Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/e7c7eb-f7c6-43b7-a6ff-63e020feecf9/1/AWcygWCHjavnkOIee9g1R2yyO2g.roa
File:                     AWcygWCHjavnkOIee9g1R2yyO2g.roa (raw, json)
Hash identifier:          7Z4PwE7FlAmyvg+x5s2TuIUtCXjTFoHlvK797pIW/IY=
Subject key identifier:   01:67:32:81:60:87:8D:AB:E7:90:E2:1E:7B:D8:35:47:6C:B2:3B:68
Certificate issuer:       /CN=49de578dac792d95e217d9871e04f66973bb7eb0
Certificate serial:       018CC6B8A63392245EDFE227D3C27301B93E
Authority key identifier: 49:DE:57:8D:AC:79:2D:95:E2:17:D9:87:1E:04:F6:69:73:BB:7E:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sd5Xjax5LZXiF9mHHgT2aXO7frA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/e7c7eb-f7c6-43b7-a6ff-63e020feecf9/1/AWcygWCHjavnkOIee9g1R2yyO2g.roa
Signing time:             Mon 01 Jan 2024 20:30:39 +0000
ROA not before:           Mon 01 Jan 2024 20:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56971
IP address blocks:        195.211.124.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/e7c7eb-f7c6-43b7-a6ff-63e020feecf9/1/Sd5Xjax5LZXiF9mHHgT2aXO7frA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/e7c7eb-f7c6-43b7-a6ff-63e020feecf9/1/Sd5Xjax5LZXiF9mHHgT2aXO7frA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sd5Xjax5LZXiF9mHHgT2aXO7frA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:a6:33:92:24:5e:df:e2:27:d3:c2:73:01:b9:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49de578dac792d95e217d9871e04f66973bb7eb0
        Validity
            Not Before: Jan  1 20:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0167328160878dabe790e21e7bd835476cb23b68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:d9:cc:9e:e7:33:c5:b7:ff:0a:c7:a9:2b:fa:
                    a3:ff:5e:2b:39:7d:38:a4:6f:52:a5:e5:17:6a:15:
                    e8:5b:91:83:ba:ab:07:8a:ac:21:bf:2b:86:40:2c:
                    f6:03:58:f7:96:00:94:07:4e:fd:5b:e8:1c:78:27:
                    c6:68:69:23:9b:7b:9a:72:3f:4c:c8:b3:86:8c:0d:
                    76:29:fd:6c:5a:2c:d2:6f:51:9f:17:1a:a7:d9:ce:
                    d9:66:a1:d4:80:9a:18:f4:0b:87:b0:0b:c6:3e:2f:
                    3c:77:49:4b:4e:ac:14:2f:8e:7c:a0:15:18:c5:86:
                    fb:06:0d:0c:47:fa:a9:ec:9f:8d:3b:4d:de:cf:8a:
                    a6:af:44:27:06:6c:34:62:59:b9:83:b4:5d:0e:17:
                    1a:27:db:54:7e:2f:d0:f6:76:a5:b9:6d:8f:2e:1a:
                    42:3c:a4:a5:24:1c:73:b4:2a:b0:3f:5a:e5:d5:a9:
                    1e:d7:7f:72:19:1b:56:51:a6:22:cc:ae:b1:15:0e:
                    6d:c1:54:76:c4:f6:68:3e:ee:10:a4:e9:5a:1d:27:
                    fc:fe:9b:36:c0:a6:67:ec:fb:6e:09:9a:3d:c9:da:
                    d3:cd:96:43:11:e4:d9:30:ab:72:bc:dd:d1:e2:0f:
                    97:ef:70:ae:4d:c2:4c:cd:66:11:14:df:a3:28:e0:
                    c8:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:67:32:81:60:87:8D:AB:E7:90:E2:1E:7B:D8:35:47:6C:B2:3B:68
            X509v3 Authority Key Identifier:
                keyid:49:DE:57:8D:AC:79:2D:95:E2:17:D9:87:1E:04:F6:69:73:BB:7E:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sd5Xjax5LZXiF9mHHgT2aXO7frA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/e7c7eb-f7c6-43b7-a6ff-63e020feecf9/1/AWcygWCHjavnkOIee9g1R2yyO2g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/e7c7eb-f7c6-43b7-a6ff-63e020feecf9/1/Sd5Xjax5LZXiF9mHHgT2aXO7frA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.211.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:2c:b9:60:1f:ed:33:69:53:b6:e5:0c:94:03:d6:6d:e9:98:
         9a:04:a8:5c:b8:bf:e4:a8:32:12:05:50:6f:0b:36:a5:42:f2:
         19:10:76:e5:bf:4f:ae:67:f8:96:d3:db:26:de:e1:e6:c7:da:
         15:9f:4e:ce:47:75:ca:2e:09:37:51:bd:80:c4:2f:77:ac:17:
         11:55:85:6a:32:3d:97:d4:fa:d0:93:63:18:f0:3b:be:58:ec:
         34:d3:d9:e2:5c:f8:d7:2c:04:0b:e5:2b:f7:37:ff:0f:03:16:
         33:6e:89:24:25:f5:62:75:4c:d4:04:40:16:d1:67:fd:2b:b8:
         2f:ea:7b:48:74:28:ba:d9:4a:ae:a5:81:96:80:1d:d0:e5:7f:
         df:16:d2:4e:f1:fb:bc:4b:d4:0b:4a:dd:f2:ae:ab:c6:4f:a5:
         af:4d:eb:e0:17:f4:33:8e:31:da:e3:bb:b0:c0:4b:da:9e:01:
         19:95:f4:9e:4a:34:c9:87:66:85:87:6c:ad:84:6a:22:ed:4f:
         14:e6:d6:31:bc:82:6a:56:28:ca:a8:0e:9f:12:fb:d6:cc:4f:
         ea:45:82:c0:57:d2:73:8c:a3:18:a0:3d:84:48:91:3f:a9:49:
         ad:f3:ca:78:7a:fd:71:06:b4:55:94:ac:a0:97:07:0b:65:7a:
         3b:c0:dc:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuKYzkiRe3+In08JzAbk+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZGU1NzhkYWM3OTJkOTVlMjE3ZDk4NzFlMDRmNjY5NzNi
YjdlYjAwHhcNMjQwMTAxMjAzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTY3MzI4MTYwODc4ZGFiZTc5MGUyMWU3YmQ4MzU0NzZjYjIzYjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9nMnuczxbf/CsepK/qj/14rOX04
pG9SpeUXahXoW5GDuqsHiqwhvyuGQCz2A1j3lgCUB079W+gceCfGaGkjm3uacj9M
yLOGjA12Kf1sWizSb1GfFxqn2c7ZZqHUgJoY9AuHsAvGPi88d0lLTqwUL458oBUY
xYb7Bg0MR/qp7J+NO03ez4qmr0QnBmw0Ylm5g7RdDhcaJ9tUfi/Q9naluW2PLhpC
PKSlJBxztCqwP1rl1ake139yGRtWUaYizK6xFQ5twVR2xPZoPu4QpOlaHSf8/ps2
wKZn7PtuCZo9ydrTzZZDEeTZMKtyvN3R4g+X73CuTcJMzWYRFN+jKODIPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAFnMoFgh42r55DiHnvYNUdssjtoMB8GA1UdIwQY
MBaAFEneV42seS2V4hfZhx4E9mlzu36wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2Q1WGpheDVMWlhpRjltSEhnVDJhWE83ZnJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9lN2M3ZWItZjdjNi00M2I3LWE2ZmYt
NjNlMDIwZmVlY2Y5LzEvQVdjeWdXQ0hqYXZua09JZWU5ZzFSMnl5TzJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9lN2M3ZWItZjdjNi00M2I3LWE2ZmYtNjNlMDIwZmVlY2Y5
LzEvU2Q1WGpheDVMWlhpRjltSEhnVDJhWE83ZnJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9N8MA0G
CSqGSIb3DQEBCwUAA4IBAQCPLLlgH+0zaVO25QyUA9Zt6ZiaBKhcuL/kqDISBVBv
CzalQvIZEHblv0+uZ/iW09sm3uHmx9oVn07OR3XKLgk3Ub2AxC93rBcRVYVqMj2X
1PrQk2MY8Du+WOw009niXPjXLAQL5Sv3N/8PAxYzbokkJfVidUzUBEAW0Wf9K7gv
6ntIdCi62UqupYGWgB3Q5X/fFtJO8fu8S9QLSt3yrqvGT6WvTevgF/QzjjHa47uw
wEvangEZlfSeSjTJh2aFh2ythGoi7U8U5tYxvIJqVijKqA6fEvvWzE/qRYLAV9Jz
jKMYoD2ESJE/qUmt88p4ev1xBrRVlKyglwcLZXo7wNzT
-----END CERTIFICATE-----