Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/U1Vaq7E9mPpOKNR0wXoRcrHTkkg.roa
File:                     U1Vaq7E9mPpOKNR0wXoRcrHTkkg.roa (raw, json)
Hash identifier:          9IKpwpCJiISTmcA31Pq+DSln6ueOXdYNVBfMXgNwDog=
Subject key identifier:   53:55:5A:AB:B1:3D:98:FA:4E:28:D4:74:C1:7A:11:72:B1:D3:92:48
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348D404DA4B98F8BBCE47F4DD53F75C
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/U1Vaq7E9mPpOKNR0wXoRcrHTkkg.roa
Signing time:             Mon 01 Jan 2024 04:29:39 +0000
ROA not before:           Mon 01 Jan 2024 04:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     18679
IP address blocks:        195.65.31.0/24 maxlen: 24
                          195.65.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:d4:04:da:4b:98:f8:bb:ce:47:f4:dd:53:f7:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53555aabb13d98fa4e28d474c17a1172b1d39248
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:2d:d3:d5:61:4d:fe:06:0f:bd:31:94:ee:91:
                    69:e1:c5:92:c0:60:b3:3c:fa:67:53:07:04:5c:37:
                    6d:f7:3d:14:c9:c8:81:a6:39:d6:b7:00:64:73:5b:
                    1b:ab:25:ea:16:7c:7c:f3:5d:95:c9:b9:52:28:f0:
                    22:b6:55:72:34:73:6b:11:2c:42:3b:d7:93:c6:23:
                    a6:44:81:1c:63:6c:58:a8:b5:40:99:08:ce:b0:fa:
                    a7:61:d1:6f:dd:5d:64:f2:9b:e0:4f:28:e9:32:38:
                    af:3e:2b:3f:69:4a:d7:c5:49:6d:8c:b6:6e:7e:00:
                    32:3a:6e:06:c5:74:1b:2d:87:a8:71:2a:da:47:96:
                    e3:08:54:32:5d:b8:3e:4f:07:6d:fa:28:86:dc:b6:
                    db:29:fb:a9:a8:4b:60:df:53:51:ac:33:a7:b7:4b:
                    dc:6a:1d:57:00:bd:e6:d4:e5:85:18:af:b7:1c:bb:
                    2e:68:ee:c6:6f:76:97:f0:69:20:3a:6e:27:15:4d:
                    0c:33:4e:e3:5e:c1:3f:40:22:32:0e:d8:10:f8:bf:
                    24:ee:3b:3b:0e:ce:d3:14:e3:88:70:38:3a:7d:71:
                    d0:53:76:ea:80:93:7b:4b:82:66:4a:17:82:95:f8:
                    a7:8f:48:28:84:c8:86:b0:da:80:58:61:00:06:7a:
                    8d:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:55:5A:AB:B1:3D:98:FA:4E:28:D4:74:C1:7A:11:72:B1:D3:92:48
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/U1Vaq7E9mPpOKNR0wXoRcrHTkkg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.65.10.0/24
                  195.65.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:ec:d6:ee:58:1c:db:3a:31:66:bf:d9:bc:30:3f:6d:fb:64:
         32:fd:b6:90:17:3b:80:a5:33:ce:88:8f:d1:c8:2b:48:29:ff:
         a6:58:57:bc:09:93:3b:62:5e:06:53:05:c0:20:57:39:b1:39:
         4c:91:ee:7a:32:ef:2f:c3:e4:44:0d:0f:d9:78:74:1f:6d:c3:
         cf:a1:c7:8f:4c:53:48:5c:0a:07:de:f5:55:74:f1:b4:50:a6:
         a7:35:fe:e6:80:63:3c:3b:93:b7:25:5b:2e:df:c3:ac:fb:18:
         f0:2a:3a:8e:cd:92:ea:8f:71:18:26:cf:fc:27:9b:a5:c4:e4:
         db:e7:d9:c9:b8:e6:5b:67:c6:c8:81:7f:48:f0:8e:ec:85:58:
         f0:6e:c7:3a:21:8c:e4:65:39:4d:0d:84:53:6a:49:de:8a:4b:
         1e:42:b0:18:be:47:ed:27:fb:33:be:0a:3d:b6:2a:ed:91:ac:
         1d:9b:c0:2b:03:d3:fa:33:28:8e:2d:56:ea:22:5a:70:ab:fc:
         e2:23:cf:9a:9c:d2:25:20:a4:f2:f4:6b:d3:67:d5:b5:41:28:
         8c:24:c8:ec:ca:06:9f:5d:3e:d1:0e:77:f7:d3:c2:3f:4e:4b:
         59:98:cc:a4:93:f4:76:89:e1:00:ca:b6:d8:7d:84:f9:a0:33:
         f0:69:7c:6d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSNQE2kuY+LvOR/TdU/dcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzU1NWFhYmIxM2Q5OGZhNGUyOGQ0NzRjMTdhMTE3MmIxZDM5MjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5S3T1WFN/gYPvTGU7pFp4cWSwGCz
PPpnUwcEXDdt9z0UyciBpjnWtwBkc1sbqyXqFnx8812VyblSKPAitlVyNHNrESxC
O9eTxiOmRIEcY2xYqLVAmQjOsPqnYdFv3V1k8pvgTyjpMjivPis/aUrXxUltjLZu
fgAyOm4GxXQbLYeocSraR5bjCFQyXbg+Twdt+iiG3LbbKfupqEtg31NRrDOnt0vc
ah1XAL3m1OWFGK+3HLsuaO7Gb3aX8GkgOm4nFU0MM07jXsE/QCIyDtgQ+L8k7js7
Ds7TFOOIcDg6fXHQU3bqgJN7S4JmSheClfinj0gohMiGsNqAWGEABnqNnQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFNVWquxPZj6TijUdMF6EXKx05JIMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvVTFWYXE3RTltUHBPS05SMHdYb1JjckhUa2tnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw0EKAwQA
w0EfMA0GCSqGSIb3DQEBCwUAA4IBAQC57NbuWBzbOjFmv9m8MD9t+2Qy/baQFzuA
pTPOiI/RyCtIKf+mWFe8CZM7Yl4GUwXAIFc5sTlMke56Mu8vw+REDQ/ZeHQfbcPP
ocePTFNIXAoH3vVVdPG0UKanNf7mgGM8O5O3JVsu38Os+xjwKjqOzZLqj3EYJs/8
J5ulxOTb59nJuOZbZ8bIgX9I8I7shVjwbsc6IYzkZTlNDYRTakneikseQrAYvkft
J/szvgo9tirtkawdm8ArA9P6MyiOLVbqIlpwq/ziI8+anNIlIKTy9GvTZ9W1QSiM
JMjsygafXT7RDnf308I/TktZmMykk/R2ieEAyrbYfYT5oDPwaXxt
-----END CERTIFICATE-----