Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/CxwBmlLU-QJWCahzWA3cH792iKU.roa
File:                     CxwBmlLU-QJWCahzWA3cH792iKU.roa (raw, json)
Hash identifier:          MunJPBDCBbAA1QMCKtQPSSf+2jqYfxOCiKzNsV9wgis=
Subject key identifier:   0B:1C:01:9A:52:D4:F9:02:56:09:A8:73:58:0D:DC:1F:BF:76:88:A5
Certificate issuer:       /CN=1062bc36512658a0f7d3f96bc1d8e67d9fd4918b
Certificate serial:       018CC26D69E036D3E1300670EBD642783E73
Authority key identifier: 10:62:BC:36:51:26:58:A0:F7:D3:F9:6B:C1:D8:E6:7D:9F:D4:91:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EGK8NlEmWKD30_lrwdjmfZ_UkYs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/CxwBmlLU-QJWCahzWA3cH792iKU.roa
Signing time:             Mon 01 Jan 2024 00:29:59 +0000
ROA not before:           Mon 01 Jan 2024 00:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29551
IP address blocks:        195.245.86.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/EGK8NlEmWKD30_lrwdjmfZ_UkYs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/EGK8NlEmWKD30_lrwdjmfZ_UkYs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EGK8NlEmWKD30_lrwdjmfZ_UkYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 13:04:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:69:e0:36:d3:e1:30:06:70:eb:d6:42:78:3e:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1062bc36512658a0f7d3f96bc1d8e67d9fd4918b
        Validity
            Not Before: Jan  1 00:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b1c019a52d4f9025609a873580ddc1fbf7688a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:1f:e5:ba:1a:4e:ef:a8:2b:da:df:59:d2:32:
                    14:aa:e3:16:55:0f:6b:26:07:98:0e:d3:ca:06:f0:
                    be:2f:7c:bc:05:d6:db:3d:d3:28:d1:5a:4f:55:13:
                    15:ae:13:c9:08:fd:a0:69:16:e9:86:76:c1:95:97:
                    d9:74:00:13:b4:ac:36:5d:9d:09:38:83:10:9f:a5:
                    a2:27:46:55:5f:c5:c2:b1:ee:3b:51:bf:e6:04:4e:
                    7f:17:7f:fd:91:b6:2f:fd:22:69:79:38:16:28:80:
                    b5:72:44:4c:79:8f:0a:64:9b:ac:fa:e4:4d:10:0f:
                    50:69:4a:75:91:47:55:05:81:82:77:65:ec:6a:cd:
                    d3:dd:b7:5c:5c:bb:c3:79:ca:1d:2c:62:81:7c:15:
                    af:4e:4e:59:61:a4:2f:82:06:2b:12:68:8f:a5:4c:
                    cc:37:06:93:91:80:2f:de:83:dc:07:c7:d1:13:97:
                    36:43:0b:8f:24:92:cd:77:3a:bc:c6:a9:2c:49:9c:
                    f5:cd:67:03:82:1b:e9:c4:17:f4:65:c8:ec:23:a6:
                    01:55:a2:60:19:69:e3:8c:e6:21:57:8c:00:29:3c:
                    b4:b9:c5:7f:44:cb:f7:0e:1b:0f:14:09:f8:00:72:
                    ba:58:e3:45:27:67:f0:14:74:5c:2c:ea:03:dd:27:
                    a9:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:1C:01:9A:52:D4:F9:02:56:09:A8:73:58:0D:DC:1F:BF:76:88:A5
            X509v3 Authority Key Identifier:
                keyid:10:62:BC:36:51:26:58:A0:F7:D3:F9:6B:C1:D8:E6:7D:9F:D4:91:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EGK8NlEmWKD30_lrwdjmfZ_UkYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/CxwBmlLU-QJWCahzWA3cH792iKU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/EGK8NlEmWKD30_lrwdjmfZ_UkYs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.245.86.0/23

    Signature Algorithm: sha256WithRSAEncryption
         38:0f:8e:bc:44:6e:e4:22:e1:8f:96:eb:af:7c:cc:e7:c8:ee:
         1a:63:ca:99:d2:50:9d:e2:f1:b5:a5:82:f1:e0:c4:26:a3:47:
         09:6e:04:d3:06:fd:9b:11:d0:ef:6b:a1:75:7c:65:ce:bb:61:
         d3:19:70:8c:06:fc:ad:c3:e3:27:74:05:cb:35:0a:29:51:25:
         1e:57:7b:6d:5d:ba:c7:a1:c1:f7:b9:91:76:eb:35:d2:c0:77:
         e4:3f:b3:c4:df:9a:47:5f:4b:ef:73:95:a4:36:f9:0e:62:bf:
         57:0c:8f:24:13:bc:aa:b4:7e:7a:47:77:3c:b2:a0:41:cd:7b:
         da:89:f1:f7:38:1e:cf:25:9b:b5:8e:2c:30:d3:49:ec:25:82:
         f7:5f:34:75:c8:e3:a8:65:23:53:bc:4e:09:6c:d7:00:75:98:
         0d:b7:77:1a:01:df:54:a4:38:74:1b:e5:d1:86:9f:3c:32:c8:
         e2:f6:11:d2:7d:03:84:63:17:46:5e:a5:42:89:86:be:02:1b:
         f7:b8:03:04:e3:30:d3:93:32:fd:b6:da:72:12:0d:34:9a:3f:
         65:3d:94:06:5f:f3:06:0f:c9:77:21:0e:07:a1:7b:a3:3e:a1:
         88:20:62:14:ec:bd:16:1c:b3:6c:76:28:36:bf:00:91:54:38:
         40:f6:1e:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbWngNtPhMAZw69ZCeD5zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNjJiYzM2NTEyNjU4YTBmN2QzZjk2YmMxZDhlNjdkOWZk
NDkxOGIwHhcNMjQwMTAxMDAyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjFjMDE5YTUyZDRmOTAyNTYwOWE4NzM1ODBkZGMxZmJmNzY4OGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiB/luhpO76gr2t9Z0jIUquMWVQ9r
JgeYDtPKBvC+L3y8BdbbPdMo0VpPVRMVrhPJCP2gaRbphnbBlZfZdAATtKw2XZ0J
OIMQn6WiJ0ZVX8XCse47Ub/mBE5/F3/9kbYv/SJpeTgWKIC1ckRMeY8KZJus+uRN
EA9QaUp1kUdVBYGCd2Xsas3T3bdcXLvDecodLGKBfBWvTk5ZYaQvggYrEmiPpUzM
NwaTkYAv3oPcB8fRE5c2QwuPJJLNdzq8xqksSZz1zWcDghvpxBf0ZcjsI6YBVaJg
GWnjjOYhV4wAKTy0ucV/RMv3DhsPFAn4AHK6WONFJ2fwFHRcLOoD3SepyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAscAZpS1PkCVgmoc1gN3B+/doilMB8GA1UdIwQY
MBaAFBBivDZRJlig99P5a8HY5n2f1JGLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUdLOE5sRW1XS0QzMF9scndkam1mWl9Va1lzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC82NjllYmYtZWU3Zi00ZWI3LTg0ODYt
OTVhZDkyYWM4Njk4LzEvQ3h3Qm1sTFUtUUpXQ2FoeldBM2NINzkyaUtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC82NjllYmYtZWU3Zi00ZWI3LTg0ODYtOTVhZDkyYWM4Njk4
LzEvRUdLOE5sRW1XS0QzMF9scndkam1mWl9Va1lzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw/VWMA0G
CSqGSIb3DQEBCwUAA4IBAQA4D468RG7kIuGPluuvfMznyO4aY8qZ0lCd4vG1pYLx
4MQmo0cJbgTTBv2bEdDva6F1fGXOu2HTGXCMBvytw+MndAXLNQopUSUeV3ttXbrH
ocH3uZF26zXSwHfkP7PE35pHX0vvc5WkNvkOYr9XDI8kE7yqtH56R3c8sqBBzXva
ifH3OB7PJZu1jiww00nsJYL3XzR1yOOoZSNTvE4JbNcAdZgNt3caAd9UpDh0G+XR
hp88Msji9hHSfQOEYxdGXqVCiYa+Ahv3uAME4zDTkzL9ttpyEg00mj9lPZQGX/MG
D8l3IQ4HoXujPqGIIGIU7L0WHLNsdig2vwCRVDhA9h7p
-----END CERTIFICATE-----