Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/yQN4Pjub2GKO8AfMrVl8K5Rtlj0.roa
File:                     yQN4Pjub2GKO8AfMrVl8K5Rtlj0.roa (raw, json)
Hash identifier:          N4GwwLWb8omNDnEibKSul80jCcFcXpWkA3Cq30IErYk=
Subject key identifier:   C9:03:78:3E:3B:9B:D8:62:8E:F0:07:CC:AD:59:7C:2B:94:6D:96:3D
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348D8D5FBF802307A7BD8CCC4787A6D
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/yQN4Pjub2GKO8AfMrVl8K5Rtlj0.roa
Signing time:             Mon 01 Jan 2024 04:29:40 +0000
ROA not before:           Mon 01 Jan 2024 04:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47299
IP address blocks:        195.65.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:d8:d5:fb:f8:02:30:7a:7b:d8:cc:c4:78:7a:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c903783e3b9bd8628ef007ccad597c2b946d963d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:f4:1a:50:a0:d7:4e:b2:14:63:a1:68:74:4a:
                    5b:a2:11:3a:a1:ef:15:02:ff:7b:3d:7d:15:da:56:
                    b2:8d:5a:a1:c9:df:51:01:e2:62:56:6d:fe:a7:6a:
                    dd:e1:41:09:14:b8:5e:f6:16:f6:f8:4f:f8:92:ab:
                    ab:c7:8f:ff:43:5c:a4:21:20:d5:55:cf:5b:ae:e9:
                    63:8d:57:c0:d6:81:9a:25:f3:3f:2e:a9:d7:14:01:
                    5a:e1:4d:78:22:4b:4c:7d:c0:13:3a:84:06:ef:ed:
                    ff:2b:3d:67:68:dc:df:db:27:e6:65:87:60:90:3e:
                    53:d9:7e:96:93:28:ef:65:6c:d9:27:c5:10:fe:cd:
                    31:09:b5:cb:73:93:0d:1a:34:d3:89:0b:ff:b9:85:
                    82:49:4d:d6:a6:96:ea:6b:5a:97:cf:16:e7:0d:e0:
                    17:70:9c:98:1a:eb:09:40:95:01:b4:22:9a:d6:51:
                    26:5d:45:24:97:83:30:bb:f4:6e:a8:0c:92:8f:69:
                    a0:2f:7c:85:5b:a0:a5:87:ea:00:e5:d3:a6:39:fc:
                    17:b9:b5:d6:07:fb:0c:9e:4a:55:43:0d:52:c5:05:
                    b3:df:30:4c:a2:a0:21:bb:e5:df:fe:5f:7a:f5:59:
                    30:b4:70:93:42:3a:ed:f0:c2:46:e8:29:a7:13:e9:
                    93:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:03:78:3E:3B:9B:D8:62:8E:F0:07:CC:AD:59:7C:2B:94:6D:96:3D
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/yQN4Pjub2GKO8AfMrVl8K5Rtlj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.65.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:53:29:e0:3d:d4:4e:cf:ee:ee:58:28:57:13:dd:8f:ab:43:
         e4:fb:ec:09:4b:cd:5a:cc:22:b5:90:39:27:d3:88:2f:52:19:
         4c:0e:79:08:fe:b0:15:c8:c9:ce:ac:57:d0:a5:95:c1:52:0d:
         0d:0f:84:36:35:30:18:73:f1:a7:3b:5f:69:79:66:62:ee:c7:
         bc:c1:89:a9:a2:0c:e2:5f:ba:15:1c:3b:57:b0:b7:b7:0f:84:
         ab:ab:3b:25:3e:28:b0:8e:98:54:93:b8:e7:73:f2:16:89:b6:
         45:06:96:50:d2:38:12:ef:a7:c3:2f:26:2c:7a:15:48:e1:32:
         87:1e:25:07:cf:2d:34:81:a0:cd:a5:a1:c8:a0:ec:81:dc:7d:
         22:5b:7b:ac:b8:35:c6:95:dc:b8:6a:3f:ad:e9:56:ae:00:8f:
         6f:27:a7:eb:89:f8:1c:71:e2:a6:5a:d4:c4:05:9f:26:7b:36:
         50:46:62:c5:07:ab:0c:a4:fb:fe:f0:4c:39:b7:57:e4:05:77:
         82:9c:f7:a8:44:53:c6:e3:c7:9d:2b:16:80:9b:c3:8b:c5:a7:
         c3:2c:a2:a5:20:36:09:99:77:b2:2c:fb:0e:c5:ba:ed:56:6d:
         96:bc:8b:0d:4c:5f:d9:12:b3:88:91:76:21:04:cb:73:75:a9:
         87:bc:11:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSNjV+/gCMHp72MzEeHptMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTAzNzgzZTNiOWJkODYyOGVmMDA3Y2NhZDU5N2MyYjk0NmQ5NjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2PQaUKDXTrIUY6FodEpbohE6oe8V
Av97PX0V2layjVqhyd9RAeJiVm3+p2rd4UEJFLhe9hb2+E/4kqurx4//Q1ykISDV
Vc9bruljjVfA1oGaJfM/LqnXFAFa4U14IktMfcATOoQG7+3/Kz1naNzf2yfmZYdg
kD5T2X6WkyjvZWzZJ8UQ/s0xCbXLc5MNGjTTiQv/uYWCSU3Wppbqa1qXzxbnDeAX
cJyYGusJQJUBtCKa1lEmXUUkl4Mwu/RuqAySj2mgL3yFW6Clh+oA5dOmOfwXubXW
B/sMnkpVQw1SxQWz3zBMoqAhu+Xf/l969VkwtHCTQjrt8MJG6CmnE+mTQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMkDeD47m9hijvAHzK1ZfCuUbZY9MB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEveVFONFBqdWIyR0tPOEFmTXJWbDhLNVJ0bGowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0ElMA0G
CSqGSIb3DQEBCwUAA4IBAQB+UyngPdROz+7uWChXE92Pq0Pk++wJS81azCK1kDkn
04gvUhlMDnkI/rAVyMnOrFfQpZXBUg0ND4Q2NTAYc/GnO19peWZi7se8wYmpogzi
X7oVHDtXsLe3D4SrqzslPiiwjphUk7jnc/IWibZFBpZQ0jgS76fDLyYsehVI4TKH
HiUHzy00gaDNpaHIoOyB3H0iW3usuDXGldy4aj+t6VauAI9vJ6frifgcceKmWtTE
BZ8mezZQRmLFB6sMpPv+8Ew5t1fkBXeCnPeoRFPG48edKxaAm8OLxafDLKKlIDYJ
mXeyLPsOxbrtVm2WvIsNTF/ZErOIkXYhBMtzdamHvBFz
-----END CERTIFICATE-----