Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/ArZ-fO9GK0_npzK5rjSZI_p3nZ0.roa
File:                     ArZ-fO9GK0_npzK5rjSZI_p3nZ0.roa (raw, json)
Hash identifier:          CQM/T0pGJKnzuF0NPj4eX2T1WOuQhpGhrEVTFcTG85A=
Subject key identifier:   02:B6:7E:7C:EF:46:2B:4F:E7:A7:32:B9:AE:34:99:23:FA:77:9D:9D
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348E51EB639B6D4351ED94F5FF100DC
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/ArZ-fO9GK0_npzK5rjSZI_p3nZ0.roa
Signing time:             Mon 01 Jan 2024 04:29:43 +0000
ROA not before:           Mon 01 Jan 2024 04:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208305
IP address blocks:        195.65.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e5:1e:b6:39:b6:d4:35:1e:d9:4f:5f:f1:00:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02b67e7cef462b4fe7a732b9ae349923fa779d9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:1f:e0:9d:f9:de:fd:f0:6a:a5:1a:66:59:68:
                    0c:2a:0a:14:96:17:10:7c:9b:92:3e:43:1f:34:c1:
                    70:20:09:39:45:44:c5:69:42:dd:5f:16:e1:d4:be:
                    e2:5a:4d:7a:20:53:81:86:f8:18:c0:61:c5:0b:8a:
                    75:cc:96:bf:fc:97:9c:fc:09:1f:b6:87:03:c7:d5:
                    2c:8b:bd:96:e9:1f:fa:69:ff:87:dd:79:03:c8:9e:
                    6d:88:67:03:71:8a:62:22:81:81:3d:5c:d2:8c:8b:
                    ac:0f:9e:5b:28:bc:fc:d6:a8:f8:a8:41:0e:e6:2c:
                    13:94:95:14:a4:00:6c:d7:29:1f:e4:10:b9:f9:c3:
                    39:9f:d3:51:a9:58:fc:89:a5:30:81:81:9f:50:6c:
                    7b:6e:2e:ad:58:dd:30:a7:4d:9c:37:93:84:51:b3:
                    be:f2:55:48:6d:92:20:74:19:63:51:52:e3:dd:df:
                    6e:71:a8:c8:01:4d:b0:ad:2d:f9:32:8e:3d:7d:b5:
                    78:74:6f:fb:7a:d2:f4:57:bb:11:c2:e8:2d:c6:cf:
                    b1:c7:c6:f0:34:ea:1f:a3:b5:4b:53:e8:4c:99:ff:
                    08:51:19:80:47:fa:48:6c:4c:93:1e:ac:de:ea:47:
                    21:3f:18:d7:21:67:db:3a:54:4b:fd:05:a9:8d:62:
                    0b:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:B6:7E:7C:EF:46:2B:4F:E7:A7:32:B9:AE:34:99:23:FA:77:9D:9D
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/ArZ-fO9GK0_npzK5rjSZI_p3nZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.65.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:d0:1c:57:bf:61:8c:82:1c:f7:05:43:3c:ea:c5:79:a3:3e:
         42:f0:3a:84:4c:b6:42:cb:b9:bd:47:68:af:f9:d0:52:09:5e:
         97:0f:46:42:89:cd:9a:b4:11:e7:df:24:00:d8:07:6a:e2:60:
         a2:cf:55:ed:82:b1:9a:b0:00:b1:c3:16:0b:64:57:28:0e:70:
         2d:77:0f:bf:50:4b:fd:ff:3c:a7:49:d6:33:3b:cc:2d:6e:8e:
         f1:5c:ab:71:e7:ef:61:0e:c4:4f:a1:a3:80:5b:f2:2f:bb:17:
         e6:3f:01:4f:75:8e:41:24:32:aa:43:dd:10:3d:15:f1:50:7d:
         34:45:94:35:24:6b:71:e4:45:ed:43:d2:98:b8:d1:3b:ae:21:
         c4:1b:ce:9e:1f:55:04:ec:c0:5c:81:59:8f:c2:39:66:de:3d:
         50:f3:94:e6:2d:c4:a7:55:b7:4e:6d:6b:1b:e3:71:fb:94:75:
         cd:83:24:c0:54:e2:d1:e3:d4:b3:47:98:0a:8a:69:a5:08:fc:
         68:a1:c8:13:8a:21:19:b7:5c:33:8b:b4:63:62:65:d2:15:de:
         90:25:ff:af:ef:6a:b2:02:63:d9:7e:74:f2:4e:9f:b2:38:f9:
         67:1e:29:19:72:8e:e2:40:23:33:98:40:a5:06:2f:4f:d0:85:
         2a:8a:c9:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSOUetjm21DUe2U9f8QDcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmI2N2U3Y2VmNDYyYjRmZTdhNzMyYjlhZTM0OTkyM2ZhNzc5ZDlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkh/gnfne/fBqpRpmWWgMKgoUlhcQ
fJuSPkMfNMFwIAk5RUTFaULdXxbh1L7iWk16IFOBhvgYwGHFC4p1zJa//Jec/Akf
tocDx9Usi72W6R/6af+H3XkDyJ5tiGcDcYpiIoGBPVzSjIusD55bKLz81qj4qEEO
5iwTlJUUpABs1ykf5BC5+cM5n9NRqVj8iaUwgYGfUGx7bi6tWN0wp02cN5OEUbO+
8lVIbZIgdBljUVLj3d9ucajIAU2wrS35Mo49fbV4dG/7etL0V7sRwugtxs+xx8bw
NOofo7VLU+hMmf8IURmAR/pIbEyTHqze6kchPxjXIWfbOlRL/QWpjWILMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAK2fnzvRitP56cyua40mSP6d52dMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvQXJaLWZPOUdLMF9ucHpLNXJqU1pJX3AzblowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0EAMA0G
CSqGSIb3DQEBCwUAA4IBAQAt0BxXv2GMghz3BUM86sV5oz5C8DqETLZCy7m9R2iv
+dBSCV6XD0ZCic2atBHn3yQA2Adq4mCiz1XtgrGasACxwxYLZFcoDnAtdw+/UEv9
/zynSdYzO8wtbo7xXKtx5+9hDsRPoaOAW/IvuxfmPwFPdY5BJDKqQ90QPRXxUH00
RZQ1JGtx5EXtQ9KYuNE7riHEG86eH1UE7MBcgVmPwjlm3j1Q85TmLcSnVbdObWsb
43H7lHXNgyTAVOLR49SzR5gKimmlCPxoocgTiiEZt1wzi7RjYmXSFd6QJf+v72qy
AmPZfnTyTp+yOPlnHikZco7iQCMzmEClBi9P0IUqismy
-----END CERTIFICATE-----