Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/44e4bb-9bf5-478b-85a1-649311139883/1/zGKff-mNvZxEbCkH_f6s8vVmpFk.roa
File:                     zGKff-mNvZxEbCkH_f6s8vVmpFk.roa (raw, json)
Hash identifier:          ZGyjxcl42qbHGXEsqygCOEmxjzGWdsVYQGK9ShMPH6g=
Subject key identifier:   CC:62:9F:7F:E9:8D:BD:9C:44:6C:29:07:FD:FE:AC:F2:F5:66:A4:59
Certificate issuer:       /CN=c25d43dcde10b923179d5b1bd74ea43acc221093
Certificate serial:       018CC72752E27EE1EA074CBEB4FBAD3E3AD7
Authority key identifier: C2:5D:43:DC:DE:10:B9:23:17:9D:5B:1B:D7:4E:A4:3A:CC:22:10:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wl1D3N4QuSMXnVsb106kOswiEJM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/44e4bb-9bf5-478b-85a1-649311139883/1/zGKff-mNvZxEbCkH_f6s8vVmpFk.roa
Signing time:             Mon 01 Jan 2024 22:31:32 +0000
ROA not before:           Mon 01 Jan 2024 22:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48829
IP address blocks:        195.130.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/44e4bb-9bf5-478b-85a1-649311139883/1/wl1D3N4QuSMXnVsb106kOswiEJM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/44e4bb-9bf5-478b-85a1-649311139883/1/wl1D3N4QuSMXnVsb106kOswiEJM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wl1D3N4QuSMXnVsb106kOswiEJM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 04:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:52:e2:7e:e1:ea:07:4c:be:b4:fb:ad:3e:3a:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c25d43dcde10b923179d5b1bd74ea43acc221093
        Validity
            Not Before: Jan  1 22:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc629f7fe98dbd9c446c2907fdfeacf2f566a459
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:de:bc:dd:63:62:d3:c1:ab:d1:0d:58:21:4c:
                    b8:10:6a:f3:4c:a6:a0:2e:fc:23:e0:1a:54:8f:4f:
                    a7:cd:d4:67:bf:3c:c0:47:8b:d6:48:45:03:fe:c6:
                    fc:19:0f:63:c0:d8:ae:8b:90:ea:fd:80:db:d7:36:
                    80:f2:ff:b6:65:36:ea:0d:3f:20:fa:64:e0:85:46:
                    c8:f5:4f:36:ab:25:59:63:62:69:51:38:7d:3a:dd:
                    93:61:79:d7:a8:7d:1e:82:c1:15:76:03:35:f0:54:
                    5a:b0:b6:47:1e:af:07:0a:c2:b0:59:30:c9:ca:60:
                    c6:55:01:22:5d:4d:b6:de:21:01:7d:72:29:77:e7:
                    82:e9:f8:fc:6a:98:c0:61:e7:2a:51:b2:b5:cb:cc:
                    8d:7d:68:ff:70:d6:25:a9:06:90:c5:11:ce:1a:55:
                    e5:bc:a6:5a:c5:ca:82:c8:a8:49:51:d1:a0:50:57:
                    ac:f1:ff:19:7c:1d:ec:2a:76:b4:ba:7b:94:d3:a6:
                    0e:b4:91:b1:ac:8e:a8:8e:a2:ea:93:ac:83:af:e0:
                    3a:7b:de:7a:82:17:4b:ca:5c:32:52:da:58:e1:3b:
                    0c:64:62:65:a6:e1:0f:60:d5:a4:42:2c:d2:e2:97:
                    b4:55:eb:0e:82:e3:ac:94:1b:22:b5:0a:42:7f:7e:
                    2f:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:62:9F:7F:E9:8D:BD:9C:44:6C:29:07:FD:FE:AC:F2:F5:66:A4:59
            X509v3 Authority Key Identifier:
                keyid:C2:5D:43:DC:DE:10:B9:23:17:9D:5B:1B:D7:4E:A4:3A:CC:22:10:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wl1D3N4QuSMXnVsb106kOswiEJM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/44e4bb-9bf5-478b-85a1-649311139883/1/zGKff-mNvZxEbCkH_f6s8vVmpFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/44e4bb-9bf5-478b-85a1-649311139883/1/wl1D3N4QuSMXnVsb106kOswiEJM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.130.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:54:a0:4d:95:9f:c6:99:bf:b7:af:ec:da:48:e7:5b:5e:68:
         91:da:a5:da:be:6b:a0:c6:ff:09:eb:21:a4:d9:a7:b7:ad:76:
         9d:34:46:ae:fc:73:af:55:44:67:d3:28:91:82:25:61:7c:ff:
         4e:9b:3f:05:ae:7d:bf:06:0c:c6:35:d9:de:94:fc:28:22:3b:
         fe:99:56:c2:fe:60:0f:cb:ef:6e:cd:f6:c7:21:9d:a2:c3:c7:
         b6:3b:51:a4:d4:05:3d:89:30:5e:f3:de:ed:51:d4:21:e3:c3:
         b2:40:73:d4:88:61:19:95:96:1c:58:a1:26:49:04:2b:c4:83:
         dc:78:b7:71:0c:c5:34:28:9a:ea:58:19:a2:2d:25:53:74:0e:
         e0:af:3d:ce:5b:aa:54:a9:de:f7:17:04:34:a0:2c:bc:96:d6:
         52:1f:d4:a5:e4:78:e2:c6:20:f0:26:49:89:e1:c6:cd:20:ea:
         6f:6f:54:ec:8d:27:37:93:78:82:a6:2f:02:2b:67:ab:25:f4:
         99:22:5e:43:29:ed:7b:51:4e:c0:98:62:20:32:82:9a:82:99:
         5d:79:4b:17:91:ad:23:f1:dd:c4:3d:48:06:0e:3c:37:0b:e6:
         e9:84:ae:c6:f4:48:c3:94:63:79:6d:22:ee:59:32:5d:98:56:
         e6:ee:b9:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ1LifuHqB0y+tPutPjrXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNWQ0M2RjZGUxMGI5MjMxNzlkNWIxYmQ3NGVhNDNhY2My
MjEwOTMwHhcNMjQwMTAxMjIzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzYyOWY3ZmU5OGRiZDljNDQ2YzI5MDdmZGZlYWNmMmY1NjZhNDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9683WNi08Gr0Q1YIUy4EGrzTKag
Lvwj4BpUj0+nzdRnvzzAR4vWSEUD/sb8GQ9jwNiui5Dq/YDb1zaA8v+2ZTbqDT8g
+mTghUbI9U82qyVZY2JpUTh9Ot2TYXnXqH0egsEVdgM18FRasLZHHq8HCsKwWTDJ
ymDGVQEiXU223iEBfXIpd+eC6fj8apjAYecqUbK1y8yNfWj/cNYlqQaQxRHOGlXl
vKZaxcqCyKhJUdGgUFes8f8ZfB3sKna0unuU06YOtJGxrI6ojqLqk6yDr+A6e956
ghdLylwyUtpY4TsMZGJlpuEPYNWkQizS4pe0VesOguOslBsitQpCf34vsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMxin3/pjb2cRGwpB/3+rPL1ZqRZMB8GA1UdIwQY
MBaAFMJdQ9zeELkjF51bG9dOpDrMIhCTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2wxRDNONFF1U01YblZzYjEwNmtPc3dpRUpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS80NGU0YmItOWJmNS00NzhiLTg1YTEt
NjQ5MzExMTM5ODgzLzEvekdLZmYtbU52WnhFYkNrSF9mNnM4dlZtcEZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS80NGU0YmItOWJmNS00NzhiLTg1YTEtNjQ5MzExMTM5ODgz
LzEvd2wxRDNONFF1U01YblZzYjEwNmtPc3dpRUpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4LLMA0G
CSqGSIb3DQEBCwUAA4IBAQBpVKBNlZ/Gmb+3r+zaSOdbXmiR2qXavmugxv8J6yGk
2ae3rXadNEau/HOvVURn0yiRgiVhfP9Omz8Frn2/BgzGNdnelPwoIjv+mVbC/mAP
y+9uzfbHIZ2iw8e2O1Gk1AU9iTBe897tUdQh48OyQHPUiGEZlZYcWKEmSQQrxIPc
eLdxDMU0KJrqWBmiLSVTdA7grz3OW6pUqd73FwQ0oCy8ltZSH9Sl5HjixiDwJkmJ
4cbNIOpvb1TsjSc3k3iCpi8CK2erJfSZIl5DKe17UU7AmGIgMoKagpldeUsXka0j
8d3EPUgGDjw3C+bphK7G9EjDlGN5bSLuWTJdmFbm7rlZ
-----END CERTIFICATE-----