Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/ASZCLIxMgUVB3eUQYwHF4ykm124.roa
File:                     ASZCLIxMgUVB3eUQYwHF4ykm124.roa (raw, json)
Hash identifier:          tAa23kfFxF7XBck51eJ52kfWRaZkBtp93SuEmoRhitc=
Subject key identifier:   01:26:42:2C:8C:4C:81:45:41:DD:E5:10:63:01:C5:E3:29:26:D7:6E
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348D359A96DC664D77FFF9BE5DE6221
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/ASZCLIxMgUVB3eUQYwHF4ykm124.roa
Signing time:             Mon 01 Jan 2024 04:29:38 +0000
ROA not before:           Mon 01 Jan 2024 04:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16079
IP address blocks:        194.209.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:d3:59:a9:6d:c6:64:d7:7f:ff:9b:e5:de:62:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0126422c8c4c814541dde5106301c5e32926d76e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:72:ba:10:d2:51:85:56:a8:43:6f:ee:4f:28:
                    cc:59:26:17:82:17:1c:11:c2:04:b5:02:ac:7e:72:
                    38:cf:3a:a5:6d:0a:b1:76:75:ff:a6:df:67:e7:82:
                    b7:6a:18:24:73:35:f1:0b:8f:15:e0:c6:b6:b4:70:
                    ec:c2:e4:01:42:6a:3f:61:15:ac:f2:18:d1:f6:d0:
                    f5:84:f3:9a:54:7a:93:38:d5:36:ee:33:70:4c:5b:
                    bf:8a:72:16:71:da:ff:8f:e7:4c:dd:88:92:31:25:
                    73:a0:35:bd:f6:15:41:71:e2:7f:55:00:18:0e:83:
                    04:d5:e5:2e:59:8d:e1:9d:ef:d2:55:bb:02:2f:27:
                    0f:a3:2a:5d:1b:75:39:9c:c5:f7:8a:a7:93:92:42:
                    61:2c:a5:31:cd:84:b8:d3:18:4f:75:e4:0b:17:c1:
                    df:23:34:d2:eb:c6:c7:88:89:39:96:58:a1:83:ab:
                    b8:bb:e0:0f:34:d8:21:f7:78:bd:b1:72:58:a3:68:
                    4e:b4:ec:03:9b:6d:86:9f:26:df:8d:b3:92:aa:2b:
                    af:33:7e:5e:43:98:41:01:9e:d2:8d:32:35:d0:65:
                    67:db:a0:06:09:90:ae:40:dd:5e:b1:60:42:e0:33:
                    21:9c:1c:99:ef:6a:97:8c:ed:05:f4:d5:08:0b:8f:
                    7f:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:26:42:2C:8C:4C:81:45:41:DD:E5:10:63:01:C5:E3:29:26:D7:6E
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/ASZCLIxMgUVB3eUQYwHF4ykm124.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.209.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:50:fa:e3:34:ea:58:a7:d4:ed:29:09:f3:af:00:7e:7a:85:
         9d:72:77:b7:b5:cd:33:1d:7b:9d:93:c5:be:68:56:d5:20:5b:
         dd:f0:a9:d8:05:18:94:9e:ce:27:94:74:ba:ca:21:ed:86:ed:
         cb:db:3e:61:a1:72:f5:1e:9d:85:6e:09:b0:54:ca:dc:c8:40:
         b2:ab:c0:c5:d4:e3:9e:a1:78:8f:19:c5:82:2f:60:3b:47:d0:
         fd:d6:96:c3:5e:a3:15:ea:b1:85:07:30:e7:77:cb:05:21:05:
         70:98:af:58:3d:95:0a:fb:0c:d2:89:8a:b5:1e:22:a8:2e:e7:
         61:60:27:cb:30:a0:1d:95:10:df:b3:56:e9:41:94:aa:14:30:
         b0:7c:4e:d4:f6:6d:8e:ce:ca:26:06:a9:88:09:a8:68:ac:1a:
         f5:10:d4:c9:82:44:f4:ed:7d:45:94:ab:cc:73:d4:f1:85:e8:
         59:3a:4a:9b:9e:8d:54:c6:ce:d9:39:74:8c:ca:fa:2d:f3:51:
         cb:37:68:09:db:8c:ac:39:ad:17:ab:84:eb:c3:39:ab:67:68:
         c0:b8:5f:f8:a2:c4:1d:2e:85:1c:71:29:5a:3d:ba:03:28:f6:
         1b:98:77:a7:f9:03:70:9c:e8:3b:0d:0a:67:19:b9:53:29:d1:
         eb:08:a0:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSNNZqW3GZNd//5vl3mIhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTI2NDIyYzhjNGM4MTQ1NDFkZGU1MTA2MzAxYzVlMzI5MjZkNzZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiXK6ENJRhVaoQ2/uTyjMWSYXghcc
EcIEtQKsfnI4zzqlbQqxdnX/pt9n54K3ahgkczXxC48V4Ma2tHDswuQBQmo/YRWs
8hjR9tD1hPOaVHqTONU27jNwTFu/inIWcdr/j+dM3YiSMSVzoDW99hVBceJ/VQAY
DoME1eUuWY3hne/SVbsCLycPoypdG3U5nMX3iqeTkkJhLKUxzYS40xhPdeQLF8Hf
IzTS68bHiIk5llihg6u4u+APNNgh93i9sXJYo2hOtOwDm22GnybfjbOSqiuvM35e
Q5hBAZ7SjTI10GVn26AGCZCuQN1esWBC4DMhnByZ72qXjO0F9NUIC49/qwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAEmQiyMTIFFQd3lEGMBxeMpJtduMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvQVNaQ0xJeE1nVVZCM2VVUVl3SEY0eWttMTI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwtGfMA0G
CSqGSIb3DQEBCwUAA4IBAQCjUPrjNOpYp9TtKQnzrwB+eoWdcne3tc0zHXudk8W+
aFbVIFvd8KnYBRiUns4nlHS6yiHthu3L2z5hoXL1Hp2FbgmwVMrcyECyq8DF1OOe
oXiPGcWCL2A7R9D91pbDXqMV6rGFBzDnd8sFIQVwmK9YPZUK+wzSiYq1HiKoLudh
YCfLMKAdlRDfs1bpQZSqFDCwfE7U9m2OzsomBqmICahorBr1ENTJgkT07X1FlKvM
c9TxhehZOkqbno1Uxs7ZOXSMyvot81HLN2gJ24ysOa0Xq4TrwzmrZ2jAuF/4osQd
LoUccSlaPboDKPYbmHen+QNwnOg7DQpnGblTKdHrCKDj
-----END CERTIFICATE-----