Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/9e5cbd-4d5a-4ed6-b1c2-4ef9cc751517/1/jQdeZpka8fRIbF3dSs8Au_jmiM0.roa
File:                     jQdeZpka8fRIbF3dSs8Au_jmiM0.roa (raw, json)
Hash identifier:          rmtNaCOcFYceCc1VOqhGbAo5Ll+LijVK3e7YeR0Pr00=
Subject key identifier:   8D:07:5E:66:99:1A:F1:F4:48:6C:5D:DD:4A:CF:00:BB:F8:E6:88:CD
Certificate issuer:       /CN=2004d6293274396f5a8d691485d6876a0a2071d9
Certificate serial:       018CC424ABE36A86972F3D951D19FE4FCE59
Authority key identifier: 20:04:D6:29:32:74:39:6F:5A:8D:69:14:85:D6:87:6A:0A:20:71:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IATWKTJ0OW9ajWkUhdaHagogcdk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/9e5cbd-4d5a-4ed6-b1c2-4ef9cc751517/1/jQdeZpka8fRIbF3dSs8Au_jmiM0.roa
Signing time:             Mon 01 Jan 2024 08:29:46 +0000
ROA not before:           Mon 01 Jan 2024 08:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35073
IP address blocks:        195.238.254.0/24 maxlen: 24
                          2001:67c:18fc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/9e5cbd-4d5a-4ed6-b1c2-4ef9cc751517/1/IATWKTJ0OW9ajWkUhdaHagogcdk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/9e5cbd-4d5a-4ed6-b1c2-4ef9cc751517/1/IATWKTJ0OW9ajWkUhdaHagogcdk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IATWKTJ0OW9ajWkUhdaHagogcdk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:ab:e3:6a:86:97:2f:3d:95:1d:19:fe:4f:ce:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2004d6293274396f5a8d691485d6876a0a2071d9
        Validity
            Not Before: Jan  1 08:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d075e66991af1f4486c5ddd4acf00bbf8e688cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:46:01:a4:66:a3:ac:a3:77:81:d4:dd:3c:25:
                    10:68:42:4b:df:56:57:d8:1a:4e:d6:79:d2:8a:d2:
                    27:e1:ea:56:f7:72:64:1d:05:5c:c9:6c:1c:b7:9a:
                    2c:5f:92:05:9b:a9:56:34:8c:a2:ba:2d:1a:ec:f8:
                    27:08:f2:bf:45:17:a8:b4:e0:9f:4f:97:71:ff:9c:
                    f9:af:9a:b9:a6:34:e1:08:27:da:65:82:14:83:34:
                    15:ec:f1:b9:29:97:9d:c0:c5:f6:c1:5f:21:19:4f:
                    3f:b5:af:71:06:0f:32:b7:bf:46:4d:d5:d4:12:92:
                    ae:36:5b:58:19:46:06:d3:d6:0f:a5:0c:40:19:15:
                    09:01:30:23:17:94:45:b2:7c:56:88:43:8c:f4:36:
                    1b:a6:2e:aa:c1:3c:52:64:ed:9b:85:fc:25:78:36:
                    6a:eb:39:aa:e0:a0:26:44:36:6e:1d:77:a9:39:32:
                    07:fe:58:7e:b8:32:24:62:61:45:77:22:ac:2f:df:
                    30:fb:2a:4f:1c:14:7f:57:f9:e5:a8:96:a3:13:81:
                    23:6d:ad:e1:fd:d6:d3:c1:12:c7:0a:a7:48:1b:cc:
                    00:68:8d:db:a5:c2:f5:f2:ee:85:b6:9d:35:ed:9d:
                    9d:56:2e:ab:6e:34:2a:b8:ae:31:1e:08:53:92:8f:
                    fb:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:07:5E:66:99:1A:F1:F4:48:6C:5D:DD:4A:CF:00:BB:F8:E6:88:CD
            X509v3 Authority Key Identifier:
                keyid:20:04:D6:29:32:74:39:6F:5A:8D:69:14:85:D6:87:6A:0A:20:71:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IATWKTJ0OW9ajWkUhdaHagogcdk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/9e5cbd-4d5a-4ed6-b1c2-4ef9cc751517/1/jQdeZpka8fRIbF3dSs8Au_jmiM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/9e5cbd-4d5a-4ed6-b1c2-4ef9cc751517/1/IATWKTJ0OW9ajWkUhdaHagogcdk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.238.254.0/24
                IPv6:
                  2001:67c:18fc::/48

    Signature Algorithm: sha256WithRSAEncryption
         4f:85:b4:d3:7b:6f:90:56:a3:02:11:5f:13:98:98:d3:d8:6e:
         e3:e0:c4:a8:09:59:03:0a:1f:cb:2e:ff:06:93:fd:34:df:19:
         93:08:d0:70:4f:80:33:38:a0:2b:c7:12:89:09:05:d1:5c:a7:
         59:62:99:64:c6:2d:ec:46:51:1e:0c:44:71:1c:97:97:c3:20:
         83:58:be:ee:e0:58:3c:7e:40:01:58:91:9b:e9:99:43:f5:c5:
         5e:cf:80:36:9b:f4:19:cc:da:b9:7c:38:c7:7a:f9:46:28:16:
         87:5d:c3:13:db:5e:80:e4:c8:52:ec:1d:a6:98:95:d3:57:e1:
         e4:14:b3:7d:77:bd:db:1f:e5:cf:01:d0:11:6d:95:8a:4f:4f:
         fb:23:ec:9b:1d:62:6f:92:f2:a1:ed:fa:45:c7:30:17:f9:08:
         b9:6f:26:6b:14:00:05:51:09:80:bd:4f:14:e8:ad:54:23:27:
         8a:50:df:70:e3:50:16:ac:a6:44:33:34:ee:1d:df:98:f9:e3:
         52:8a:bd:d6:c0:7c:24:2a:53:84:32:87:2d:7f:41:f4:7c:e0:
         76:62:80:e6:f5:45:f1:93:80:36:89:5d:58:96:4d:45:02:16:
         1a:1b:17:b1:20:cf:ba:24:59:51:1d:15:d0:40:87:28:75:9c:
         64:20:01:ea
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEJKvjaoaXLz2VHRn+T85ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwMDRkNjI5MzI3NDM5NmY1YThkNjkxNDg1ZDY4NzZhMGEy
MDcxZDkwHhcNMjQwMTAxMDgyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDA3NWU2Njk5MWFmMWY0NDg2YzVkZGQ0YWNmMDBiYmY4ZTY4OGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEYBpGajrKN3gdTdPCUQaEJL31ZX
2BpO1nnSitIn4epW93JkHQVcyWwct5osX5IFm6lWNIyiui0a7PgnCPK/RReotOCf
T5dx/5z5r5q5pjThCCfaZYIUgzQV7PG5KZedwMX2wV8hGU8/ta9xBg8yt79GTdXU
EpKuNltYGUYG09YPpQxAGRUJATAjF5RFsnxWiEOM9DYbpi6qwTxSZO2bhfwleDZq
6zmq4KAmRDZuHXepOTIH/lh+uDIkYmFFdyKsL98w+ypPHBR/V/nlqJajE4Ejba3h
/dbTwRLHCqdIG8wAaI3bpcL18u6Ftp017Z2dVi6rbjQquK4xHghTko/7CwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFI0HXmaZGvH0SGxd3UrPALv45ojNMB8GA1UdIwQY
MBaAFCAE1ikydDlvWo1pFIXWh2oKIHHZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUFUV0tUSjBPVzlhaldrVWhkYUhhZ29nY2RrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC85ZTVjYmQtNGQ1YS00ZWQ2LWIxYzIt
NGVmOWNjNzUxNTE3LzEvalFkZVpwa2E4ZlJJYkYzZFNzOEF1X2ptaU0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC85ZTVjYmQtNGQ1YS00ZWQ2LWIxYzItNGVmOWNjNzUxNTE3
LzEvSUFUV0tUSjBPVzlhaldrVWhkYUhhZ29nY2RrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAw+7+MA8E
AgACMAkDBwAgAQZ8GPwwDQYJKoZIhvcNAQELBQADggEBAE+FtNN7b5BWowIRXxOY
mNPYbuPgxKgJWQMKH8su/waT/TTfGZMI0HBPgDM4oCvHEokJBdFcp1limWTGLexG
UR4MRHEcl5fDIINYvu7gWDx+QAFYkZvpmUP1xV7PgDab9BnM2rl8OMd6+UYoFodd
wxPbXoDkyFLsHaaYldNX4eQUs313vdsf5c8B0BFtlYpPT/sj7JsdYm+S8qHt+kXH
MBf5CLlvJmsUAAVRCYC9TxTorVQjJ4pQ33DjUBaspkQzNO4d35j541KKvdbAfCQq
U4Qyhy1/QfR84HZigOb1RfGTgDaJXViWTUUCFhobF7Egz7okWVEdFdBAhyh1nGQg
Aeo=
-----END CERTIFICATE-----