Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/74bf41-d6a7-4fb5-801c-33cc3adb1e78/1/wmQ4stPvxL-Rx9bNCPCrO00dXUY.roa
File:                     wmQ4stPvxL-Rx9bNCPCrO00dXUY.roa (raw, json)
Hash identifier:          PB0f+NZ/wAtQkxyUJvB62TWRlDgP2kRQzCSlRvfwS6w=
Subject key identifier:   C2:64:38:B2:D3:EF:C4:BF:91:C7:D6:CD:08:F0:AB:3B:4D:1D:5D:46
Certificate issuer:       /CN=61e6ea83926bc478c785471d805a5c1210a8c993
Certificate serial:       018CC3B71F9812F8C5A42DC79AFE628D7F7A
Authority key identifier: 61:E6:EA:83:92:6B:C4:78:C7:85:47:1D:80:5A:5C:12:10:A8:C9:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yebqg5JrxHjHhUcdgFpcEhCoyZM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/74bf41-d6a7-4fb5-801c-33cc3adb1e78/1/wmQ4stPvxL-Rx9bNCPCrO00dXUY.roa
Signing time:             Mon 01 Jan 2024 06:30:07 +0000
ROA not before:           Mon 01 Jan 2024 06:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57460
IP address blocks:        195.238.112.0/22 maxlen: 22
                          195.238.112.0/24 maxlen: 24
                          195.238.115.0/24 maxlen: 24
                          195.238.113.0/24 maxlen: 24
                          195.238.114.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/74bf41-d6a7-4fb5-801c-33cc3adb1e78/1/Yebqg5JrxHjHhUcdgFpcEhCoyZM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/74bf41-d6a7-4fb5-801c-33cc3adb1e78/1/Yebqg5JrxHjHhUcdgFpcEhCoyZM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yebqg5JrxHjHhUcdgFpcEhCoyZM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:1f:98:12:f8:c5:a4:2d:c7:9a:fe:62:8d:7f:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61e6ea83926bc478c785471d805a5c1210a8c993
        Validity
            Not Before: Jan  1 06:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c26438b2d3efc4bf91c7d6cd08f0ab3b4d1d5d46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:7a:b2:3c:ef:50:77:cc:24:93:01:81:b0:a0:
                    73:37:c4:bb:79:f9:83:99:7a:2f:a9:e2:19:43:35:
                    12:81:f0:d4:01:f6:c6:19:d3:da:5b:b8:21:ef:5e:
                    32:07:53:fc:51:66:5d:4b:78:93:9e:ad:5c:ca:9b:
                    1b:45:ce:7b:1d:6b:5c:e4:29:0f:9b:45:83:91:ca:
                    bc:26:4f:c9:33:8f:1c:13:9e:79:06:d8:bd:a3:3d:
                    4e:d6:a6:d0:7a:fb:08:5c:23:cd:f3:95:e3:64:bf:
                    96:0c:48:d9:36:b0:fc:3f:94:d1:af:65:18:90:62:
                    ab:f4:93:3b:71:6f:2a:c2:f7:c0:af:9a:e5:20:59:
                    18:6b:36:b5:07:20:26:3c:a6:71:58:87:c2:34:c6:
                    a7:bd:14:48:93:af:f3:31:05:e2:8d:bb:e3:75:aa:
                    30:09:05:8d:aa:b8:f3:0c:b7:60:38:f1:24:6c:9d:
                    fc:d4:54:be:53:e7:a7:05:02:01:28:ba:a9:94:a4:
                    e3:81:1c:dd:db:fb:f0:b1:96:ff:ff:70:98:13:77:
                    f6:7e:9a:e4:37:65:6a:9d:58:34:db:25:6c:78:20:
                    05:5c:92:98:0d:36:0a:ef:04:75:2e:9d:c3:0d:9f:
                    6a:d0:ae:5e:a2:b7:f9:44:b1:f9:49:2e:ac:65:17:
                    60:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:64:38:B2:D3:EF:C4:BF:91:C7:D6:CD:08:F0:AB:3B:4D:1D:5D:46
            X509v3 Authority Key Identifier:
                keyid:61:E6:EA:83:92:6B:C4:78:C7:85:47:1D:80:5A:5C:12:10:A8:C9:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yebqg5JrxHjHhUcdgFpcEhCoyZM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/74bf41-d6a7-4fb5-801c-33cc3adb1e78/1/wmQ4stPvxL-Rx9bNCPCrO00dXUY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/74bf41-d6a7-4fb5-801c-33cc3adb1e78/1/Yebqg5JrxHjHhUcdgFpcEhCoyZM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.238.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:b0:d0:43:ec:cb:60:79:46:ab:16:c9:27:9d:0c:b7:b7:29:
         27:86:a5:ef:cc:f6:b1:00:03:e4:3e:9a:e2:e1:e6:73:0e:1b:
         86:8e:88:71:d5:fc:fc:ce:93:a6:cc:5c:f3:13:3d:e8:70:52:
         ec:60:51:fa:3b:1f:63:1f:31:74:e1:14:af:0d:86:e0:da:55:
         90:81:46:cf:bf:f9:87:08:b0:f5:db:b9:60:02:5c:88:60:6e:
         b7:19:0c:90:d9:c4:5a:dc:5c:52:46:a7:24:7d:a6:5a:34:99:
         d3:95:fe:87:3e:1b:b9:a7:33:0d:e5:79:e6:f7:f0:82:c0:47:
         87:be:96:81:ec:9e:5d:7a:13:ab:ef:25:59:13:74:94:ad:1f:
         8d:a2:91:44:e4:22:4a:62:8f:b6:13:5d:41:07:1f:5c:bd:c3:
         ce:be:14:cc:41:a5:f9:2c:a1:39:a3:df:4a:38:09:cf:9d:93:
         6a:5d:f6:59:8c:23:c5:31:0e:48:9e:55:bf:61:cd:f5:5c:c2:
         6d:c0:51:f9:4a:8e:72:55:39:3c:ad:8f:5a:cc:4d:c7:4f:e3:
         e3:1a:45:fc:af:7b:52:31:a9:09:0b:31:26:54:a9:03:ca:51:
         2e:85:81:ba:25:3e:39:bf:67:c8:53:71:67:3e:87:30:1e:14:
         ef:66:65:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtx+YEvjFpC3Hmv5ijX96MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxZTZlYTgzOTI2YmM0NzhjNzg1NDcxZDgwNWE1YzEyMTBh
OGM5OTMwHhcNMjQwMTAxMDYzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjY0MzhiMmQzZWZjNGJmOTFjN2Q2Y2QwOGYwYWIzYjRkMWQ1ZDQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAinqyPO9Qd8wkkwGBsKBzN8S7efmD
mXovqeIZQzUSgfDUAfbGGdPaW7gh714yB1P8UWZdS3iTnq1cypsbRc57HWtc5CkP
m0WDkcq8Jk/JM48cE555Bti9oz1O1qbQevsIXCPN85XjZL+WDEjZNrD8P5TRr2UY
kGKr9JM7cW8qwvfAr5rlIFkYaza1ByAmPKZxWIfCNManvRRIk6/zMQXijbvjdaow
CQWNqrjzDLdgOPEkbJ381FS+U+enBQIBKLqplKTjgRzd2/vwsZb//3CYE3f2fprk
N2VqnVg02yVseCAFXJKYDTYK7wR1Lp3DDZ9q0K5eorf5RLH5SS6sZRdgQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMJkOLLT78S/kcfWzQjwqztNHV1GMB8GA1UdIwQY
MBaAFGHm6oOSa8R4x4VHHYBaXBIQqMmTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWVicWc1SnJ4SGpIaFVjZGdGcGNFaENveVpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83NGJmNDEtZDZhNy00ZmI1LTgwMWMt
MzNjYzNhZGIxZTc4LzEvd21RNHN0UHZ4TC1SeDliTkNQQ3JPMDBkWFVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83NGJmNDEtZDZhNy00ZmI1LTgwMWMtMzNjYzNhZGIxZTc4
LzEvWWVicWc1SnJ4SGpIaFVjZGdGcGNFaENveVpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw+5wMA0G
CSqGSIb3DQEBCwUAA4IBAQBasNBD7MtgeUarFsknnQy3tyknhqXvzPaxAAPkPpri
4eZzDhuGjohx1fz8zpOmzFzzEz3ocFLsYFH6Ox9jHzF04RSvDYbg2lWQgUbPv/mH
CLD127lgAlyIYG63GQyQ2cRa3FxSRqckfaZaNJnTlf6HPhu5pzMN5Xnm9/CCwEeH
vpaB7J5dehOr7yVZE3SUrR+NopFE5CJKYo+2E11BBx9cvcPOvhTMQaX5LKE5o99K
OAnPnZNqXfZZjCPFMQ5InlW/Yc31XMJtwFH5So5yVTk8rY9azE3HT+PjGkX8r3tS
MakJCzEmVKkDylEuhYG6JT45v2fIU3FnPocwHhTvZmUR
-----END CERTIFICATE-----