Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/a3b8cd-56fa-43a1-8dc1-2e5af5b68781/1/sNEffc8I1ny1DsYAmAiXKx8sKnk.roa
File:                     sNEffc8I1ny1DsYAmAiXKx8sKnk.roa (raw, json)
Hash identifier:          3Fvclw2C7MI6rzjhWWjEHnOz/OwLpj/5VzDW1MfVor0=
Subject key identifier:   B0:D1:1F:7D:CF:08:D6:7C:B5:0E:C6:00:98:08:97:2B:1F:2C:2A:79
Certificate issuer:       /CN=c128165f8eee185faaf9aa33875f4ee412b10f8c
Certificate serial:       018CC9BBF2392D48BCF0000E1E2F6E454639
Authority key identifier: C1:28:16:5F:8E:EE:18:5F:AA:F9:AA:33:87:5F:4E:E4:12:B1:0F:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wSgWX47uGF-q-aozh19O5BKxD4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/a3b8cd-56fa-43a1-8dc1-2e5af5b68781/1/sNEffc8I1ny1DsYAmAiXKx8sKnk.roa
Signing time:             Tue 02 Jan 2024 10:33:06 +0000
ROA not before:           Tue 02 Jan 2024 10:33:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25541
IP address blocks:        195.245.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/a3b8cd-56fa-43a1-8dc1-2e5af5b68781/1/wSgWX47uGF-q-aozh19O5BKxD4w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/a3b8cd-56fa-43a1-8dc1-2e5af5b68781/1/wSgWX47uGF-q-aozh19O5BKxD4w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wSgWX47uGF-q-aozh19O5BKxD4w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:f2:39:2d:48:bc:f0:00:0e:1e:2f:6e:45:46:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c128165f8eee185faaf9aa33875f4ee412b10f8c
        Validity
            Not Before: Jan  2 10:33:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0d11f7dcf08d67cb50ec6009808972b1f2c2a79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:1a:f9:88:8f:0a:ab:b0:b2:86:a9:9c:ae:76:
                    f3:b3:be:ae:14:f6:fb:58:61:bf:e8:de:da:d6:0f:
                    fc:9e:a1:80:20:3f:4b:72:39:c4:d2:68:ea:08:84:
                    5c:87:77:4a:a7:fb:3f:7c:2e:8a:e9:94:e8:a6:4f:
                    eb:59:94:4a:bc:60:f8:da:86:2d:ce:b0:cd:7e:84:
                    8c:b6:ae:bf:0d:c6:93:9d:83:ab:18:b5:46:72:0c:
                    cb:10:48:b4:64:fc:7c:db:f1:bc:52:91:9f:3c:7e:
                    36:45:ab:08:a4:8c:18:5a:05:ed:b0:d9:2a:43:3a:
                    f0:2f:b5:33:44:9f:7f:f2:28:75:3e:a5:d7:17:2a:
                    3d:bb:27:fb:ab:8b:53:e6:ef:45:22:10:2d:36:2f:
                    e9:9c:06:12:ac:34:56:c7:09:55:c6:26:e5:0f:7d:
                    1d:f4:af:65:96:b0:16:5a:4e:75:19:fb:a2:18:ff:
                    b1:ac:4c:93:4d:b5:19:c4:a8:e2:f7:4c:56:55:b5:
                    a0:92:f5:b3:b5:66:61:67:86:db:fb:8f:d7:c9:ff:
                    36:1e:c1:d3:f0:2e:1c:2f:77:40:cc:f6:cb:a7:e7:
                    dd:16:5e:da:0e:5e:61:da:d9:ea:48:b3:d5:69:49:
                    6f:fd:fb:b4:96:7f:40:49:f5:49:70:a6:86:6f:86:
                    07:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:D1:1F:7D:CF:08:D6:7C:B5:0E:C6:00:98:08:97:2B:1F:2C:2A:79
            X509v3 Authority Key Identifier:
                keyid:C1:28:16:5F:8E:EE:18:5F:AA:F9:AA:33:87:5F:4E:E4:12:B1:0F:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wSgWX47uGF-q-aozh19O5BKxD4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/a3b8cd-56fa-43a1-8dc1-2e5af5b68781/1/sNEffc8I1ny1DsYAmAiXKx8sKnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/a3b8cd-56fa-43a1-8dc1-2e5af5b68781/1/wSgWX47uGF-q-aozh19O5BKxD4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.245.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:69:ad:52:d7:e7:da:e8:d0:c5:fd:f5:c5:3b:80:f0:43:1d:
         f3:5d:f3:0a:1d:24:91:30:64:87:ec:e5:a7:bb:66:88:85:be:
         a3:00:dc:2a:14:8a:e5:26:3d:a5:69:14:c1:6e:e0:cc:b5:b7:
         a0:a5:49:4f:9a:9b:15:a6:1b:7b:5b:17:71:e1:8f:15:5c:24:
         a5:ae:d3:7b:be:d8:b2:3a:29:31:94:79:6f:38:83:7d:83:86:
         bd:1f:46:f8:72:49:59:bc:d7:ea:f6:47:5d:da:f9:29:5f:1f:
         39:4d:78:1f:d0:bd:05:d5:d7:7d:0f:e5:28:60:69:33:6d:1e:
         92:c5:2f:99:ce:a9:d9:33:55:2f:9d:bf:a8:c4:3e:11:1c:4a:
         0c:28:69:1e:1d:2c:18:25:66:78:f6:ba:c9:7a:50:9f:05:23:
         e8:bb:db:f1:7c:41:8f:e9:73:1e:dc:50:8a:2a:1d:0b:62:35:
         77:f9:27:21:0e:dc:36:87:a1:38:91:da:e3:4e:06:ef:22:1c:
         50:de:46:78:70:ef:11:0d:35:cb:b7:88:16:cd:5c:bb:45:9f:
         c3:94:00:1a:97:7f:d0:fd:73:08:c5:72:7e:00:93:0a:4b:9b:
         01:b7:ad:82:2f:1d:e2:3f:66:3e:c6:9f:f1:b6:0e:16:de:1c:
         70:27:49:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu/I5LUi88AAOHi9uRUY5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMjgxNjVmOGVlZTE4NWZhYWY5YWEzMzg3NWY0ZWU0MTJi
MTBmOGMwHhcNMjQwMTAyMTAzMzA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGQxMWY3ZGNmMDhkNjdjYjUwZWM2MDA5ODA4OTcyYjFmMmMyYTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphr5iI8Kq7Cyhqmcrnbzs76uFPb7
WGG/6N7a1g/8nqGAID9LcjnE0mjqCIRch3dKp/s/fC6K6ZTopk/rWZRKvGD42oYt
zrDNfoSMtq6/DcaTnYOrGLVGcgzLEEi0ZPx82/G8UpGfPH42RasIpIwYWgXtsNkq
QzrwL7UzRJ9/8ih1PqXXFyo9uyf7q4tT5u9FIhAtNi/pnAYSrDRWxwlVxiblD30d
9K9llrAWWk51GfuiGP+xrEyTTbUZxKji90xWVbWgkvWztWZhZ4bb+4/Xyf82HsHT
8C4cL3dAzPbLp+fdFl7aDl5h2tnqSLPVaUlv/fu0ln9ASfVJcKaGb4YH4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLDRH33PCNZ8tQ7GAJgIlysfLCp5MB8GA1UdIwQY
MBaAFMEoFl+O7hhfqvmqM4dfTuQSsQ+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1NnV1g0N3VHRi1xLWFvemgxOU81Qkt4RDR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9hM2I4Y2QtNTZmYS00M2ExLThkYzEt
MmU1YWY1YjY4NzgxLzEvc05FZmZjOEkxbnkxRHNZQW1BaVhLeDhzS25rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9hM2I4Y2QtNTZmYS00M2ExLThkYzEtMmU1YWY1YjY4Nzgx
LzEvd1NnV1g0N3VHRi1xLWFvemgxOU81Qkt4RDR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/XYMA0G
CSqGSIb3DQEBCwUAA4IBAQCAaa1S1+fa6NDF/fXFO4DwQx3zXfMKHSSRMGSH7OWn
u2aIhb6jANwqFIrlJj2laRTBbuDMtbegpUlPmpsVpht7Wxdx4Y8VXCSlrtN7vtiy
OikxlHlvOIN9g4a9H0b4cklZvNfq9kdd2vkpXx85TXgf0L0F1dd9D+UoYGkzbR6S
xS+ZzqnZM1Uvnb+oxD4RHEoMKGkeHSwYJWZ49rrJelCfBSPou9vxfEGP6XMe3FCK
Kh0LYjV3+SchDtw2h6E4kdrjTgbvIhxQ3kZ4cO8RDTXLt4gWzVy7RZ/DlAAal3/Q
/XMIxXJ+AJMKS5sBt62CLx3iP2Y+xp/xtg4W3hxwJ0lf
-----END CERTIFICATE-----