Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/780d86-4ebd-4d6b-8d8f-0e41861beb2f/1/OHnMPvnKQU78stx9DOIDufih9k0.roa
File:                     OHnMPvnKQU78stx9DOIDufih9k0.roa (raw, json)
Hash identifier:          9+FLPqmtvEJWTqzGnNgiJt5S0UJp1Z9L+Z6c2OUg/fM=
Subject key identifier:   38:79:CC:3E:F9:CA:41:4E:FC:B2:DC:7D:0C:E2:03:B9:F8:A1:F6:4D
Certificate issuer:       /CN=b64b25cadc4c48166fa9bbd5de8671c220415b67
Certificate serial:       018CC348C44D090039122365DFD75B639CC6
Authority key identifier: B6:4B:25:CA:DC:4C:48:16:6F:A9:BB:D5:DE:86:71:C2:20:41:5B:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tkslytxMSBZvqbvV3oZxwiBBW2c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/780d86-4ebd-4d6b-8d8f-0e41861beb2f/1/OHnMPvnKQU78stx9DOIDufih9k0.roa
Signing time:             Mon 01 Jan 2024 04:29:35 +0000
ROA not before:           Mon 01 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39734
IP address blocks:        195.60.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/780d86-4ebd-4d6b-8d8f-0e41861beb2f/1/tkslytxMSBZvqbvV3oZxwiBBW2c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/780d86-4ebd-4d6b-8d8f-0e41861beb2f/1/tkslytxMSBZvqbvV3oZxwiBBW2c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tkslytxMSBZvqbvV3oZxwiBBW2c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c4:4d:09:00:39:12:23:65:df:d7:5b:63:9c:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b64b25cadc4c48166fa9bbd5de8671c220415b67
        Validity
            Not Before: Jan  1 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3879cc3ef9ca414efcb2dc7d0ce203b9f8a1f64d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:6b:87:c2:c5:11:02:60:14:9c:79:2f:1c:1f:
                    db:ea:34:15:ea:7a:5f:cf:7c:78:79:77:59:a3:28:
                    4d:fd:81:68:c2:e9:6e:32:73:f6:25:cd:96:ec:75:
                    a7:e5:90:01:be:93:64:96:29:76:ea:51:38:7f:e3:
                    17:91:08:38:f6:10:2c:3d:36:1e:5a:05:7b:c5:b6:
                    de:43:f9:5a:f5:c2:b6:b9:2a:48:f1:83:86:9e:86:
                    82:4e:75:d2:3a:1a:15:43:f0:a6:a5:5f:ab:a4:75:
                    50:91:7b:2b:0c:29:46:b7:36:61:f1:38:81:3e:9e:
                    35:a3:25:31:ba:48:ff:37:fc:7f:2b:81:14:f6:f5:
                    b7:68:06:3c:22:4f:87:b6:1b:7e:31:31:bf:1e:e5:
                    f8:60:b9:f2:f9:51:fa:41:c7:00:7d:69:be:c4:c0:
                    b0:30:ad:79:b8:ef:11:9d:9b:52:79:2a:4e:07:ed:
                    32:b2:7a:04:01:ad:2d:e0:c0:83:d2:74:4b:30:81:
                    e9:1f:0e:51:67:86:c4:a0:b0:67:5c:45:43:83:68:
                    c0:85:b2:ad:e3:00:40:74:83:da:44:12:64:ce:2f:
                    0b:3f:db:7c:e6:71:a2:a3:91:61:80:f5:ba:02:ad:
                    c6:40:97:a8:ba:2b:3d:f6:75:b2:4b:45:02:d8:f1:
                    99:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:79:CC:3E:F9:CA:41:4E:FC:B2:DC:7D:0C:E2:03:B9:F8:A1:F6:4D
            X509v3 Authority Key Identifier:
                keyid:B6:4B:25:CA:DC:4C:48:16:6F:A9:BB:D5:DE:86:71:C2:20:41:5B:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tkslytxMSBZvqbvV3oZxwiBBW2c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/780d86-4ebd-4d6b-8d8f-0e41861beb2f/1/OHnMPvnKQU78stx9DOIDufih9k0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/780d86-4ebd-4d6b-8d8f-0e41861beb2f/1/tkslytxMSBZvqbvV3oZxwiBBW2c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.60.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:0b:a8:3e:17:98:e4:ed:46:c4:6b:f2:a2:93:a6:41:e3:6b:
         c0:e6:a4:ed:b9:47:74:7d:fa:f3:d1:c6:7c:66:2b:3c:59:cd:
         cd:fc:31:dd:61:1a:ce:2b:f1:ec:b3:0d:c0:b1:98:fc:00:f8:
         ad:8a:6d:d5:79:c7:6e:b5:36:3a:0f:2e:37:9a:63:9d:ca:15:
         6b:43:c6:8e:81:3f:55:52:a6:6b:f5:ad:48:4a:8e:79:05:ec:
         ec:ea:65:a8:d1:5e:4b:36:9a:09:93:73:4a:f6:8f:c0:52:2f:
         0f:a3:92:1c:58:65:3f:47:7d:d9:92:4a:61:d9:b4:92:73:45:
         97:b9:4a:cb:f0:3e:67:23:31:d1:c3:7c:3b:21:a1:aa:de:28:
         eb:d1:41:a7:55:e1:03:fe:75:b1:92:3e:29:70:58:d9:5b:ac:
         09:82:7c:f8:8b:c9:c7:0b:1f:15:48:9e:05:49:90:47:e4:e9:
         1c:5f:64:7e:54:64:36:7c:50:4d:82:e7:b7:56:b5:79:2d:df:
         99:ec:f8:24:04:8e:36:ef:9b:2b:6d:1a:dd:24:a7:5e:3c:01:
         c4:c7:27:56:37:c7:e7:26:8b:49:ea:00:a4:c2:01:a9:7a:74:
         53:d2:11:29:32:96:56:36:6a:19:26:d2:06:b3:50:ca:c4:a3:
         bd:a3:9a:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSMRNCQA5EiNl39dbY5zGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2NGIyNWNhZGM0YzQ4MTY2ZmE5YmJkNWRlODY3MWMyMjA0
MTViNjcwHhcNMjQwMTAxMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODc5Y2MzZWY5Y2E0MTRlZmNiMmRjN2QwY2UyMDNiOWY4YTFmNjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqWuHwsURAmAUnHkvHB/b6jQV6npf
z3x4eXdZoyhN/YFowuluMnP2Jc2W7HWn5ZABvpNklil26lE4f+MXkQg49hAsPTYe
WgV7xbbeQ/la9cK2uSpI8YOGnoaCTnXSOhoVQ/CmpV+rpHVQkXsrDClGtzZh8TiB
Pp41oyUxukj/N/x/K4EU9vW3aAY8Ik+Htht+MTG/HuX4YLny+VH6QccAfWm+xMCw
MK15uO8RnZtSeSpOB+0ysnoEAa0t4MCD0nRLMIHpHw5RZ4bEoLBnXEVDg2jAhbKt
4wBAdIPaRBJkzi8LP9t85nGio5FhgPW6Aq3GQJeouis99nWyS0UC2PGZmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDh5zD75ykFO/LLcfQziA7n4ofZNMB8GA1UdIwQY
MBaAFLZLJcrcTEgWb6m71d6GccIgQVtnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGtzbHl0eE1TQlp2cWJ2VjNvWnh3aUJCVzJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS83ODBkODYtNGViZC00ZDZiLThkOGYt
MGU0MTg2MWJlYjJmLzEvT0huTVB2bktRVTc4c3R4OURPSUR1ZmloOWswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS83ODBkODYtNGViZC00ZDZiLThkOGYtMGU0MTg2MWJlYjJm
LzEvdGtzbHl0eE1TQlp2cWJ2VjNvWnh3aUJCVzJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwzxLMA0G
CSqGSIb3DQEBCwUAA4IBAQAnC6g+F5jk7UbEa/Kik6ZB42vA5qTtuUd0ffrz0cZ8
Zis8Wc3N/DHdYRrOK/Hssw3AsZj8APitim3VecdutTY6Dy43mmOdyhVrQ8aOgT9V
UqZr9a1ISo55Bezs6mWo0V5LNpoJk3NK9o/AUi8Po5IcWGU/R33Zkkph2bSSc0WX
uUrL8D5nIzHRw3w7IaGq3ijr0UGnVeED/nWxkj4pcFjZW6wJgnz4i8nHCx8VSJ4F
SZBH5OkcX2R+VGQ2fFBNgue3VrV5Ld+Z7PgkBI4275srbRrdJKdePAHExydWN8fn
JotJ6gCkwgGpenRT0hEpMpZWNmoZJtIGs1DKxKO9o5qE
-----END CERTIFICATE-----