Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/41b82b-cde0-4af6-952c-7e0c7d352671/1/ssI4932mUe9v96FRSTlwndPCxNA.roa
File:                     ssI4932mUe9v96FRSTlwndPCxNA.roa (raw, json)
Hash identifier:          hyRnlaWZpEkZ6uxYWnzWbee91tjfGS+IzB3dbflkyx8=
Subject key identifier:   B2:C2:38:F7:7D:A6:51:EF:6F:F7:A1:51:49:39:70:9D:D3:C2:C4:D0
Certificate issuer:       /CN=dec756af77dafebca10684d68556baacd7173617
Certificate serial:       018CCA28625F239BDB029A397C3901C57897
Authority key identifier: DE:C7:56:AF:77:DA:FE:BC:A1:06:84:D6:85:56:BA:AC:D7:17:36:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3sdWr3fa_ryhBoTWhVa6rNcXNhc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/41b82b-cde0-4af6-952c-7e0c7d352671/1/ssI4932mUe9v96FRSTlwndPCxNA.roa
Signing time:             Tue 02 Jan 2024 12:31:33 +0000
ROA not before:           Tue 02 Jan 2024 12:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39732
IP address blocks:        195.60.72.0/23 maxlen: 23
                          2001:67c:20f4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/41b82b-cde0-4af6-952c-7e0c7d352671/1/3sdWr3fa_ryhBoTWhVa6rNcXNhc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/41b82b-cde0-4af6-952c-7e0c7d352671/1/3sdWr3fa_ryhBoTWhVa6rNcXNhc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3sdWr3fa_ryhBoTWhVa6rNcXNhc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 04:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:62:5f:23:9b:db:02:9a:39:7c:39:01:c5:78:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dec756af77dafebca10684d68556baacd7173617
        Validity
            Not Before: Jan  2 12:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b2c238f77da651ef6ff7a1514939709dd3c2c4d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:b1:33:0f:24:61:d1:81:99:d2:65:24:31:ea:
                    ae:56:b4:24:ee:5f:0c:fc:43:cd:1e:e3:ff:c4:f7:
                    db:bd:62:f4:2a:d5:30:22:34:74:2d:3c:a7:54:ab:
                    8c:fe:3b:5c:a7:d1:04:c0:a0:78:23:5d:ec:de:46:
                    1d:6f:75:d5:ac:89:85:24:56:0d:61:5d:21:95:40:
                    93:ae:49:a9:fe:ed:74:4d:0e:04:3f:76:c1:c5:99:
                    ed:0b:9e:99:7d:3b:36:ee:2c:1c:e4:76:d4:73:36:
                    9c:57:51:68:9c:03:44:ac:2a:d6:a4:be:b5:13:74:
                    52:de:d6:4d:6d:2e:9d:b7:7d:86:ac:ca:19:32:fc:
                    e6:af:5a:6e:bb:af:28:0f:b0:fd:44:31:91:28:55:
                    27:04:af:17:0a:6f:bd:b6:3e:c4:e6:d7:c3:a6:9e:
                    a1:47:dd:26:56:b3:b4:f3:c9:65:d0:1a:f4:3c:7f:
                    d7:b6:f8:2f:cf:32:ec:09:ad:d5:68:47:5a:ad:a3:
                    2b:0f:2d:c0:eb:f8:b2:6c:bd:b8:52:2e:60:54:81:
                    b7:97:13:c2:e5:92:6f:39:d2:5c:03:90:c8:a9:f6:
                    24:27:7d:5d:d8:a9:ba:34:ad:da:6a:52:81:ed:02:
                    27:c8:4a:cd:3b:db:85:74:b2:5f:61:ac:d6:d0:17:
                    3a:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:C2:38:F7:7D:A6:51:EF:6F:F7:A1:51:49:39:70:9D:D3:C2:C4:D0
            X509v3 Authority Key Identifier:
                keyid:DE:C7:56:AF:77:DA:FE:BC:A1:06:84:D6:85:56:BA:AC:D7:17:36:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3sdWr3fa_ryhBoTWhVa6rNcXNhc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/41b82b-cde0-4af6-952c-7e0c7d352671/1/ssI4932mUe9v96FRSTlwndPCxNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/41b82b-cde0-4af6-952c-7e0c7d352671/1/3sdWr3fa_ryhBoTWhVa6rNcXNhc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.60.72.0/23
                IPv6:
                  2001:67c:20f4::/48

    Signature Algorithm: sha256WithRSAEncryption
         3f:1d:38:07:7f:04:ef:cf:9e:fa:a1:31:27:de:17:6e:28:50:
         5f:3a:db:55:b7:f1:fd:c0:da:97:df:ff:55:a9:93:8c:f1:10:
         83:c2:57:e6:94:f4:19:8f:59:86:6f:25:56:8e:12:5b:94:92:
         ad:c4:61:bc:a9:07:2f:0b:85:23:da:40:ec:00:11:75:60:ce:
         92:93:97:2a:72:d8:45:05:dd:e4:ed:0b:b4:a8:8e:68:c7:58:
         a0:16:16:79:31:d2:59:87:86:d6:d3:e8:19:40:a3:a2:7c:61:
         00:5c:a5:f4:46:1c:b1:95:87:75:c5:86:ec:e5:f8:6e:a0:24:
         0b:1c:7c:f3:a2:4b:6c:f5:02:9a:e9:1d:e0:2d:61:23:d6:ca:
         38:93:5b:da:6d:2a:92:56:c1:f4:29:71:fb:75:00:71:0b:86:
         62:0c:d1:25:4f:93:88:fd:09:95:4c:5f:0a:1d:22:a4:17:af:
         6c:5e:9d:5d:03:eb:0c:04:64:e1:1f:2a:2a:be:8e:34:1d:82:
         93:70:38:a7:82:d3:3a:48:f5:3f:d4:e7:eb:2d:64:55:90:1c:
         d0:5f:6c:0c:e2:7b:a9:6a:6c:a5:6e:5c:11:a2:38:9c:84:26:
         ce:ac:f2:11:83:35:08:74:74:be:c7:12:9c:e1:b2:3f:48:f8:
         76:33:5e:ec
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKKGJfI5vbApo5fDkBxXiXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlYzc1NmFmNzdkYWZlYmNhMTA2ODRkNjg1NTZiYWFjZDcx
NzM2MTcwHhcNMjQwMTAyMTIzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmMyMzhmNzdkYTY1MWVmNmZmN2ExNTE0OTM5NzA5ZGQzYzJjNGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjLEzDyRh0YGZ0mUkMequVrQk7l8M
/EPNHuP/xPfbvWL0KtUwIjR0LTynVKuM/jtcp9EEwKB4I13s3kYdb3XVrImFJFYN
YV0hlUCTrkmp/u10TQ4EP3bBxZntC56ZfTs27iwc5HbUczacV1FonANErCrWpL61
E3RS3tZNbS6dt32GrMoZMvzmr1puu68oD7D9RDGRKFUnBK8XCm+9tj7E5tfDpp6h
R90mVrO088ll0Br0PH/XtvgvzzLsCa3VaEdaraMrDy3A6/iybL24Ui5gVIG3lxPC
5ZJvOdJcA5DIqfYkJ31d2Km6NK3aalKB7QInyErNO9uFdLJfYazW0Bc6uwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLLCOPd9plHvb/ehUUk5cJ3TwsTQMB8GA1UdIwQY
MBaAFN7HVq932v68oQaE1oVWuqzXFzYXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3NkV3IzZmFfcnloQm9UV2hWYTZyTmNYTmhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS80MWI4MmItY2RlMC00YWY2LTk1MmMt
N2UwYzdkMzUyNjcxLzEvc3NJNDkzMm1VZTl2OTZGUlNUbHduZFBDeE5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS80MWI4MmItY2RlMC00YWY2LTk1MmMtN2UwYzdkMzUyNjcx
LzEvM3NkV3IzZmFfcnloQm9UV2hWYTZyTmNYTmhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBwzxIMA8E
AgACMAkDBwAgAQZ8IPQwDQYJKoZIhvcNAQELBQADggEBAD8dOAd/BO/PnvqhMSfe
F24oUF8621W38f3A2pff/1Wpk4zxEIPCV+aU9BmPWYZvJVaOEluUkq3EYbypBy8L
hSPaQOwAEXVgzpKTlypy2EUF3eTtC7SojmjHWKAWFnkx0lmHhtbT6BlAo6J8YQBc
pfRGHLGVh3XFhuzl+G6gJAscfPOiS2z1AprpHeAtYSPWyjiTW9ptKpJWwfQpcft1
AHELhmIM0SVPk4j9CZVMXwodIqQXr2xenV0D6wwEZOEfKiq+jjQdgpNwOKeC0zpI
9T/U5+stZFWQHNBfbAzie6lqbKVuXBGiOJyEJs6s8hGDNQh0dL7HEpzhsj9I+HYz
Xuw=
-----END CERTIFICATE-----