Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/5e9ad7-a5f4-4cb4-a319-2f352d64aac8/1/aC3rJ_KdScGIe1FcnRp8qonzSgQ.roa
File:                     aC3rJ_KdScGIe1FcnRp8qonzSgQ.roa (raw, json)
Hash identifier:          I81OwpYFzvwaOCSgbr5qLqNuuV/NgAan9LK5aVYNaZ4=
Subject key identifier:   68:2D:EB:27:F2:9D:49:C1:88:7B:51:5C:9D:1A:7C:AA:89:F3:4A:04
Certificate issuer:       /CN=555cc0b60855cfe15a91ebcb0ee584c617116fb7
Certificate serial:       01913216FFB329E80E354A760F2A54878439
Authority key identifier: 55:5C:C0:B6:08:55:CF:E1:5A:91:EB:CB:0E:E5:84:C6:17:11:6F:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VVzAtghVz-FakevLDuWExhcRb7c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/5e9ad7-a5f4-4cb4-a319-2f352d64aac8/1/aC3rJ_KdScGIe1FcnRp8qonzSgQ.roa
Signing time:             Thu 08 Aug 2024 13:04:13 +0000
ROA not before:           Thu 08 Aug 2024 13:04:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207773
IP address blocks:        195.114.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/5e9ad7-a5f4-4cb4-a319-2f352d64aac8/1/VVzAtghVz-FakevLDuWExhcRb7c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/5e9ad7-a5f4-4cb4-a319-2f352d64aac8/1/VVzAtghVz-FakevLDuWExhcRb7c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VVzAtghVz-FakevLDuWExhcRb7c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:32:16:ff:b3:29:e8:0e:35:4a:76:0f:2a:54:87:84:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=555cc0b60855cfe15a91ebcb0ee584c617116fb7
        Validity
            Not Before: Aug  8 13:04:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=682deb27f29d49c1887b515c9d1a7caa89f34a04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:83:a7:14:a7:64:0f:7b:89:c6:a9:60:fb:0e:
                    2e:0a:1b:8e:82:15:f3:19:fa:74:d1:c3:6f:20:78:
                    cf:80:75:10:b6:d6:dd:ba:87:4b:1c:b2:1d:40:7b:
                    65:f6:8d:b2:53:a6:05:1a:2b:ba:73:47:38:15:0f:
                    0f:d1:fe:2e:c2:67:e1:c4:fc:5a:ad:45:94:ba:cc:
                    74:0c:2d:55:14:b9:27:8b:93:ea:95:72:82:86:a9:
                    86:b7:cd:b7:34:d2:49:ac:a1:91:e8:84:b8:55:ee:
                    bf:de:c8:8d:76:b3:00:98:6e:ce:d3:90:27:8e:b9:
                    de:a2:2b:45:f0:a8:87:50:2f:bd:30:b2:a5:3d:5d:
                    23:54:ef:ea:00:e3:f5:c4:89:f3:03:11:4f:3e:9b:
                    21:4b:e3:83:3e:81:05:1a:f6:f8:61:26:4f:05:bf:
                    ee:e5:f0:c8:32:c6:f7:ea:2d:75:2b:c8:0b:26:dd:
                    09:ed:11:61:d3:40:c4:62:d8:da:b2:cb:51:68:5c:
                    87:94:b2:d8:f3:bd:9f:72:11:51:1b:95:ab:84:f3:
                    1a:26:46:50:9c:eb:05:b8:65:4d:34:48:0d:69:01:
                    4d:90:3d:aa:ea:38:46:be:d6:49:f5:60:e1:be:d9:
                    62:77:35:3b:a5:63:39:eb:86:b1:14:c0:89:45:33:
                    98:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:2D:EB:27:F2:9D:49:C1:88:7B:51:5C:9D:1A:7C:AA:89:F3:4A:04
            X509v3 Authority Key Identifier:
                keyid:55:5C:C0:B6:08:55:CF:E1:5A:91:EB:CB:0E:E5:84:C6:17:11:6F:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VVzAtghVz-FakevLDuWExhcRb7c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/5e9ad7-a5f4-4cb4-a319-2f352d64aac8/1/aC3rJ_KdScGIe1FcnRp8qonzSgQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/5e9ad7-a5f4-4cb4-a319-2f352d64aac8/1/VVzAtghVz-FakevLDuWExhcRb7c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.114.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:4f:9a:0a:93:04:9c:49:e8:c5:60:64:c4:41:d7:8b:88:4e:
         3e:7c:37:87:a2:98:0a:cb:13:1a:eb:0e:0d:5d:cc:d8:0e:ca:
         73:71:1a:d8:1a:4c:07:61:fe:cf:c8:f0:05:55:34:d5:34:16:
         aa:7f:5f:7f:7f:d6:9e:20:9f:50:92:35:b9:7b:d6:04:b6:1f:
         a9:6d:3a:bf:30:ac:0f:54:f5:4a:2a:ee:6c:6c:ec:6c:41:8e:
         98:f0:1c:ca:7a:21:0c:67:dc:0d:2d:6c:8f:15:20:71:72:97:
         2f:2e:e2:d4:7f:d2:b8:6d:59:85:59:82:98:6f:b2:28:76:4b:
         51:88:7a:dd:9c:78:ec:57:9d:14:ec:aa:8d:a6:b3:b4:af:ac:
         53:f2:64:ec:bd:da:3f:36:c5:ab:2e:da:7e:6c:27:20:20:f2:
         be:41:40:30:30:6b:47:18:7f:9d:02:e2:bf:4b:b5:69:9b:1b:
         4a:68:7d:b6:fb:3c:25:64:03:60:a8:de:8b:02:a4:5e:0e:b0:
         bc:61:4e:cd:6b:d9:74:54:9b:38:2d:9f:13:a0:ae:62:30:b7:
         d9:2b:83:69:fa:9c:2d:6f:43:da:1f:37:68:0d:f7:ff:cc:0f:
         bd:fb:d1:3b:06:a3:2f:7b:68:d6:f5:2b:7e:66:13:5e:72:e8:
         e2:db:09:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEyFv+zKegONUp2DypUh4Q5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1NWNjMGI2MDg1NWNmZTE1YTkxZWJjYjBlZTU4NGM2MTcx
MTZmYjcwHhcNMjQwODA4MTMwNDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODJkZWIyN2YyOWQ0OWMxODg3YjUxNWM5ZDFhN2NhYTg5ZjM0YTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYOnFKdkD3uJxqlg+w4uChuOghXz
Gfp00cNvIHjPgHUQttbduodLHLIdQHtl9o2yU6YFGiu6c0c4FQ8P0f4uwmfhxPxa
rUWUusx0DC1VFLkni5PqlXKChqmGt823NNJJrKGR6IS4Ve6/3siNdrMAmG7O05An
jrneoitF8KiHUC+9MLKlPV0jVO/qAOP1xInzAxFPPpshS+ODPoEFGvb4YSZPBb/u
5fDIMsb36i11K8gLJt0J7RFh00DEYtjasstRaFyHlLLY872fchFRG5WrhPMaJkZQ
nOsFuGVNNEgNaQFNkD2q6jhGvtZJ9WDhvtlidzU7pWM564axFMCJRTOYEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGgt6yfynUnBiHtRXJ0afKqJ80oEMB8GA1UdIwQY
MBaAFFVcwLYIVc/hWpHryw7lhMYXEW+3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlZ6QXRnaFZ6LUZha2V2TER1V0V4aGNSYjdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi81ZTlhZDctYTVmNC00Y2I0LWEzMTkt
MmYzNTJkNjRhYWM4LzEvYUMzckpfS2RTY0dJZTFGY25ScDhxb256U2dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi81ZTlhZDctYTVmNC00Y2I0LWEzMTktMmYzNTJkNjRhYWM4
LzEvVlZ6QXRnaFZ6LUZha2V2TER1V0V4aGNSYjdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw3JxMA0G
CSqGSIb3DQEBCwUAA4IBAQBIT5oKkwScSejFYGTEQdeLiE4+fDeHopgKyxMa6w4N
XczYDspzcRrYGkwHYf7PyPAFVTTVNBaqf19/f9aeIJ9QkjW5e9YEth+pbTq/MKwP
VPVKKu5sbOxsQY6Y8BzKeiEMZ9wNLWyPFSBxcpcvLuLUf9K4bVmFWYKYb7IodktR
iHrdnHjsV50U7KqNprO0r6xT8mTsvdo/NsWrLtp+bCcgIPK+QUAwMGtHGH+dAuK/
S7VpmxtKaH22+zwlZANgqN6LAqReDrC8YU7Na9l0VJs4LZ8ToK5iMLfZK4Np+pwt
b0PaHzdoDff/zA+9+9E7BqMve2jW9St+ZhNecuji2wmA
-----END CERTIFICATE-----