Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/0a0e4d-4e75-49a5-bd0c-1a5c7635588b/1/IMaJb3_DWtc999UgSBcVctVwm3c.roa
File:                     IMaJb3_DWtc999UgSBcVctVwm3c.roa (raw, json)
Hash identifier:          WDChAXsYGkjhzH5azTg8uBwPYLMd3030OB1/+WKy3L8=
Subject key identifier:   20:C6:89:6F:7F:C3:5A:D7:3D:F7:D5:20:48:17:15:72:D5:70:9B:77
Certificate issuer:       /CN=1b623dba62b857ca73d8a80a11990f71e04e7db6
Certificate serial:       018CC4932C3605DE28CC41EBA2D36A7563BE
Authority key identifier: 1B:62:3D:BA:62:B8:57:CA:73:D8:A8:0A:11:99:0F:71:E0:4E:7D:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G2I9umK4V8pz2KgKEZkPceBOfbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/0a0e4d-4e75-49a5-bd0c-1a5c7635588b/1/IMaJb3_DWtc999UgSBcVctVwm3c.roa
Signing time:             Mon 01 Jan 2024 10:30:28 +0000
ROA not before:           Mon 01 Jan 2024 10:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6730
IP address blocks:        195.43.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/0a0e4d-4e75-49a5-bd0c-1a5c7635588b/1/G2I9umK4V8pz2KgKEZkPceBOfbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/0a0e4d-4e75-49a5-bd0c-1a5c7635588b/1/G2I9umK4V8pz2KgKEZkPceBOfbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G2I9umK4V8pz2KgKEZkPceBOfbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:2c:36:05:de:28:cc:41:eb:a2:d3:6a:75:63:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b623dba62b857ca73d8a80a11990f71e04e7db6
        Validity
            Not Before: Jan  1 10:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20c6896f7fc35ad73df7d52048171572d5709b77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:7d:13:c8:d9:8a:64:7d:f4:bc:d8:19:58:de:
                    ed:1b:ed:2a:cf:2b:f5:d2:03:3c:99:ce:d9:43:02:
                    db:28:50:35:86:83:b6:fc:7f:19:5e:d3:dd:1d:fa:
                    d2:3f:e2:56:23:ef:eb:5c:cf:77:6c:d0:88:33:b3:
                    d3:30:69:84:13:22:52:1c:61:e9:f5:b8:e2:fb:2f:
                    aa:da:b6:eb:80:90:19:11:14:90:ea:2f:61:e3:34:
                    a2:b6:6b:c3:6a:75:e8:fe:a6:ca:8f:83:ad:8f:db:
                    3a:ba:05:78:f6:e1:e6:2e:aa:ba:09:26:3d:09:6b:
                    99:42:14:48:bc:dc:16:fb:b8:20:f2:da:a6:f6:14:
                    1f:d4:16:b4:34:e9:a9:45:6f:6c:96:6e:74:7f:48:
                    18:f9:58:41:76:c5:05:dc:c9:2d:9e:0c:77:a9:50:
                    28:22:52:03:94:35:4c:eb:88:8c:63:4f:30:f2:28:
                    b2:90:09:3a:57:36:04:85:8e:00:ca:3b:b1:4f:43:
                    e3:e4:a6:a0:09:f5:c7:50:31:c9:92:36:1a:df:05:
                    24:08:3f:e1:07:98:21:f4:4c:b5:7c:2e:84:73:0f:
                    2e:3d:0f:60:f4:a7:38:30:b6:08:56:eb:c3:38:81:
                    6d:f3:b4:31:18:3e:f3:3b:4d:e8:55:cb:e6:72:ce:
                    9a:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:C6:89:6F:7F:C3:5A:D7:3D:F7:D5:20:48:17:15:72:D5:70:9B:77
            X509v3 Authority Key Identifier:
                keyid:1B:62:3D:BA:62:B8:57:CA:73:D8:A8:0A:11:99:0F:71:E0:4E:7D:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G2I9umK4V8pz2KgKEZkPceBOfbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/0a0e4d-4e75-49a5-bd0c-1a5c7635588b/1/IMaJb3_DWtc999UgSBcVctVwm3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/0a0e4d-4e75-49a5-bd0c-1a5c7635588b/1/G2I9umK4V8pz2KgKEZkPceBOfbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.43.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:90:fb:2e:1a:c5:3d:38:82:77:12:21:c8:bf:08:fa:dd:95:
         4c:48:bb:82:de:b8:f6:84:11:6b:b3:cd:f6:f7:37:cf:65:1b:
         24:c9:37:a9:5b:28:22:f9:81:f6:bf:3c:b8:b1:7f:25:39:0b:
         d6:c3:0e:86:22:75:8f:ca:0c:9b:ca:9b:d1:30:97:91:fa:85:
         18:13:d3:38:87:fe:48:d3:b5:1f:a4:80:71:e7:a4:53:08:a4:
         76:f0:8e:fb:6c:16:b5:49:07:86:2f:ef:eb:90:b8:ea:d7:86:
         be:20:03:98:48:ca:31:8e:01:7b:b8:69:c2:9b:f8:f5:f1:47:
         5c:18:cf:de:f9:9b:b3:39:7b:12:17:a2:c7:19:a2:58:4f:c2:
         d9:67:e4:7f:13:34:29:25:86:bf:62:a7:10:8a:83:00:52:40:
         3b:ad:e6:f7:ab:fb:f9:b5:4c:41:e6:8d:56:e7:ea:b0:0d:0e:
         f7:17:d6:73:3b:d5:c1:d8:08:d5:b7:f8:02:2c:37:4c:50:a5:
         b8:ae:92:3a:98:e2:bb:e0:15:b0:46:13:2f:2f:91:86:5e:db:
         57:9b:c2:0b:6b:06:af:50:e0:86:9c:cd:0c:af:92:80:a7:d3:
         b8:d0:f8:da:2a:6d:ec:d4:6b:dc:8f:81:c0:b0:5c:40:92:49:
         33:84:8e:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkyw2Bd4ozEHrotNqdWO+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiNjIzZGJhNjJiODU3Y2E3M2Q4YTgwYTExOTkwZjcxZTA0
ZTdkYjYwHhcNMjQwMTAxMTAzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGM2ODk2ZjdmYzM1YWQ3M2RmN2Q1MjA0ODE3MTU3MmQ1NzA5Yjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl30TyNmKZH30vNgZWN7tG+0qzyv1
0gM8mc7ZQwLbKFA1hoO2/H8ZXtPdHfrSP+JWI+/rXM93bNCIM7PTMGmEEyJSHGHp
9bji+y+q2rbrgJAZERSQ6i9h4zSitmvDanXo/qbKj4Otj9s6ugV49uHmLqq6CSY9
CWuZQhRIvNwW+7gg8tqm9hQf1Ba0NOmpRW9slm50f0gY+VhBdsUF3Mktngx3qVAo
IlIDlDVM64iMY08w8iiykAk6VzYEhY4AyjuxT0Pj5KagCfXHUDHJkjYa3wUkCD/h
B5gh9Ey1fC6Ecw8uPQ9g9Kc4MLYIVuvDOIFt87QxGD7zO03oVcvmcs6asQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCDGiW9/w1rXPffVIEgXFXLVcJt3MB8GA1UdIwQY
MBaAFBtiPbpiuFfKc9ioChGZD3HgTn22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzJJOXVtSzRWOHB6MktnS0Vaa1BjZUJPZmJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8wYTBlNGQtNGU3NS00OWE1LWJkMGMt
MWE1Yzc2MzU1ODhiLzEvSU1hSmIzX0RXdGM5OTlVZ1NCY1ZjdFZ3bTNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8wYTBlNGQtNGU3NS00OWE1LWJkMGMtMWE1Yzc2MzU1ODhi
LzEvRzJJOXVtSzRWOHB6MktnS0Vaa1BjZUJPZmJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwyuZMA0G
CSqGSIb3DQEBCwUAA4IBAQAskPsuGsU9OIJ3EiHIvwj63ZVMSLuC3rj2hBFrs832
9zfPZRskyTepWygi+YH2vzy4sX8lOQvWww6GInWPygybypvRMJeR+oUYE9M4h/5I
07UfpIBx56RTCKR28I77bBa1SQeGL+/rkLjq14a+IAOYSMoxjgF7uGnCm/j18Udc
GM/e+ZuzOXsSF6LHGaJYT8LZZ+R/EzQpJYa/YqcQioMAUkA7reb3q/v5tUxB5o1W
5+qwDQ73F9ZzO9XB2AjVt/gCLDdMUKW4rpI6mOK74BWwRhMvL5GGXttXm8ILawav
UOCGnM0Mr5KAp9O40PjaKm3s1Gvcj4HAsFxAkkkzhI7/
-----END CERTIFICATE-----