Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/4222b2-c79c-4d5e-99d7-cdb281a2b3a8/1/ORxAK0thi8CGuPqMAqmrKnknvVE.roa
File:                     ORxAK0thi8CGuPqMAqmrKnknvVE.roa (raw, json)
Hash identifier:          oPnaCktvg/RaeRe7IjIAtXRp5ZtvhaEJRIJO2WJ038s=
Subject key identifier:   39:1C:40:2B:4B:61:8B:C0:86:B8:FA:8C:02:A9:AB:2A:79:27:BD:51
Certificate issuer:       /CN=60333cd6f1b59c0b682e1da389237eda3e9da918
Certificate serial:       018CC4254B5BE930E3AB03DD952C6E0FA67A
Authority key identifier: 60:33:3C:D6:F1:B5:9C:0B:68:2E:1D:A3:89:23:7E:DA:3E:9D:A9:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YDM81vG1nAtoLh2jiSN-2j6dqRg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/4222b2-c79c-4d5e-99d7-cdb281a2b3a8/1/ORxAK0thi8CGuPqMAqmrKnknvVE.roa
Signing time:             Mon 01 Jan 2024 08:30:27 +0000
ROA not before:           Mon 01 Jan 2024 08:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199871
IP address blocks:        195.149.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/4222b2-c79c-4d5e-99d7-cdb281a2b3a8/1/YDM81vG1nAtoLh2jiSN-2j6dqRg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/4222b2-c79c-4d5e-99d7-cdb281a2b3a8/1/YDM81vG1nAtoLh2jiSN-2j6dqRg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YDM81vG1nAtoLh2jiSN-2j6dqRg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 22:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:4b:5b:e9:30:e3:ab:03:dd:95:2c:6e:0f:a6:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60333cd6f1b59c0b682e1da389237eda3e9da918
        Validity
            Not Before: Jan  1 08:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=391c402b4b618bc086b8fa8c02a9ab2a7927bd51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:0c:05:5a:9c:43:b2:d8:ec:98:0b:f5:1d:90:
                    32:2a:55:94:25:a6:6f:6b:fd:69:d9:11:7e:0d:78:
                    32:d9:bf:61:9b:8c:d7:92:37:ac:11:06:37:b3:46:
                    49:ab:11:64:5f:ef:70:cb:49:6f:06:d6:3d:6f:4d:
                    a9:7e:ae:ce:53:fd:14:40:95:98:21:89:33:4e:c5:
                    1f:3b:38:3a:aa:57:f7:d7:55:df:3c:73:78:e7:b3:
                    e9:b4:c8:43:78:f2:64:24:12:69:b0:4e:73:7b:1c:
                    e4:cf:76:1b:10:b1:02:dd:cd:ad:af:a4:bb:0e:64:
                    a6:5e:ef:13:0c:fd:9f:47:d5:81:ea:53:72:52:73:
                    b9:c7:22:2f:86:e7:67:9f:5f:00:fe:36:75:03:c3:
                    18:65:bc:b9:5d:0f:d9:05:74:aa:ae:e6:4c:eb:3b:
                    8c:b8:fd:94:39:7e:27:60:4e:d1:d8:fc:82:08:64:
                    c7:87:8e:2e:e6:15:e7:bd:34:e8:bc:6a:bf:ba:a1:
                    03:99:61:9d:80:95:20:9c:58:4b:fd:1c:8c:1f:09:
                    a1:c8:57:c0:f0:72:33:f3:16:c5:14:fd:d3:5b:4b:
                    1e:68:d5:a8:37:27:91:a4:48:de:84:89:d5:a0:5e:
                    d4:d4:35:f2:b4:eb:31:ad:0b:3b:b9:13:ae:08:b0:
                    9d:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:1C:40:2B:4B:61:8B:C0:86:B8:FA:8C:02:A9:AB:2A:79:27:BD:51
            X509v3 Authority Key Identifier:
                keyid:60:33:3C:D6:F1:B5:9C:0B:68:2E:1D:A3:89:23:7E:DA:3E:9D:A9:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YDM81vG1nAtoLh2jiSN-2j6dqRg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/4222b2-c79c-4d5e-99d7-cdb281a2b3a8/1/ORxAK0thi8CGuPqMAqmrKnknvVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/4222b2-c79c-4d5e-99d7-cdb281a2b3a8/1/YDM81vG1nAtoLh2jiSN-2j6dqRg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.149.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:a8:0d:f0:16:c0:59:b0:85:b7:b3:af:7f:5f:ab:fc:34:4a:
         dc:d4:5f:48:3b:5f:46:89:68:f5:07:b1:41:19:5e:0d:dd:fe:
         64:7c:65:b1:92:7a:2d:35:03:ac:2e:e6:32:50:c9:5b:8a:1e:
         7e:7e:c1:79:e0:a5:06:0d:43:20:58:da:ae:45:82:1d:8d:40:
         d0:ea:1f:cf:b2:f3:16:0b:32:d6:78:45:6c:5e:f1:30:9f:7f:
         80:16:73:33:67:a7:6e:c4:26:ab:56:08:9a:3b:aa:e6:35:c3:
         b1:90:a5:4e:a9:1b:56:c1:9d:3b:71:ca:f1:41:1e:d5:6c:66:
         12:4d:7e:f3:49:12:a6:38:96:88:69:43:9c:ad:9f:2e:37:dd:
         1c:cd:5f:cd:84:f2:93:c7:e7:04:1a:ed:d2:a0:2f:97:ee:86:
         a1:3f:69:cc:d8:4f:7c:e4:52:e5:7d:f1:c4:d5:2f:11:c1:c5:
         24:77:b9:9e:29:0c:3b:5d:16:92:92:36:39:28:79:25:56:ac:
         08:7b:d8:5f:4c:c0:a4:94:d1:17:6b:2e:0f:b5:f9:7d:d8:5d:
         c9:65:f1:6f:45:2b:c2:32:4b:a9:89:c0:03:c3:4b:cb:2c:b4:
         04:cf:dd:3f:5e:d1:86:45:d8:f2:0c:85:d7:2c:af:6d:06:0d:
         47:e7:c5:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJUtb6TDjqwPdlSxuD6Z6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwMzMzY2Q2ZjFiNTljMGI2ODJlMWRhMzg5MjM3ZWRhM2U5
ZGE5MTgwHhcNMjQwMTAxMDgzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTFjNDAyYjRiNjE4YmMwODZiOGZhOGMwMmE5YWIyYTc5MjdiZDUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQwFWpxDstjsmAv1HZAyKlWUJaZv
a/1p2RF+DXgy2b9hm4zXkjesEQY3s0ZJqxFkX+9wy0lvBtY9b02pfq7OU/0UQJWY
IYkzTsUfOzg6qlf311XfPHN457PptMhDePJkJBJpsE5zexzkz3YbELEC3c2tr6S7
DmSmXu8TDP2fR9WB6lNyUnO5xyIvhudnn18A/jZ1A8MYZby5XQ/ZBXSqruZM6zuM
uP2UOX4nYE7R2PyCCGTHh44u5hXnvTTovGq/uqEDmWGdgJUgnFhL/RyMHwmhyFfA
8HIz8xbFFP3TW0seaNWoNyeRpEjehInVoF7U1DXytOsxrQs7uROuCLCdkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDkcQCtLYYvAhrj6jAKpqyp5J71RMB8GA1UdIwQY
MBaAFGAzPNbxtZwLaC4do4kjfto+nakYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWURNODF2RzFuQXRvTGgyamlTTi0yajZkcVJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC80MjIyYjItYzc5Yy00ZDVlLTk5ZDct
Y2RiMjgxYTJiM2E4LzEvT1J4QUswdGhpOENHdVBxTUFxbXJLbmtudlZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC80MjIyYjItYzc5Yy00ZDVlLTk5ZDctY2RiMjgxYTJiM2E4
LzEvWURNODF2RzFuQXRvTGgyamlTTi0yajZkcVJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw5VHMA0G
CSqGSIb3DQEBCwUAA4IBAQADqA3wFsBZsIW3s69/X6v8NErc1F9IO19GiWj1B7FB
GV4N3f5kfGWxknotNQOsLuYyUMlbih5+fsF54KUGDUMgWNquRYIdjUDQ6h/PsvMW
CzLWeEVsXvEwn3+AFnMzZ6duxCarVgiaO6rmNcOxkKVOqRtWwZ07ccrxQR7VbGYS
TX7zSRKmOJaIaUOcrZ8uN90czV/NhPKTx+cEGu3SoC+X7oahP2nM2E985FLlffHE
1S8RwcUkd7meKQw7XRaSkjY5KHklVqwIe9hfTMCklNEXay4Ptfl92F3JZfFvRSvC
MkupicADw0vLLLQEz90/XtGGRdjyDIXXLK9tBg1H58Uf
-----END CERTIFICATE-----