Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/su4cojcfmYwGObALQAkATJFzD7E.roa
File:                     su4cojcfmYwGObALQAkATJFzD7E.roa (raw, json)
Hash identifier:          IQR2LiC9AIImTz098PmNSWxI3X1ySsp4SyNlm0G9GzQ=
Subject key identifier:   B2:EE:1C:A2:37:1F:99:8C:06:39:B0:0B:40:09:00:4C:91:73:0F:B1
Certificate issuer:       /CN=ba9d30e6035be8b8386061f271481c707e04ce2b
Certificate serial:       018CC56E9464C81A514C7A27195670A902FA
Authority key identifier: BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/su4cojcfmYwGObALQAkATJFzD7E.roa
Signing time:             Mon 01 Jan 2024 14:30:07 +0000
ROA not before:           Mon 01 Jan 2024 14:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57886
IP address blocks:        195.214.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:94:64:c8:1a:51:4c:7a:27:19:56:70:a9:02:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba9d30e6035be8b8386061f271481c707e04ce2b
        Validity
            Not Before: Jan  1 14:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b2ee1ca2371f998c0639b00b4009004c91730fb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:92:e4:90:9f:4f:cb:b0:0c:91:1e:7e:1f:f8:
                    c3:33:71:fe:66:35:83:e1:5b:32:1d:ae:cf:a0:bd:
                    1d:ae:bf:5c:84:4e:d3:60:70:f2:80:d9:1f:2b:55:
                    0c:96:df:04:bd:d5:29:a9:4d:92:b7:c3:71:85:6f:
                    85:38:55:c5:24:aa:34:53:4f:57:e2:a8:15:6d:07:
                    6b:24:9f:f0:e1:48:59:d0:33:13:e2:66:65:f2:71:
                    28:78:31:3f:08:c6:4d:57:e4:86:33:ac:06:d8:76:
                    48:ad:c6:38:ae:2f:62:e3:ad:6c:2c:f8:84:82:42:
                    4f:8b:72:b7:ae:5d:03:d0:ff:a5:c5:81:e7:35:99:
                    ca:90:bb:e8:52:30:9d:8a:0a:62:7f:c3:76:5d:9e:
                    85:9a:3f:b9:c2:97:70:5f:d5:66:e4:6e:29:7f:72:
                    bb:61:8e:7c:63:9a:2b:07:09:f2:56:34:d2:b6:ce:
                    8b:24:89:59:90:35:8f:3c:ec:10:ec:e4:b8:c8:71:
                    ec:02:09:87:1a:e6:3e:e2:c4:f9:e3:c4:a0:cd:71:
                    90:d2:26:54:eb:3f:10:d3:23:35:ad:24:d5:a2:65:
                    6e:c6:6f:ff:69:ad:5b:fb:68:fa:68:f4:33:a6:a0:
                    ac:c6:d1:83:7d:80:00:88:8b:28:2d:c1:51:c0:3e:
                    7a:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:EE:1C:A2:37:1F:99:8C:06:39:B0:0B:40:09:00:4C:91:73:0F:B1
            X509v3 Authority Key Identifier:
                keyid:BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/su4cojcfmYwGObALQAkATJFzD7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.214.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:af:f1:bf:e0:5d:1d:74:36:e1:4b:13:58:78:51:06:85:c8:
         08:30:32:cb:75:5a:ef:8e:21:ec:39:5c:0c:f0:a2:92:a8:df:
         c1:f5:22:0b:bd:7a:03:a6:5f:5b:4d:10:84:c0:a0:a0:5d:9a:
         bb:e6:d4:4d:25:d3:f3:29:d1:6c:0b:7a:16:15:0c:7a:bf:87:
         27:0a:3d:b2:d7:c0:79:ac:dd:37:82:1d:31:61:89:48:7f:ac:
         a8:e9:28:2b:19:9f:a8:2c:49:86:32:ef:8b:cd:57:d2:49:89:
         6f:04:e7:20:4e:33:ef:12:2e:b9:61:07:d1:54:51:03:a2:df:
         53:b4:0d:54:12:6a:5a:95:58:d8:dc:83:e6:ab:e1:66:ed:60:
         7a:12:85:31:76:50:04:9c:e6:98:b2:64:28:8d:ba:0c:2a:c0:
         b7:0e:98:f0:d9:8e:8b:a9:3a:0b:80:32:28:c5:92:30:ca:dc:
         5a:54:72:9e:e4:1b:1f:2c:e9:7e:43:14:50:b0:a8:01:0f:36:
         93:ad:07:1e:6a:f6:c5:4d:89:17:0f:c3:a8:5d:cf:63:f1:21:
         72:0b:86:87:71:16:b5:a0:97:2d:90:0b:da:83:69:d4:61:94:
         79:5d:08:07:4e:97:b7:22:df:d3:98:bf:6b:89:b1:b5:26:0f:
         f5:b2:60:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbpRkyBpRTHonGVZwqQL6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOWQzMGU2MDM1YmU4YjgzODYwNjFmMjcxNDgxYzcwN2Uw
NGNlMmIwHhcNMjQwMTAxMTQzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmVlMWNhMjM3MWY5OThjMDYzOWIwMGI0MDA5MDA0YzkxNzMwZmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhJLkkJ9Py7AMkR5+H/jDM3H+ZjWD
4VsyHa7PoL0drr9chE7TYHDygNkfK1UMlt8EvdUpqU2St8NxhW+FOFXFJKo0U09X
4qgVbQdrJJ/w4UhZ0DMT4mZl8nEoeDE/CMZNV+SGM6wG2HZIrcY4ri9i461sLPiE
gkJPi3K3rl0D0P+lxYHnNZnKkLvoUjCdigpif8N2XZ6Fmj+5wpdwX9Vm5G4pf3K7
YY58Y5orBwnyVjTSts6LJIlZkDWPPOwQ7OS4yHHsAgmHGuY+4sT548SgzXGQ0iZU
6z8Q0yM1rSTVomVuxm//aa1b+2j6aPQzpqCsxtGDfYAAiIsoLcFRwD56gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLLuHKI3H5mMBjmwC0AJAEyRcw+xMB8GA1UdIwQY
MBaAFLqdMOYDW+i4OGBh8nFIHHB+BM4rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgt
NWQ1ODRmYmM1ZDI3LzEvc3U0Y29qY2ZtWXdHT2JBTFFBa0FUSkZ6RDdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgtNWQ1ODRmYmM1ZDI3
LzEvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9agMA0G
CSqGSIb3DQEBCwUAA4IBAQAbr/G/4F0ddDbhSxNYeFEGhcgIMDLLdVrvjiHsOVwM
8KKSqN/B9SILvXoDpl9bTRCEwKCgXZq75tRNJdPzKdFsC3oWFQx6v4cnCj2y18B5
rN03gh0xYYlIf6yo6SgrGZ+oLEmGMu+LzVfSSYlvBOcgTjPvEi65YQfRVFEDot9T
tA1UEmpalVjY3IPmq+Fm7WB6EoUxdlAEnOaYsmQojboMKsC3Dpjw2Y6LqToLgDIo
xZIwytxaVHKe5BsfLOl+QxRQsKgBDzaTrQceavbFTYkXD8OoXc9j8SFyC4aHcRa1
oJctkAvag2nUYZR5XQgHTpe3It/TmL9ribG1Jg/1smBi
-----END CERTIFICATE-----