Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/dfade9-3294-4fab-b607-2828c48e3599/1/cuet4nDmgWXFGj32OC8uguDsS2k.roa
File:                     cuet4nDmgWXFGj32OC8uguDsS2k.roa (raw, json)
Hash identifier:          BaVogOpYJNnZKOnpvXwfBiw737CLbu+cYX+f48hEnhw=
Subject key identifier:   72:E7:AD:E2:70:E6:81:65:C5:1A:3D:F6:38:2F:2E:82:E0:EC:4B:69
Certificate issuer:       /CN=4853216ac9d921733bf3f484393a34495c0e2a67
Certificate serial:       018FB90B63ED8090BDEE211B5B7B31D673ED
Authority key identifier: 48:53:21:6A:C9:D9:21:73:3B:F3:F4:84:39:3A:34:49:5C:0E:2A:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SFMhasnZIXM78_SEOTo0SVwOKmc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/dfade9-3294-4fab-b607-2828c48e3599/1/cuet4nDmgWXFGj32OC8uguDsS2k.roa
Signing time:             Mon 27 May 2024 07:54:42 +0000
ROA not before:           Mon 27 May 2024 07:54:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47566
IP address blocks:        195.244.24.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/dfade9-3294-4fab-b607-2828c48e3599/1/SFMhasnZIXM78_SEOTo0SVwOKmc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/dfade9-3294-4fab-b607-2828c48e3599/1/SFMhasnZIXM78_SEOTo0SVwOKmc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SFMhasnZIXM78_SEOTo0SVwOKmc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:b9:0b:63:ed:80:90:bd:ee:21:1b:5b:7b:31:d6:73:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4853216ac9d921733bf3f484393a34495c0e2a67
        Validity
            Not Before: May 27 07:54:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72e7ade270e68165c51a3df6382f2e82e0ec4b69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:c5:93:19:ae:91:a4:1b:0c:6c:4c:a0:05:39:
                    ae:ef:b0:cb:d9:a7:11:b1:81:f6:52:81:46:74:94:
                    7a:b4:4f:41:d5:c9:16:45:af:eb:b7:52:c8:f1:9a:
                    51:32:c1:95:ca:b5:8b:2e:9c:75:7d:07:87:1f:58:
                    98:ee:89:6f:51:f3:c3:bd:1f:d4:69:86:65:77:8c:
                    e8:d1:93:4a:ec:a3:11:11:ca:38:38:86:8d:2e:f2:
                    fa:7b:a4:27:6a:39:6b:c1:4d:ab:38:a0:11:45:3e:
                    c0:d0:0d:de:ac:1a:10:4a:48:40:bc:97:95:93:3d:
                    8e:e9:79:a6:d7:95:be:c3:60:14:e9:00:5c:3d:1c:
                    4d:71:66:9b:20:b5:39:2f:eb:79:cb:f5:b8:51:bd:
                    29:2e:b0:66:ab:42:12:76:df:1c:f0:b3:f2:2e:e9:
                    0a:d2:36:fa:6b:c0:b6:7f:06:4d:f9:f1:43:bf:07:
                    d2:d3:87:b3:72:a4:2b:05:88:99:b5:cc:93:06:e1:
                    3c:0d:1c:e4:c9:8a:a4:84:59:43:f2:ef:8c:ef:1b:
                    f6:3e:d7:a1:41:ae:17:29:31:ee:c1:68:90:50:0b:
                    7e:e7:f1:c1:87:ce:45:3b:10:53:f3:b2:e8:d3:98:
                    b7:09:5a:93:b9:26:ab:d6:2f:af:14:6f:0a:14:06:
                    93:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:E7:AD:E2:70:E6:81:65:C5:1A:3D:F6:38:2F:2E:82:E0:EC:4B:69
            X509v3 Authority Key Identifier:
                keyid:48:53:21:6A:C9:D9:21:73:3B:F3:F4:84:39:3A:34:49:5C:0E:2A:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SFMhasnZIXM78_SEOTo0SVwOKmc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/dfade9-3294-4fab-b607-2828c48e3599/1/cuet4nDmgWXFGj32OC8uguDsS2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/dfade9-3294-4fab-b607-2828c48e3599/1/SFMhasnZIXM78_SEOTo0SVwOKmc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.244.24.0/23

    Signature Algorithm: sha256WithRSAEncryption
         d4:4a:10:e3:a2:f7:be:fb:9e:fa:18:c0:2b:c8:a9:04:a8:70:
         2f:34:b6:be:42:a7:d2:d0:15:c4:c5:b6:5f:70:ff:a8:f6:48:
         95:4d:bc:da:89:5e:c2:ee:97:46:da:03:a4:0c:a2:31:a6:2f:
         69:36:bf:ad:39:59:8a:4e:93:90:6b:e3:1a:19:ec:f4:11:b8:
         f9:f5:8d:1d:c7:d4:45:51:76:74:ef:69:76:35:e1:04:44:53:
         37:c6:7a:74:52:55:2d:54:2f:59:eb:c9:89:d6:43:3c:70:d2:
         b6:29:56:03:e4:39:82:8f:5e:a0:95:70:e7:84:3d:4e:0d:e0:
         92:9f:2c:bd:a8:83:fb:c3:ff:22:d5:82:25:fc:a5:e2:06:e2:
         69:30:3a:76:5a:cf:31:fa:f5:f4:06:eb:70:98:5c:bf:3b:0d:
         3c:c8:a6:e8:b3:68:90:f2:85:ee:5b:78:01:22:01:c4:c9:79:
         71:d6:31:34:dc:68:b9:44:04:bd:48:b7:b1:c2:3d:27:1c:fd:
         d0:de:55:54:12:24:4d:74:b9:13:78:da:48:a8:d2:7d:3b:33:
         d9:a5:86:2c:ba:70:38:1a:d7:7a:b9:51:19:a8:63:ab:da:bc:
         28:57:60:8a:12:3a:f7:9c:6d:f1:4d:61:99:96:5f:97:ef:61:
         0b:74:12:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+5C2PtgJC97iEbW3sx1nPtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4NTMyMTZhYzlkOTIxNzMzYmYzZjQ4NDM5M2EzNDQ5NWMw
ZTJhNjcwHhcNMjQwNTI3MDc1NDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmU3YWRlMjcwZTY4MTY1YzUxYTNkZjYzODJmMmU4MmUwZWM0YjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm8WTGa6RpBsMbEygBTmu77DL2acR
sYH2UoFGdJR6tE9B1ckWRa/rt1LI8ZpRMsGVyrWLLpx1fQeHH1iY7olvUfPDvR/U
aYZld4zo0ZNK7KMREco4OIaNLvL6e6QnajlrwU2rOKARRT7A0A3erBoQSkhAvJeV
kz2O6Xmm15W+w2AU6QBcPRxNcWabILU5L+t5y/W4Ub0pLrBmq0ISdt8c8LPyLukK
0jb6a8C2fwZN+fFDvwfS04ezcqQrBYiZtcyTBuE8DRzkyYqkhFlD8u+M7xv2Pteh
Qa4XKTHuwWiQUAt+5/HBh85FOxBT87Lo05i3CVqTuSar1i+vFG8KFAaTIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHLnreJw5oFlxRo99jgvLoLg7EtpMB8GA1UdIwQY
MBaAFEhTIWrJ2SFzO/P0hDk6NElcDipnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0ZNaGFzblpJWE03OF9TRU9UbzBTVndPS21jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9kZmFkZTktMzI5NC00ZmFiLWI2MDct
MjgyOGM0OGUzNTk5LzEvY3VldDRuRG1nV1hGR2ozMk9DOHVndURzUzJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9kZmFkZTktMzI5NC00ZmFiLWI2MDctMjgyOGM0OGUzNTk5
LzEvU0ZNaGFzblpJWE03OF9TRU9UbzBTVndPS21jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw/QYMA0G
CSqGSIb3DQEBCwUAA4IBAQDUShDjove++576GMAryKkEqHAvNLa+QqfS0BXExbZf
cP+o9kiVTbzaiV7C7pdG2gOkDKIxpi9pNr+tOVmKTpOQa+MaGez0Ebj59Y0dx9RF
UXZ072l2NeEERFM3xnp0UlUtVC9Z68mJ1kM8cNK2KVYD5DmCj16glXDnhD1ODeCS
nyy9qIP7w/8i1YIl/KXiBuJpMDp2Ws8x+vX0ButwmFy/Ow08yKbos2iQ8oXuW3gB
IgHEyXlx1jE03Gi5RAS9SLexwj0nHP3Q3lVUEiRNdLkTeNpIqNJ9OzPZpYYsunA4
Gtd6uVEZqGOr2rwoV2CKEjr3nG3xTWGZll+X72ELdBLy
-----END CERTIFICATE-----