Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/jHXcNAHznksHHEsoQentdu06YzM.roa
File:                     jHXcNAHznksHHEsoQentdu06YzM.roa (raw, json)
Hash identifier:          +XaxezL32vHXsweTZ4yC7cUBLU/HjLLVVO63UV1U9s8=
Subject key identifier:   8C:75:DC:34:01:F3:9E:4B:07:1C:4B:28:41:E9:ED:76:ED:3A:63:33
Certificate issuer:       /CN=9e3533d662c3f0d6bb1e692f3fab6d7ba3824c28
Certificate serial:       018CC801FA014003FD0E84FF45AA5F4E2C95
Authority key identifier: 9E:35:33:D6:62:C3:F0:D6:BB:1E:69:2F:3F:AB:6D:7B:A3:82:4C:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/jHXcNAHznksHHEsoQentdu06YzM.roa
Signing time:             Tue 02 Jan 2024 02:30:21 +0000
ROA not before:           Tue 02 Jan 2024 02:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43350
IP address blocks:        195.13.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 22:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:fa:01:40:03:fd:0e:84:ff:45:aa:5f:4e:2c:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e3533d662c3f0d6bb1e692f3fab6d7ba3824c28
        Validity
            Not Before: Jan  2 02:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c75dc3401f39e4b071c4b2841e9ed76ed3a6333
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:b4:31:ed:68:86:01:f4:32:80:a5:23:c3:39:
                    45:36:d6:5b:89:09:dd:06:e8:cf:b5:c9:05:67:8f:
                    91:4c:51:7b:a1:d9:6f:8d:28:dd:76:68:7b:37:5b:
                    23:db:96:5c:52:16:34:66:0e:3b:05:d0:05:25:63:
                    2a:8a:ba:5e:9e:39:61:61:bf:4a:39:0b:a0:0a:b3:
                    6e:1b:da:bf:48:9c:a3:9e:d4:4b:16:e1:55:91:8d:
                    4e:7f:d1:e2:dc:96:94:36:eb:f2:c9:2e:eb:63:bf:
                    4d:14:5b:ac:a9:63:6d:86:40:04:df:93:0d:8f:ff:
                    10:67:55:78:c0:e0:65:c6:ba:6f:40:1c:59:92:12:
                    6c:e8:45:ec:49:d4:d6:5c:ac:59:6b:58:d5:58:cd:
                    51:f0:2e:35:55:8b:5b:be:4e:79:55:ab:fe:bf:d9:
                    12:4a:42:8e:69:c5:47:7c:03:c4:12:73:fa:a6:a1:
                    35:53:76:2a:f7:18:17:36:c8:47:df:d5:f3:78:c7:
                    ba:dc:d5:22:f7:35:17:43:5a:3f:2e:6a:9e:c3:53:
                    71:1e:58:95:1e:e2:0d:04:45:83:31:6d:5a:4f:cd:
                    b0:e6:35:1b:c8:43:78:95:d1:ab:2a:39:2f:cd:d2:
                    de:83:78:bb:3e:07:f6:f2:97:ea:4f:0e:c9:75:bf:
                    8b:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:75:DC:34:01:F3:9E:4B:07:1C:4B:28:41:E9:ED:76:ED:3A:63:33
            X509v3 Authority Key Identifier:
                keyid:9E:35:33:D6:62:C3:F0:D6:BB:1E:69:2F:3F:AB:6D:7B:A3:82:4C:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/jHXcNAHznksHHEsoQentdu06YzM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.13.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:98:ea:f6:24:a9:97:2e:a1:78:66:0d:cd:49:ba:8b:23:9e:
         27:19:27:ac:e7:9b:48:00:98:fe:33:17:9e:bf:4b:21:77:61:
         ea:e2:65:56:f8:c1:c2:91:cd:d3:59:0e:29:4a:00:07:03:e1:
         23:13:99:9d:a2:75:bd:98:5b:bd:80:e5:bc:34:2c:39:41:1b:
         cc:4d:a4:d9:af:b7:ab:da:56:5e:12:d3:e2:6e:81:94:b4:04:
         9e:c1:d2:55:92:30:54:53:a2:73:fd:44:41:43:01:08:fb:ae:
         65:d4:f5:9c:de:36:62:6a:99:4e:f0:1d:04:14:90:0b:c5:c5:
         f5:80:5d:d8:2e:06:d1:23:7b:bc:cc:dc:43:8d:47:b5:d8:9c:
         14:7b:1c:59:d1:9f:a7:e3:f6:52:38:d4:7d:55:4c:1c:54:00:
         d9:e0:4e:8e:02:81:64:6f:9a:b1:31:38:ec:ea:1e:65:9a:9a:
         d3:19:59:b6:5c:cc:fc:ec:d0:f3:69:0f:71:c1:25:be:38:c1:
         86:1a:78:e6:62:cd:52:96:b0:8d:91:9b:dc:78:07:e2:73:04:
         c5:e3:19:c9:98:b3:d0:59:0b:1d:7a:c9:a8:c9:e9:cb:dc:0a:
         dd:36:61:27:e4:7b:af:95:f7:1b:10:18:91:a2:22:b5:eb:9f:
         ff:c2:e6:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAfoBQAP9DoT/RapfTiyVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMzUzM2Q2NjJjM2YwZDZiYjFlNjkyZjNmYWI2ZDdiYTM4
MjRjMjgwHhcNMjQwMTAyMDIzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Yzc1ZGMzNDAxZjM5ZTRiMDcxYzRiMjg0MWU5ZWQ3NmVkM2E2MzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLQx7WiGAfQygKUjwzlFNtZbiQnd
BujPtckFZ4+RTFF7odlvjSjddmh7N1sj25ZcUhY0Zg47BdAFJWMqirpenjlhYb9K
OQugCrNuG9q/SJyjntRLFuFVkY1Of9Hi3JaUNuvyyS7rY79NFFusqWNthkAE35MN
j/8QZ1V4wOBlxrpvQBxZkhJs6EXsSdTWXKxZa1jVWM1R8C41VYtbvk55Vav+v9kS
SkKOacVHfAPEEnP6pqE1U3Yq9xgXNshH39XzeMe63NUi9zUXQ1o/Lmqew1NxHliV
HuINBEWDMW1aT82w5jUbyEN4ldGrKjkvzdLeg3i7Pgf28pfqTw7Jdb+LiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIx13DQB855LBxxLKEHp7XbtOmMzMB8GA1UdIwQY
MBaAFJ41M9Ziw/DWux5pLz+rbXujgkwoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmpVejFtTEQ4TmE3SG1rdlA2dHRlNk9DVENnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9iZWJlNmQtMTZiMy00YjAyLWIyMDUt
YTc4MzQxMzA5OWQzLzEvakhYY05BSHpua3NISEVzb1FlbnRkdTA2WXpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9iZWJlNmQtMTZiMy00YjAyLWIyMDUtYTc4MzQxMzA5OWQz
LzEvbmpVejFtTEQ4TmE3SG1rdlA2dHRlNk9DVENnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAww08MA0G
CSqGSIb3DQEBCwUAA4IBAQA4mOr2JKmXLqF4Zg3NSbqLI54nGSes55tIAJj+Mxee
v0shd2Hq4mVW+MHCkc3TWQ4pSgAHA+EjE5mdonW9mFu9gOW8NCw5QRvMTaTZr7er
2lZeEtPiboGUtASewdJVkjBUU6Jz/URBQwEI+65l1PWc3jZiaplO8B0EFJALxcX1
gF3YLgbRI3u8zNxDjUe12JwUexxZ0Z+n4/ZSONR9VUwcVADZ4E6OAoFkb5qxMTjs
6h5lmprTGVm2XMz87NDzaQ9xwSW+OMGGGnjmYs1SlrCNkZvceAficwTF4xnJmLPQ
WQsdesmoyenL3ArdNmEn5HuvlfcbEBiRoiK165//wuZ7
-----END CERTIFICATE-----