Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/89fb99-9049-482f-95dc-9e3cd0d9d77a/1/aq0HQDHEBZrHdrvW6n70XH-zKgk.roa
File:                     aq0HQDHEBZrHdrvW6n70XH-zKgk.roa (raw, json)
Hash identifier:          nwY8XdYAfdh+OqMULBbbKlBX3jnSWjysJP1j26isBw0=
Subject key identifier:   6A:AD:07:40:31:C4:05:9A:C7:76:BB:D6:EA:7E:F4:5C:7F:B3:2A:09
Certificate issuer:       /CN=918316ab4ea13ebb54560c1a67042d47e966d823
Certificate serial:       018CC349558C2E187786D6E8894DE480725C
Authority key identifier: 91:83:16:AB:4E:A1:3E:BB:54:56:0C:1A:67:04:2D:47:E9:66:D8:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kYMWq06hPrtUVgwaZwQtR-lm2CM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/89fb99-9049-482f-95dc-9e3cd0d9d77a/1/aq0HQDHEBZrHdrvW6n70XH-zKgk.roa
Signing time:             Mon 01 Jan 2024 04:30:12 +0000
ROA not before:           Mon 01 Jan 2024 04:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2635
IP address blocks:        195.234.108.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/89fb99-9049-482f-95dc-9e3cd0d9d77a/1/kYMWq06hPrtUVgwaZwQtR-lm2CM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/89fb99-9049-482f-95dc-9e3cd0d9d77a/1/kYMWq06hPrtUVgwaZwQtR-lm2CM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kYMWq06hPrtUVgwaZwQtR-lm2CM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:55:8c:2e:18:77:86:d6:e8:89:4d:e4:80:72:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=918316ab4ea13ebb54560c1a67042d47e966d823
        Validity
            Not Before: Jan  1 04:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6aad074031c4059ac776bbd6ea7ef45c7fb32a09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:30:29:8f:9e:53:1a:04:2d:69:ae:86:1f:28:
                    8b:26:87:ee:bf:74:c8:8c:4b:d9:d0:08:96:24:df:
                    29:f1:ec:98:3d:94:9b:e5:d8:df:4e:e5:fb:bb:7c:
                    66:f8:b2:75:df:6a:49:df:dd:b5:af:9b:15:e0:c9:
                    88:28:4a:48:70:81:9a:33:3f:e4:d5:0c:a5:73:3e:
                    bf:63:6b:cf:d9:24:49:ea:35:81:4c:ff:bb:99:41:
                    f9:82:4f:47:85:e3:cd:0a:eb:85:80:8a:55:e3:49:
                    14:34:7b:89:96:d1:8c:e2:53:da:e6:aa:ad:80:99:
                    b6:04:cf:6a:61:5b:17:15:d8:17:c9:ee:51:a3:80:
                    0a:2b:b0:94:40:57:a9:07:31:d9:3f:a1:91:f1:c8:
                    ae:79:f2:c7:b5:6f:79:5b:f1:30:8f:75:5d:9b:03:
                    89:11:94:72:71:18:d0:4b:a1:52:e3:1f:38:2a:a9:
                    b0:f6:fd:bc:51:1e:b2:6c:5f:0f:67:06:ad:cf:4b:
                    ec:23:cc:88:30:f6:1a:58:e3:51:77:47:d5:97:67:
                    0f:45:1d:d8:04:32:88:66:25:74:54:aa:8e:18:0c:
                    29:4a:ea:ca:df:10:a2:88:84:da:12:98:5f:7e:98:
                    b9:a5:8f:19:1f:76:2d:0b:c2:5c:b6:b4:90:54:4e:
                    41:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:AD:07:40:31:C4:05:9A:C7:76:BB:D6:EA:7E:F4:5C:7F:B3:2A:09
            X509v3 Authority Key Identifier:
                keyid:91:83:16:AB:4E:A1:3E:BB:54:56:0C:1A:67:04:2D:47:E9:66:D8:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kYMWq06hPrtUVgwaZwQtR-lm2CM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/89fb99-9049-482f-95dc-9e3cd0d9d77a/1/aq0HQDHEBZrHdrvW6n70XH-zKgk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/89fb99-9049-482f-95dc-9e3cd0d9d77a/1/kYMWq06hPrtUVgwaZwQtR-lm2CM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.234.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         25:fe:60:bc:ac:29:54:01:97:2b:cf:bd:89:48:e0:d8:ab:3f:
         64:a4:82:2e:47:5f:b5:9e:f0:c8:3f:b5:05:c3:04:fb:6d:f3:
         48:ae:a8:85:b1:1a:b7:89:a2:93:cf:d8:ae:b4:3e:ae:e6:d3:
         80:07:ea:ee:6b:22:a4:93:2f:ec:46:a3:24:46:6e:63:f7:25:
         20:a8:b8:e6:64:e6:eb:99:6f:d2:20:15:55:30:aa:b0:63:57:
         2e:ed:fc:75:cc:85:f0:ac:a1:79:a5:f3:a4:fa:54:c7:82:6a:
         76:4d:43:82:fa:44:5c:3d:6d:1e:b0:67:f2:36:71:cc:69:bb:
         f8:6e:43:54:ce:53:96:0f:64:45:c4:fd:55:8c:b2:c2:47:5d:
         08:40:c6:b6:b6:3b:c0:bf:d0:dc:46:7c:70:21:2f:86:97:0c:
         40:8f:fd:a7:b8:39:bc:3b:8f:62:44:28:72:d5:86:74:45:89:
         0e:fd:65:5a:90:f7:d3:0b:6a:56:b9:6b:a2:35:13:fc:fe:57:
         4f:22:3e:d8:b8:34:65:7c:5a:20:fb:8b:f9:be:c0:18:f8:b5:
         8a:26:cc:c2:e9:37:5b:89:a6:ec:8c:e6:84:2a:29:5d:57:89:
         07:6f:fb:8f:18:30:2c:cd:25:10:1c:6a:3b:2e:d2:82:f3:40:
         46:f9:a2:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSVWMLhh3htboiU3kgHJcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxODMxNmFiNGVhMTNlYmI1NDU2MGMxYTY3MDQyZDQ3ZTk2
NmQ4MjMwHhcNMjQwMTAxMDQzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWFkMDc0MDMxYzQwNTlhYzc3NmJiZDZlYTdlZjQ1YzdmYjMyYTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDApj55TGgQtaa6GHyiLJofuv3TI
jEvZ0AiWJN8p8eyYPZSb5djfTuX7u3xm+LJ132pJ3921r5sV4MmIKEpIcIGaMz/k
1Qylcz6/Y2vP2SRJ6jWBTP+7mUH5gk9HhePNCuuFgIpV40kUNHuJltGM4lPa5qqt
gJm2BM9qYVsXFdgXye5Ro4AKK7CUQFepBzHZP6GR8ciuefLHtW95W/Ewj3VdmwOJ
EZRycRjQS6FS4x84Kqmw9v28UR6ybF8PZwatz0vsI8yIMPYaWONRd0fVl2cPRR3Y
BDKIZiV0VKqOGAwpSurK3xCiiITaEphffpi5pY8ZH3YtC8JctrSQVE5B/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGqtB0AxxAWax3a71up+9Fx/syoJMB8GA1UdIwQY
MBaAFJGDFqtOoT67VFYMGmcELUfpZtgjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1lNV3EwNmhQcnRVVmd3YVp3UXRSLWxtMkNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi84OWZiOTktOTA0OS00ODJmLTk1ZGMt
OWUzY2QwZDlkNzdhLzEvYXEwSFFESEVCWnJIZHJ2VzZuNzBYSC16S2drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi84OWZiOTktOTA0OS00ODJmLTk1ZGMtOWUzY2QwZDlkNzdh
LzEva1lNV3EwNmhQcnRVVmd3YVp3UXRSLWxtMkNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw+psMA0G
CSqGSIb3DQEBCwUAA4IBAQAl/mC8rClUAZcrz72JSODYqz9kpIIuR1+1nvDIP7UF
wwT7bfNIrqiFsRq3iaKTz9iutD6u5tOAB+ruayKkky/sRqMkRm5j9yUgqLjmZObr
mW/SIBVVMKqwY1cu7fx1zIXwrKF5pfOk+lTHgmp2TUOC+kRcPW0esGfyNnHMabv4
bkNUzlOWD2RFxP1VjLLCR10IQMa2tjvAv9DcRnxwIS+GlwxAj/2nuDm8O49iRChy
1YZ0RYkO/WVakPfTC2pWuWuiNRP8/ldPIj7YuDRlfFog+4v5vsAY+LWKJszC6Tdb
iabsjOaEKildV4kHb/uPGDAszSUQHGo7LtKC80BG+aIU
-----END CERTIFICATE-----