Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/KJujxQZ7G5ZeO-UuAq1tAQkAUXw.roa
File:                     KJujxQZ7G5ZeO-UuAq1tAQkAUXw.roa (raw, json)
Hash identifier:          uND7ZJtNiYgDmV9hw5lf0yTP8dIUiBBJxxy7lBjRYQM=
Subject key identifier:   28:9B:A3:C5:06:7B:1B:96:5E:3B:E5:2E:02:AD:6D:01:09:00:51:7C
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       018CC94D3F4862C08A90AC51B8C4103FBFF0
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/KJujxQZ7G5ZeO-UuAq1tAQkAUXw.roa
Signing time:             Tue 02 Jan 2024 08:32:12 +0000
ROA not before:           Tue 02 Jan 2024 08:32:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51561
IP address blocks:        195.178.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:3f:48:62:c0:8a:90:ac:51:b8:c4:10:3f:bf:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Jan  2 08:32:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=289ba3c5067b1b965e3be52e02ad6d010900517c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:88:58:01:4f:1f:1c:00:e4:a0:f5:fd:55:dd:
                    8e:cd:09:a7:a1:39:63:f7:91:80:0e:ee:78:36:31:
                    09:b4:8f:be:c1:33:b4:12:9f:b1:77:35:98:6e:27:
                    1c:17:87:7c:ed:d9:ef:b9:a1:a4:cb:98:cd:7c:fb:
                    13:76:e0:d2:b6:0a:fc:a4:80:dd:f8:e1:53:b3:6b:
                    55:5f:b2:20:7e:3f:e1:94:75:34:ab:15:c5:91:87:
                    6b:a6:49:47:ea:7d:61:de:5c:d9:90:9a:72:f5:52:
                    76:03:d8:7b:fb:0f:a5:1c:cd:ec:36:e0:66:0c:be:
                    50:04:85:ef:0d:45:5e:51:07:3d:e3:4a:50:37:f2:
                    98:7a:4a:08:cd:91:2a:1d:94:64:74:10:73:62:0e:
                    6b:2b:66:c5:ad:e9:08:ce:0d:d1:7c:47:f7:f9:75:
                    2e:a1:5a:06:0e:05:96:e2:fd:dc:2a:40:4c:00:a8:
                    fa:e8:3e:da:2c:ff:79:17:2f:67:55:73:74:57:9d:
                    fb:df:0a:7a:8c:c0:a6:e6:79:1c:3a:ca:a3:22:44:
                    06:ff:4d:e5:2a:b8:35:a1:c0:6d:0e:89:23:c6:dd:
                    fa:2d:eb:a7:96:5e:f2:b0:75:b6:35:c9:05:75:f5:
                    ed:cd:c6:e3:42:26:ba:36:5d:24:bd:5f:3f:d4:01:
                    af:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:9B:A3:C5:06:7B:1B:96:5E:3B:E5:2E:02:AD:6D:01:09:00:51:7C
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/KJujxQZ7G5ZeO-UuAq1tAQkAUXw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.178.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:cc:8c:ca:43:17:0b:ec:00:90:06:26:27:0b:2c:f5:ad:80:
         4c:2c:15:67:f4:50:ba:ea:8d:4d:34:56:99:c8:26:a3:86:75:
         c6:0f:77:16:02:0c:ed:eb:53:c9:9e:dd:2c:c8:24:66:cf:61:
         6d:48:8c:bc:2c:12:99:ec:55:0e:dd:df:7a:cd:09:68:2e:69:
         11:a5:57:a1:3b:8c:9f:b6:90:54:b2:fc:5a:5f:82:d2:3c:72:
         f0:5e:d6:6c:64:ce:ac:63:c8:22:ab:b9:66:22:e1:6e:3a:cb:
         20:d7:75:48:7b:a4:0b:33:3d:ac:d9:1f:8e:ea:f4:38:60:55:
         a1:97:01:56:6c:c7:c5:47:50:7d:22:de:0d:7c:53:9e:34:d7:
         c1:1c:e8:7e:59:02:72:3b:e6:35:d9:65:c0:3f:f0:63:15:91:
         9c:0f:4f:0f:4e:dc:27:7b:60:c3:ff:8e:d8:d2:f8:78:39:bd:
         a4:a2:16:5c:a6:92:84:83:fa:10:02:ea:13:ed:73:78:74:22:
         57:c6:8e:da:ec:32:dc:28:eb:af:ef:4c:2a:df:6c:d1:04:92:
         ac:44:cb:1b:79:05:e0:65:4d:d8:70:25:3b:e3:c7:37:3e:07:
         6b:05:50:0b:53:de:90:75:ed:70:d2:f8:40:11:cc:d5:03:5d:
         0a:10:ae:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTT9IYsCKkKxRuMQQP7/wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjQwMTAyMDgzMjEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODliYTNjNTA2N2IxYjk2NWUzYmU1MmUwMmFkNmQwMTA5MDA1MTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYhYAU8fHADkoPX9Vd2OzQmnoTlj
95GADu54NjEJtI++wTO0Ep+xdzWYbiccF4d87dnvuaGky5jNfPsTduDStgr8pIDd
+OFTs2tVX7Igfj/hlHU0qxXFkYdrpklH6n1h3lzZkJpy9VJ2A9h7+w+lHM3sNuBm
DL5QBIXvDUVeUQc940pQN/KYekoIzZEqHZRkdBBzYg5rK2bFrekIzg3RfEf3+XUu
oVoGDgWW4v3cKkBMAKj66D7aLP95Fy9nVXN0V5373wp6jMCm5nkcOsqjIkQG/03l
Krg1ocBtDokjxt36Leunll7ysHW2NckFdfXtzcbjQia6Nl0kvV8/1AGvlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCibo8UGexuWXjvlLgKtbQEJAFF8MB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvS0p1anhRWjdHNVplTy1VdUFxMXRBUWtBVVh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7KcMA0G
CSqGSIb3DQEBCwUAA4IBAQBWzIzKQxcL7ACQBiYnCyz1rYBMLBVn9FC66o1NNFaZ
yCajhnXGD3cWAgzt61PJnt0syCRmz2FtSIy8LBKZ7FUO3d96zQloLmkRpVehO4yf
tpBUsvxaX4LSPHLwXtZsZM6sY8giq7lmIuFuOssg13VIe6QLMz2s2R+O6vQ4YFWh
lwFWbMfFR1B9It4NfFOeNNfBHOh+WQJyO+Y12WXAP/BjFZGcD08PTtwne2DD/47Y
0vh4Ob2kohZcppKEg/oQAuoT7XN4dCJXxo7a7DLcKOuv70wq32zRBJKsRMsbeQXg
ZU3YcCU748c3PgdrBVALU96Qde1w0vhAEczVA10KEK4j
-----END CERTIFICATE-----