Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/3c08ae-eb6d-4608-82c3-6c04a6ed13c5/1/kv2ROCi_Jmbv6oEE8RVKcv23P-o.roa
File:                     kv2ROCi_Jmbv6oEE8RVKcv23P-o.roa (raw, json)
Hash identifier:          I5qhyisj2Udn8Rd/Xn7lVupQUcJAUikn6tBNe0b6srw=
Subject key identifier:   92:FD:91:38:28:BF:26:66:EF:EA:81:04:F1:15:4A:72:FD:B7:3F:EA
Certificate issuer:       /CN=c9da2ff5a77e78eec3033dda5749a4a8c1e55164
Certificate serial:       018CC795773F1125C1EBF12CCDFDB27665A9
Authority key identifier: C9:DA:2F:F5:A7:7E:78:EE:C3:03:3D:DA:57:49:A4:A8:C1:E5:51:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydov9ad-eO7DAz3aV0mkqMHlUWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/3c08ae-eb6d-4608-82c3-6c04a6ed13c5/1/kv2ROCi_Jmbv6oEE8RVKcv23P-o.roa
Signing time:             Tue 02 Jan 2024 00:31:50 +0000
ROA not before:           Tue 02 Jan 2024 00:31:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     22773
IP address blocks:        195.64.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/3c08ae-eb6d-4608-82c3-6c04a6ed13c5/1/ydov9ad-eO7DAz3aV0mkqMHlUWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/3c08ae-eb6d-4608-82c3-6c04a6ed13c5/1/ydov9ad-eO7DAz3aV0mkqMHlUWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydov9ad-eO7DAz3aV0mkqMHlUWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:77:3f:11:25:c1:eb:f1:2c:cd:fd:b2:76:65:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9da2ff5a77e78eec3033dda5749a4a8c1e55164
        Validity
            Not Before: Jan  2 00:31:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92fd913828bf2666efea8104f1154a72fdb73fea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:fb:9d:5c:22:c4:ab:45:64:9f:30:c8:6b:2b:
                    3b:f9:ea:58:f7:ad:36:31:a5:44:9d:d6:42:3c:f6:
                    da:37:00:59:b9:89:6a:6a:5f:3f:75:a5:87:bb:0b:
                    09:d1:30:d1:07:7a:1f:f9:9a:e6:43:f0:41:ea:17:
                    6a:ec:83:dc:21:42:83:08:4f:bb:7b:46:a2:61:97:
                    68:86:9e:b4:6a:8f:cf:78:31:2f:06:23:4f:e5:73:
                    31:0e:2e:ad:0c:f7:46:3a:fd:77:69:6b:ea:fc:74:
                    5f:2d:b9:b0:f1:66:cf:a2:39:f8:39:50:dc:8a:a7:
                    5e:e8:0f:3c:55:de:bb:3f:57:e4:e4:0c:cb:0d:86:
                    3f:ff:a2:8b:93:bc:3b:c9:89:20:b5:7a:87:c0:29:
                    fb:0d:35:90:47:b0:8d:48:15:2b:c5:a7:24:9c:76:
                    54:94:16:0b:5b:be:f0:65:6c:d7:4a:f7:90:a9:16:
                    8f:17:79:43:f7:d4:76:a3:bb:15:60:a5:84:e5:b2:
                    a4:c3:d1:68:06:31:35:4d:00:9c:77:ed:1b:57:d8:
                    f6:cf:73:a1:c5:55:f0:68:05:38:b5:64:be:90:15:
                    da:ba:d7:ea:3f:5c:01:ac:cf:19:f5:af:b0:27:44:
                    dc:57:ad:f8:94:79:ea:3a:0c:8d:ce:ac:35:8b:a0:
                    31:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:FD:91:38:28:BF:26:66:EF:EA:81:04:F1:15:4A:72:FD:B7:3F:EA
            X509v3 Authority Key Identifier:
                keyid:C9:DA:2F:F5:A7:7E:78:EE:C3:03:3D:DA:57:49:A4:A8:C1:E5:51:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydov9ad-eO7DAz3aV0mkqMHlUWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/3c08ae-eb6d-4608-82c3-6c04a6ed13c5/1/kv2ROCi_Jmbv6oEE8RVKcv23P-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/3c08ae-eb6d-4608-82c3-6c04a6ed13c5/1/ydov9ad-eO7DAz3aV0mkqMHlUWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.64.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:92:63:ff:12:31:18:0f:b1:33:8e:0e:e7:94:68:f9:55:ac:
         77:38:05:71:4e:ad:3d:2b:d9:68:c9:41:6a:b2:09:4b:a7:57:
         0b:82:87:da:fc:0b:04:49:54:bf:90:f5:3f:59:c7:1a:00:34:
         4f:cc:d3:75:82:69:e8:a6:36:11:4c:59:35:45:f1:4e:96:9a:
         7b:ed:cb:be:57:cb:16:9a:dc:ef:06:a1:4c:b1:18:4c:59:69:
         6b:d8:08:7c:f5:a0:0d:95:44:c9:e4:f0:58:ca:7c:19:75:b1:
         e3:e8:b9:bc:12:8d:d7:20:2d:18:e3:61:1d:12:eb:1c:38:f5:
         f3:c0:6f:3a:9a:ea:05:fd:e0:69:96:dc:9f:61:ef:ba:77:cf:
         0f:1e:d3:64:4e:bb:60:e8:15:1c:46:7f:3f:58:14:ab:10:5a:
         42:1c:99:dd:54:57:a6:11:ce:35:f0:72:bf:ea:87:0d:04:80:
         69:96:1f:5d:09:7c:38:73:7e:1d:7e:02:c9:c9:52:a5:f5:2d:
         74:37:09:37:e7:ad:57:f9:96:ba:09:8d:d1:48:5b:bd:01:cd:
         9f:7a:44:a4:36:0b:ec:2c:79:d3:17:89:53:dc:c1:d2:bb:0e:
         48:c8:0b:78:2a:f6:fb:23:c6:91:f8:4d:8b:63:b4:7d:4f:83:
         71:1c:e8:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlXc/ESXB6/Eszf2ydmWpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZGEyZmY1YTc3ZTc4ZWVjMzAzM2RkYTU3NDlhNGE4YzFl
NTUxNjQwHhcNMjQwMTAyMDAzMTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmZkOTEzODI4YmYyNjY2ZWZlYTgxMDRmMTE1NGE3MmZkYjczZmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4fudXCLEq0VknzDIays7+epY9602
MaVEndZCPPbaNwBZuYlqal8/daWHuwsJ0TDRB3of+ZrmQ/BB6hdq7IPcIUKDCE+7
e0aiYZdohp60ao/PeDEvBiNP5XMxDi6tDPdGOv13aWvq/HRfLbmw8WbPojn4OVDc
iqde6A88Vd67P1fk5AzLDYY//6KLk7w7yYkgtXqHwCn7DTWQR7CNSBUrxacknHZU
lBYLW77wZWzXSveQqRaPF3lD99R2o7sVYKWE5bKkw9FoBjE1TQCcd+0bV9j2z3Oh
xVXwaAU4tWS+kBXautfqP1wBrM8Z9a+wJ0TcV634lHnqOgyNzqw1i6AxyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJL9kTgovyZm7+qBBPEVSnL9tz/qMB8GA1UdIwQY
MBaAFMnaL/WnfnjuwwM92ldJpKjB5VFkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRvdjlhZC1lTzdEQXozYVYwbWtxTUhsVVdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8zYzA4YWUtZWI2ZC00NjA4LTgyYzMt
NmMwNGE2ZWQxM2M1LzEva3YyUk9DaV9KbWJ2Nm9FRThSVktjdjIzUC1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8zYzA4YWUtZWI2ZC00NjA4LTgyYzMtNmMwNGE2ZWQxM2M1
LzEveWRvdjlhZC1lTzdEQXozYVYwbWtxTUhsVVdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0BzMA0G
CSqGSIb3DQEBCwUAA4IBAQBokmP/EjEYD7Ezjg7nlGj5Vax3OAVxTq09K9loyUFq
sglLp1cLgofa/AsESVS/kPU/WccaADRPzNN1gmnopjYRTFk1RfFOlpp77cu+V8sW
mtzvBqFMsRhMWWlr2Ah89aANlUTJ5PBYynwZdbHj6Lm8Eo3XIC0Y42EdEuscOPXz
wG86muoF/eBpltyfYe+6d88PHtNkTrtg6BUcRn8/WBSrEFpCHJndVFemEc418HK/
6ocNBIBplh9dCXw4c34dfgLJyVKl9S10Nwk3561X+Za6CY3RSFu9Ac2fekSkNgvs
LHnTF4lT3MHSuw5IyAt4Kvb7I8aR+E2LY7R9T4NxHOjy
-----END CERTIFICATE-----