Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/RR3wC_9Cb8EQsNQWcu5io8lWcG8.roa
File:                     RR3wC_9Cb8EQsNQWcu5io8lWcG8.roa (raw, json)
Hash identifier:          IT9bYShDZysGCuOnW67uchjOgw9Qf1JTRpB9GHmHM88=
Subject key identifier:   45:1D:F0:0B:FF:42:6F:C1:10:B0:D4:16:72:EE:62:A3:C9:56:70:6F
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       018CC94D439A6D2F86BE52AAFC85C1C62D46
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/RR3wC_9Cb8EQsNQWcu5io8lWcG8.roa
Signing time:             Tue 02 Jan 2024 08:32:13 +0000
ROA not before:           Tue 02 Jan 2024 08:32:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209845
IP address blocks:        195.178.148.0/23 maxlen: 24
                          195.178.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:43:9a:6d:2f:86:be:52:aa:fc:85:c1:c6:2d:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Jan  2 08:32:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=451df00bff426fc110b0d41672ee62a3c956706f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:a2:89:9b:14:46:d7:34:ca:3a:2e:d4:ea:a5:
                    63:38:b2:81:24:2f:b3:f3:5f:1c:42:38:5b:2c:15:
                    e5:a1:20:62:f1:a8:75:19:fb:ca:4f:5e:25:6d:ea:
                    f4:89:88:64:e1:7f:45:92:56:77:26:82:52:6f:55:
                    a8:2b:40:b7:df:cb:39:2a:96:47:ae:26:97:b8:eb:
                    b2:64:e9:15:79:6b:95:60:0f:98:b7:09:1d:29:c9:
                    39:ca:03:4a:4b:94:80:07:20:51:63:14:d7:14:b6:
                    ba:37:5f:da:70:82:05:bd:a8:3b:60:dd:2c:7f:74:
                    d1:e0:53:f4:be:00:5d:70:03:d1:39:87:fe:d9:49:
                    49:99:42:e6:30:03:6e:a8:bc:26:a6:7b:e0:92:af:
                    c3:58:72:e6:89:42:1d:a9:30:89:95:12:81:29:7d:
                    6f:e2:58:87:b8:c0:e4:3e:4f:06:42:32:71:13:a6:
                    f7:f5:59:6f:ea:0b:84:e9:26:e6:45:9a:e1:05:4a:
                    61:c6:f7:d9:86:22:40:25:50:01:8b:0b:b4:ed:26:
                    4b:7e:d9:7c:6b:03:a4:bd:80:f4:5e:94:ea:73:61:
                    0b:62:94:44:ba:90:91:81:b2:4c:9b:1d:04:70:05:
                    60:b9:ce:92:cc:26:42:71:d9:cc:03:ec:a3:32:db:
                    31:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:1D:F0:0B:FF:42:6F:C1:10:B0:D4:16:72:EE:62:A3:C9:56:70:6F
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/RR3wC_9Cb8EQsNQWcu5io8lWcG8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.178.148.0/23
                  195.178.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:c3:ec:04:f9:ea:b1:fa:64:04:cb:d0:2d:bc:db:1b:30:12:
         14:60:5c:8f:4f:c4:44:4c:0f:09:7e:c6:1a:80:bb:b0:9c:88:
         72:e4:7e:2d:aa:a9:ef:33:1f:1b:e2:ba:67:4f:d8:8e:f9:3b:
         a6:af:8c:b6:fa:ba:74:b4:0f:21:a3:c8:83:f5:53:59:fb:ae:
         f1:7f:e7:71:ac:e2:36:4a:68:2c:42:54:70:83:36:b5:9e:a4:
         e6:a3:da:95:f4:b0:0f:08:53:d5:bb:6a:f6:b7:90:d6:f9:64:
         20:7a:ac:db:b3:eb:1b:a9:fb:7a:16:7d:b5:89:fb:30:dc:7e:
         da:9e:e0:66:83:1a:a2:8c:b5:7b:6b:df:a8:91:3f:d0:2c:e8:
         e2:de:09:c6:ee:b0:8a:f3:02:cb:26:bc:9b:60:72:22:a1:46:
         b3:df:8f:64:f9:f1:4f:48:ae:07:a2:d8:99:8c:d3:7d:73:55:
         68:cf:0f:fb:1c:23:24:34:b9:19:a4:6a:de:21:fa:d6:b8:eb:
         53:80:91:ca:7e:74:d2:21:c2:9e:09:d1:d4:b5:8f:c6:d2:b5:
         bd:ec:23:8a:f1:24:b3:f0:f4:dc:08:38:c7:e3:d0:16:82:d7:
         f6:74:2a:8a:e0:c1:64:01:45:b1:36:20:b0:b4:87:bc:dd:7b:
         6a:fe:75:11
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTUOabS+GvlKq/IXBxi1GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjQwMTAyMDgzMjEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTFkZjAwYmZmNDI2ZmMxMTBiMGQ0MTY3MmVlNjJhM2M5NTY3MDZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6qKJmxRG1zTKOi7U6qVjOLKBJC+z
818cQjhbLBXloSBi8ah1GfvKT14lber0iYhk4X9FklZ3JoJSb1WoK0C338s5KpZH
riaXuOuyZOkVeWuVYA+YtwkdKck5ygNKS5SAByBRYxTXFLa6N1/acIIFvag7YN0s
f3TR4FP0vgBdcAPROYf+2UlJmULmMANuqLwmpnvgkq/DWHLmiUIdqTCJlRKBKX1v
4liHuMDkPk8GQjJxE6b39Vlv6guE6SbmRZrhBUphxvfZhiJAJVABiwu07SZLftl8
awOkvYD0XpTqc2ELYpREupCRgbJMmx0EcAVguc6SzCZCcdnMA+yjMtsxsQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEUd8Av/Qm/BELDUFnLuYqPJVnBvMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvUlIzd0NfOUNiOEVRc05RV2N1NWlvOGxXY0c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBw7KUAwQA
w7KXMA0GCSqGSIb3DQEBCwUAA4IBAQAWw+wE+eqx+mQEy9AtvNsbMBIUYFyPT8RE
TA8JfsYagLuwnIhy5H4tqqnvMx8b4rpnT9iO+Tumr4y2+rp0tA8ho8iD9VNZ+67x
f+dxrOI2SmgsQlRwgza1nqTmo9qV9LAPCFPVu2r2t5DW+WQgeqzbs+sbqft6Fn21
ifsw3H7anuBmgxqijLV7a9+okT/QLOji3gnG7rCK8wLLJrybYHIioUaz349k+fFP
SK4HotiZjNN9c1Vozw/7HCMkNLkZpGreIfrWuOtTgJHKfnTSIcKeCdHUtY/G0rW9
7COK8SSz8PTcCDjH49AWgtf2dCqK4MFkAUWxNiCwtIe83Xtq/nUR
-----END CERTIFICATE-----