Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/322693-e58b-48e2-bdd9-02953ce63843/1/rSyjsN3CXVKV56HHK6CNDcffWXM.roa
File:                     rSyjsN3CXVKV56HHK6CNDcffWXM.roa (raw, json)
Hash identifier:          KBYaWcPZU8xLvPyO+ltfURH+Crpulql+lX6wzfvP87w=
Subject key identifier:   AD:2C:A3:B0:DD:C2:5D:52:95:E7:A1:C7:2B:A0:8D:0D:C7:DF:59:73
Certificate issuer:       /CN=3f5bc44014285b6f3e2872aecf5d4f33e268ce8b
Certificate serial:       018CC56E9E60FF13AB3E0D3D6CFA6A69C502
Authority key identifier: 3F:5B:C4:40:14:28:5B:6F:3E:28:72:AE:CF:5D:4F:33:E2:68:CE:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P1vEQBQoW28-KHKuz11PM-Jozos.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/322693-e58b-48e2-bdd9-02953ce63843/1/rSyjsN3CXVKV56HHK6CNDcffWXM.roa
Signing time:             Mon 01 Jan 2024 14:30:10 +0000
ROA not before:           Mon 01 Jan 2024 14:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41699
IP address blocks:        195.170.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/322693-e58b-48e2-bdd9-02953ce63843/1/P1vEQBQoW28-KHKuz11PM-Jozos.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/322693-e58b-48e2-bdd9-02953ce63843/1/P1vEQBQoW28-KHKuz11PM-Jozos.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P1vEQBQoW28-KHKuz11PM-Jozos.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:9e:60:ff:13:ab:3e:0d:3d:6c:fa:6a:69:c5:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f5bc44014285b6f3e2872aecf5d4f33e268ce8b
        Validity
            Not Before: Jan  1 14:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad2ca3b0ddc25d5295e7a1c72ba08d0dc7df5973
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:b3:35:1b:a9:0c:c4:d9:da:c3:68:b3:55:c3:
                    10:e9:75:32:38:d3:51:0c:9e:37:ec:93:08:a1:0c:
                    67:0b:8b:7e:db:c1:8b:16:95:06:2f:64:d5:a9:d9:
                    b6:54:32:df:f3:21:a3:95:92:b6:ca:1f:ae:51:a7:
                    e1:08:b0:f1:f2:de:9e:a8:a4:47:4d:79:cf:b8:e0:
                    5d:0f:23:62:16:64:02:5d:fb:8c:b2:6f:be:48:c4:
                    0b:d9:ad:0d:84:8e:f6:ac:94:58:50:48:27:44:96:
                    74:0b:c1:93:c1:a4:51:a4:6b:69:5f:7c:11:ab:ce:
                    51:a6:59:3f:43:63:e3:4c:69:d0:c6:5c:e0:18:11:
                    79:9a:ed:99:01:e1:3b:60:32:3f:6d:84:88:8d:a3:
                    33:7f:9c:62:8b:13:30:6f:ba:96:bc:b3:5e:19:3c:
                    f0:2f:f0:b1:c8:1a:da:6b:2a:78:aa:f6:5d:30:df:
                    5d:6b:13:7c:e5:2d:45:36:56:74:99:59:41:bf:dd:
                    b5:7b:03:87:a4:d2:40:3d:8a:1c:b7:77:47:7c:19:
                    e3:bf:43:de:10:fd:b1:9a:67:35:9d:26:9f:3f:1b:
                    c5:2e:94:e0:06:a5:ac:d7:6f:ae:c5:1d:d9:92:d6:
                    ea:89:ff:fb:83:a4:cc:eb:9f:a0:41:74:d5:02:b1:
                    21:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:2C:A3:B0:DD:C2:5D:52:95:E7:A1:C7:2B:A0:8D:0D:C7:DF:59:73
            X509v3 Authority Key Identifier:
                keyid:3F:5B:C4:40:14:28:5B:6F:3E:28:72:AE:CF:5D:4F:33:E2:68:CE:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P1vEQBQoW28-KHKuz11PM-Jozos.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/322693-e58b-48e2-bdd9-02953ce63843/1/rSyjsN3CXVKV56HHK6CNDcffWXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/322693-e58b-48e2-bdd9-02953ce63843/1/P1vEQBQoW28-KHKuz11PM-Jozos.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.170.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:fd:c6:71:99:ee:8f:d2:3d:51:a6:22:06:00:bc:de:1b:9f:
         ec:f6:86:c3:c6:5f:45:61:cb:dd:5f:b1:c2:f2:0d:7d:ad:32:
         9a:11:0a:9e:65:f1:9a:8c:a0:18:62:4f:74:a3:c7:5c:d7:55:
         06:1e:ba:ab:3b:ae:be:d9:0f:e5:76:30:ac:75:00:05:6d:96:
         be:65:8c:06:37:2b:b9:86:56:95:31:43:2a:71:25:e0:99:0a:
         50:13:cc:03:96:33:4b:a0:98:a1:60:45:aa:7f:47:2a:07:0e:
         b2:78:a4:0e:01:19:b4:1d:98:a2:82:94:65:06:0c:3c:fe:33:
         74:a0:42:f4:81:18:44:48:2e:58:8b:57:51:d4:c3:c3:09:4a:
         ae:a7:2c:4e:ad:e3:a8:1d:24:c7:5a:91:9f:71:20:7c:27:9a:
         89:93:51:1d:90:8b:08:18:70:6b:35:e8:7f:6a:43:68:ed:4c:
         10:84:17:0b:d6:2a:04:c6:69:ec:0b:d3:b8:31:8a:82:c4:c7:
         5b:e1:cf:97:a7:36:d0:23:72:6a:1a:ed:6e:d6:36:94:ed:43:
         70:79:2a:e0:5e:69:73:54:ad:4e:41:fb:23:26:ab:d5:3e:8b:
         39:de:8e:b1:84:2c:d1:62:d9:f3:99:bc:09:02:b1:f2:8d:c6:
         e2:48:93:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbp5g/xOrPg09bPpqacUCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmNWJjNDQwMTQyODViNmYzZTI4NzJhZWNmNWQ0ZjMzZTI2
OGNlOGIwHhcNMjQwMTAxMTQzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDJjYTNiMGRkYzI1ZDUyOTVlN2ExYzcyYmEwOGQwZGM3ZGY1OTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrM1G6kMxNnaw2izVcMQ6XUyONNR
DJ437JMIoQxnC4t+28GLFpUGL2TVqdm2VDLf8yGjlZK2yh+uUafhCLDx8t6eqKRH
TXnPuOBdDyNiFmQCXfuMsm++SMQL2a0NhI72rJRYUEgnRJZ0C8GTwaRRpGtpX3wR
q85Rplk/Q2PjTGnQxlzgGBF5mu2ZAeE7YDI/bYSIjaMzf5xiixMwb7qWvLNeGTzw
L/CxyBraayp4qvZdMN9daxN85S1FNlZ0mVlBv921ewOHpNJAPYoct3dHfBnjv0Pe
EP2xmmc1nSafPxvFLpTgBqWs12+uxR3Zktbqif/7g6TM65+gQXTVArEhtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK0so7Ddwl1SleehxyugjQ3H31lzMB8GA1UdIwQY
MBaAFD9bxEAUKFtvPihyrs9dTzPiaM6LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDF2RVFCUW9XMjgtS0hLdXoxMVBNLUpvem9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8zMjI2OTMtZTU4Yi00OGUyLWJkZDkt
MDI5NTNjZTYzODQzLzEvclN5anNOM0NYVktWNTZISEs2Q05EY2ZmV1hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8zMjI2OTMtZTU4Yi00OGUyLWJkZDktMDI5NTNjZTYzODQz
LzEvUDF2RVFCUW9XMjgtS0hLdXoxMVBNLUpvem9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw6q5MA0G
CSqGSIb3DQEBCwUAA4IBAQAB/cZxme6P0j1RpiIGALzeG5/s9obDxl9FYcvdX7HC
8g19rTKaEQqeZfGajKAYYk90o8dc11UGHrqrO66+2Q/ldjCsdQAFbZa+ZYwGNyu5
hlaVMUMqcSXgmQpQE8wDljNLoJihYEWqf0cqBw6yeKQOARm0HZiigpRlBgw8/jN0
oEL0gRhESC5Yi1dR1MPDCUqupyxOreOoHSTHWpGfcSB8J5qJk1EdkIsIGHBrNeh/
akNo7UwQhBcL1ioExmnsC9O4MYqCxMdb4c+XpzbQI3JqGu1u1jaU7UNweSrgXmlz
VK1OQfsjJqvVPos53o6xhCzRYtnzmbwJArHyjcbiSJOf
-----END CERTIFICATE-----