Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/bc4c23-f7ce-42f1-8819-f2bbfba71a28/1/DVRHWOjo1qfOyZDPnBzcLOl8y8c.roa
File:                     DVRHWOjo1qfOyZDPnBzcLOl8y8c.roa (raw, json)
Hash identifier:          ByReioadoAQ7DQmACke2phe4bo2ujh0b22n3i7PMvXI=
Subject key identifier:   0D:54:47:58:E8:E8:D6:A7:CE:C9:90:CF:9C:1C:DC:2C:E9:7C:CB:C7
Certificate issuer:       /CN=742488f0d9b4b171a2e2f0fa559b43f9a5b32e26
Certificate serial:       018DD04777BC9426FEBE865E7235899CFC89
Authority key identifier: 74:24:88:F0:D9:B4:B1:71:A2:E2:F0:FA:55:9B:43:F9:A5:B3:2E:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dCSI8Nm0sXGi4vD6VZtD-aWzLiY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/bc4c23-f7ce-42f1-8819-f2bbfba71a28/1/DVRHWOjo1qfOyZDPnBzcLOl8y8c.roa
Signing time:             Thu 22 Feb 2024 10:06:01 +0000
ROA not before:           Thu 22 Feb 2024 10:06:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3330
IP address blocks:        195.149.75.0/24 maxlen: 24
                          2001:67c:29cc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/bc4c23-f7ce-42f1-8819-f2bbfba71a28/1/dCSI8Nm0sXGi4vD6VZtD-aWzLiY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/bc4c23-f7ce-42f1-8819-f2bbfba71a28/1/dCSI8Nm0sXGi4vD6VZtD-aWzLiY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dCSI8Nm0sXGi4vD6VZtD-aWzLiY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 13:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d0:47:77:bc:94:26:fe:be:86:5e:72:35:89:9c:fc:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=742488f0d9b4b171a2e2f0fa559b43f9a5b32e26
        Validity
            Not Before: Feb 22 10:06:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d544758e8e8d6a7cec990cf9c1cdc2ce97ccbc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:6a:35:35:c7:54:3f:6a:3e:7a:0e:70:c9:17:
                    65:2b:85:8e:a1:7b:33:0f:f0:63:cb:dc:77:8f:52:
                    77:ce:9d:91:30:9f:07:d7:13:22:14:18:f3:f8:65:
                    e5:98:d9:35:f9:6c:85:d5:d8:95:b8:66:1a:f6:13:
                    8d:0b:68:7e:19:14:b0:c0:f5:00:01:e5:42:a7:c1:
                    1a:9f:67:06:61:22:3c:f7:c7:ef:af:b3:56:3f:08:
                    a0:d1:d4:f3:a9:2b:9e:a5:bb:b3:78:08:bd:62:90:
                    94:9b:a5:d3:ec:43:9e:d4:59:02:06:3f:11:29:ef:
                    ed:c4:34:45:60:80:fe:39:57:70:be:4b:be:00:38:
                    76:e0:74:38:01:0c:45:4c:83:7b:4c:f8:04:d2:0b:
                    96:43:af:b7:8d:eb:f6:96:9d:b5:8a:9c:af:39:72:
                    ce:5a:50:f6:6d:11:cf:ba:0f:24:c3:9d:49:27:64:
                    7d:02:11:9d:0e:82:59:31:6c:75:19:47:b4:ce:10:
                    9e:72:14:4d:fd:d2:18:ab:c0:cb:11:95:49:1f:e9:
                    6e:4a:ab:8e:87:a0:1a:76:70:cf:ad:7b:ec:74:b4:
                    02:f7:14:7e:ae:29:50:16:49:85:48:d2:d8:6c:ae:
                    53:4d:e7:96:fb:78:fa:4b:fb:51:80:40:ec:27:fe:
                    44:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:54:47:58:E8:E8:D6:A7:CE:C9:90:CF:9C:1C:DC:2C:E9:7C:CB:C7
            X509v3 Authority Key Identifier:
                keyid:74:24:88:F0:D9:B4:B1:71:A2:E2:F0:FA:55:9B:43:F9:A5:B3:2E:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dCSI8Nm0sXGi4vD6VZtD-aWzLiY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/bc4c23-f7ce-42f1-8819-f2bbfba71a28/1/DVRHWOjo1qfOyZDPnBzcLOl8y8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/bc4c23-f7ce-42f1-8819-f2bbfba71a28/1/dCSI8Nm0sXGi4vD6VZtD-aWzLiY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.149.75.0/24
                IPv6:
                  2001:67c:29cc::/48

    Signature Algorithm: sha256WithRSAEncryption
         a9:ef:17:b7:1a:33:e6:78:11:7a:74:97:6f:39:a3:0f:8f:75:
         af:4e:31:58:d5:94:9c:cd:72:c0:e1:a8:b6:98:7e:e9:4b:43:
         79:d3:23:75:b0:f4:32:fa:de:ad:31:30:fc:16:4c:7e:5c:48:
         a3:da:70:69:f1:ca:5e:05:b9:66:b9:b1:e9:d0:65:f1:59:72:
         b9:9d:29:cd:b0:49:41:2f:8e:a0:e3:a1:be:c4:1b:5e:fd:84:
         1f:fd:3c:9e:91:97:63:3f:7b:94:7b:3a:ff:9a:78:b5:fc:3d:
         68:df:d0:3e:ee:03:e4:af:8b:12:0c:fe:71:5c:1b:23:21:96:
         20:94:d1:f9:5a:32:45:f7:19:91:f2:81:9d:30:5c:84:3a:2c:
         2e:a4:69:26:db:34:46:f4:04:d1:d7:16:13:a7:8d:68:58:03:
         53:f9:12:e1:04:b5:f0:7e:f6:6e:b1:b2:8b:25:85:3f:a2:8e:
         d2:a1:0f:cb:39:d1:90:1a:29:f0:4f:fc:6a:1b:eb:16:a2:3a:
         1d:3d:a4:e7:29:c9:39:90:d3:a6:6e:73:50:3b:57:92:ad:c9:
         8a:0b:62:e7:64:fe:66:54:aa:6f:97:34:57:be:02:0c:10:9e:
         f5:e5:af:23:12:49:21:32:6d:22:9b:df:9f:17:f4:20:e0:e2:
         78:4a:98:a3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY3QR3e8lCb+voZecjWJnPyJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0MjQ4OGYwZDliNGIxNzFhMmUyZjBmYTU1OWI0M2Y5YTVi
MzJlMjYwHhcNMjQwMjIyMTAwNjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDU0NDc1OGU4ZThkNmE3Y2VjOTkwY2Y5YzFjZGMyY2U5N2NjYmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjmo1NcdUP2o+eg5wyRdlK4WOoXsz
D/Bjy9x3j1J3zp2RMJ8H1xMiFBjz+GXlmNk1+WyF1diVuGYa9hONC2h+GRSwwPUA
AeVCp8Ean2cGYSI898fvr7NWPwig0dTzqSuepbuzeAi9YpCUm6XT7EOe1FkCBj8R
Ke/txDRFYID+OVdwvku+ADh24HQ4AQxFTIN7TPgE0guWQ6+3jev2lp21ipyvOXLO
WlD2bRHPug8kw51JJ2R9AhGdDoJZMWx1GUe0zhCechRN/dIYq8DLEZVJH+luSquO
h6AadnDPrXvsdLQC9xR+rilQFkmFSNLYbK5TTeeW+3j6S/tRgEDsJ/5EzwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFA1UR1jo6NanzsmQz5wc3CzpfMvHMB8GA1UdIwQY
MBaAFHQkiPDZtLFxouLw+lWbQ/mlsy4mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZENTSThObTBzWEdpNHZENlZadEQtYVd6TGlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iYzRjMjMtZjdjZS00MmYxLTg4MTkt
ZjJiYmZiYTcxYTI4LzEvRFZSSFdPam8xcWZPeVpEUG5CemNMT2w4eThjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iYzRjMjMtZjdjZS00MmYxLTg4MTktZjJiYmZiYTcxYTI4
LzEvZENTSThObTBzWEdpNHZENlZadEQtYVd6TGlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAw5VLMA8E
AgACMAkDBwAgAQZ8KcwwDQYJKoZIhvcNAQELBQADggEBAKnvF7caM+Z4EXp0l285
ow+Pda9OMVjVlJzNcsDhqLaYfulLQ3nTI3Ww9DL63q0xMPwWTH5cSKPacGnxyl4F
uWa5senQZfFZcrmdKc2wSUEvjqDjob7EG179hB/9PJ6Rl2M/e5R7Ov+aeLX8PWjf
0D7uA+SvixIM/nFcGyMhliCU0flaMkX3GZHygZ0wXIQ6LC6kaSbbNEb0BNHXFhOn
jWhYA1P5EuEEtfB+9m6xsoslhT+ijtKhD8s50ZAaKfBP/Gob6xaiOh09pOcpyTmQ
06Zuc1A7V5KtyYoLYudk/mZUqm+XNFe+AgwQnvXlryMSSSEybSKb358X9CDg4nhK
mKM=
-----END CERTIFICATE-----