Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/taxDCUpsRKJQKP0hhNaDayL06sg.roa
File:                     taxDCUpsRKJQKP0hhNaDayL06sg.roa (raw, json)
Hash identifier:          VM1rsPrYzQoCJsFO3esGyqmQJR8+9w/CAiHQXfskiDo=
Subject key identifier:   B5:AC:43:09:4A:6C:44:A2:50:28:FD:21:84:D6:83:6B:22:F4:EA:C8
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       018CC3B73268F37E4B1497611B3F2344C1BB
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/taxDCUpsRKJQKP0hhNaDayL06sg.roa
Signing time:             Mon 01 Jan 2024 06:30:12 +0000
ROA not before:           Mon 01 Jan 2024 06:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24954
IP address blocks:        195.25.80.0/24 maxlen: 24
                          195.25.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:32:68:f3:7e:4b:14:97:61:1b:3f:23:44:c1:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 06:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5ac43094a6c44a25028fd2184d6836b22f4eac8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:27:b8:78:d7:e9:83:b3:53:77:69:07:73:c4:
                    5e:3d:29:89:ee:75:0e:3c:ee:91:12:71:1b:b7:cd:
                    10:ce:d0:c4:d5:f2:60:e1:53:05:69:4f:81:85:6a:
                    f8:02:a2:ab:c1:23:da:81:8e:9b:92:31:c7:e0:ce:
                    31:61:7d:7c:cb:e9:40:38:6f:86:6c:2c:0e:db:bb:
                    89:09:aa:99:c0:bf:b6:f0:4f:7e:75:38:0b:61:68:
                    99:ce:30:3e:ed:17:bb:ef:bd:03:4a:23:e8:56:1a:
                    4c:03:25:00:18:27:9d:db:73:4d:d6:9f:88:f2:f1:
                    66:50:a1:06:bc:09:58:dd:45:8b:1b:c4:36:98:b4:
                    97:2d:b5:a9:ab:11:1a:fe:7b:8f:1f:88:f3:4e:db:
                    b0:9c:df:6e:3b:70:87:5e:6e:2f:cf:31:a4:3a:77:
                    6b:d4:98:ca:99:d3:65:80:20:72:aa:44:b4:ae:fe:
                    8f:c7:2c:85:f3:69:15:ec:de:11:91:a0:6f:01:60:
                    d6:c3:54:4d:56:a4:d0:ff:7c:04:3b:10:bc:2d:b2:
                    e5:88:a9:bf:59:73:5e:41:78:75:9a:90:0e:c7:f8:
                    7f:89:3f:45:76:60:7e:5b:27:26:fb:cd:31:89:0b:
                    be:bc:39:ef:c4:29:cc:02:e5:03:8e:d2:7a:ae:78:
                    70:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:AC:43:09:4A:6C:44:A2:50:28:FD:21:84:D6:83:6B:22:F4:EA:C8
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/taxDCUpsRKJQKP0hhNaDayL06sg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.25.79.0-195.25.80.255

    Signature Algorithm: sha256WithRSAEncryption
         08:d5:db:e3:5a:fc:04:fb:96:46:01:24:5f:25:46:ac:00:ab:
         49:fd:6f:c4:b4:4e:0c:ea:3d:fe:95:dc:33:37:8f:db:29:3d:
         e7:0e:26:7d:44:04:69:39:a2:a9:f7:cf:d2:28:8e:3d:7b:04:
         42:e2:e4:5c:b0:d4:50:91:73:c6:dc:9f:d8:68:a1:d6:36:98:
         81:54:90:6f:99:2a:49:85:22:a5:9a:2c:b0:3b:6e:6a:bb:ab:
         07:73:0e:c3:12:cc:3a:43:2f:5d:36:b7:63:27:b1:7a:8b:ed:
         2e:84:73:68:0c:0f:8e:46:f4:66:59:64:90:ad:f7:9d:28:1d:
         c8:f7:d4:41:14:db:61:00:f3:a5:ae:50:5a:ed:ab:79:3d:b3:
         69:a8:ba:af:81:c2:ec:55:09:50:99:4b:3c:93:24:bf:8d:64:
         f6:72:57:f4:be:3c:80:9a:f0:f3:50:68:97:e3:d7:00:bf:10:
         75:2f:b0:a3:b5:e2:c3:b3:80:19:b2:0e:74:78:3d:3d:8e:fd:
         5e:36:67:31:23:d6:85:05:df:60:df:73:37:70:a0:71:4a:0e:
         fd:b4:c8:41:aa:6d:26:00:86:e7:32:ab:0a:86:67:11:a8:93:
         c1:3b:20:ff:dd:43:df:29:7a:33:d2:32:10:49:e4:cc:49:c2:
         82:da:28:cd
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzDtzJo835LFJdhGz8jRMG7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjQwMTAxMDYzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWFjNDMwOTRhNmM0NGEyNTAyOGZkMjE4NGQ2ODM2YjIyZjRlYWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlSe4eNfpg7NTd2kHc8RePSmJ7nUO
PO6REnEbt80QztDE1fJg4VMFaU+BhWr4AqKrwSPagY6bkjHH4M4xYX18y+lAOG+G
bCwO27uJCaqZwL+28E9+dTgLYWiZzjA+7Re7770DSiPoVhpMAyUAGCed23NN1p+I
8vFmUKEGvAlY3UWLG8Q2mLSXLbWpqxEa/nuPH4jzTtuwnN9uO3CHXm4vzzGkOndr
1JjKmdNlgCByqkS0rv6PxyyF82kV7N4RkaBvAWDWw1RNVqTQ/3wEOxC8LbLliKm/
WXNeQXh1mpAOx/h/iT9FdmB+Wycm+80xiQu+vDnvxCnMAuUDjtJ6rnhwJwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLWsQwlKbESiUCj9IYTWg2si9OrIMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvdGF4RENVcHNSS0pRS1AwaGhOYURheUwwNnNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADDGU8D
BADDGVAwDQYJKoZIhvcNAQELBQADggEBAAjV2+Na/AT7lkYBJF8lRqwAq0n9b8S0
TgzqPf6V3DM3j9spPecOJn1EBGk5oqn3z9Iojj17BELi5Fyw1FCRc8bcn9hoodY2
mIFUkG+ZKkmFIqWaLLA7bmq7qwdzDsMSzDpDL102t2MnsXqL7S6Ec2gMD45G9GZZ
ZJCt950oHcj31EEU22EA86WuUFrtq3k9s2mouq+BwuxVCVCZSzyTJL+NZPZyV/S+
PICa8PNQaJfj1wC/EHUvsKO14sOzgBmyDnR4PT2O/V42ZzEj1oUF32DfczdwoHFK
Dv20yEGqbSYAhucyqwqGZxGok8E7IP/dQ98pejPSMhBJ5MxJwoLaKM0=
-----END CERTIFICATE-----