Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/ad6af0-005f-43a3-aa9d-766d1f32433c/1/HJ52sTbPMsW84gRQlOwai7-TA8I.roa
File:                     HJ52sTbPMsW84gRQlOwai7-TA8I.roa (raw, json)
Hash identifier:          P1yJpiI8fzQn7NFLhsIeBAXMFeguT9AAWT2tUOf2FkY=
Subject key identifier:   1C:9E:76:B1:36:CF:32:C5:BC:E2:04:50:94:EC:1A:8B:BF:93:03:C2
Certificate issuer:       /CN=ec05986897d024e48c7cd25e1891c4208ff3bbb2
Certificate serial:       018CC3B70BBCA765FAE664A2650192EFB0CB
Authority key identifier: EC:05:98:68:97:D0:24:E4:8C:7C:D2:5E:18:91:C4:20:8F:F3:BB:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7AWYaJfQJOSMfNJeGJHEII_zu7I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/ad6af0-005f-43a3-aa9d-766d1f32433c/1/HJ52sTbPMsW84gRQlOwai7-TA8I.roa
Signing time:             Mon 01 Jan 2024 06:30:02 +0000
ROA not before:           Mon 01 Jan 2024 06:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35740
IP address blocks:        195.170.170.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/ad6af0-005f-43a3-aa9d-766d1f32433c/1/7AWYaJfQJOSMfNJeGJHEII_zu7I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/ad6af0-005f-43a3-aa9d-766d1f32433c/1/7AWYaJfQJOSMfNJeGJHEII_zu7I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7AWYaJfQJOSMfNJeGJHEII_zu7I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:0b:bc:a7:65:fa:e6:64:a2:65:01:92:ef:b0:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec05986897d024e48c7cd25e1891c4208ff3bbb2
        Validity
            Not Before: Jan  1 06:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c9e76b136cf32c5bce2045094ec1a8bbf9303c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:26:b7:95:8b:d6:9d:08:19:80:59:c0:5a:a3:
                    4a:8d:f6:5b:91:99:83:1b:1c:fe:66:7b:69:67:62:
                    58:a4:52:b1:36:70:66:df:6d:91:33:1a:cc:7e:01:
                    1a:62:c9:53:50:6e:9c:87:67:75:32:bd:34:70:93:
                    87:b1:64:13:22:b9:7d:d4:3a:5d:a9:66:63:22:4f:
                    87:19:39:2a:66:be:c6:dc:87:37:ad:e0:61:31:b2:
                    28:70:f9:20:4d:e0:a4:fc:f0:e9:90:41:ee:b3:37:
                    14:57:ea:bb:8c:c2:93:8b:e4:47:d4:c7:39:97:48:
                    85:56:04:c9:9e:6e:35:f5:60:eb:98:14:b4:44:6a:
                    d8:b5:e6:3e:00:73:bc:98:53:fa:61:44:09:e5:18:
                    26:5e:f9:cc:ba:bf:1f:27:0c:b1:ce:c6:26:24:5a:
                    55:f5:42:fb:b2:70:59:b5:6b:bb:71:81:98:e6:43:
                    3b:e0:ec:ed:2c:b8:25:61:2c:ec:8c:7b:40:47:4e:
                    46:fd:f8:21:11:1d:d6:b7:f3:7f:78:24:f5:80:13:
                    9d:a1:00:6b:60:5b:43:a6:f5:ba:b0:78:7a:20:c2:
                    db:74:0f:77:85:46:70:66:83:ba:95:2b:2f:3b:e6:
                    a0:ed:c3:80:ba:f1:64:b0:c5:d7:c8:df:f9:ac:bf:
                    55:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:9E:76:B1:36:CF:32:C5:BC:E2:04:50:94:EC:1A:8B:BF:93:03:C2
            X509v3 Authority Key Identifier:
                keyid:EC:05:98:68:97:D0:24:E4:8C:7C:D2:5E:18:91:C4:20:8F:F3:BB:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7AWYaJfQJOSMfNJeGJHEII_zu7I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/ad6af0-005f-43a3-aa9d-766d1f32433c/1/HJ52sTbPMsW84gRQlOwai7-TA8I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/ad6af0-005f-43a3-aa9d-766d1f32433c/1/7AWYaJfQJOSMfNJeGJHEII_zu7I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.170.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:d5:3b:00:c5:f1:0e:5c:33:cf:fc:3d:e8:84:77:7c:d0:f0:
         9e:d1:d4:34:b8:8a:c7:c3:75:fe:8d:63:11:cd:8f:00:4e:44:
         f2:20:49:3d:41:6d:ec:67:aa:f3:0b:3f:de:1a:4a:a2:18:aa:
         d0:49:9f:67:be:c1:dd:ee:45:64:37:b5:c7:64:eb:71:be:44:
         66:73:ff:9e:53:50:ff:c3:f9:bc:13:68:48:f0:d3:f7:f4:c5:
         2f:8c:2e:68:38:19:4b:4f:03:71:39:22:b8:97:4f:fa:6c:82:
         85:b8:ab:5b:40:28:43:6b:1e:0a:35:35:2d:61:52:52:7e:0a:
         58:e7:0f:89:cf:33:bb:22:29:4c:02:15:8d:5c:b8:5c:17:4b:
         f1:05:d0:82:46:08:e6:23:f3:9b:80:8c:d0:07:ba:03:ef:57:
         5e:33:0e:d9:1d:2b:a7:f4:2e:e8:22:05:fa:6a:4a:04:77:51:
         c5:54:b5:b7:bc:73:96:c0:3b:78:27:dc:b3:91:1c:1d:75:81:
         52:75:62:d3:65:35:54:30:32:ad:60:f5:13:4e:f8:75:66:df:
         dd:8c:67:ab:8e:9b:f0:a0:fa:34:a9:a0:49:28:7d:8e:4b:54:
         bb:83:05:45:d8:c2:2a:9e:76:d1:1e:13:a7:52:60:c9:12:75:
         71:e7:42:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtwu8p2X65mSiZQGS77DLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjMDU5ODY4OTdkMDI0ZTQ4YzdjZDI1ZTE4OTFjNDIwOGZm
M2JiYjIwHhcNMjQwMTAxMDYzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzllNzZiMTM2Y2YzMmM1YmNlMjA0NTA5NGVjMWE4YmJmOTMwM2MyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCa3lYvWnQgZgFnAWqNKjfZbkZmD
Gxz+ZntpZ2JYpFKxNnBm322RMxrMfgEaYslTUG6ch2d1Mr00cJOHsWQTIrl91Dpd
qWZjIk+HGTkqZr7G3Ic3reBhMbIocPkgTeCk/PDpkEHuszcUV+q7jMKTi+RH1Mc5
l0iFVgTJnm419WDrmBS0RGrYteY+AHO8mFP6YUQJ5RgmXvnMur8fJwyxzsYmJFpV
9UL7snBZtWu7cYGY5kM74OztLLglYSzsjHtAR05G/fghER3Wt/N/eCT1gBOdoQBr
YFtDpvW6sHh6IMLbdA93hUZwZoO6lSsvO+ag7cOAuvFksMXXyN/5rL9VmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFByedrE2zzLFvOIEUJTsGou/kwPCMB8GA1UdIwQY
MBaAFOwFmGiX0CTkjHzSXhiRxCCP87uyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0FXWWFKZlFKT1NNZk5KZUdKSEVJSV96dTdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni9hZDZhZjAtMDA1Zi00M2EzLWFhOWQt
NzY2ZDFmMzI0MzNjLzEvSEo1MnNUYlBNc1c4NGdSUWxPd2FpNy1UQThJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni9hZDZhZjAtMDA1Zi00M2EzLWFhOWQtNzY2ZDFmMzI0MzNj
LzEvN0FXWWFKZlFKT1NNZk5KZUdKSEVJSV96dTdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw6qqMA0G
CSqGSIb3DQEBCwUAA4IBAQAM1TsAxfEOXDPP/D3ohHd80PCe0dQ0uIrHw3X+jWMR
zY8ATkTyIEk9QW3sZ6rzCz/eGkqiGKrQSZ9nvsHd7kVkN7XHZOtxvkRmc/+eU1D/
w/m8E2hI8NP39MUvjC5oOBlLTwNxOSK4l0/6bIKFuKtbQChDax4KNTUtYVJSfgpY
5w+JzzO7IilMAhWNXLhcF0vxBdCCRgjmI/ObgIzQB7oD71deMw7ZHSun9C7oIgX6
akoEd1HFVLW3vHOWwDt4J9yzkRwddYFSdWLTZTVUMDKtYPUTTvh1Zt/djGerjpvw
oPo0qaBJKH2OS1S7gwVF2MIqnnbRHhOnUmDJEnVx50IK
-----END CERTIFICATE-----