Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/5e9ad7-a5f4-4cb4-a319-2f352d64aac8/1/iQohj92UY_EuaoFsPOzjLjkH_4U.roa
File:                     iQohj92UY_EuaoFsPOzjLjkH_4U.roa (raw, json)
Hash identifier:          Mm+UKRDOXB41PPM2jE9V03l1NPjQ4e85+3pVXP4iZ1M=
Subject key identifier:   89:0A:21:8F:DD:94:63:F1:2E:6A:81:6C:3C:EC:E3:2E:39:07:FF:85
Certificate issuer:       /CN=555cc0b60855cfe15a91ebcb0ee584c617116fb7
Certificate serial:       01913216FF1A6651ADE75BD56418B3A76135
Authority key identifier: 55:5C:C0:B6:08:55:CF:E1:5A:91:EB:CB:0E:E5:84:C6:17:11:6F:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VVzAtghVz-FakevLDuWExhcRb7c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/5e9ad7-a5f4-4cb4-a319-2f352d64aac8/1/iQohj92UY_EuaoFsPOzjLjkH_4U.roa
Signing time:             Thu 08 Aug 2024 13:04:13 +0000
ROA not before:           Thu 08 Aug 2024 13:04:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198785
IP address blocks:        195.114.113.0/24 maxlen: 24
                          195.130.192.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/5e9ad7-a5f4-4cb4-a319-2f352d64aac8/1/VVzAtghVz-FakevLDuWExhcRb7c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/5e9ad7-a5f4-4cb4-a319-2f352d64aac8/1/VVzAtghVz-FakevLDuWExhcRb7c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VVzAtghVz-FakevLDuWExhcRb7c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:32:16:ff:1a:66:51:ad:e7:5b:d5:64:18:b3:a7:61:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=555cc0b60855cfe15a91ebcb0ee584c617116fb7
        Validity
            Not Before: Aug  8 13:04:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=890a218fdd9463f12e6a816c3cece32e3907ff85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:84:27:44:43:8a:76:a1:8a:ca:cb:37:9b:eb:
                    91:a2:94:2b:23:73:ec:78:5d:67:e0:a5:b2:a1:58:
                    43:a5:2e:41:b9:7e:c7:47:95:9c:06:fd:4d:f2:bf:
                    f1:d8:48:a7:37:24:10:73:db:d2:21:cc:74:97:67:
                    7a:2a:91:31:71:4b:f3:c3:56:4b:ce:79:e8:6e:d8:
                    8d:da:e4:cd:26:ec:97:b3:bf:d7:1e:d2:e8:60:9e:
                    2d:00:c2:05:16:cc:16:05:ac:6d:7f:d6:39:fd:bc:
                    74:74:16:db:c1:13:4d:c7:33:f6:87:a8:d5:f7:a6:
                    09:ae:3f:60:de:c9:f0:c9:dc:a4:59:81:be:79:22:
                    35:36:b5:a6:2d:db:62:32:b3:12:6f:97:66:d3:cf:
                    f2:2e:c3:b1:34:55:4c:9a:25:39:4a:a3:57:c7:24:
                    ea:bb:6f:05:98:b8:dd:c2:23:4f:cd:9c:28:c5:13:
                    d3:cc:cd:3c:2d:60:24:45:5d:f3:af:33:d6:19:fc:
                    55:a4:2d:2a:e5:17:d4:7e:a0:e2:24:04:c1:8f:1a:
                    c6:f5:a1:3c:10:09:52:87:81:42:10:64:a8:97:0a:
                    c0:4c:3a:a2:31:2f:b6:3d:d3:53:58:76:b5:d4:db:
                    dd:9e:c6:c2:3a:f9:91:58:71:82:90:7b:c3:33:1b:
                    8a:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:0A:21:8F:DD:94:63:F1:2E:6A:81:6C:3C:EC:E3:2E:39:07:FF:85
            X509v3 Authority Key Identifier:
                keyid:55:5C:C0:B6:08:55:CF:E1:5A:91:EB:CB:0E:E5:84:C6:17:11:6F:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VVzAtghVz-FakevLDuWExhcRb7c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/5e9ad7-a5f4-4cb4-a319-2f352d64aac8/1/iQohj92UY_EuaoFsPOzjLjkH_4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/5e9ad7-a5f4-4cb4-a319-2f352d64aac8/1/VVzAtghVz-FakevLDuWExhcRb7c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.114.113.0/24
                  195.130.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:d5:d2:39:f3:1b:18:1c:fc:3e:c0:d4:3b:09:73:aa:3b:bf:
         4e:41:e2:35:38:79:e2:ea:b8:70:b1:64:82:72:fe:98:5b:81:
         75:68:71:db:5d:26:15:bb:b1:64:2a:85:b7:c2:69:e5:9c:ce:
         b8:c1:cf:c9:79:ad:90:89:d2:66:57:2f:ae:13:71:fa:cd:af:
         d5:13:3a:f0:0d:56:6f:ca:d6:9c:b1:39:09:e9:94:9d:7c:ca:
         f7:29:61:e0:6c:f2:7d:eb:41:b9:fd:14:eb:03:91:92:92:f1:
         71:52:72:08:c9:64:7e:5b:5d:c2:63:ef:80:d0:f0:8d:dc:b2:
         a9:61:6e:29:20:82:6f:98:e0:19:3c:46:d4:17:de:6c:4c:a7:
         bf:a5:c1:89:66:96:60:8a:ac:93:3e:8c:f1:c9:5f:3d:3e:50:
         4e:ef:12:e8:55:be:b0:f4:1c:18:10:05:15:36:cc:a7:58:28:
         54:66:74:e5:53:27:7e:6f:d9:4d:45:02:10:a1:c3:d4:46:fa:
         9f:0a:7a:48:66:11:2d:92:36:6d:62:8a:6c:d4:f0:45:8e:40:
         07:38:8b:d6:04:e7:64:ed:29:67:0a:78:38:f0:87:8c:60:b4:
         53:29:e9:f6:58:c6:ab:ad:ad:f8:3d:2b:f3:1e:40:a4:91:1f:
         f4:7d:c1:41
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZEyFv8aZlGt51vVZBizp2E1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1NWNjMGI2MDg1NWNmZTE1YTkxZWJjYjBlZTU4NGM2MTcx
MTZmYjcwHhcNMjQwODA4MTMwNDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTBhMjE4ZmRkOTQ2M2YxMmU2YTgxNmMzY2VjZTMyZTM5MDdmZjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAroQnREOKdqGKyss3m+uRopQrI3Ps
eF1n4KWyoVhDpS5BuX7HR5WcBv1N8r/x2EinNyQQc9vSIcx0l2d6KpExcUvzw1ZL
znnobtiN2uTNJuyXs7/XHtLoYJ4tAMIFFswWBaxtf9Y5/bx0dBbbwRNNxzP2h6jV
96YJrj9g3snwydykWYG+eSI1NrWmLdtiMrMSb5dm08/yLsOxNFVMmiU5SqNXxyTq
u28FmLjdwiNPzZwoxRPTzM08LWAkRV3zrzPWGfxVpC0q5RfUfqDiJATBjxrG9aE8
EAlSh4FCEGSolwrATDqiMS+2PdNTWHa11NvdnsbCOvmRWHGCkHvDMxuKJwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIkKIY/dlGPxLmqBbDzs4y45B/+FMB8GA1UdIwQY
MBaAFFVcwLYIVc/hWpHryw7lhMYXEW+3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlZ6QXRnaFZ6LUZha2V2TER1V0V4aGNSYjdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi81ZTlhZDctYTVmNC00Y2I0LWEzMTkt
MmYzNTJkNjRhYWM4LzEvaVFvaGo5MlVZX0V1YW9Gc1BPempMamtIXzRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi81ZTlhZDctYTVmNC00Y2I0LWEzMTktMmYzNTJkNjRhYWM4
LzEvVlZ6QXRnaFZ6LUZha2V2TER1V0V4aGNSYjdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw3JxAwQA
w4LAMA0GCSqGSIb3DQEBCwUAA4IBAQBa1dI58xsYHPw+wNQ7CXOqO79OQeI1OHni
6rhwsWSCcv6YW4F1aHHbXSYVu7FkKoW3wmnlnM64wc/Jea2QidJmVy+uE3H6za/V
EzrwDVZvytacsTkJ6ZSdfMr3KWHgbPJ960G5/RTrA5GSkvFxUnIIyWR+W13CY++A
0PCN3LKpYW4pIIJvmOAZPEbUF95sTKe/pcGJZpZgiqyTPozxyV89PlBO7xLoVb6w
9BwYEAUVNsynWChUZnTlUyd+b9lNRQIQocPURvqfCnpIZhEtkjZtYops1PBFjkAH
OIvWBOdk7SlnCng48IeMYLRTKen2WMarra34PSvzHkCkkR/0fcFB
-----END CERTIFICATE-----