Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/jTQOHtteQz7N_Colb5_18x0vw1Y.roa
File:                     jTQOHtteQz7N_Colb5_18x0vw1Y.roa (raw, json)
Hash identifier:          9aLERJKk3hJRXFcXGKKhtkiUFQz13m9spaemzc3xSxs=
Subject key identifier:   8D:34:0E:1E:DB:5E:43:3E:CD:FC:2A:25:6F:9F:F5:F3:1D:2F:C3:56
Certificate issuer:       /CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
Certificate serial:       018CC9BC9D22B2C56568A3BFA78042A6F110
Authority key identifier: 17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/jTQOHtteQz7N_Colb5_18x0vw1Y.roa
Signing time:             Tue 02 Jan 2024 10:33:50 +0000
ROA not before:           Tue 02 Jan 2024 10:33:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     288
IP address blocks:        195.169.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:9d:22:b2:c5:65:68:a3:bf:a7:80:42:a6:f1:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
        Validity
            Not Before: Jan  2 10:33:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d340e1edb5e433ecdfc2a256f9ff5f31d2fc356
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:3c:e3:d7:22:76:97:b3:3e:ab:92:96:8d:e6:
                    21:88:f0:6c:d0:0e:4a:2c:3a:c6:21:9c:95:75:a2:
                    18:07:bf:28:25:04:08:5e:26:4c:ec:f4:e2:37:ec:
                    70:4c:4c:cb:47:86:92:5f:72:07:4a:87:06:df:04:
                    b7:7a:f0:d7:f8:31:48:d4:f6:68:6c:51:9e:28:83:
                    7b:aa:06:96:2a:b9:b7:b0:37:ae:b7:87:eb:36:fb:
                    55:cf:67:44:03:af:35:9f:42:68:da:73:72:f6:c7:
                    fe:51:d1:6e:3f:3a:51:ae:59:41:d1:9f:3f:0e:ad:
                    21:73:ea:c0:82:af:dd:5b:ae:c1:2c:57:98:f7:9e:
                    73:95:82:dc:a8:5b:0d:c1:ff:9a:ed:0d:17:aa:45:
                    0f:36:03:31:33:7e:9b:6a:ed:6e:b1:99:a8:71:4c:
                    a8:f8:44:6e:82:18:22:a3:46:51:bc:19:18:0c:a7:
                    29:0c:28:fe:db:09:b7:4b:08:a2:99:5f:06:3f:d0:
                    6a:dc:35:da:83:6e:f8:eb:3b:e3:f8:f6:c8:8b:87:
                    8b:1b:5e:83:78:3e:84:73:f5:bc:a7:43:0a:5b:41:
                    8d:b8:86:cf:b7:85:07:05:d0:d8:3b:32:a1:86:88:
                    33:8f:62:86:db:e7:8f:ef:a5:66:8b:b6:af:6c:f4:
                    fe:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:34:0E:1E:DB:5E:43:3E:CD:FC:2A:25:6F:9F:F5:F3:1D:2F:C3:56
            X509v3 Authority Key Identifier:
                keyid:17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/jTQOHtteQz7N_Colb5_18x0vw1Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.169.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:9f:c0:1c:5d:02:1a:76:b4:36:8d:5e:eb:27:60:05:70:e7:
         a6:f6:c1:fa:3c:32:4a:f6:57:a7:b2:04:e3:d5:f2:ee:8a:2c:
         6f:36:99:05:3c:78:a8:81:28:c5:ca:4d:b4:47:49:27:54:b4:
         24:42:47:e2:e0:1b:1e:2c:42:93:58:69:cb:44:b9:a9:00:16:
         26:60:b4:4f:aa:76:45:69:a5:b0:e0:11:76:e1:9e:7b:c3:1d:
         1e:de:82:ff:5a:45:df:a2:0d:8f:20:e8:51:06:c2:3b:16:ba:
         b4:4e:07:90:5d:f3:13:a8:6e:50:8b:8c:61:df:df:e9:48:f7:
         d0:7b:e2:e1:19:75:d9:d2:d1:9f:ea:0e:c2:54:ef:6f:69:cb:
         ec:c5:a5:a2:cd:5d:21:c6:14:69:cb:59:16:da:5a:7f:3d:31:
         fc:8b:9c:98:9a:16:28:16:6d:d5:27:71:db:1a:62:20:6e:61:
         bb:d1:a6:b4:e3:05:a4:ba:4b:4f:a9:d3:f8:4c:ba:9e:44:2c:
         b6:01:22:cb:13:7c:c9:34:a3:63:c6:50:72:54:2a:8c:fb:2d:
         f6:06:19:8c:a0:7e:27:a1:f7:6d:9d:22:7e:c8:45:7f:16:91:
         2f:65:32:25:7d:b6:1f:bb:2c:48:fe:32:3f:43:8c:14:27:4a:
         d2:90:3a:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvJ0issVlaKO/p4BCpvEQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NzNkYjE3Nzk1ZDJiZjFiNGI1MzQ1YzViMjkzOTBkYmFm
NDUyM2UwHhcNMjQwMTAyMTAzMzUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDM0MGUxZWRiNWU0MzNlY2RmYzJhMjU2ZjlmZjVmMzFkMmZjMzU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzTzj1yJ2l7M+q5KWjeYhiPBs0A5K
LDrGIZyVdaIYB78oJQQIXiZM7PTiN+xwTEzLR4aSX3IHSocG3wS3evDX+DFI1PZo
bFGeKIN7qgaWKrm3sDeut4frNvtVz2dEA681n0Jo2nNy9sf+UdFuPzpRrllB0Z8/
Dq0hc+rAgq/dW67BLFeY955zlYLcqFsNwf+a7Q0XqkUPNgMxM36bau1usZmocUyo
+ERughgio0ZRvBkYDKcpDCj+2wm3SwiimV8GP9Bq3DXag2746zvj+PbIi4eLG16D
eD6Ec/W8p0MKW0GNuIbPt4UHBdDYOzKhhogzj2KG2+eP76Vmi7avbPT+ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI00Dh7bXkM+zfwqJW+f9fMdL8NWMB8GA1UdIwQY
MBaAFBdz2xd5XSvxtLU0XFspOQ269FI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYt
NTQ4NjFmMjMyNDlkLzEvalRRT0h0dGVRejdOX0NvbGI1XzE4eDB2dzFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYtNTQ4NjFmMjMyNDlk
LzEvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw6mMMA0G
CSqGSIb3DQEBCwUAA4IBAQAXn8AcXQIadrQ2jV7rJ2AFcOem9sH6PDJK9lensgTj
1fLuiixvNpkFPHiogSjFyk20R0knVLQkQkfi4BseLEKTWGnLRLmpABYmYLRPqnZF
aaWw4BF24Z57wx0e3oL/WkXfog2PIOhRBsI7Frq0TgeQXfMTqG5Qi4xh39/pSPfQ
e+LhGXXZ0tGf6g7CVO9vacvsxaWizV0hxhRpy1kW2lp/PTH8i5yYmhYoFm3VJ3Hb
GmIgbmG70aa04wWkuktPqdP4TLqeRCy2ASLLE3zJNKNjxlByVCqM+y32BhmMoH4n
ofdtnSJ+yEV/FpEvZTIlfbYfuyxI/jI/Q4wUJ0rSkDqF
-----END CERTIFICATE-----