Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/bd6a19-2595-4df9-84b5-ebadbc34a124/1/w3nqlWhDUzrIGoUXM_6aB7XZoPg.roa
File:                     w3nqlWhDUzrIGoUXM_6aB7XZoPg.roa (raw, json)
Hash identifier:          nR2cGzYvREGUXYAEW54OaPIpQqe6J5b5qeOulW4ga5k=
Subject key identifier:   C3:79:EA:95:68:43:53:3A:C8:1A:85:17:33:FE:9A:07:B5:D9:A0:F8
Certificate issuer:       /CN=40665ce80820a47ce3b83f480289554a58a45df4
Certificate serial:       018CC5DC42E28AC1CA241337153DAA70EEB1
Authority key identifier: 40:66:5C:E8:08:20:A4:7C:E3:B8:3F:48:02:89:55:4A:58:A4:5D:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QGZc6AggpHzjuD9IAolVSlikXfQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/bd6a19-2595-4df9-84b5-ebadbc34a124/1/w3nqlWhDUzrIGoUXM_6aB7XZoPg.roa
Signing time:             Mon 01 Jan 2024 16:29:55 +0000
ROA not before:           Mon 01 Jan 2024 16:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202943
IP address blocks:        195.216.248.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/bd6a19-2595-4df9-84b5-ebadbc34a124/1/QGZc6AggpHzjuD9IAolVSlikXfQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/bd6a19-2595-4df9-84b5-ebadbc34a124/1/QGZc6AggpHzjuD9IAolVSlikXfQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QGZc6AggpHzjuD9IAolVSlikXfQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:42:e2:8a:c1:ca:24:13:37:15:3d:aa:70:ee:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40665ce80820a47ce3b83f480289554a58a45df4
        Validity
            Not Before: Jan  1 16:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c379ea956843533ac81a851733fe9a07b5d9a0f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:e3:08:a5:16:6d:08:4b:70:3c:37:54:08:a8:
                    34:4d:46:2a:8e:31:14:21:d1:e9:ca:82:0d:13:f0:
                    89:02:47:5b:5e:92:a7:38:ba:f0:ba:c7:20:64:06:
                    bb:6b:df:dd:73:45:45:9c:d2:a7:92:ae:54:71:04:
                    5a:63:15:64:cf:9f:c2:5b:00:50:e5:c2:5a:3d:a8:
                    42:cb:f2:4e:8b:88:67:1c:0d:f8:b9:33:be:ac:f1:
                    23:30:be:aa:2d:c7:3d:91:ae:8e:2e:ae:c3:34:c5:
                    06:1e:4a:6e:25:be:c1:4a:15:35:20:23:76:69:fb:
                    b9:e9:49:99:e6:92:f3:31:2b:ee:10:27:ab:7a:5f:
                    51:fc:82:3f:1f:d2:33:57:3d:17:c1:32:cd:93:7c:
                    f2:13:4c:c8:cd:45:8d:89:d9:d3:07:99:6d:a0:e9:
                    ef:68:87:1f:91:4d:83:77:0a:9d:d0:67:fc:e7:28:
                    0e:98:59:9a:47:b1:68:fb:2e:6e:81:93:26:a0:c2:
                    07:aa:47:04:29:b6:0d:26:ba:9e:03:29:79:b8:38:
                    3b:5f:ba:a6:32:2a:1f:e5:8b:2a:92:bb:ea:94:f6:
                    96:25:6e:61:eb:65:43:0d:5a:d7:3e:a9:d8:a2:c1:
                    14:7b:42:ad:ca:71:91:2e:c5:32:51:c8:5a:91:e2:
                    b5:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:79:EA:95:68:43:53:3A:C8:1A:85:17:33:FE:9A:07:B5:D9:A0:F8
            X509v3 Authority Key Identifier:
                keyid:40:66:5C:E8:08:20:A4:7C:E3:B8:3F:48:02:89:55:4A:58:A4:5D:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QGZc6AggpHzjuD9IAolVSlikXfQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/bd6a19-2595-4df9-84b5-ebadbc34a124/1/w3nqlWhDUzrIGoUXM_6aB7XZoPg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/bd6a19-2595-4df9-84b5-ebadbc34a124/1/QGZc6AggpHzjuD9IAolVSlikXfQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.216.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:a6:24:ae:8c:08:26:c6:18:95:c7:a8:8d:cb:a3:f8:74:0d:
         aa:9e:62:45:ec:77:bf:e4:b1:dd:57:08:f6:39:02:5e:d7:3c:
         ba:c5:e4:44:6d:b6:09:dc:43:76:1b:6d:ac:51:86:16:32:f1:
         1e:41:aa:5f:3d:f0:6d:78:f2:fc:b1:6d:c1:1a:6a:2f:6b:f4:
         59:cb:f4:a1:37:1d:ab:ab:03:a7:df:a9:e6:40:22:d2:d4:34:
         09:4a:c4:b1:52:d2:8f:36:3b:20:87:7f:69:13:1f:c7:87:56:
         7e:6e:37:9a:67:0e:24:78:59:fd:41:ec:4c:69:de:6b:3c:c3:
         f2:84:b1:b1:0b:ee:16:77:5e:9a:01:e5:60:81:fb:6f:2e:da:
         02:57:0c:27:c6:d9:08:85:be:d2:c7:90:24:46:3e:89:23:b2:
         85:10:03:8d:5a:7f:0c:22:0d:d7:f4:46:cb:d0:33:f5:bb:18:
         5b:c2:4e:f2:02:ed:f5:0d:bc:16:fc:b2:30:f4:a0:02:f5:04:
         6d:22:8a:01:09:3e:cf:99:9b:90:53:b7:ee:98:fc:08:6b:ad:
         69:16:f8:60:66:d5:b7:0f:7b:35:fb:a5:5e:fb:04:2f:a0:38:
         4c:90:a3:00:eb:cf:43:93:73:82:ac:48:7a:30:63:50:de:4a:
         d4:53:e7:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3ELiisHKJBM3FT2qcO6xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwNjY1Y2U4MDgyMGE0N2NlM2I4M2Y0ODAyODk1NTRhNThh
NDVkZjQwHhcNMjQwMTAxMTYyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzc5ZWE5NTY4NDM1MzNhYzgxYTg1MTczM2ZlOWEwN2I1ZDlhMGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy+MIpRZtCEtwPDdUCKg0TUYqjjEU
IdHpyoINE/CJAkdbXpKnOLrwuscgZAa7a9/dc0VFnNKnkq5UcQRaYxVkz5/CWwBQ
5cJaPahCy/JOi4hnHA34uTO+rPEjML6qLcc9ka6OLq7DNMUGHkpuJb7BShU1ICN2
afu56UmZ5pLzMSvuECerel9R/II/H9IzVz0XwTLNk3zyE0zIzUWNidnTB5ltoOnv
aIcfkU2Ddwqd0Gf85ygOmFmaR7Fo+y5ugZMmoMIHqkcEKbYNJrqeAyl5uDg7X7qm
Miof5YsqkrvqlPaWJW5h62VDDVrXPqnYosEUe0KtynGRLsUyUchakeK1mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMN56pVoQ1M6yBqFFzP+mge12aD4MB8GA1UdIwQY
MBaAFEBmXOgIIKR847g/SAKJVUpYpF30MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUdaYzZBZ2dwSHpqdUQ5SUFvbFZTbGlrWGZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9iZDZhMTktMjU5NS00ZGY5LTg0YjUt
ZWJhZGJjMzRhMTI0LzEvdzNucWxXaERVenJJR29VWE1fNmFCN1hab1BnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9iZDZhMTktMjU5NS00ZGY5LTg0YjUtZWJhZGJjMzRhMTI0
LzEvUUdaYzZBZ2dwSHpqdUQ5SUFvbFZTbGlrWGZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9j4MA0G
CSqGSIb3DQEBCwUAA4IBAQAspiSujAgmxhiVx6iNy6P4dA2qnmJF7He/5LHdVwj2
OQJe1zy6xeREbbYJ3EN2G22sUYYWMvEeQapfPfBtePL8sW3BGmova/RZy/ShNx2r
qwOn36nmQCLS1DQJSsSxUtKPNjsgh39pEx/Hh1Z+bjeaZw4keFn9QexMad5rPMPy
hLGxC+4Wd16aAeVggftvLtoCVwwnxtkIhb7Sx5AkRj6JI7KFEAONWn8MIg3X9EbL
0DP1uxhbwk7yAu31DbwW/LIw9KAC9QRtIooBCT7PmZuQU7fumPwIa61pFvhgZtW3
D3s1+6Ve+wQvoDhMkKMA689Dk3OCrEh6MGNQ3krUU+cw
-----END CERTIFICATE-----