Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/2581f4-8410-4a43-9186-0fab2269ea8e/1/_ZsevcLUOR3mUS2fyEmwua28k90.roa
File:                     _ZsevcLUOR3mUS2fyEmwua28k90.roa (raw, json)
Hash identifier:          E0mgNM0gGsbCDq89duJ2PT1/VvfsHib7iVTvFEqdM8Q=
Subject key identifier:   FD:9B:1E:BD:C2:D4:39:1D:E6:51:2D:9F:C8:49:B0:B9:AD:BC:93:DD
Certificate issuer:       /CN=33c5b0d7c0a9cd24b73cdcb92c8746e85a4a5b8f
Certificate serial:       018CC94E5BC4EF6535CE329B49270C2EB1B8
Authority key identifier: 33:C5:B0:D7:C0:A9:CD:24:B7:3C:DC:B9:2C:87:46:E8:5A:4A:5B:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M8Ww18CpzSS3PNy5LIdG6FpKW48.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/2581f4-8410-4a43-9186-0fab2269ea8e/1/_ZsevcLUOR3mUS2fyEmwua28k90.roa
Signing time:             Tue 02 Jan 2024 08:33:24 +0000
ROA not before:           Tue 02 Jan 2024 08:33:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     393410
IP address blocks:        195.149.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/2581f4-8410-4a43-9186-0fab2269ea8e/1/M8Ww18CpzSS3PNy5LIdG6FpKW48.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/2581f4-8410-4a43-9186-0fab2269ea8e/1/M8Ww18CpzSS3PNy5LIdG6FpKW48.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M8Ww18CpzSS3PNy5LIdG6FpKW48.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:5b:c4:ef:65:35:ce:32:9b:49:27:0c:2e:b1:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33c5b0d7c0a9cd24b73cdcb92c8746e85a4a5b8f
        Validity
            Not Before: Jan  2 08:33:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd9b1ebdc2d4391de6512d9fc849b0b9adbc93dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:59:ed:fd:ce:18:a2:00:cb:41:6e:96:5f:6b:
                    48:d5:cc:0b:a2:5f:52:cf:81:16:30:7a:92:d8:80:
                    60:5f:7d:69:17:1a:9e:52:97:83:9a:b0:b4:06:f3:
                    ab:fc:80:e4:c0:ac:db:e5:ce:0b:5b:ca:5d:2d:ff:
                    33:e9:e8:3d:d4:af:86:fc:29:a4:a3:da:02:42:63:
                    69:5d:81:10:b3:83:c9:ba:58:1f:56:46:26:27:55:
                    c4:a0:20:8f:be:f4:d3:2e:ee:f4:34:a3:a0:34:72:
                    34:55:e0:2f:de:b4:38:c3:12:ea:59:9e:3c:76:8d:
                    31:cf:88:48:dc:d1:9e:f3:43:f8:3d:40:ef:84:ba:
                    c3:a1:dc:4c:65:9d:6e:33:68:90:a6:7f:52:96:a3:
                    7e:e7:5f:6f:f5:b0:10:36:ac:da:29:d6:fa:67:d8:
                    aa:ce:24:9d:ce:01:cc:ca:45:44:42:97:37:4a:00:
                    fc:4e:0b:42:ee:a9:88:86:75:a5:de:65:6b:54:5f:
                    93:0f:b1:32:73:e8:9d:03:20:c9:c7:68:c1:3f:41:
                    b3:38:6b:65:54:4b:49:54:5a:e6:9f:3a:30:78:9e:
                    77:28:8c:6a:a1:10:80:ca:78:69:a4:e0:c5:0f:8f:
                    23:45:95:a5:64:21:e1:16:df:95:e2:7d:91:a2:df:
                    41:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:9B:1E:BD:C2:D4:39:1D:E6:51:2D:9F:C8:49:B0:B9:AD:BC:93:DD
            X509v3 Authority Key Identifier:
                keyid:33:C5:B0:D7:C0:A9:CD:24:B7:3C:DC:B9:2C:87:46:E8:5A:4A:5B:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M8Ww18CpzSS3PNy5LIdG6FpKW48.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/2581f4-8410-4a43-9186-0fab2269ea8e/1/_ZsevcLUOR3mUS2fyEmwua28k90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/2581f4-8410-4a43-9186-0fab2269ea8e/1/M8Ww18CpzSS3PNy5LIdG6FpKW48.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.149.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:f7:ba:76:fe:1c:ad:b5:fc:0f:23:7a:0e:90:97:d0:5d:58:
         73:57:5f:92:32:a4:4c:13:c3:71:f0:36:50:71:41:64:b1:63:
         ef:50:bb:69:5e:7d:58:3d:03:72:98:b6:42:d9:3b:2e:0c:25:
         77:f2:cb:05:f3:1b:17:33:00:2e:c7:15:29:5b:c1:c5:ad:e3:
         40:5a:3e:98:d6:0f:61:03:c9:0b:4e:38:92:bf:f6:ad:d0:70:
         e5:27:ea:99:7f:71:2f:0e:21:c9:47:a0:63:e2:38:00:df:1a:
         7c:53:75:44:70:19:34:30:d5:2c:25:ec:a2:16:8c:6e:c2:ae:
         1e:6f:44:47:77:42:5c:38:57:8a:9b:e3:2e:79:cb:5e:de:66:
         91:b1:ae:23:02:21:30:ad:5e:bc:1e:a3:50:61:2b:b7:bf:4f:
         98:02:83:ac:66:d6:a3:1a:ea:27:75:1a:b1:a2:f0:b1:e0:4e:
         d6:40:45:2d:59:95:80:f0:03:03:72:3d:91:2e:4f:96:ae:7c:
         d1:b8:3d:b3:7a:b6:9d:bd:7b:b3:a3:6b:a7:9d:25:96:e6:0b:
         39:67:ad:4c:45:cc:03:13:8e:c5:e0:84:4f:ec:fa:be:bd:c0:
         5e:df:30:00:e6:a7:d3:41:af:dd:00:5d:57:f3:b9:8b:26:47:
         58:39:23:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTlvE72U1zjKbSScMLrG4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzYzViMGQ3YzBhOWNkMjRiNzNjZGNiOTJjODc0NmU4NWE0
YTViOGYwHhcNMjQwMTAyMDgzMzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDliMWViZGMyZDQzOTFkZTY1MTJkOWZjODQ5YjBiOWFkYmM5M2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhlnt/c4YogDLQW6WX2tI1cwLol9S
z4EWMHqS2IBgX31pFxqeUpeDmrC0BvOr/IDkwKzb5c4LW8pdLf8z6eg91K+G/Cmk
o9oCQmNpXYEQs4PJulgfVkYmJ1XEoCCPvvTTLu70NKOgNHI0VeAv3rQ4wxLqWZ48
do0xz4hI3NGe80P4PUDvhLrDodxMZZ1uM2iQpn9SlqN+519v9bAQNqzaKdb6Z9iq
ziSdzgHMykVEQpc3SgD8TgtC7qmIhnWl3mVrVF+TD7Eyc+idAyDJx2jBP0GzOGtl
VEtJVFrmnzoweJ53KIxqoRCAynhppODFD48jRZWlZCHhFt+V4n2Rot9B6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP2bHr3C1Dkd5lEtn8hJsLmtvJPdMB8GA1UdIwQY
MBaAFDPFsNfAqc0ktzzcuSyHRuhaSluPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTThXdzE4Q3B6U1MzUE55NUxJZEc2RnBLVzQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8yNTgxZjQtODQxMC00YTQzLTkxODYt
MGZhYjIyNjllYThlLzEvX1pzZXZjTFVPUjNtVVMyZnlFbXd1YTI4azkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8yNTgxZjQtODQxMC00YTQzLTkxODYtMGZhYjIyNjllYThl
LzEvTThXdzE4Q3B6U1MzUE55NUxJZEc2RnBLVzQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw5VrMA0G
CSqGSIb3DQEBCwUAA4IBAQAz97p2/hyttfwPI3oOkJfQXVhzV1+SMqRME8Nx8DZQ
cUFksWPvULtpXn1YPQNymLZC2TsuDCV38ssF8xsXMwAuxxUpW8HFreNAWj6Y1g9h
A8kLTjiSv/at0HDlJ+qZf3EvDiHJR6Bj4jgA3xp8U3VEcBk0MNUsJeyiFoxuwq4e
b0RHd0JcOFeKm+Muecte3maRsa4jAiEwrV68HqNQYSu3v0+YAoOsZtajGuondRqx
ovCx4E7WQEUtWZWA8AMDcj2RLk+WrnzRuD2zeradvXuzo2unnSWW5gs5Z61MRcwD
E47F4IRP7Pq+vcBe3zAA5qfTQa/dAF1X87mLJkdYOSMz
-----END CERTIFICATE-----