Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/v9f0umVAZhhKB-6EsWT51OmZRr8.roa
File:                     v9f0umVAZhhKB-6EsWT51OmZRr8.roa (raw, json)
Hash identifier:          44mlMdOlpWU+2EOUBKvi01KD9DMnKWJNb1Gzaa1cxyw=
Subject key identifier:   BF:D7:F4:BA:65:40:66:18:4A:07:EE:84:B1:64:F9:D4:E9:99:46:BF
Certificate issuer:       /CN=4c54ecce6cbc9c54929eaa4b22b337b0fd9b36bf
Certificate serial:       018CC6B8F4C1C19270F603A51277956E76F2
Authority key identifier: 4C:54:EC:CE:6C:BC:9C:54:92:9E:AA:4B:22:B3:37:B0:FD:9B:36:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TFTszmy8nFSSnqpLIrM3sP2bNr8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/v9f0umVAZhhKB-6EsWT51OmZRr8.roa
Signing time:             Mon 01 Jan 2024 20:30:59 +0000
ROA not before:           Mon 01 Jan 2024 20:30:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        195.82.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/TFTszmy8nFSSnqpLIrM3sP2bNr8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/TFTszmy8nFSSnqpLIrM3sP2bNr8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TFTszmy8nFSSnqpLIrM3sP2bNr8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:f4:c1:c1:92:70:f6:03:a5:12:77:95:6e:76:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c54ecce6cbc9c54929eaa4b22b337b0fd9b36bf
        Validity
            Not Before: Jan  1 20:30:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bfd7f4ba654066184a07ee84b164f9d4e99946bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:49:54:2c:c8:63:9a:66:db:70:20:3d:e5:5f:
                    10:43:b8:a1:a3:54:0d:bb:2c:c7:98:78:42:ce:dd:
                    38:4c:7f:80:b5:d2:63:fd:34:78:cb:99:35:24:80:
                    48:7a:c5:7b:04:be:39:69:e1:63:a8:c8:ab:74:50:
                    6d:5c:ed:be:c6:e8:1d:8b:3a:cc:6e:fb:26:67:af:
                    b0:19:71:4f:57:b6:54:e5:dd:53:72:cd:02:49:ed:
                    98:5b:cd:40:69:e5:ec:31:7b:93:e0:f1:ad:ff:f1:
                    d0:90:33:3a:19:3d:15:19:a6:41:dc:cc:a8:53:00:
                    8f:eb:6c:d1:6e:a1:bd:81:45:ef:b4:35:3a:c2:84:
                    bc:bd:04:7d:18:e6:31:d2:40:b9:72:eb:b1:ae:2d:
                    87:9d:2c:c7:51:34:dc:1d:08:40:4b:21:8d:c8:9f:
                    92:fb:ba:5a:30:da:c2:85:62:98:81:29:7d:2b:68:
                    7d:86:e4:9c:cd:b0:fe:8f:fa:70:c8:bb:1f:d6:4f:
                    ac:5d:68:ed:a0:d7:dd:69:fc:05:1c:fe:c5:90:af:
                    44:89:a3:fc:c3:80:ed:3a:01:6a:a4:d0:95:3d:87:
                    34:6e:47:3d:72:24:89:fb:eb:cb:9a:9b:ed:e8:41:
                    0d:24:fb:97:3f:50:33:b3:2f:ce:c4:4d:2b:cb:56:
                    60:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:D7:F4:BA:65:40:66:18:4A:07:EE:84:B1:64:F9:D4:E9:99:46:BF
            X509v3 Authority Key Identifier:
                keyid:4C:54:EC:CE:6C:BC:9C:54:92:9E:AA:4B:22:B3:37:B0:FD:9B:36:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TFTszmy8nFSSnqpLIrM3sP2bNr8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/v9f0umVAZhhKB-6EsWT51OmZRr8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/TFTszmy8nFSSnqpLIrM3sP2bNr8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.82.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:bb:78:b8:58:ea:22:50:50:80:f1:23:83:cd:3a:2f:00:77:
         e2:39:cf:a3:ff:43:40:d7:57:c7:d6:15:3d:46:d9:1f:8a:f0:
         e9:c8:19:21:9a:99:84:19:fe:76:2a:0d:97:ef:07:d9:6d:6e:
         a0:be:7b:d0:55:2b:c8:c7:71:b7:98:0f:cd:a9:b0:04:58:63:
         2c:f1:ae:63:0d:e9:05:c2:96:5a:37:97:3c:2e:88:7a:56:bc:
         b7:cf:58:f6:e2:b5:f4:55:c5:7c:7e:63:30:2c:d3:a2:e3:0f:
         f2:b4:35:65:03:d6:5b:cb:8f:42:3e:95:ff:cd:14:2e:20:44:
         13:6d:c9:64:8f:26:41:68:e0:29:58:2d:67:a3:ee:28:21:36:
         e7:1a:3e:c1:1c:31:de:76:a0:92:17:90:75:80:be:1c:9c:e6:
         fa:9a:8e:b1:04:26:87:40:df:41:d3:e2:53:4e:4b:ff:0e:9f:
         81:a7:5a:af:ce:6c:43:2b:f1:29:73:cc:4e:a3:3c:d7:a1:bf:
         00:33:3e:2e:b4:72:56:e3:1b:7a:a0:38:5c:85:ed:d2:25:e5:
         32:f6:83:14:b1:78:15:de:71:5a:23:10:84:93:f2:ea:b7:f6:
         48:8e:aa:1a:01:3a:fd:15:6a:51:53:24:c7:fc:40:d7:e7:13:
         8d:1b:5d:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuPTBwZJw9gOlEneVbnbyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjNTRlY2NlNmNiYzljNTQ5MjllYWE0YjIyYjMzN2IwZmQ5
YjM2YmYwHhcNMjQwMTAxMjAzMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmQ3ZjRiYTY1NDA2NjE4NGEwN2VlODRiMTY0ZjlkNGU5OTk0NmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzUlULMhjmmbbcCA95V8QQ7iho1QN
uyzHmHhCzt04TH+AtdJj/TR4y5k1JIBIesV7BL45aeFjqMirdFBtXO2+xugdizrM
bvsmZ6+wGXFPV7ZU5d1Tcs0CSe2YW81AaeXsMXuT4PGt//HQkDM6GT0VGaZB3Myo
UwCP62zRbqG9gUXvtDU6woS8vQR9GOYx0kC5cuuxri2HnSzHUTTcHQhASyGNyJ+S
+7paMNrChWKYgSl9K2h9huSczbD+j/pwyLsf1k+sXWjtoNfdafwFHP7FkK9EiaP8
w4DtOgFqpNCVPYc0bkc9ciSJ++vLmpvt6EENJPuXP1Azsy/OxE0ry1ZgBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL/X9LplQGYYSgfuhLFk+dTpmUa/MB8GA1UdIwQY
MBaAFExU7M5svJxUkp6qSyKzN7D9mza/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEZUc3pteThuRlNTbnFwTElyTTNzUDJiTnI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8wMmM1ZWMtN2M2Zi00YWUyLTk4OTct
MzA1OWM4OWI3MmVhLzEvdjlmMHVtVkFaaGhLQi02RXNXVDUxT21aUnI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8wMmM1ZWMtN2M2Zi00YWUyLTk4OTctMzA1OWM4OWI3MmVh
LzEvVEZUc3pteThuRlNTbnFwTElyTTNzUDJiTnI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1JhMA0G
CSqGSIb3DQEBCwUAA4IBAQCeu3i4WOoiUFCA8SODzTovAHfiOc+j/0NA11fH1hU9
RtkfivDpyBkhmpmEGf52Kg2X7wfZbW6gvnvQVSvIx3G3mA/NqbAEWGMs8a5jDekF
wpZaN5c8Loh6Vry3z1j24rX0VcV8fmMwLNOi4w/ytDVlA9Zby49CPpX/zRQuIEQT
bclkjyZBaOApWC1no+4oITbnGj7BHDHedqCSF5B1gL4cnOb6mo6xBCaHQN9B0+JT
Tkv/Dp+Bp1qvzmxDK/Epc8xOozzXob8AMz4utHJW4xt6oDhche3SJeUy9oMUsXgV
3nFaIxCEk/Lqt/ZIjqoaATr9FWpRUyTH/EDX5xONG11f
-----END CERTIFICATE-----