Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/bbRsTWNjFY4xjSwCWa8_JDkKE1I.roa
File:                     bbRsTWNjFY4xjSwCWa8_JDkKE1I.roa (raw, json)
Hash identifier:          Bg7rDL1apNAMUfP89di36sH/MRWYCt8VIcPVnMNtf7c=
Subject key identifier:   6D:B4:6C:4D:63:63:15:8E:31:8D:2C:02:59:AF:3F:24:39:0A:13:52
Certificate issuer:       /CN=4c54ecce6cbc9c54929eaa4b22b337b0fd9b36bf
Certificate serial:       018CC6B8F526CD07453B7CE422727DB44ACA
Authority key identifier: 4C:54:EC:CE:6C:BC:9C:54:92:9E:AA:4B:22:B3:37:B0:FD:9B:36:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TFTszmy8nFSSnqpLIrM3sP2bNr8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/bbRsTWNjFY4xjSwCWa8_JDkKE1I.roa
Signing time:             Mon 01 Jan 2024 20:30:59 +0000
ROA not before:           Mon 01 Jan 2024 20:30:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        195.82.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/TFTszmy8nFSSnqpLIrM3sP2bNr8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/TFTszmy8nFSSnqpLIrM3sP2bNr8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TFTszmy8nFSSnqpLIrM3sP2bNr8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:02:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:f5:26:cd:07:45:3b:7c:e4:22:72:7d:b4:4a:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c54ecce6cbc9c54929eaa4b22b337b0fd9b36bf
        Validity
            Not Before: Jan  1 20:30:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6db46c4d6363158e318d2c0259af3f24390a1352
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:f4:d6:fd:10:7e:2e:2d:f0:ba:a9:28:18:22:
                    56:30:63:42:bd:c9:4e:3c:88:91:9c:f2:30:58:ec:
                    81:47:fb:42:5f:4e:25:5e:12:2d:0d:66:cc:24:63:
                    fc:c5:01:b6:bd:ea:6b:3c:b9:a6:cf:5d:79:53:12:
                    c8:c3:93:90:0d:9b:08:cf:d3:3b:1c:92:61:7e:21:
                    2f:02:42:55:73:ef:c1:5e:bb:5b:16:11:7a:a8:a0:
                    d7:5d:02:07:05:9e:fd:f5:3d:66:27:b5:0d:8f:a4:
                    78:33:73:2e:2f:d6:e9:58:1e:89:07:e8:d5:7d:a5:
                    10:aa:5f:88:c8:2c:b6:a4:1b:07:02:87:d4:52:eb:
                    ae:2d:8f:fe:ac:fb:b5:6d:45:0d:1a:5f:95:74:85:
                    7a:6d:d2:d6:9b:6f:6f:97:7e:df:ee:17:b5:1a:2b:
                    b4:41:3d:ac:e0:52:86:95:27:b6:e5:c3:e6:15:71:
                    7a:42:d3:b1:9e:5d:db:18:ef:29:1a:9b:b7:44:af:
                    f7:9f:18:2d:4c:7e:c0:3f:4e:ea:c4:22:79:c7:62:
                    33:2d:28:80:a6:87:af:08:8e:de:09:14:13:ba:cc:
                    ef:5a:b7:5a:8b:41:23:4f:0f:79:02:38:44:17:f6:
                    ff:45:ac:d7:f1:7f:4a:25:b8:42:7b:8c:49:93:37:
                    2e:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:B4:6C:4D:63:63:15:8E:31:8D:2C:02:59:AF:3F:24:39:0A:13:52
            X509v3 Authority Key Identifier:
                keyid:4C:54:EC:CE:6C:BC:9C:54:92:9E:AA:4B:22:B3:37:B0:FD:9B:36:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TFTszmy8nFSSnqpLIrM3sP2bNr8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/bbRsTWNjFY4xjSwCWa8_JDkKE1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/TFTszmy8nFSSnqpLIrM3sP2bNr8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.82.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:50:cc:77:1c:99:b4:0b:ef:71:0a:0a:93:cd:18:32:d0:18:
         66:b5:5f:ce:59:01:9c:90:d6:7c:bb:25:a7:36:67:dc:29:f1:
         1e:3d:db:c2:ca:af:b4:78:88:61:ef:04:bf:10:39:2a:06:36:
         da:3a:98:c8:f4:8b:9e:54:74:9b:4b:fa:d9:c4:a1:af:61:34:
         7e:3d:8f:e6:54:81:16:5c:f6:ab:a3:3f:66:1d:38:99:cb:b2:
         9a:90:8c:56:e2:03:e8:76:f1:ef:12:f8:e0:1e:8c:62:3d:84:
         02:fd:74:11:6b:b6:de:a7:99:d0:89:00:eb:d5:3a:cf:47:ce:
         79:5f:2c:1e:88:b9:3e:97:40:5c:eb:ca:35:3c:ca:99:0e:ff:
         59:71:1f:a2:8d:c9:3d:db:f1:5f:4b:f4:55:39:7d:4b:f4:95:
         ae:a0:b5:70:1c:f3:2e:b0:19:9e:4d:42:41:77:c7:8a:2a:67:
         99:a4:7d:17:21:9a:e3:30:7e:92:7f:8f:e6:74:3d:ff:b7:1c:
         ff:d4:12:2b:ab:78:fd:06:97:6d:50:8f:45:04:4a:17:76:1d:
         1a:77:3a:7c:a1:e9:9a:5e:bf:67:9c:44:66:96:11:7e:b4:3d:
         1b:32:62:14:77:14:16:2f:58:c7:17:51:81:66:71:ad:2a:a3:
         1e:86:03:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuPUmzQdFO3zkInJ9tErKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjNTRlY2NlNmNiYzljNTQ5MjllYWE0YjIyYjMzN2IwZmQ5
YjM2YmYwHhcNMjQwMTAxMjAzMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGI0NmM0ZDYzNjMxNThlMzE4ZDJjMDI1OWFmM2YyNDM5MGExMzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfTW/RB+Li3wuqkoGCJWMGNCvclO
PIiRnPIwWOyBR/tCX04lXhItDWbMJGP8xQG2veprPLmmz115UxLIw5OQDZsIz9M7
HJJhfiEvAkJVc+/BXrtbFhF6qKDXXQIHBZ799T1mJ7UNj6R4M3MuL9bpWB6JB+jV
faUQql+IyCy2pBsHAofUUuuuLY/+rPu1bUUNGl+VdIV6bdLWm29vl37f7he1Giu0
QT2s4FKGlSe25cPmFXF6QtOxnl3bGO8pGpu3RK/3nxgtTH7AP07qxCJ5x2IzLSiA
poevCI7eCRQTuszvWrdai0EjTw95AjhEF/b/RazX8X9KJbhCe4xJkzcuEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG20bE1jYxWOMY0sAlmvPyQ5ChNSMB8GA1UdIwQY
MBaAFExU7M5svJxUkp6qSyKzN7D9mza/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEZUc3pteThuRlNTbnFwTElyTTNzUDJiTnI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8wMmM1ZWMtN2M2Zi00YWUyLTk4OTct
MzA1OWM4OWI3MmVhLzEvYmJSc1RXTmpGWTR4alN3Q1dhOF9KRGtLRTFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8wMmM1ZWMtN2M2Zi00YWUyLTk4OTctMzA1OWM4OWI3MmVh
LzEvVEZUc3pteThuRlNTbnFwTElyTTNzUDJiTnI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1JhMA0G
CSqGSIb3DQEBCwUAA4IBAQChUMx3HJm0C+9xCgqTzRgy0BhmtV/OWQGckNZ8uyWn
NmfcKfEePdvCyq+0eIhh7wS/EDkqBjbaOpjI9IueVHSbS/rZxKGvYTR+PY/mVIEW
XParoz9mHTiZy7KakIxW4gPodvHvEvjgHoxiPYQC/XQRa7bep5nQiQDr1TrPR855
XyweiLk+l0Bc68o1PMqZDv9ZcR+ijck92/FfS/RVOX1L9JWuoLVwHPMusBmeTUJB
d8eKKmeZpH0XIZrjMH6Sf4/mdD3/txz/1BIrq3j9BpdtUI9FBEoXdh0adzp8oema
Xr9nnERmlhF+tD0bMmIUdxQWL1jHF1GBZnGtKqMehgM4
-----END CERTIFICATE-----