Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/b8cae4-b5af-4380-9817-46538ca5383c/1/Wqr7DMFGYVS9oNIUN88CFg510h8.roa
File:                     Wqr7DMFGYVS9oNIUN88CFg510h8.roa (raw, json)
Hash identifier:          H9u7iw5yWakGQZn4tyJluOE31wcV3fM4CjvVYM5Al6c=
Subject key identifier:   5A:AA:FB:0C:C1:46:61:54:BD:A0:D2:14:37:CF:02:16:0E:75:D2:1F
Certificate issuer:       /CN=3ad65216812ed24fd1c719871a59a971dec30a26
Certificate serial:       018CC3B67557E611E6E1CD3E24D5362375C4
Authority key identifier: 3A:D6:52:16:81:2E:D2:4F:D1:C7:19:87:1A:59:A9:71:DE:C3:0A:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OtZSFoEu0k_RxxmHGlmpcd7DCiY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/b8cae4-b5af-4380-9817-46538ca5383c/1/Wqr7DMFGYVS9oNIUN88CFg510h8.roa
Signing time:             Mon 01 Jan 2024 06:29:23 +0000
ROA not before:           Mon 01 Jan 2024 06:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200384
IP address blocks:        195.16.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/b8cae4-b5af-4380-9817-46538ca5383c/1/OtZSFoEu0k_RxxmHGlmpcd7DCiY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/b8cae4-b5af-4380-9817-46538ca5383c/1/OtZSFoEu0k_RxxmHGlmpcd7DCiY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OtZSFoEu0k_RxxmHGlmpcd7DCiY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:75:57:e6:11:e6:e1:cd:3e:24:d5:36:23:75:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ad65216812ed24fd1c719871a59a971dec30a26
        Validity
            Not Before: Jan  1 06:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5aaafb0cc1466154bda0d21437cf02160e75d21f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:e8:09:12:c4:a8:49:f9:d8:5a:52:c8:e7:be:
                    b7:85:fb:b5:a3:e5:f9:62:be:06:aa:60:d8:65:88:
                    20:93:bf:6c:29:46:ce:54:a6:20:ca:01:6c:36:2d:
                    fc:53:dc:86:6b:a4:f3:6e:6c:80:55:fc:eb:7c:b0:
                    fa:ce:4c:0b:df:67:e8:ca:9b:93:b1:e8:8c:53:0b:
                    33:79:b7:52:fa:e0:92:3e:7f:e3:62:70:99:89:07:
                    da:31:24:8c:a5:bf:19:5b:ad:78:43:aa:ad:f9:e5:
                    b3:52:db:ea:d1:0b:2b:c3:21:18:8d:d9:57:e1:b7:
                    b9:06:de:26:8f:98:07:5b:b8:0c:57:fe:8f:73:11:
                    8a:8f:8c:2b:0a:81:4e:dd:17:7d:00:12:a7:9a:de:
                    f5:d9:db:fb:b2:08:92:01:20:43:a8:d6:1a:92:44:
                    ff:cc:81:e9:ba:e9:61:d4:be:1f:92:9e:41:f6:17:
                    96:65:5f:22:2f:95:0a:23:d9:d2:f1:e4:1d:d7:f2:
                    fe:6e:49:27:2a:1f:80:da:77:2a:e3:c9:7e:2d:f0:
                    85:60:26:f0:fd:cd:ee:7e:46:95:f3:c3:19:cd:45:
                    bb:f3:62:bd:a1:81:fc:96:1f:ff:a6:cb:e4:c9:d1:
                    9d:ca:fa:03:4f:62:d9:d6:13:11:57:2c:1a:a2:c8:
                    8a:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:AA:FB:0C:C1:46:61:54:BD:A0:D2:14:37:CF:02:16:0E:75:D2:1F
            X509v3 Authority Key Identifier:
                keyid:3A:D6:52:16:81:2E:D2:4F:D1:C7:19:87:1A:59:A9:71:DE:C3:0A:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OtZSFoEu0k_RxxmHGlmpcd7DCiY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/b8cae4-b5af-4380-9817-46538ca5383c/1/Wqr7DMFGYVS9oNIUN88CFg510h8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/b8cae4-b5af-4380-9817-46538ca5383c/1/OtZSFoEu0k_RxxmHGlmpcd7DCiY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.16.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:eb:f8:7e:ba:5e:3f:d2:a9:6d:fe:2f:96:3c:38:97:fe:1e:
         ce:8b:c7:c8:fb:29:7a:24:72:f1:5b:3d:5b:4d:c2:66:82:27:
         4c:94:ca:bd:77:19:e6:d9:f4:ab:e7:ae:8f:d7:45:d6:a8:f3:
         43:c0:26:48:8f:33:58:1d:aa:e9:61:7d:86:cf:8a:6f:05:0a:
         e1:88:79:44:30:36:fc:0a:f3:8a:06:54:e6:08:82:3a:5d:89:
         9d:fc:3b:ee:a3:90:38:aa:d7:91:b6:53:f2:b9:0b:fa:54:e9:
         5a:74:4f:83:5d:1a:ed:4d:d6:df:6c:f5:ee:e3:f7:50:09:35:
         68:56:0c:d0:71:09:62:51:7b:07:73:df:31:06:f4:6e:aa:35:
         72:5d:7b:b0:70:c7:61:de:b5:cb:11:46:d5:f9:d0:b7:a9:09:
         9f:81:ea:46:92:63:8e:c9:08:70:01:4a:32:81:96:64:dc:84:
         b7:d6:df:60:2d:a4:15:56:2f:37:a9:e9:94:f8:c4:12:6a:8a:
         1c:70:7f:66:bf:c2:6e:0d:fe:6d:c8:11:dc:1a:d9:c0:b4:62:
         62:55:5d:55:d3:09:42:3b:63:fb:e2:d9:9b:bc:2d:fb:92:43:
         df:69:e1:8b:f1:1c:f7:34:a6:a5:5b:9d:94:20:97:12:03:d2:
         98:29:12:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtnVX5hHm4c0+JNU2I3XEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZDY1MjE2ODEyZWQyNGZkMWM3MTk4NzFhNTlhOTcxZGVj
MzBhMjYwHhcNMjQwMTAxMDYyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWFhZmIwY2MxNDY2MTU0YmRhMGQyMTQzN2NmMDIxNjBlNzVkMjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmugJEsSoSfnYWlLI5763hfu1o+X5
Yr4GqmDYZYggk79sKUbOVKYgygFsNi38U9yGa6TzbmyAVfzrfLD6zkwL32foypuT
seiMUwszebdS+uCSPn/jYnCZiQfaMSSMpb8ZW614Q6qt+eWzUtvq0QsrwyEYjdlX
4be5Bt4mj5gHW7gMV/6PcxGKj4wrCoFO3Rd9ABKnmt712dv7sgiSASBDqNYakkT/
zIHpuulh1L4fkp5B9heWZV8iL5UKI9nS8eQd1/L+bkknKh+A2ncq48l+LfCFYCbw
/c3ufkaV88MZzUW782K9oYH8lh//psvkydGdyvoDT2LZ1hMRVywaosiKxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFqq+wzBRmFUvaDSFDfPAhYOddIfMB8GA1UdIwQY
MBaAFDrWUhaBLtJP0ccZhxpZqXHewwomMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3RaU0ZvRXUwa19SeHhtSEdsbXBjZDdEQ2lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS9iOGNhZTQtYjVhZi00MzgwLTk4MTct
NDY1MzhjYTUzODNjLzEvV3FyN0RNRkdZVlM5b05JVU44OENGZzUxMGg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS9iOGNhZTQtYjVhZi00MzgwLTk4MTctNDY1MzhjYTUzODNj
LzEvT3RaU0ZvRXUwa19SeHhtSEdsbXBjZDdEQ2lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxD8MA0G
CSqGSIb3DQEBCwUAA4IBAQB86/h+ul4/0qlt/i+WPDiX/h7Oi8fI+yl6JHLxWz1b
TcJmgidMlMq9dxnm2fSr566P10XWqPNDwCZIjzNYHarpYX2Gz4pvBQrhiHlEMDb8
CvOKBlTmCII6XYmd/Dvuo5A4qteRtlPyuQv6VOladE+DXRrtTdbfbPXu4/dQCTVo
VgzQcQliUXsHc98xBvRuqjVyXXuwcMdh3rXLEUbV+dC3qQmfgepGkmOOyQhwAUoy
gZZk3IS31t9gLaQVVi83qemU+MQSaooccH9mv8JuDf5tyBHcGtnAtGJiVV1V0wlC
O2P74tmbvC37kkPfaeGL8Rz3NKalW52UIJcSA9KYKRLs
-----END CERTIFICATE-----