Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/5f75ad-83a6-4984-86fd-aa277e389fdc/1/qP1yv6CUxiQ1_rGRlAGjPA0IjDE.roa
File:                     qP1yv6CUxiQ1_rGRlAGjPA0IjDE.roa (raw, json)
Hash identifier:          qVygkjp7vPrQSermw/1LOr0K7bpWWEq0+B/Fz4k/amE=
Subject key identifier:   A8:FD:72:BF:A0:94:C6:24:35:FE:B1:91:94:01:A3:3C:0D:08:8C:31
Certificate issuer:       /CN=05b3017c1693b945b5eda091ec93f85c1be1df36
Certificate serial:       018CC42500D257BF4ED9EB7274E43AB947B4
Authority key identifier: 05:B3:01:7C:16:93:B9:45:B5:ED:A0:91:EC:93:F8:5C:1B:E1:DF:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbMBfBaTuUW17aCR7JP4XBvh3zY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/5f75ad-83a6-4984-86fd-aa277e389fdc/1/qP1yv6CUxiQ1_rGRlAGjPA0IjDE.roa
Signing time:             Mon 01 Jan 2024 08:30:08 +0000
ROA not before:           Mon 01 Jan 2024 08:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     46235
IP address blocks:        195.60.208.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/5f75ad-83a6-4984-86fd-aa277e389fdc/1/BbMBfBaTuUW17aCR7JP4XBvh3zY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/5f75ad-83a6-4984-86fd-aa277e389fdc/1/BbMBfBaTuUW17aCR7JP4XBvh3zY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BbMBfBaTuUW17aCR7JP4XBvh3zY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:00:d2:57:bf:4e:d9:eb:72:74:e4:3a:b9:47:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b3017c1693b945b5eda091ec93f85c1be1df36
        Validity
            Not Before: Jan  1 08:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8fd72bfa094c62435feb1919401a33c0d088c31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:01:92:d7:04:24:64:27:f0:da:52:d9:89:d1:
                    e0:a1:4b:34:f9:db:7b:61:7c:15:bf:4f:49:16:4a:
                    ea:a6:f1:71:0c:7d:86:71:78:8f:98:e8:6f:cf:d7:
                    2b:0f:91:ef:97:19:6e:47:d6:e0:94:13:06:d2:24:
                    69:66:a7:49:17:6e:e4:78:0e:33:ac:b3:f9:89:41:
                    c5:d3:c1:43:e4:e3:ca:6c:26:f7:fb:52:1f:4a:e9:
                    27:1b:0f:8d:b1:3e:75:10:17:76:2d:0d:ec:ab:83:
                    85:66:c1:12:5e:ed:2c:0a:ac:ec:b6:5f:02:33:2c:
                    c1:9a:d3:c1:c0:e7:1e:e6:0e:8e:b3:30:b9:1e:5a:
                    70:4a:7d:0a:33:41:e9:cc:f9:9f:33:13:7a:55:65:
                    70:8d:32:cf:a0:49:f9:96:90:63:71:65:bc:11:c9:
                    65:bd:d8:a8:04:5c:c5:f9:10:e2:c5:e7:b7:0a:5a:
                    af:8a:1f:8d:ea:36:5d:b4:ff:6e:ba:9d:fb:c1:cd:
                    67:67:2a:0d:25:78:94:b2:50:e8:0e:d0:bb:79:cc:
                    46:87:ab:a5:a9:46:7a:d0:58:b3:a2:5e:f4:9e:3c:
                    b3:34:af:f4:fc:05:77:01:89:68:b4:84:ad:b9:f3:
                    d9:17:71:58:5c:54:52:74:17:48:bf:a7:52:14:c2:
                    fb:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:FD:72:BF:A0:94:C6:24:35:FE:B1:91:94:01:A3:3C:0D:08:8C:31
            X509v3 Authority Key Identifier:
                keyid:05:B3:01:7C:16:93:B9:45:B5:ED:A0:91:EC:93:F8:5C:1B:E1:DF:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbMBfBaTuUW17aCR7JP4XBvh3zY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/5f75ad-83a6-4984-86fd-aa277e389fdc/1/qP1yv6CUxiQ1_rGRlAGjPA0IjDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/5f75ad-83a6-4984-86fd-aa277e389fdc/1/BbMBfBaTuUW17aCR7JP4XBvh3zY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.60.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         01:d5:13:a7:ca:86:8d:ba:da:8a:7d:33:8a:32:1b:d4:b8:9b:
         13:7c:6a:4a:80:bf:cd:a5:f0:2f:c8:a3:1d:63:b8:45:86:0d:
         53:0f:31:3f:3d:ec:fd:78:eb:94:50:e4:f0:54:b0:8f:41:5f:
         88:23:15:0a:0d:ba:de:f8:35:57:50:96:c5:0a:c6:cc:1a:17:
         a6:73:d3:cc:bc:77:b5:a6:f6:18:89:f9:e1:13:95:77:6c:c5:
         42:5c:8f:ca:d0:55:c2:f9:d3:09:87:b6:e9:8e:d6:c1:f1:b9:
         f9:ac:4b:d3:ad:96:a6:9d:06:fd:d4:bd:34:1d:4f:4c:04:be:
         e2:28:ea:c7:7b:5e:bc:9a:b4:f6:63:e4:f8:00:79:64:0a:00:
         05:df:3d:a2:3a:87:dc:39:9f:d3:3e:7a:16:b6:79:7b:1d:fc:
         09:d2:84:37:32:39:d1:40:5a:4a:44:07:ed:9c:e2:29:e2:23:
         f1:82:d8:39:92:a4:c5:dd:eb:79:ae:f7:54:03:56:81:c7:58:
         be:91:d3:3e:fd:0b:42:02:35:b5:9d:82:7e:22:4d:00:58:1e:
         88:64:0a:49:da:8b:72:e8:3f:5a:3f:6e:f5:a8:c1:75:1a:19:
         37:22:81:ca:45:bb:5c:59:be:66:48:ca:01:27:82:29:15:d9:
         06:43:ea:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJQDSV79O2etydOQ6uUe0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjMwMTdjMTY5M2I5NDViNWVkYTA5MWVjOTNmODVjMWJl
MWRmMzYwHhcNMjQwMTAxMDgzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGZkNzJiZmEwOTRjNjI0MzVmZWIxOTE5NDAxYTMzYzBkMDg4YzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxwGS1wQkZCfw2lLZidHgoUs0+dt7
YXwVv09JFkrqpvFxDH2GcXiPmOhvz9crD5HvlxluR9bglBMG0iRpZqdJF27keA4z
rLP5iUHF08FD5OPKbCb3+1IfSuknGw+NsT51EBd2LQ3sq4OFZsESXu0sCqzstl8C
MyzBmtPBwOce5g6OszC5HlpwSn0KM0HpzPmfMxN6VWVwjTLPoEn5lpBjcWW8Ecll
vdioBFzF+RDixee3Clqvih+N6jZdtP9uup37wc1nZyoNJXiUslDoDtC7ecxGh6ul
qUZ60Fizol70njyzNK/0/AV3AYlotIStufPZF3FYXFRSdBdIv6dSFML7ywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKj9cr+glMYkNf6xkZQBozwNCIwxMB8GA1UdIwQY
MBaAFAWzAXwWk7lFte2gkeyT+Fwb4d82MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJNQmZCYVR1VVcxN2FDUjdKUDRYQnZoM3pZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC81Zjc1YWQtODNhNi00OTg0LTg2ZmQt
YWEyNzdlMzg5ZmRjLzEvcVAxeXY2Q1V4aVExX3JHUmxBR2pQQTBJakRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC81Zjc1YWQtODNhNi00OTg0LTg2ZmQtYWEyNzdlMzg5ZmRj
LzEvQmJNQmZCYVR1VVcxN2FDUjdKUDRYQnZoM3pZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwzzQMA0G
CSqGSIb3DQEBCwUAA4IBAQAB1ROnyoaNutqKfTOKMhvUuJsTfGpKgL/NpfAvyKMd
Y7hFhg1TDzE/Pez9eOuUUOTwVLCPQV+IIxUKDbre+DVXUJbFCsbMGhemc9PMvHe1
pvYYifnhE5V3bMVCXI/K0FXC+dMJh7bpjtbB8bn5rEvTrZamnQb91L00HU9MBL7i
KOrHe168mrT2Y+T4AHlkCgAF3z2iOofcOZ/TPnoWtnl7HfwJ0oQ3MjnRQFpKRAft
nOIp4iPxgtg5kqTF3et5rvdUA1aBx1i+kdM+/QtCAjW1nYJ+Ik0AWB6IZApJ2oty
6D9aP271qMF1Ghk3IoHKRbtcWb5mSMoBJ4IpFdkGQ+pz
-----END CERTIFICATE-----