Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/b29c5c-d7c4-40dd-9639-55731c0a53a4/1/8k6GkAOae_jBFbQbLdXCkL41trs.roa
File:                     8k6GkAOae_jBFbQbLdXCkL41trs.roa (raw, json)
Hash identifier:          mDxeFwwYKV92WPAg0+nnbr5JYz2pP6RQagd/3AjluUQ=
Subject key identifier:   F2:4E:86:90:03:9A:7B:F8:C1:15:B4:1B:2D:D5:C2:90:BE:35:B6:BB
Certificate issuer:       /CN=72a759a825025241e1a8e012bf9ecc6f2a7c527b
Certificate serial:       018CC4936349B1A3FCE9CF05AF1839C4FC7B
Authority key identifier: 72:A7:59:A8:25:02:52:41:E1:A8:E0:12:BF:9E:CC:6F:2A:7C:52:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cqdZqCUCUkHhqOASv57Mbyp8Uns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/b29c5c-d7c4-40dd-9639-55731c0a53a4/1/8k6GkAOae_jBFbQbLdXCkL41trs.roa
Signing time:             Mon 01 Jan 2024 10:30:42 +0000
ROA not before:           Mon 01 Jan 2024 10:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29305
IP address blocks:        195.225.136.0/22 maxlen: 22
                          194.177.4.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/b29c5c-d7c4-40dd-9639-55731c0a53a4/1/cqdZqCUCUkHhqOASv57Mbyp8Uns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/b29c5c-d7c4-40dd-9639-55731c0a53a4/1/cqdZqCUCUkHhqOASv57Mbyp8Uns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cqdZqCUCUkHhqOASv57Mbyp8Uns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:63:49:b1:a3:fc:e9:cf:05:af:18:39:c4:fc:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72a759a825025241e1a8e012bf9ecc6f2a7c527b
        Validity
            Not Before: Jan  1 10:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f24e8690039a7bf8c115b41b2dd5c290be35b6bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:11:72:19:40:27:3d:65:cb:9b:04:76:8d:97:
                    c5:0b:76:c6:c1:ab:8f:9e:d1:b4:31:04:3c:a8:95:
                    0c:89:ba:be:b9:18:15:a6:ad:42:db:42:01:4b:68:
                    d4:48:69:22:99:48:c7:8b:17:54:36:1d:20:48:5c:
                    f9:d8:90:59:e2:2f:15:83:cb:46:6a:77:fb:b2:32:
                    7a:f5:49:9a:98:d7:0e:11:1d:eb:e8:89:41:e1:77:
                    3e:e9:7c:1d:88:b0:c0:49:43:65:03:c1:48:4a:ac:
                    f7:86:b5:87:30:07:77:80:9e:59:74:bf:d9:8a:53:
                    4f:60:d4:e2:f9:a0:05:52:0a:38:c6:ae:55:d9:63:
                    8d:05:36:5d:9c:bc:c8:90:4c:a5:05:44:42:0e:8a:
                    6e:18:c8:99:16:f6:6c:5d:a3:24:bd:6d:78:b8:4e:
                    82:28:77:ce:e8:a2:6b:45:2c:d5:86:88:50:ad:5d:
                    ee:02:fb:3f:b7:cc:41:a9:d3:ba:08:86:a0:16:02:
                    ca:15:67:d8:6a:4f:d7:2f:d7:bf:ec:06:31:18:c7:
                    55:db:1f:8d:d3:f0:86:37:d1:7e:58:07:2f:42:08:
                    97:bc:d9:12:3b:55:35:3a:34:64:a5:06:98:8a:8b:
                    00:c1:14:a5:d7:ff:8a:67:bb:c4:4c:41:4b:53:44:
                    b0:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:4E:86:90:03:9A:7B:F8:C1:15:B4:1B:2D:D5:C2:90:BE:35:B6:BB
            X509v3 Authority Key Identifier:
                keyid:72:A7:59:A8:25:02:52:41:E1:A8:E0:12:BF:9E:CC:6F:2A:7C:52:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cqdZqCUCUkHhqOASv57Mbyp8Uns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/b29c5c-d7c4-40dd-9639-55731c0a53a4/1/8k6GkAOae_jBFbQbLdXCkL41trs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/b29c5c-d7c4-40dd-9639-55731c0a53a4/1/cqdZqCUCUkHhqOASv57Mbyp8Uns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.177.4.0/22
                  195.225.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         06:42:af:50:3d:9f:51:5a:d4:e2:dd:9a:04:e4:48:45:c9:a4:
         e4:5e:38:ca:5e:82:49:f0:3f:47:ff:33:bb:76:7b:bf:a4:6b:
         b6:be:54:1a:f6:32:6b:86:c5:71:9f:f3:36:33:27:46:93:62:
         22:af:f1:de:b7:bd:bb:68:f8:47:56:81:e9:87:86:34:f6:fc:
         cc:e8:e4:b7:19:be:bb:e8:45:4f:44:0e:a3:e0:71:fe:22:dd:
         60:6a:c9:72:94:8e:25:dc:43:11:f9:a3:32:95:ab:18:06:cc:
         e9:77:71:e6:dc:98:84:b1:9a:02:64:84:ee:7a:2c:96:55:19:
         e6:27:be:61:c8:07:fd:0d:b8:db:d5:3c:ba:cc:ba:46:af:60:
         c7:2c:bd:f3:e8:cc:bd:40:b7:ad:cb:b8:aa:89:3b:84:5b:a5:
         af:ee:81:b6:76:7a:a1:99:2c:f2:d3:18:68:a7:68:78:ae:67:
         c5:ba:9a:47:62:ea:dd:bb:96:df:5b:55:4d:03:63:69:24:fb:
         9f:86:46:0f:39:37:2c:8d:9a:6f:9a:e9:c0:bd:0f:86:83:20:
         13:4b:95:39:e6:b3:6a:45:73:b5:e2:45:6a:b7:bd:54:0a:11:
         06:df:32:ed:8d:b3:08:b4:d2:74:af:8f:31:d2:d9:24:29:7a:
         42:2a:db:06
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEk2NJsaP86c8Frxg5xPx7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYTc1OWE4MjUwMjUyNDFlMWE4ZTAxMmJmOWVjYzZmMmE3
YzUyN2IwHhcNMjQwMTAxMTAzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjRlODY5MDAzOWE3YmY4YzExNWI0MWIyZGQ1YzI5MGJlMzViNmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhFyGUAnPWXLmwR2jZfFC3bGwauP
ntG0MQQ8qJUMibq+uRgVpq1C20IBS2jUSGkimUjHixdUNh0gSFz52JBZ4i8Vg8tG
anf7sjJ69UmamNcOER3r6IlB4Xc+6XwdiLDASUNlA8FISqz3hrWHMAd3gJ5ZdL/Z
ilNPYNTi+aAFUgo4xq5V2WONBTZdnLzIkEylBURCDopuGMiZFvZsXaMkvW14uE6C
KHfO6KJrRSzVhohQrV3uAvs/t8xBqdO6CIagFgLKFWfYak/XL9e/7AYxGMdV2x+N
0/CGN9F+WAcvQgiXvNkSO1U1OjRkpQaYiosAwRSl1/+KZ7vETEFLU0SwuQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPJOhpADmnv4wRW0Gy3VwpC+Nba7MB8GA1UdIwQY
MBaAFHKnWaglAlJB4ajgEr+ezG8qfFJ7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3FkWnFDVUNVa0hocU9BU3Y1N01ieXA4VW5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9iMjljNWMtZDdjNC00MGRkLTk2Mzkt
NTU3MzFjMGE1M2E0LzEvOGs2R2tBT2FlX2pCRmJRYkxkWENrTDQxdHJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9iMjljNWMtZDdjNC00MGRkLTk2MzktNTU3MzFjMGE1M2E0
LzEvY3FkWnFDVUNVa0hocU9BU3Y1N01ieXA4VW5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCwrEEAwQC
w+GIMA0GCSqGSIb3DQEBCwUAA4IBAQAGQq9QPZ9RWtTi3ZoE5EhFyaTkXjjKXoJJ
8D9H/zO7dnu/pGu2vlQa9jJrhsVxn/M2MydGk2Iir/Het727aPhHVoHph4Y09vzM
6OS3Gb676EVPRA6j4HH+It1gaslylI4l3EMR+aMylasYBszpd3Hm3JiEsZoCZITu
eiyWVRnmJ75hyAf9Dbjb1Ty6zLpGr2DHLL3z6My9QLety7iqiTuEW6Wv7oG2dnqh
mSzy0xhop2h4rmfFuppHYurdu5bfW1VNA2NpJPufhkYPOTcsjZpvmunAvQ+GgyAT
S5U55rNqRXO14kVqt71UChEG3zLtjbMItNJ0r48x0tkkKXpCKtsG
-----END CERTIFICATE-----