Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/f0f6d3-a904-423b-8f95-fc07ce4a37e6/1/Sn2PjWOF3YKf8_jN5STlzoMzhiw.roa
File:                     Sn2PjWOF3YKf8_jN5STlzoMzhiw.roa (raw, json)
Hash identifier:          UQzSwMaZC1Riajz1ab0LkAB9BBledxn4tSXcsWO7xlk=
Subject key identifier:   4A:7D:8F:8D:63:85:DD:82:9F:F3:F8:CD:E5:24:E5:CE:83:33:86:2C
Certificate issuer:       /CN=55f7caba9bd5f9fac1e0145a7567c9b459a95e86
Certificate serial:       018CC56EA765F8E7E842397E0C03B281990A
Authority key identifier: 55:F7:CA:BA:9B:D5:F9:FA:C1:E0:14:5A:75:67:C9:B4:59:A9:5E:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VffKupvV-frB4BRadWfJtFmpXoY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/f0f6d3-a904-423b-8f95-fc07ce4a37e6/1/Sn2PjWOF3YKf8_jN5STlzoMzhiw.roa
Signing time:             Mon 01 Jan 2024 14:30:12 +0000
ROA not before:           Mon 01 Jan 2024 14:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204203
IP address blocks:        195.88.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/f0f6d3-a904-423b-8f95-fc07ce4a37e6/1/VffKupvV-frB4BRadWfJtFmpXoY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/f0f6d3-a904-423b-8f95-fc07ce4a37e6/1/VffKupvV-frB4BRadWfJtFmpXoY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VffKupvV-frB4BRadWfJtFmpXoY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 20:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:a7:65:f8:e7:e8:42:39:7e:0c:03:b2:81:99:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55f7caba9bd5f9fac1e0145a7567c9b459a95e86
        Validity
            Not Before: Jan  1 14:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a7d8f8d6385dd829ff3f8cde524e5ce8333862c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:5f:0c:34:ab:75:39:b0:f1:28:73:1a:c9:0a:
                    f2:57:b9:ab:93:84:03:86:72:76:7c:df:21:0b:45:
                    c7:89:27:3a:8d:95:f8:de:a0:34:e5:bc:95:8d:49:
                    f4:fd:66:6a:e3:af:a2:e7:d2:4f:b1:ba:2c:9d:36:
                    44:0d:f0:81:4d:5e:d5:2f:a3:68:0e:86:f1:f1:b8:
                    2d:ba:7a:47:d0:f5:bb:90:eb:e8:a3:c1:01:8d:63:
                    a6:71:df:4d:1f:3e:82:4c:c3:c7:79:35:2b:a8:32:
                    a7:57:33:e6:d6:33:b2:ee:d7:25:34:33:84:ca:74:
                    db:c6:5e:10:40:58:c8:3a:25:74:25:4e:31:5d:9b:
                    45:9a:4e:e1:4e:73:d7:e8:a7:c8:e2:2b:1b:b9:66:
                    54:5d:47:74:6f:33:28:ad:50:a8:4e:79:fa:27:42:
                    b4:2c:9e:ba:09:ee:d3:6e:9e:4f:9b:b4:59:f3:ba:
                    f5:e7:24:5f:64:ac:58:e9:4c:11:3d:c4:eb:60:e8:
                    0a:68:ca:6d:d8:a9:d1:81:dd:67:0b:40:75:0c:39:
                    82:8c:7e:08:7a:59:ea:8b:a3:47:37:ad:c6:c7:34:
                    d5:6d:1f:3a:40:6f:46:7f:cb:c1:f5:6a:27:a8:1b:
                    29:57:df:c0:61:42:d0:d5:17:e2:7e:d0:d8:1e:7d:
                    71:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:7D:8F:8D:63:85:DD:82:9F:F3:F8:CD:E5:24:E5:CE:83:33:86:2C
            X509v3 Authority Key Identifier:
                keyid:55:F7:CA:BA:9B:D5:F9:FA:C1:E0:14:5A:75:67:C9:B4:59:A9:5E:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VffKupvV-frB4BRadWfJtFmpXoY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/f0f6d3-a904-423b-8f95-fc07ce4a37e6/1/Sn2PjWOF3YKf8_jN5STlzoMzhiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/f0f6d3-a904-423b-8f95-fc07ce4a37e6/1/VffKupvV-frB4BRadWfJtFmpXoY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:d1:3d:fe:6e:a2:97:51:06:f7:f3:e8:28:a8:cd:e4:b5:18:
         ed:9f:73:31:2f:25:83:d2:29:39:bd:2d:65:11:ad:6d:93:eb:
         6b:bc:2d:b9:85:60:d1:cd:e2:cb:59:6e:47:03:eb:9d:59:88:
         80:4c:f5:41:7c:86:5c:c5:92:14:b1:69:f7:83:3c:7c:c0:76:
         b8:98:79:1b:c3:e0:d3:32:f9:ae:84:cd:ab:7e:9a:8b:a1:44:
         ff:29:0f:72:c2:8e:97:f9:8b:43:cc:44:98:41:4e:ae:6a:9a:
         1c:10:c2:1f:0d:af:09:3f:5f:64:c9:e8:7b:d5:c0:bc:99:25:
         dd:6d:b1:05:b5:5a:df:3b:bd:35:1b:77:8b:a5:54:76:97:95:
         f9:2a:e2:77:f6:60:f2:21:5a:00:a8:e8:3b:ae:64:ba:23:b6:
         fc:e5:78:a0:fb:0c:f5:1f:4c:9a:90:7b:4d:6d:2a:3c:2a:c9:
         66:2a:84:17:f8:c3:22:ea:c5:0a:c2:e6:ab:62:c1:71:5a:c6:
         a8:f0:34:fa:7c:d3:f3:a4:ad:15:58:6c:59:de:fd:14:fe:1b:
         84:44:00:1c:c6:f5:82:09:cd:e8:69:8d:e2:74:cb:03:24:91:
         20:89:a6:70:f9:4f:b8:e4:96:b6:d0:e2:42:4d:06:f0:22:a9:
         d6:94:4d:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbqdl+OfoQjl+DAOygZkKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ZjdjYWJhOWJkNWY5ZmFjMWUwMTQ1YTc1NjdjOWI0NTlh
OTVlODYwHhcNMjQwMTAxMTQzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTdkOGY4ZDYzODVkZDgyOWZmM2Y4Y2RlNTI0ZTVjZTgzMzM4NjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh18MNKt1ObDxKHMayQryV7mrk4QD
hnJ2fN8hC0XHiSc6jZX43qA05byVjUn0/WZq46+i59JPsbosnTZEDfCBTV7VL6No
Dobx8bgtunpH0PW7kOvoo8EBjWOmcd9NHz6CTMPHeTUrqDKnVzPm1jOy7tclNDOE
ynTbxl4QQFjIOiV0JU4xXZtFmk7hTnPX6KfI4isbuWZUXUd0bzMorVCoTnn6J0K0
LJ66Ce7Tbp5Pm7RZ87r15yRfZKxY6UwRPcTrYOgKaMpt2KnRgd1nC0B1DDmCjH4I
elnqi6NHN63GxzTVbR86QG9Gf8vB9WonqBspV9/AYULQ1RfiftDYHn1xlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEp9j41jhd2Cn/P4zeUk5c6DM4YsMB8GA1UdIwQY
MBaAFFX3yrqb1fn6weAUWnVnybRZqV6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmZmS3VwdlYtZnJCNEJSYWRXZkp0Rm1wWG9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9mMGY2ZDMtYTkwNC00MjNiLThmOTUt
ZmMwN2NlNGEzN2U2LzEvU24yUGpXT0YzWUtmOF9qTjVTVGx6b016aGl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9mMGY2ZDMtYTkwNC00MjNiLThmOTUtZmMwN2NlNGEzN2U2
LzEvVmZmS3VwdlYtZnJCNEJSYWRXZkp0Rm1wWG9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1i8MA0G
CSqGSIb3DQEBCwUAA4IBAQB90T3+bqKXUQb38+goqM3ktRjtn3MxLyWD0ik5vS1l
Ea1tk+trvC25hWDRzeLLWW5HA+udWYiATPVBfIZcxZIUsWn3gzx8wHa4mHkbw+DT
MvmuhM2rfpqLoUT/KQ9ywo6X+YtDzESYQU6uapocEMIfDa8JP19kyeh71cC8mSXd
bbEFtVrfO701G3eLpVR2l5X5KuJ39mDyIVoAqOg7rmS6I7b85Xig+wz1H0yakHtN
bSo8KslmKoQX+MMi6sUKwuarYsFxWsao8DT6fNPzpK0VWGxZ3v0U/huERAAcxvWC
Cc3oaY3idMsDJJEgiaZw+U+45Ja20OJCTQbwIqnWlE3D
-----END CERTIFICATE-----