Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/bab194-5e24-4ead-8f49-37ed99143aae/1/CmtM17aiKLdlqTgDS5td3FO2Zqw.roa
File:                     CmtM17aiKLdlqTgDS5td3FO2Zqw.roa (raw, json)
Hash identifier:          kzjU5N0XazjMxOjzYN0RESS2BbhBgF34yXUAj9xkvd0=
Subject key identifier:   0A:6B:4C:D7:B6:A2:28:B7:65:A9:38:03:4B:9B:5D:DC:53:B6:66:AC
Certificate issuer:       /CN=44f885220f1719f5837cb5a36fa62f3f537e8e3f
Certificate serial:       018CC9BC64CB3D0D468255987F7AA5D3A196
Authority key identifier: 44:F8:85:22:0F:17:19:F5:83:7C:B5:A3:6F:A6:2F:3F:53:7E:8E:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RPiFIg8XGfWDfLWjb6YvP1N-jj8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/bab194-5e24-4ead-8f49-37ed99143aae/1/CmtM17aiKLdlqTgDS5td3FO2Zqw.roa
Signing time:             Tue 02 Jan 2024 10:33:36 +0000
ROA not before:           Tue 02 Jan 2024 10:33:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51222
IP address blocks:        195.54.37.0/24 maxlen: 24
                          195.54.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/bab194-5e24-4ead-8f49-37ed99143aae/1/RPiFIg8XGfWDfLWjb6YvP1N-jj8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/bab194-5e24-4ead-8f49-37ed99143aae/1/RPiFIg8XGfWDfLWjb6YvP1N-jj8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RPiFIg8XGfWDfLWjb6YvP1N-jj8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 03:05:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:64:cb:3d:0d:46:82:55:98:7f:7a:a5:d3:a1:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44f885220f1719f5837cb5a36fa62f3f537e8e3f
        Validity
            Not Before: Jan  2 10:33:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a6b4cd7b6a228b765a938034b9b5ddc53b666ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:18:bf:19:2a:de:a0:8a:64:34:88:ab:fa:36:
                    b4:61:1a:1b:06:91:9d:7b:ee:90:4f:4c:79:1b:ca:
                    1f:a7:0e:51:e5:ef:bd:c3:20:9d:f4:3a:78:bc:a9:
                    7f:5c:44:2c:d6:95:94:bc:ba:09:84:5f:62:f3:37:
                    44:8c:37:ac:19:e9:51:8a:d1:4b:eb:d5:64:27:14:
                    db:2e:01:15:b6:25:44:b2:74:14:7f:bd:d1:85:fb:
                    25:a2:0d:a2:3e:40:fa:e4:b2:43:fd:65:07:87:60:
                    1f:61:53:77:56:32:da:fe:e7:9a:70:00:0d:47:9c:
                    53:30:04:36:0f:06:75:fa:0b:36:25:6e:ab:11:42:
                    d2:86:c7:50:83:c6:7c:6c:ed:72:dc:87:c8:d3:7f:
                    e3:5e:c8:5c:f4:e1:d8:eb:8c:84:ab:6d:a0:88:42:
                    f1:f6:34:0f:42:b0:53:11:74:1c:fd:34:cf:98:ba:
                    1b:8a:66:ca:c7:52:42:2f:59:85:7e:56:63:94:e9:
                    35:bc:44:54:02:bf:18:2b:cf:d2:b4:85:f9:f9:87:
                    1f:5d:44:b7:df:ab:f9:8f:2f:9c:2a:6b:6c:4a:fe:
                    8f:cf:48:17:ca:56:62:58:23:4b:f6:70:06:14:9b:
                    28:b4:c6:16:ec:24:bd:eb:06:1a:90:7d:62:80:8e:
                    f1:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:6B:4C:D7:B6:A2:28:B7:65:A9:38:03:4B:9B:5D:DC:53:B6:66:AC
            X509v3 Authority Key Identifier:
                keyid:44:F8:85:22:0F:17:19:F5:83:7C:B5:A3:6F:A6:2F:3F:53:7E:8E:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RPiFIg8XGfWDfLWjb6YvP1N-jj8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/bab194-5e24-4ead-8f49-37ed99143aae/1/CmtM17aiKLdlqTgDS5td3FO2Zqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/bab194-5e24-4ead-8f49-37ed99143aae/1/RPiFIg8XGfWDfLWjb6YvP1N-jj8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.54.36.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5c:47:bd:20:12:e4:34:89:12:08:ca:87:8b:ea:f0:b9:76:64:
         ef:a3:56:fc:7e:40:c6:1a:58:44:53:da:9b:51:5b:08:c4:46:
         fc:09:8b:5d:a8:2d:6d:4b:f8:c0:40:ac:45:37:2d:b0:36:7d:
         a5:a7:fc:7b:34:a7:b4:95:aa:55:81:77:8f:1b:5a:83:16:5c:
         0f:96:25:a3:75:ca:28:29:83:ac:7d:ff:ff:3a:11:b3:c7:00:
         a1:0d:c9:82:79:f1:5f:fd:ac:57:08:a7:70:a6:78:4c:2c:ac:
         0e:f6:4a:3e:b8:a5:df:d7:76:11:29:ef:01:a3:b3:20:bb:3f:
         27:f9:a0:67:e8:52:18:cf:5c:55:2e:0e:ae:36:b5:e2:ff:f4:
         29:44:fc:88:09:a3:5c:fb:c7:b9:31:56:fa:60:f5:25:88:b5:
         c0:d3:d4:4e:1c:e6:18:9f:ab:5f:6e:df:4a:7f:0b:9b:ed:89:
         08:a2:67:1a:e5:80:bf:58:f7:11:ad:bc:75:81:6e:9f:41:23:
         fe:8b:73:03:ae:9e:49:57:16:17:0d:e0:f9:54:8c:69:d8:97:
         62:09:c3:e0:d9:4c:4c:04:9c:3c:19:53:25:1a:92:44:9c:a7:
         10:ca:c3:81:b5:0b:af:06:cd:50:88:7f:e9:55:fe:51:80:41:
         d1:47:7a:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvGTLPQ1GglWYf3ql06GWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0Zjg4NTIyMGYxNzE5ZjU4MzdjYjVhMzZmYTYyZjNmNTM3
ZThlM2YwHhcNMjQwMTAyMTAzMzM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTZiNGNkN2I2YTIyOGI3NjVhOTM4MDM0YjliNWRkYzUzYjY2NmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhxi/GSreoIpkNIir+ja0YRobBpGd
e+6QT0x5G8ofpw5R5e+9wyCd9Dp4vKl/XEQs1pWUvLoJhF9i8zdEjDesGelRitFL
69VkJxTbLgEVtiVEsnQUf73Rhfslog2iPkD65LJD/WUHh2AfYVN3VjLa/ueacAAN
R5xTMAQ2DwZ1+gs2JW6rEULShsdQg8Z8bO1y3IfI03/jXshc9OHY64yEq22giELx
9jQPQrBTEXQc/TTPmLobimbKx1JCL1mFflZjlOk1vERUAr8YK8/StIX5+YcfXUS3
36v5jy+cKmtsSv6Pz0gXylZiWCNL9nAGFJsotMYW7CS96wYakH1igI7x7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAprTNe2oii3Zak4A0ubXdxTtmasMB8GA1UdIwQY
MBaAFET4hSIPFxn1g3y1o2+mLz9Tfo4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlBpRklnOFhHZldEZkxXamI2WXZQMU4tamo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9iYWIxOTQtNWUyNC00ZWFkLThmNDkt
MzdlZDk5MTQzYWFlLzEvQ210TTE3YWlLTGRscVRnRFM1dGQzRk8yWnF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9iYWIxOTQtNWUyNC00ZWFkLThmNDktMzdlZDk5MTQzYWFl
LzEvUlBpRklnOFhHZldEZkxXamI2WXZQMU4tamo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwzYkMA0G
CSqGSIb3DQEBCwUAA4IBAQBcR70gEuQ0iRIIyoeL6vC5dmTvo1b8fkDGGlhEU9qb
UVsIxEb8CYtdqC1tS/jAQKxFNy2wNn2lp/x7NKe0lapVgXePG1qDFlwPliWjdcoo
KYOsff//OhGzxwChDcmCefFf/axXCKdwpnhMLKwO9ko+uKXf13YRKe8Bo7Mguz8n
+aBn6FIYz1xVLg6uNrXi//QpRPyICaNc+8e5MVb6YPUliLXA09ROHOYYn6tfbt9K
fwub7YkIomca5YC/WPcRrbx1gW6fQSP+i3MDrp5JVxYXDeD5VIxp2JdiCcPg2UxM
BJw8GVMlGpJEnKcQysOBtQuvBs1QiH/pVf5RgEHRR3p3
-----END CERTIFICATE-----