Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/b4e3e4-1189-4036-8f1a-042f7dac24d5/1/CCA4X8RzjhfRd95S6rz5UOYIcsw.roa
File:                     CCA4X8RzjhfRd95S6rz5UOYIcsw.roa (raw, json)
Hash identifier:          tvOYFmsiGEWN6FfsB29DLOoxHIRFfqHX/cIOTM2HsOU=
Subject key identifier:   08:20:38:5F:C4:73:8E:17:D1:77:DE:52:EA:BC:F9:50:E6:08:72:CC
Certificate issuer:       /CN=11193f8e898eb6fbd12c53df7dad021543eefc6e
Certificate serial:       018CC424D7E948E07F1D5F9CF7C499D612AB
Authority key identifier: 11:19:3F:8E:89:8E:B6:FB:D1:2C:53:DF:7D:AD:02:15:43:EE:FC:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ERk_jomOtvvRLFPffa0CFUPu_G4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/b4e3e4-1189-4036-8f1a-042f7dac24d5/1/CCA4X8RzjhfRd95S6rz5UOYIcsw.roa
Signing time:             Mon 01 Jan 2024 08:29:58 +0000
ROA not before:           Mon 01 Jan 2024 08:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196807
IP address blocks:        195.35.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/b4e3e4-1189-4036-8f1a-042f7dac24d5/1/ERk_jomOtvvRLFPffa0CFUPu_G4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/b4e3e4-1189-4036-8f1a-042f7dac24d5/1/ERk_jomOtvvRLFPffa0CFUPu_G4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ERk_jomOtvvRLFPffa0CFUPu_G4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:d7:e9:48:e0:7f:1d:5f:9c:f7:c4:99:d6:12:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11193f8e898eb6fbd12c53df7dad021543eefc6e
        Validity
            Not Before: Jan  1 08:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0820385fc4738e17d177de52eabcf950e60872cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:92:55:69:32:0f:67:50:62:86:59:30:40:a1:
                    5f:02:3f:e5:14:a1:81:b4:bd:a6:fd:cd:52:88:ec:
                    19:d5:9e:44:5b:ed:4e:b8:78:1a:21:03:bc:18:f4:
                    23:92:a8:c3:05:89:87:60:3b:62:b9:ed:93:64:53:
                    d0:2b:d7:54:0a:40:95:dc:30:d2:cc:8b:75:94:8b:
                    c8:42:08:ed:ec:6b:86:5d:15:c4:30:82:5f:d0:d1:
                    2a:11:89:a4:a5:fa:98:06:46:b3:4b:89:d5:61:68:
                    83:eb:90:48:17:d6:c5:7e:bc:52:1c:aa:fa:ab:d8:
                    36:39:ae:e7:b4:87:73:1b:9b:e2:d9:0a:90:5f:c4:
                    db:7e:83:91:72:3a:82:f9:06:86:98:95:bb:1e:0e:
                    c9:4e:ad:a5:1b:02:86:c8:5d:0e:1c:1f:7c:15:2a:
                    be:16:a3:2b:a8:e3:ee:f5:cd:ab:4e:08:ef:df:46:
                    a0:f2:24:7b:ad:12:8a:cf:8e:a2:aa:2e:19:ff:8e:
                    50:42:ae:b8:65:a9:99:63:a1:88:04:49:7e:17:3b:
                    71:77:9f:2f:bd:c1:77:ba:6c:0b:2f:57:69:46:fd:
                    25:99:74:8f:21:87:c9:f9:5e:65:10:23:f3:bf:93:
                    fa:9b:5a:01:2b:8f:2c:ef:36:11:5d:f6:32:94:cd:
                    0f:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:20:38:5F:C4:73:8E:17:D1:77:DE:52:EA:BC:F9:50:E6:08:72:CC
            X509v3 Authority Key Identifier:
                keyid:11:19:3F:8E:89:8E:B6:FB:D1:2C:53:DF:7D:AD:02:15:43:EE:FC:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ERk_jomOtvvRLFPffa0CFUPu_G4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/b4e3e4-1189-4036-8f1a-042f7dac24d5/1/CCA4X8RzjhfRd95S6rz5UOYIcsw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/b4e3e4-1189-4036-8f1a-042f7dac24d5/1/ERk_jomOtvvRLFPffa0CFUPu_G4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:fd:32:d1:6a:f1:b8:2f:18:a6:ba:c1:bd:4e:a7:dc:ba:d6:
         78:b9:b0:ab:c0:41:f7:78:52:77:03:41:fd:b1:3a:d2:fa:c2:
         64:b9:24:49:7a:32:39:94:d5:04:fd:db:11:2b:a5:5f:43:91:
         eb:2d:2e:50:0b:55:91:85:59:b4:eb:36:5e:8f:35:96:36:a8:
         b6:1d:89:00:b5:63:9d:3f:9a:77:32:e8:8d:02:8c:cd:3a:54:
         8e:10:fc:af:bd:4a:af:2e:9a:96:c9:f5:9d:59:07:d1:f7:72:
         a2:d9:51:ed:1b:8c:22:60:d3:00:f5:37:01:22:35:9f:d0:7e:
         cb:20:42:52:35:4c:ac:ed:de:dd:6c:6f:18:a6:13:75:1f:7d:
         62:e2:e0:ff:36:43:db:0e:10:fc:71:3d:46:33:1b:9f:88:54:
         85:26:17:63:8e:4c:a2:fa:b9:61:ff:46:f2:73:76:b2:d7:96:
         d2:c0:7c:c5:36:9d:f2:47:fd:d4:c2:b8:8d:69:5f:86:39:ad:
         fb:39:cc:ee:f3:6c:8d:fd:bc:81:f4:6e:b2:1e:b1:8a:76:9e:
         fa:71:03:64:a6:10:ec:91:d4:34:97:d6:4a:31:90:ed:67:e2:
         ab:df:0d:0d:00:b7:cb:79:d5:06:be:dd:23:ea:d1:d6:fa:92:
         ec:55:91:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJNfpSOB/HV+c98SZ1hKrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMTkzZjhlODk4ZWI2ZmJkMTJjNTNkZjdkYWQwMjE1NDNl
ZWZjNmUwHhcNMjQwMTAxMDgyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODIwMzg1ZmM0NzM4ZTE3ZDE3N2RlNTJlYWJjZjk1MGU2MDg3MmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpJVaTIPZ1BihlkwQKFfAj/lFKGB
tL2m/c1SiOwZ1Z5EW+1OuHgaIQO8GPQjkqjDBYmHYDtiue2TZFPQK9dUCkCV3DDS
zIt1lIvIQgjt7GuGXRXEMIJf0NEqEYmkpfqYBkazS4nVYWiD65BIF9bFfrxSHKr6
q9g2Oa7ntIdzG5vi2QqQX8TbfoORcjqC+QaGmJW7Hg7JTq2lGwKGyF0OHB98FSq+
FqMrqOPu9c2rTgjv30ag8iR7rRKKz46iqi4Z/45QQq64ZamZY6GIBEl+Fztxd58v
vcF3umwLL1dpRv0lmXSPIYfJ+V5lECPzv5P6m1oBK48s7zYRXfYylM0PPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAggOF/Ec44X0XfeUuq8+VDmCHLMMB8GA1UdIwQY
MBaAFBEZP46Jjrb70SxT332tAhVD7vxuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVJrX2pvbU90dnZSTEZQZmZhMENGVVB1X0c0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9iNGUzZTQtMTE4OS00MDM2LThmMWEt
MDQyZjdkYWMyNGQ1LzEvQ0NBNFg4UnpqaGZSZDk1UzZyejVVT1lJY3N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9iNGUzZTQtMTE4OS00MDM2LThmMWEtMDQyZjdkYWMyNGQ1
LzEvRVJrX2pvbU90dnZSTEZQZmZhMENGVVB1X0c0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwyNUMA0G
CSqGSIb3DQEBCwUAA4IBAQBJ/TLRavG4LximusG9TqfcutZ4ubCrwEH3eFJ3A0H9
sTrS+sJkuSRJejI5lNUE/dsRK6VfQ5HrLS5QC1WRhVm06zZejzWWNqi2HYkAtWOd
P5p3MuiNAozNOlSOEPyvvUqvLpqWyfWdWQfR93Ki2VHtG4wiYNMA9TcBIjWf0H7L
IEJSNUys7d7dbG8YphN1H31i4uD/NkPbDhD8cT1GMxufiFSFJhdjjkyi+rlh/0by
c3ay15bSwHzFNp3yR/3UwriNaV+GOa37Oczu82yN/byB9G6yHrGKdp76cQNkphDs
kdQ0l9ZKMZDtZ+Kr3w0NALfLedUGvt0j6tHW+pLsVZHx
-----END CERTIFICATE-----