Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/b7e78d-67d5-45af-b448-175383e82ef2/1/RmwGhaQtyB-nWSOaUZrImL6SkF0.roa
File:                     RmwGhaQtyB-nWSOaUZrImL6SkF0.roa (raw, json)
Hash identifier:          hEB6cQwTD2n62zVkX5dgTsjF65ndY8Xn1vKr3Ej8uj8=
Subject key identifier:   46:6C:06:85:A4:2D:C8:1F:A7:59:23:9A:51:9A:C8:98:BE:92:90:5D
Certificate issuer:       /CN=866dee727e83997c0203c0f718d33b93d77d821d
Certificate serial:       018CC64A6C44787D7544B0B381D0EBBF3232
Authority key identifier: 86:6D:EE:72:7E:83:99:7C:02:03:C0:F7:18:D3:3B:93:D7:7D:82:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hm3ucn6DmXwCA8D3GNM7k9d9gh0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/b7e78d-67d5-45af-b448-175383e82ef2/1/RmwGhaQtyB-nWSOaUZrImL6SkF0.roa
Signing time:             Mon 01 Jan 2024 18:30:15 +0000
ROA not before:           Mon 01 Jan 2024 18:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398464
IP address blocks:        195.64.123.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/b7e78d-67d5-45af-b448-175383e82ef2/1/hm3ucn6DmXwCA8D3GNM7k9d9gh0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/b7e78d-67d5-45af-b448-175383e82ef2/1/hm3ucn6DmXwCA8D3GNM7k9d9gh0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hm3ucn6DmXwCA8D3GNM7k9d9gh0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Apr 2024 07:01:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:6c:44:78:7d:75:44:b0:b3:81:d0:eb:bf:32:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=866dee727e83997c0203c0f718d33b93d77d821d
        Validity
            Not Before: Jan  1 18:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=466c0685a42dc81fa759239a519ac898be92905d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:6c:99:50:5a:47:51:d7:38:8f:b6:be:a6:9f:
                    ac:4d:25:e9:49:f1:0d:76:03:43:04:01:3a:4f:8f:
                    dc:70:88:ae:68:fa:1a:48:32:9c:27:7c:a8:88:1d:
                    c1:6e:22:e8:fd:de:2f:a5:4b:f6:f8:1c:26:8c:14:
                    64:fc:fb:a8:9d:0f:1b:4e:2f:fc:18:fa:7f:af:2b:
                    6d:68:9d:aa:94:db:6f:f1:47:e1:bd:be:6f:5d:9d:
                    ec:0c:3c:bc:a4:b2:d8:47:6f:18:51:0f:fe:8a:e3:
                    e4:b2:df:d4:c3:68:8a:43:05:fc:84:3b:1a:1b:f9:
                    5c:96:c7:0a:09:d1:37:76:5e:14:57:37:14:8b:12:
                    d3:01:4d:cd:05:92:df:35:a8:5a:32:5d:49:51:4d:
                    d4:8f:d0:40:d9:f6:40:7f:4e:b2:00:c3:9d:50:fe:
                    f4:3c:e3:13:ef:73:9a:8a:44:d8:e0:f4:f2:82:70:
                    d5:3c:28:13:75:1c:95:91:4b:df:e2:42:76:3c:30:
                    0a:03:3b:7e:e3:da:bd:23:d0:a4:1e:bf:95:a7:88:
                    8e:34:5f:d2:af:61:5d:49:fc:8e:7d:34:4d:44:2b:
                    d3:84:d1:93:99:64:c3:de:3c:8d:bd:48:6a:67:51:
                    9c:03:a8:5d:12:23:ff:4a:d2:6e:47:e5:8f:98:cd:
                    85:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:6C:06:85:A4:2D:C8:1F:A7:59:23:9A:51:9A:C8:98:BE:92:90:5D
            X509v3 Authority Key Identifier:
                keyid:86:6D:EE:72:7E:83:99:7C:02:03:C0:F7:18:D3:3B:93:D7:7D:82:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hm3ucn6DmXwCA8D3GNM7k9d9gh0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/b7e78d-67d5-45af-b448-175383e82ef2/1/RmwGhaQtyB-nWSOaUZrImL6SkF0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/b7e78d-67d5-45af-b448-175383e82ef2/1/hm3ucn6DmXwCA8D3GNM7k9d9gh0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.64.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:30:c4:be:54:10:28:64:26:48:f6:f1:b5:c8:2d:6e:67:ac:
         df:2a:65:ec:a1:57:56:54:63:23:c6:9c:16:eb:3e:e5:31:85:
         7a:ad:66:a8:15:94:67:d5:1d:6d:8d:93:59:de:b5:de:62:a1:
         5c:ba:5f:b5:b2:04:22:3d:80:18:2f:f5:b3:e4:bf:da:c0:f9:
         fb:d2:3a:55:45:d9:22:74:b9:22:1d:a4:38:b1:15:f7:ea:07:
         71:a6:92:5b:ed:98:47:06:f3:53:59:d9:3b:00:c6:3f:a7:68:
         a3:a1:c3:92:62:37:e9:73:9d:19:28:9e:13:e8:83:4c:ab:d5:
         59:62:b9:64:6b:5a:ba:5d:3e:d2:2e:13:ac:f6:32:fe:1e:e1:
         4b:3f:76:62:dc:37:ad:b2:b7:37:90:55:e4:c0:ae:40:67:b7:
         42:34:79:7d:51:e2:9c:a7:c4:d7:67:67:3d:69:b0:4f:b0:3f:
         4d:f7:59:a4:48:3d:ad:3a:f7:c7:dc:1d:83:43:3f:83:11:47:
         38:2b:1d:f7:95:da:db:82:cb:b3:20:c0:55:59:de:03:58:8a:
         66:19:14:10:f6:1a:12:9e:63:7d:3b:ef:10:c4:65:f2:c1:d8:
         f4:c2:07:7a:fa:7f:1d:c3:17:bd:96:a3:31:51:e1:50:58:1f:
         05:95:e1:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSmxEeH11RLCzgdDrvzIyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2NmRlZTcyN2U4Mzk5N2MwMjAzYzBmNzE4ZDMzYjkzZDc3
ZDgyMWQwHhcNMjQwMTAxMTgzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjZjMDY4NWE0MmRjODFmYTc1OTIzOWE1MTlhYzg5OGJlOTI5MDVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhWyZUFpHUdc4j7a+pp+sTSXpSfEN
dgNDBAE6T4/ccIiuaPoaSDKcJ3yoiB3BbiLo/d4vpUv2+BwmjBRk/PuonQ8bTi/8
GPp/ryttaJ2qlNtv8Ufhvb5vXZ3sDDy8pLLYR28YUQ/+iuPkst/Uw2iKQwX8hDsa
G/lclscKCdE3dl4UVzcUixLTAU3NBZLfNahaMl1JUU3Uj9BA2fZAf06yAMOdUP70
POMT73OaikTY4PTygnDVPCgTdRyVkUvf4kJ2PDAKAzt+49q9I9CkHr+Vp4iONF/S
r2FdSfyOfTRNRCvThNGTmWTD3jyNvUhqZ1GcA6hdEiP/StJuR+WPmM2FHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEZsBoWkLcgfp1kjmlGayJi+kpBdMB8GA1UdIwQY
MBaAFIZt7nJ+g5l8AgPA9xjTO5PXfYIdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaG0zdWNuNkRtWHdDQThEM0dOTTdrOWQ5Z2gwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9iN2U3OGQtNjdkNS00NWFmLWI0NDgt
MTc1MzgzZTgyZWYyLzEvUm13R2hhUXR5Qi1uV1NPYVVackltTDZTa0YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9iN2U3OGQtNjdkNS00NWFmLWI0NDgtMTc1MzgzZTgyZWYy
LzEvaG0zdWNuNkRtWHdDQThEM0dOTTdrOWQ5Z2gwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0B7MA0G
CSqGSIb3DQEBCwUAA4IBAQCsMMS+VBAoZCZI9vG1yC1uZ6zfKmXsoVdWVGMjxpwW
6z7lMYV6rWaoFZRn1R1tjZNZ3rXeYqFcul+1sgQiPYAYL/Wz5L/awPn70jpVRdki
dLkiHaQ4sRX36gdxppJb7ZhHBvNTWdk7AMY/p2ijocOSYjfpc50ZKJ4T6INMq9VZ
Yrlka1q6XT7SLhOs9jL+HuFLP3Zi3Detsrc3kFXkwK5AZ7dCNHl9UeKcp8TXZ2c9
abBPsD9N91mkSD2tOvfH3B2DQz+DEUc4Kx33ldrbgsuzIMBVWd4DWIpmGRQQ9hoS
nmN9O+8QxGXywdj0wgd6+n8dwxe9lqMxUeFQWB8FleHp
-----END CERTIFICATE-----