f:ea:
         7c:e1:b8:51:0e:2a:80:58:ce:42:fa:57:c8:7d:bc:e0:44:33:
         44:8b:8f:03:d8:04:f6:ce:6c:18:8d:1b:0d:66:1b:eb:75:f4:
         96:16:81:d3:06:4c:58:33:07:6b:4f:48:95:08:a5:1c:98:0b:
         db:9a:7f:34:b9:bf:c5:97:d1:50:14:77:e2:bd:c7:31:37:8e:
         d5:a6:02:c6:d1:59:4f:89:e6:5d:92:2c:8b:8f:4e:18:8f:95:
         06:07:43:4f:37:35:11:eb:bc:5b:64:0b:4b:e0:e1:3f:fc:d8:
         83:b9:80:18:ae:78:c7:8d:87:56:aa:ef:d9:c3:1b:65:e6:dc:
         86:90:34:8a:d5:21:5e:69:05:e9:58:7c:34:65:cf:18:89:1d:
         78:98:d4:d4:c6:27:c3:9d:cf:28:cf:ce:58:a1:1f:af:f8:85:
         a6:49:b3:94:71:94:35:7f:04:31:63:51:2e:00:f0:c3:60:39:
         57:f9:0f:35
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJyTMjgbDtyqFHLhoG+vkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxODU5ZjNkMmNkMjgzZTdkYjkwZjAyZmUxYjBkNGY2MTU2
MDU5NDcwHhcNMjQwMTAxMjIzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Mjk3OTY2M2RjMzQ1NjE2M2MyNjRmZWYxY2E1OTZhZjhhNDJiMDMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1OJNWXpzowS1Jjsng4a2+Ysmr9X
Nhh3zpkNnOOPhkjDUYshUW6J2WHRB8E5zJOU8p/Z1oGpHB0cRR9hejQP/tnlobnK
Wm5Ab3jdgB/dey48w21Hayx/bCU6KkQu1x64HHSCZqv7BtQb/nrwcT5upzXASlGU
PBlHb/I1x9I5XyqiniwXZM+TZ+XpwbCWAaX6hYTQ96r772xu3P+NYPS+W5en08fh
dar6mglLQToZel3GOrDyJGE34kIT0uwuSybqTzaswfnFttuPnojLdQpn6py4tbTN
nCO9Qij0aFBabcFpvSP3P+lJ6hgKyYfsFCVZbFyX/6tTxmW49qYArsPJMwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHKXlmPcNFYWPCZP7xyllq+KQrAzMB8GA1UdIwQY
MBaAFLGFnz0s0oPn25DwL+Gw1PYVYFlHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1lXZlBTelNnLWZia1BBdjRiRFU5aFZnV1VjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9mN2E1NjAtODg3My00MGVlLWE3YzUt
MmFhZGM1YzNjNTdkLzEvY3BlV1k5dzBWaFk4SmtfdkhLV1dyNHBDc0RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9mN2E1NjAtODg3My00MGVlLWE3YzUtMmFhZGM1YzNjNTdk
LzEvc1lXZlBTelNnLWZia1BBdjRiRFU5aFZnV1VjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAweSuAwQB
w+5GMA0GCSqGSIb3DQEBCwUAA4IBAQA25SmVMlYQZhpFK/Cn+yRGc1Q5kWCQt9Qm
W5oFUGKDiUnU3aMfeGd7bIG9AnUQy2Pq5cawjtgGeQKeY7QLz/4CsOCfphgdH+p8
4bhRDiqAWM5C+lfIfbzgRDNEi48D2AT2zmwYjRsNZhvrdfSWFoHTBkxYMwdrT0iV
CKUcmAvbmn80ub/Fl9FQFHfivccxN47VpgLG0VlPieZdkiyLj04Yj5UGB0NPNzUR
67xbZAtL4OE//NiDuYAYrnjHjYdWqu/Zwxtl5tyGkDSK1SFeaQXpWHw0Zc8YiR14
mNTUxifDnc8oz85YoR+v+IWmSbOUcZQ1fwQxY1EuAPDDYDlX+Q81
-----END CERTIFICATE-----