Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/82f0f1-2147-49fd-a4d6-b7b574eedc33/1/rKdkd9SDKkVTIg6M8_7YnvTo6BM.roa
File:                     rKdkd9SDKkVTIg6M8_7YnvTo6BM.roa (raw, json)
Hash identifier:          RSw4iTNpKsTaDjqixoC/QWQUSfsasWSVMsrVPJvs/EE=
Subject key identifier:   AC:A7:64:77:D4:83:2A:45:53:22:0E:8C:F3:FE:D8:9E:F4:E8:E8:13
Certificate issuer:       /CN=3ae145fe3b79b2bf68aadbe007def6d72aef2ac3
Certificate serial:       018CC94E4483EE94952744CD82B7047944AD
Authority key identifier: 3A:E1:45:FE:3B:79:B2:BF:68:AA:DB:E0:07:DE:F6:D7:2A:EF:2A:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OuFF_jt5sr9oqtvgB9721yrvKsM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/82f0f1-2147-49fd-a4d6-b7b574eedc33/1/rKdkd9SDKkVTIg6M8_7YnvTo6BM.roa
Signing time:             Tue 02 Jan 2024 08:33:18 +0000
ROA not before:           Tue 02 Jan 2024 08:33:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31064
IP address blocks:        195.16.84.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/82f0f1-2147-49fd-a4d6-b7b574eedc33/1/OuFF_jt5sr9oqtvgB9721yrvKsM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/82f0f1-2147-49fd-a4d6-b7b574eedc33/1/OuFF_jt5sr9oqtvgB9721yrvKsM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OuFF_jt5sr9oqtvgB9721yrvKsM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 02:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:44:83:ee:94:95:27:44:cd:82:b7:04:79:44:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ae145fe3b79b2bf68aadbe007def6d72aef2ac3
        Validity
            Not Before: Jan  2 08:33:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aca76477d4832a4553220e8cf3fed89ef4e8e813
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:d3:8b:03:b0:4f:dd:e8:d9:37:3b:05:32:f0:
                    59:d4:6a:2a:79:21:72:7a:fc:7a:d0:85:24:18:81:
                    e2:dc:57:4a:51:46:44:4b:48:b7:08:83:69:e8:a3:
                    e5:2e:6c:f1:6c:31:ae:49:39:27:f8:07:e3:c5:36:
                    cc:52:1c:bb:8e:ee:f5:51:f5:f9:14:24:58:17:89:
                    f5:fe:37:b0:7e:47:a4:5a:0d:f7:11:f3:a0:a9:4a:
                    b6:96:d0:7f:1b:14:1d:2b:e4:7f:58:a9:60:27:7b:
                    da:86:77:f9:b2:41:d3:70:33:2b:ce:5d:07:81:a7:
                    c2:66:fd:b2:82:04:ec:78:3f:e7:e2:93:91:dd:03:
                    57:7f:55:1c:0b:81:3e:84:96:1d:83:04:3e:97:1e:
                    ff:4c:ee:8a:df:fb:66:62:a0:ba:83:16:15:1d:e7:
                    30:2b:86:da:1e:db:55:68:1c:97:6a:16:e0:42:26:
                    a2:b0:19:be:9f:d8:78:93:f4:6d:f5:74:71:32:4b:
                    6d:0f:5a:61:e0:58:ee:6d:dc:53:62:c3:57:8e:44:
                    34:85:cc:56:b2:36:ef:c2:b1:7e:1d:70:8f:80:11:
                    02:a8:b8:0b:14:4b:9b:01:0c:72:f9:ca:e9:e5:46:
                    9f:10:f3:54:e8:80:7b:c2:43:03:b6:9f:7f:df:eb:
                    e0:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:A7:64:77:D4:83:2A:45:53:22:0E:8C:F3:FE:D8:9E:F4:E8:E8:13
            X509v3 Authority Key Identifier:
                keyid:3A:E1:45:FE:3B:79:B2:BF:68:AA:DB:E0:07:DE:F6:D7:2A:EF:2A:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OuFF_jt5sr9oqtvgB9721yrvKsM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/82f0f1-2147-49fd-a4d6-b7b574eedc33/1/rKdkd9SDKkVTIg6M8_7YnvTo6BM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/82f0f1-2147-49fd-a4d6-b7b574eedc33/1/OuFF_jt5sr9oqtvgB9721yrvKsM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.16.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         88:d4:c1:95:ee:8c:ee:10:92:4c:e5:64:f8:41:fa:af:3a:59:
         db:07:24:43:c3:e8:4d:47:e9:02:c8:5b:a1:35:a3:93:63:67:
         ed:a1:ba:32:5a:52:f3:95:3d:4c:5c:9f:23:9f:4c:35:70:31:
         ec:1d:43:64:78:bf:6e:fa:e8:40:c6:5e:86:ec:23:3c:55:b5:
         e3:99:58:64:c8:8b:b1:67:92:04:b4:20:54:54:ef:10:ce:5f:
         09:af:76:71:cf:13:d1:95:4e:89:8d:33:8e:70:66:3b:c0:0b:
         94:44:54:f3:82:0f:c1:a4:58:54:a3:d7:f7:53:39:15:f8:dc:
         c4:c9:94:3c:68:4c:6c:31:37:f7:a1:49:77:70:9b:fa:1a:22:
         b1:f1:bb:8a:9b:60:62:fe:ab:94:a9:0f:b7:3a:ec:41:3d:f2:
         0f:63:31:6e:7b:98:14:e9:6a:47:64:bf:ed:72:43:b0:af:9a:
         e7:77:c4:5e:1a:3b:c8:49:dc:4c:0b:e4:ac:f1:68:65:58:b5:
         3a:48:58:2f:ca:9a:f7:7a:32:e7:9a:e1:7b:ac:30:09:57:72:
         75:63:56:6a:4b:81:3b:ab:3e:f3:40:04:23:6f:6a:4a:3e:ff:
         91:35:80:f6:48:dc:5f:e1:0d:35:5c:6d:0a:1a:3e:9d:71:1d:
         f0:16:89:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTkSD7pSVJ0TNgrcEeUStMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZTE0NWZlM2I3OWIyYmY2OGFhZGJlMDA3ZGVmNmQ3MmFl
ZjJhYzMwHhcNMjQwMTAyMDgzMzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2E3NjQ3N2Q0ODMyYTQ1NTMyMjBlOGNmM2ZlZDg5ZWY0ZThlODEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwNOLA7BP3ejZNzsFMvBZ1GoqeSFy
evx60IUkGIHi3FdKUUZES0i3CINp6KPlLmzxbDGuSTkn+AfjxTbMUhy7ju71UfX5
FCRYF4n1/jewfkekWg33EfOgqUq2ltB/GxQdK+R/WKlgJ3vahnf5skHTcDMrzl0H
gafCZv2yggTseD/n4pOR3QNXf1UcC4E+hJYdgwQ+lx7/TO6K3/tmYqC6gxYVHecw
K4baHttVaByXahbgQiaisBm+n9h4k/Rt9XRxMkttD1ph4FjubdxTYsNXjkQ0hcxW
sjbvwrF+HXCPgBECqLgLFEubAQxy+crp5UafEPNU6IB7wkMDtp9/3+vgvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKynZHfUgypFUyIOjPP+2J706OgTMB8GA1UdIwQY
MBaAFDrhRf47ebK/aKrb4Afe9tcq7yrDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3VGRl9qdDVzcjlvcXR2Z0I5NzIxeXJ2S3NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC84MmYwZjEtMjE0Ny00OWZkLWE0ZDYt
YjdiNTc0ZWVkYzMzLzEvcktka2Q5U0RLa1ZUSWc2TThfN1ludlRvNkJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC84MmYwZjEtMjE0Ny00OWZkLWE0ZDYtYjdiNTc0ZWVkYzMz
LzEvT3VGRl9qdDVzcjlvcXR2Z0I5NzIxeXJ2S3NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwxBUMA0G
CSqGSIb3DQEBCwUAA4IBAQCI1MGV7ozuEJJM5WT4QfqvOlnbByRDw+hNR+kCyFuh
NaOTY2ftoboyWlLzlT1MXJ8jn0w1cDHsHUNkeL9u+uhAxl6G7CM8VbXjmVhkyIux
Z5IEtCBUVO8Qzl8Jr3ZxzxPRlU6JjTOOcGY7wAuURFTzgg/BpFhUo9f3UzkV+NzE
yZQ8aExsMTf3oUl3cJv6GiKx8buKm2Bi/quUqQ+3OuxBPfIPYzFue5gU6WpHZL/t
ckOwr5rnd8ReGjvISdxMC+Ss8WhlWLU6SFgvypr3ejLnmuF7rDAJV3J1Y1ZqS4E7
qz7zQAQjb2pKPv+RNYD2SNxf4Q01XG0KGj6dcR3wFonH
-----END CERTIFICATE-----