Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/174860-0c5a-44f0-97e7-fab85ee5702a/1/JklaJCT6BIphDyrzU1hueHlch-c.roa
File:                     JklaJCT6BIphDyrzU1hueHlch-c.roa (raw, json)
Hash identifier:          7v4EQTwtRiQVBHwvc32Jk/0jylFGtZtwyekwBMzTqvA=
Subject key identifier:   26:49:5A:24:24:FA:04:8A:61:0F:2A:F3:53:58:6E:78:79:5C:87:E7
Certificate issuer:       /CN=f56403bc1c874eef09b8a1344155abc3f0575b15
Certificate serial:       018CC801C9EC15B2A29F16530CB13FB16269
Authority key identifier: F5:64:03:BC:1C:87:4E:EF:09:B8:A1:34:41:55:AB:C3:F0:57:5B:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9WQDvByHTu8JuKE0QVWrw_BXWxU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/174860-0c5a-44f0-97e7-fab85ee5702a/1/JklaJCT6BIphDyrzU1hueHlch-c.roa
Signing time:             Tue 02 Jan 2024 02:30:09 +0000
ROA not before:           Tue 02 Jan 2024 02:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8412
IP address blocks:        195.190.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/174860-0c5a-44f0-97e7-fab85ee5702a/1/9WQDvByHTu8JuKE0QVWrw_BXWxU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/174860-0c5a-44f0-97e7-fab85ee5702a/1/9WQDvByHTu8JuKE0QVWrw_BXWxU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9WQDvByHTu8JuKE0QVWrw_BXWxU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:c9:ec:15:b2:a2:9f:16:53:0c:b1:3f:b1:62:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f56403bc1c874eef09b8a1344155abc3f0575b15
        Validity
            Not Before: Jan  2 02:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26495a2424fa048a610f2af353586e78795c87e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:74:09:3d:df:56:2e:6a:85:d9:4f:5e:77:c4:
                    19:6f:d9:d3:6a:af:65:df:12:d9:8b:84:bd:f7:e3:
                    4f:1a:f3:1d:c7:23:70:f2:7a:25:b7:e4:b2:74:1c:
                    90:b5:6e:3a:36:04:7f:d8:89:cd:23:94:8a:d8:03:
                    80:05:c6:4b:d2:bb:21:85:4a:29:78:53:e6:13:c8:
                    f5:86:37:de:94:6a:58:70:61:8d:77:af:82:d6:33:
                    bb:ce:9e:44:35:0f:85:1d:f1:32:19:52:33:14:f2:
                    30:0c:78:1a:a7:76:f9:e5:9e:9e:43:1f:4f:2c:70:
                    aa:bb:7d:aa:b1:75:71:47:f5:ec:60:1c:ed:34:8c:
                    ba:83:d7:e8:24:ce:d4:22:99:5c:22:ac:25:47:df:
                    d7:68:49:51:d6:28:2f:22:86:e6:27:bb:59:0a:3f:
                    30:a1:8e:7e:43:24:9e:d5:aa:ea:80:74:aa:9f:eb:
                    7f:44:32:bb:ec:ce:2a:7a:cf:bd:68:2b:98:1c:9c:
                    30:ec:47:8a:dd:eb:5b:ec:79:a2:fb:5f:dc:c4:a8:
                    e1:12:30:b1:65:17:ff:04:20:58:08:13:24:d4:ad:
                    6c:51:51:44:f2:d2:3f:ae:b1:3e:cc:cc:0f:7d:03:
                    f3:4c:4c:e2:dd:1c:f6:fb:d5:68:09:6d:5d:b1:4c:
                    00:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:49:5A:24:24:FA:04:8A:61:0F:2A:F3:53:58:6E:78:79:5C:87:E7
            X509v3 Authority Key Identifier:
                keyid:F5:64:03:BC:1C:87:4E:EF:09:B8:A1:34:41:55:AB:C3:F0:57:5B:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9WQDvByHTu8JuKE0QVWrw_BXWxU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/174860-0c5a-44f0-97e7-fab85ee5702a/1/JklaJCT6BIphDyrzU1hueHlch-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/174860-0c5a-44f0-97e7-fab85ee5702a/1/9WQDvByHTu8JuKE0QVWrw_BXWxU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.190.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:61:62:4e:a6:7d:8e:38:2b:ae:02:56:cd:47:8e:27:58:c3:
         08:be:6a:e4:03:0f:40:1e:e9:ce:1f:f1:3b:62:48:7d:6b:bc:
         39:98:bb:18:d6:b8:b8:51:05:ff:f9:3b:92:47:5f:6b:f3:80:
         df:03:fa:03:e9:aa:91:8b:bc:a7:e2:85:92:7a:39:8e:04:75:
         ea:cf:4f:0c:26:f5:05:16:8f:e5:da:e0:aa:ea:82:86:46:3b:
         04:80:1b:9f:ed:a5:d2:cc:6f:68:47:4b:20:6a:96:a9:71:8e:
         d7:9d:ac:fb:1d:72:fe:b5:00:e8:bc:c0:fd:d3:db:e6:63:1f:
         ca:bb:7d:66:77:90:74:96:ff:dc:ca:01:bd:b9:37:74:58:30:
         b0:5c:24:8e:cc:79:19:1b:61:a2:32:d3:d1:6b:43:14:84:c2:
         81:8f:8f:3e:38:c8:89:22:4b:f7:21:2e:45:90:16:66:ff:70:
         83:c6:95:31:95:bd:e3:77:ff:4b:57:d5:22:fb:30:09:15:93:
         6d:05:e9:e7:f3:b4:3a:38:49:fa:e2:3e:1d:63:81:04:32:bd:
         ad:cb:04:58:d2:78:ef:a8:31:52:62:7d:e5:40:fb:47:18:7d:
         f8:30:22:17:4e:a3:c4:96:1d:2d:62:ab:5a:07:8f:c1:23:23:
         e6:ad:6c:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAcnsFbKinxZTDLE/sWJpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1NjQwM2JjMWM4NzRlZWYwOWI4YTEzNDQxNTVhYmMzZjA1
NzViMTUwHhcNMjQwMTAyMDIzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjQ5NWEyNDI0ZmEwNDhhNjEwZjJhZjM1MzU4NmU3ODc5NWM4N2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzXQJPd9WLmqF2U9ed8QZb9nTaq9l
3xLZi4S99+NPGvMdxyNw8nolt+SydByQtW46NgR/2InNI5SK2AOABcZL0rshhUop
eFPmE8j1hjfelGpYcGGNd6+C1jO7zp5ENQ+FHfEyGVIzFPIwDHgap3b55Z6eQx9P
LHCqu32qsXVxR/XsYBztNIy6g9foJM7UIplcIqwlR9/XaElR1igvIobmJ7tZCj8w
oY5+QySe1arqgHSqn+t/RDK77M4qes+9aCuYHJww7EeK3etb7Hmi+1/cxKjhEjCx
ZRf/BCBYCBMk1K1sUVFE8tI/rrE+zMwPfQPzTEzi3Rz2+9VoCW1dsUwANwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCZJWiQk+gSKYQ8q81NYbnh5XIfnMB8GA1UdIwQY
MBaAFPVkA7wch07vCbihNEFVq8PwV1sVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVdRRHZCeUhUdThKdUtFMFFWV3J3X0JYV3hVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy8xNzQ4NjAtMGM1YS00NGYwLTk3ZTct
ZmFiODVlZTU3MDJhLzEvSmtsYUpDVDZCSXBoRHlyelUxaHVlSGxjaC1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy8xNzQ4NjAtMGM1YS00NGYwLTk3ZTctZmFiODVlZTU3MDJh
LzEvOVdRRHZCeUhUdThKdUtFMFFWV3J3X0JYV3hVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw76DMA0G
CSqGSIb3DQEBCwUAA4IBAQAUYWJOpn2OOCuuAlbNR44nWMMIvmrkAw9AHunOH/E7
Ykh9a7w5mLsY1ri4UQX/+TuSR19r84DfA/oD6aqRi7yn4oWSejmOBHXqz08MJvUF
Fo/l2uCq6oKGRjsEgBuf7aXSzG9oR0sgapapcY7Xnaz7HXL+tQDovMD909vmYx/K
u31md5B0lv/cygG9uTd0WDCwXCSOzHkZG2GiMtPRa0MUhMKBj48+OMiJIkv3IS5F
kBZm/3CDxpUxlb3jd/9LV9Ui+zAJFZNtBenn87Q6OEn64j4dY4EEMr2tywRY0njv
qDFSYn3lQPtHGH34MCIXTqPElh0tYqtaB4/BIyPmrWw1
-----END CERTIFICATE-----