Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/da96f5-3f33-46f9-a514-2befffd57fb7/1/uT_SamBE92l8z4uuPY70jEyR_B0.roa
File:                     uT_SamBE92l8z4uuPY70jEyR_B0.roa (raw, json)
Hash identifier:          ADWh+NK0Tdt+7HHb6Z7zHyQFkBy3PxwQf1pVPUTjJck=
Subject key identifier:   B9:3F:D2:6A:60:44:F7:69:7C:CF:8B:AE:3D:8E:F4:8C:4C:91:FC:1D
Certificate issuer:       /CN=4196230e58decc0cbcfb15f56aa64dedd1f389f5
Certificate serial:       018CC26D8218E131C1112517779398B40C71
Authority key identifier: 41:96:23:0E:58:DE:CC:0C:BC:FB:15:F5:6A:A6:4D:ED:D1:F3:89:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QZYjDljezAy8-xX1aqZN7dHzifU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/da96f5-3f33-46f9-a514-2befffd57fb7/1/uT_SamBE92l8z4uuPY70jEyR_B0.roa
Signing time:             Mon 01 Jan 2024 00:30:05 +0000
ROA not before:           Mon 01 Jan 2024 00:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     54103
IP address blocks:        195.128.163.0/24 maxlen: 24
                          195.128.179.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/da96f5-3f33-46f9-a514-2befffd57fb7/1/QZYjDljezAy8-xX1aqZN7dHzifU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/da96f5-3f33-46f9-a514-2befffd57fb7/1/QZYjDljezAy8-xX1aqZN7dHzifU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QZYjDljezAy8-xX1aqZN7dHzifU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:82:18:e1:31:c1:11:25:17:77:93:98:b4:0c:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4196230e58decc0cbcfb15f56aa64dedd1f389f5
        Validity
            Not Before: Jan  1 00:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b93fd26a6044f7697ccf8bae3d8ef48c4c91fc1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:f2:e1:f0:2a:f7:1c:c6:cc:c0:32:b1:71:2c:
                    19:c8:7d:42:69:76:cf:a3:39:32:2d:ae:89:3c:47:
                    f6:bf:f1:f7:7a:38:fc:29:6b:2d:d6:99:67:64:0c:
                    c5:6f:45:e9:43:3b:32:80:89:e4:a1:b2:88:52:f7:
                    b8:54:7a:84:8c:8d:81:c8:42:ba:12:32:01:21:42:
                    bd:a5:84:e4:c5:93:64:9b:5e:99:ac:ed:b7:35:1d:
                    92:bf:0d:7c:e1:20:92:3c:8e:8e:a8:c0:0f:83:04:
                    a1:0c:9f:28:a9:7b:f0:a4:26:9a:43:c2:fc:a2:2b:
                    52:89:54:b9:c1:40:b4:0f:a4:94:1e:52:3d:ac:ad:
                    f4:41:04:87:85:54:82:54:31:c0:77:a0:5f:65:87:
                    dd:94:7c:e0:62:c2:71:2c:b8:6e:00:8a:74:9b:8b:
                    76:e6:0a:8b:6b:09:c0:98:5b:9a:8d:ef:3c:06:1d:
                    6f:52:cf:fb:9b:de:71:12:f3:c5:6e:b7:c0:b4:1e:
                    46:c2:dd:93:1c:97:97:45:dc:47:cc:d8:b6:95:42:
                    99:9b:ae:63:ad:70:a6:eb:77:61:ba:56:24:68:37:
                    cf:56:a6:59:d8:f7:3f:18:9b:cd:b3:80:1b:f4:77:
                    2b:c8:c1:09:56:c8:50:05:b6:1a:5b:19:2d:47:87:
                    ac:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:3F:D2:6A:60:44:F7:69:7C:CF:8B:AE:3D:8E:F4:8C:4C:91:FC:1D
            X509v3 Authority Key Identifier:
                keyid:41:96:23:0E:58:DE:CC:0C:BC:FB:15:F5:6A:A6:4D:ED:D1:F3:89:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QZYjDljezAy8-xX1aqZN7dHzifU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/da96f5-3f33-46f9-a514-2befffd57fb7/1/uT_SamBE92l8z4uuPY70jEyR_B0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/da96f5-3f33-46f9-a514-2befffd57fb7/1/QZYjDljezAy8-xX1aqZN7dHzifU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.128.163.0/24
                  195.128.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:55:64:bc:27:ee:7a:12:a1:5a:4b:c2:05:58:c5:8c:50:f4:
         cc:c7:fd:b0:db:85:71:ba:02:50:18:82:4c:89:35:fc:ec:29:
         be:51:67:5a:e4:fc:17:21:cb:ee:42:a3:91:8b:62:83:e7:b6:
         95:26:ad:30:da:4d:a4:28:8b:24:b4:04:18:fd:92:76:94:f2:
         e6:df:b0:9c:1a:81:e2:81:59:35:b0:30:4d:a5:d2:b1:63:73:
         b9:0b:59:da:64:52:58:34:64:9f:54:5a:eb:7e:ac:11:84:98:
         8a:51:63:ea:15:02:aa:5d:85:71:13:d8:5b:32:03:79:4b:8e:
         9b:2b:d0:df:13:b7:36:31:0a:31:39:44:0b:94:c1:35:f5:28:
         09:4e:d2:e3:b3:58:ff:25:9d:d9:48:6d:73:fd:c5:79:a8:c0:
         79:ef:45:74:6d:e6:95:47:1b:8b:86:82:17:24:65:ff:37:03:
         fc:b4:8e:2c:ae:32:b4:a7:ca:39:2b:2d:06:da:69:0d:c0:6c:
         b3:9a:94:84:cf:bc:2a:b1:8a:84:98:43:0b:4c:f7:82:a7:ae:
         b9:7a:12:e9:82:11:e0:ea:ec:b9:3d:83:8d:86:c3:15:87:e4:
         fe:49:aa:d1:39:22:a3:43:12:7a:34:2b:db:57:85:d8:50:91:
         48:42:e3:48
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbYIY4THBESUXd5OYtAxxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxOTYyMzBlNThkZWNjMGNiY2ZiMTVmNTZhYTY0ZGVkZDFm
Mzg5ZjUwHhcNMjQwMTAxMDAzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTNmZDI2YTYwNDRmNzY5N2NjZjhiYWUzZDhlZjQ4YzRjOTFmYzFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAivLh8Cr3HMbMwDKxcSwZyH1CaXbP
ozkyLa6JPEf2v/H3ejj8KWst1plnZAzFb0XpQzsygInkobKIUve4VHqEjI2ByEK6
EjIBIUK9pYTkxZNkm16ZrO23NR2Svw184SCSPI6OqMAPgwShDJ8oqXvwpCaaQ8L8
oitSiVS5wUC0D6SUHlI9rK30QQSHhVSCVDHAd6BfZYfdlHzgYsJxLLhuAIp0m4t2
5gqLawnAmFuaje88Bh1vUs/7m95xEvPFbrfAtB5Gwt2THJeXRdxHzNi2lUKZm65j
rXCm63dhulYkaDfPVqZZ2Pc/GJvNs4Ab9HcryMEJVshQBbYaWxktR4esHwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLk/0mpgRPdpfM+Lrj2O9IxMkfwdMB8GA1UdIwQY
MBaAFEGWIw5Y3swMvPsV9WqmTe3R84n1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVpZakRsamV6QXk4LXhYMWFxWk43ZEh6aWZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9kYTk2ZjUtM2YzMy00NmY5LWE1MTQt
MmJlZmZmZDU3ZmI3LzEvdVRfU2FtQkU5Mmw4ejR1dVBZNzBqRXlSX0IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9kYTk2ZjUtM2YzMy00NmY5LWE1MTQtMmJlZmZmZDU3ZmI3
LzEvUVpZakRsamV6QXk4LXhYMWFxWk43ZEh6aWZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw4CjAwQA
w4CzMA0GCSqGSIb3DQEBCwUAA4IBAQAZVWS8J+56EqFaS8IFWMWMUPTMx/2w24Vx
ugJQGIJMiTX87Cm+UWda5PwXIcvuQqORi2KD57aVJq0w2k2kKIsktAQY/ZJ2lPLm
37CcGoHigVk1sDBNpdKxY3O5C1naZFJYNGSfVFrrfqwRhJiKUWPqFQKqXYVxE9hb
MgN5S46bK9DfE7c2MQoxOUQLlME19SgJTtLjs1j/JZ3ZSG1z/cV5qMB570V0beaV
RxuLhoIXJGX/NwP8tI4srjK0p8o5Ky0G2mkNwGyzmpSEz7wqsYqEmEMLTPeCp665
ehLpghHg6uy5PYONhsMVh+T+SarROSKjQxJ6NCvbV4XYUJFIQuNI
-----END CERTIFICATE-----