Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/4624d2-484b-4bb2-aad2-02ddcd6bda92/1/JYbcTThxOx5BnOuR-mJWLMRrwnk.roa
File:                     JYbcTThxOx5BnOuR-mJWLMRrwnk.roa (raw, json)
Hash identifier:          adXrqc0lnzAUr8dKQ3rTWmreu64+i239Ds4J5l+KNGw=
Subject key identifier:   25:86:DC:4D:38:71:3B:1E:41:9C:EB:91:FA:62:56:2C:C4:6B:C2:79
Certificate issuer:       /CN=1571f157c3a5bd5cff5d1a47d419648a27e35a9b
Certificate serial:       018CC8DD1D57741E0F131B9135E7CFA270B0
Authority key identifier: 15:71:F1:57:C3:A5:BD:5C:FF:5D:1A:47:D4:19:64:8A:27:E3:5A:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FXHxV8OlvVz_XRpH1BlkiifjWps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/4624d2-484b-4bb2-aad2-02ddcd6bda92/1/JYbcTThxOx5BnOuR-mJWLMRrwnk.roa
Signing time:             Tue 02 Jan 2024 06:29:43 +0000
ROA not before:           Tue 02 Jan 2024 06:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51576
IP address blocks:        195.95.190.0/24 maxlen: 24
                          2a06:de80::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/4624d2-484b-4bb2-aad2-02ddcd6bda92/1/FXHxV8OlvVz_XRpH1BlkiifjWps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/4624d2-484b-4bb2-aad2-02ddcd6bda92/1/FXHxV8OlvVz_XRpH1BlkiifjWps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FXHxV8OlvVz_XRpH1BlkiifjWps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dd:1d:57:74:1e:0f:13:1b:91:35:e7:cf:a2:70:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1571f157c3a5bd5cff5d1a47d419648a27e35a9b
        Validity
            Not Before: Jan  2 06:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2586dc4d38713b1e419ceb91fa62562cc46bc279
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:80:17:66:e5:8b:4b:02:10:d2:56:d8:20:dd:
                    c7:20:f4:db:4a:4d:ea:65:2d:8b:24:8a:7d:4d:0b:
                    20:1a:7c:1d:9d:65:52:15:d7:fa:ea:69:55:a7:bf:
                    87:fe:96:b3:bf:d1:b9:f7:2a:07:26:c9:5b:fe:f1:
                    14:19:16:1c:da:46:67:f4:86:9f:99:0b:af:94:de:
                    11:ee:77:97:94:6b:46:e0:72:33:d7:0d:33:3d:79:
                    93:da:9c:31:fa:b3:dd:51:ec:b1:9c:2f:c3:05:50:
                    9d:64:38:26:44:d7:fd:14:91:70:6f:87:61:0d:ce:
                    18:ab:b8:ca:ac:6a:a3:69:54:87:f0:4c:59:82:58:
                    4c:5b:54:99:67:d4:15:28:fa:2f:cb:52:46:cd:88:
                    da:58:80:35:50:68:92:7a:fe:d1:c0:23:af:4f:bd:
                    c0:02:a9:c2:36:8d:fe:ae:60:a7:e6:b3:a7:a6:c8:
                    6a:c3:74:07:1a:a2:90:fb:d9:4c:16:4d:0a:54:af:
                    aa:ac:35:2c:ba:0b:79:3b:6c:a5:54:bc:6c:c3:be:
                    26:52:6c:8c:7d:e1:14:85:22:ad:a7:47:fc:38:71:
                    ce:cf:db:51:4b:20:b9:f9:ec:c7:be:37:4f:64:5c:
                    29:6d:fc:0b:ff:5e:af:b4:af:e8:70:a9:be:3a:46:
                    8d:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:86:DC:4D:38:71:3B:1E:41:9C:EB:91:FA:62:56:2C:C4:6B:C2:79
            X509v3 Authority Key Identifier:
                keyid:15:71:F1:57:C3:A5:BD:5C:FF:5D:1A:47:D4:19:64:8A:27:E3:5A:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FXHxV8OlvVz_XRpH1BlkiifjWps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/4624d2-484b-4bb2-aad2-02ddcd6bda92/1/JYbcTThxOx5BnOuR-mJWLMRrwnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/4624d2-484b-4bb2-aad2-02ddcd6bda92/1/FXHxV8OlvVz_XRpH1BlkiifjWps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.190.0/24
                IPv6:
                  2a06:de80::/29

    Signature Algorithm: sha256WithRSAEncryption
         72:0b:ab:94:60:fd:60:23:cb:22:aa:01:8e:ee:fe:68:4d:59:
         f8:3f:fe:02:0a:b7:d6:b0:cc:07:f1:e8:bd:14:6b:69:5d:f0:
         7a:ae:48:09:57:a6:6d:e9:e4:54:82:85:72:79:d9:be:3b:c9:
         50:4d:55:9a:25:d3:10:82:30:91:94:4a:43:b1:14:9d:dd:df:
         95:e8:08:9d:99:34:30:ab:38:8e:cf:51:ed:c2:51:13:2a:d8:
         3a:33:3f:3a:21:82:cf:68:37:70:e6:a2:8b:d1:f8:da:64:bb:
         4e:06:91:3b:cd:de:ae:9e:0f:b3:6d:9b:73:59:f5:7d:37:90:
         d4:f0:82:f2:8a:48:4c:c7:e8:93:17:11:43:83:cf:36:dd:54:
         86:81:ff:71:26:a3:d8:d5:2f:f5:ff:b4:9d:68:f7:db:c4:02:
         39:99:dd:dd:08:73:bc:1b:29:ea:1d:a3:3d:cb:70:0e:d7:e7:
         08:ce:6d:3d:f8:b2:a0:55:cf:61:b1:c0:a0:a0:98:b6:b6:68:
         d0:76:4c:42:1e:8f:3c:52:85:5f:c9:61:4e:dc:21:da:0e:c1:
         75:35:00:54:1a:68:9e:8b:ae:4b:ad:b2:a4:cc:63:ff:a6:34:
         79:62:00:2b:5e:c6:ff:ea:2f:e9:ad:d4:ac:4d:06:b6:57:14:
         fd:db:39:78
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3R1XdB4PExuRNefPonCwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1NzFmMTU3YzNhNWJkNWNmZjVkMWE0N2Q0MTk2NDhhMjdl
MzVhOWIwHhcNMjQwMTAyMDYyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTg2ZGM0ZDM4NzEzYjFlNDE5Y2ViOTFmYTYyNTYyY2M0NmJjMjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnoAXZuWLSwIQ0lbYIN3HIPTbSk3q
ZS2LJIp9TQsgGnwdnWVSFdf66mlVp7+H/pazv9G59yoHJslb/vEUGRYc2kZn9Iaf
mQuvlN4R7neXlGtG4HIz1w0zPXmT2pwx+rPdUeyxnC/DBVCdZDgmRNf9FJFwb4dh
Dc4Yq7jKrGqjaVSH8ExZglhMW1SZZ9QVKPovy1JGzYjaWIA1UGiSev7RwCOvT73A
AqnCNo3+rmCn5rOnpshqw3QHGqKQ+9lMFk0KVK+qrDUsugt5O2ylVLxsw74mUmyM
feEUhSKtp0f8OHHOz9tRSyC5+ezHvjdPZFwpbfwL/16vtK/ocKm+OkaN3QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCWG3E04cTseQZzrkfpiVizEa8J5MB8GA1UdIwQY
MBaAFBVx8VfDpb1c/10aR9QZZIon41qbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlhIeFY4T2x2VnpfWFJwSDFCbGtpaWZqV3BzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi80NjI0ZDItNDg0Yi00YmIyLWFhZDIt
MDJkZGNkNmJkYTkyLzEvSlliY1RUaHhPeDVCbk91Ui1tSldMTVJyd25rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi80NjI0ZDItNDg0Yi00YmIyLWFhZDItMDJkZGNkNmJkYTky
LzEvRlhIeFY4T2x2VnpfWFJwSDFCbGtpaWZqV3BzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAw1++MA0E
AgACMAcDBQMqBt6AMA0GCSqGSIb3DQEBCwUAA4IBAQByC6uUYP1gI8siqgGO7v5o
TVn4P/4CCrfWsMwH8ei9FGtpXfB6rkgJV6Zt6eRUgoVyedm+O8lQTVWaJdMQgjCR
lEpDsRSd3d+V6AidmTQwqziOz1HtwlETKtg6Mz86IYLPaDdw5qKL0fjaZLtOBpE7
zd6ung+zbZtzWfV9N5DU8ILyikhMx+iTFxFDg8823VSGgf9xJqPY1S/1/7SdaPfb
xAI5md3dCHO8GynqHaM9y3AO1+cIzm09+LKgVc9hscCgoJi2tmjQdkxCHo88UoVf
yWFO3CHaDsF1NQBUGmiei65LrbKkzGP/pjR5YgArXsb/6i/prdSsTQa2VxT92zl4
-----END CERTIFICATE-----