Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/a05e77-f301-4125-9118-e4d1f0a27b21/1/RvYIwRdT5Ruc0fCvQBV1DqHTgro.roa
File:                     RvYIwRdT5Ruc0fCvQBV1DqHTgro.roa (raw, json)
Hash identifier:          HBm+SpMYGNkyoa+YZC9dpL7H8k5GmmWxNKmGrJkKP7A=
Subject key identifier:   46:F6:08:C1:17:53:E5:1B:9C:D1:F0:AF:40:15:75:0E:A1:D3:82:BA
Certificate issuer:       /CN=cced992030531e7e8b518aefd9e267cc528eda9a
Certificate serial:       018CCF1F5D38268C516E504A4759C1AED19F
Authority key identifier: CC:ED:99:20:30:53:1E:7E:8B:51:8A:EF:D9:E2:67:CC:52:8E:DA:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zO2ZIDBTHn6LUYrv2eJnzFKO2po.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/a05e77-f301-4125-9118-e4d1f0a27b21/1/RvYIwRdT5Ruc0fCvQBV1DqHTgro.roa
Signing time:             Wed 03 Jan 2024 11:39:48 +0000
ROA not before:           Wed 03 Jan 2024 11:39:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     55154
IP address blocks:        195.170.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/a05e77-f301-4125-9118-e4d1f0a27b21/1/zO2ZIDBTHn6LUYrv2eJnzFKO2po.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/a05e77-f301-4125-9118-e4d1f0a27b21/1/zO2ZIDBTHn6LUYrv2eJnzFKO2po.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zO2ZIDBTHn6LUYrv2eJnzFKO2po.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:cf:1f:5d:38:26:8c:51:6e:50:4a:47:59:c1:ae:d1:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cced992030531e7e8b518aefd9e267cc528eda9a
        Validity
            Not Before: Jan  3 11:39:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=46f608c11753e51b9cd1f0af4015750ea1d382ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:26:ec:3d:55:8c:30:a4:16:79:45:a2:5e:ea:
                    2e:c1:8c:e8:21:7e:d6:8e:89:9c:42:ae:78:fa:e8:
                    bc:4e:fc:ad:16:b8:a8:83:41:42:ae:5f:be:f5:e6:
                    1d:32:a8:e9:44:36:61:78:f8:3f:8c:ac:ed:32:08:
                    a7:54:a3:fd:6c:ff:a2:76:86:6e:6d:e1:04:05:0f:
                    9b:e6:58:9c:f3:b0:66:a7:1f:9b:fd:9b:8e:32:fe:
                    dd:92:20:67:37:f9:f7:4f:96:ad:cd:a8:af:0b:51:
                    01:ec:5b:a3:c2:f6:2f:c7:52:b9:7f:fb:a4:8f:a6:
                    97:c2:c7:f2:a7:21:1e:2a:d6:2c:29:87:46:45:41:
                    3e:c1:17:df:e2:78:2d:7d:92:b6:34:f8:ff:9f:01:
                    6a:ee:13:99:0c:ea:f6:ff:c2:ee:21:8b:5c:21:db:
                    6f:9f:1b:d8:66:70:91:05:4a:25:31:bf:81:7f:90:
                    63:ef:76:67:fb:46:7f:31:32:f6:00:7c:03:f1:4b:
                    c4:25:ea:bb:91:12:c0:28:26:79:9a:29:36:e8:6c:
                    f3:70:05:f0:59:31:58:a0:fb:26:eb:50:cd:c4:9b:
                    15:c4:99:54:19:61:2e:48:b0:13:80:9e:e0:6e:c3:
                    f0:5e:d2:5d:73:16:9c:8a:0d:62:57:bd:0e:b7:af:
                    c8:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:F6:08:C1:17:53:E5:1B:9C:D1:F0:AF:40:15:75:0E:A1:D3:82:BA
            X509v3 Authority Key Identifier:
                keyid:CC:ED:99:20:30:53:1E:7E:8B:51:8A:EF:D9:E2:67:CC:52:8E:DA:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zO2ZIDBTHn6LUYrv2eJnzFKO2po.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/a05e77-f301-4125-9118-e4d1f0a27b21/1/RvYIwRdT5Ruc0fCvQBV1DqHTgro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/a05e77-f301-4125-9118-e4d1f0a27b21/1/zO2ZIDBTHn6LUYrv2eJnzFKO2po.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.170.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:c1:9f:0e:02:0d:0b:e0:46:67:28:17:02:6c:6c:3b:06:71:
         e8:2a:d4:a9:8e:0e:42:23:8e:5a:f6:07:03:a5:90:33:fb:6e:
         e6:be:15:18:f3:80:bb:4a:0a:89:6c:f0:5e:c3:2e:2f:1e:82:
         d5:4e:d4:c8:c6:90:b0:6c:c6:db:f3:b9:3c:c6:bd:c3:b2:fe:
         69:73:29:3e:36:7f:56:5e:1f:13:6d:55:6d:4c:de:04:49:b3:
         6e:48:42:ca:6b:2e:74:08:11:09:c2:de:fb:39:52:00:2d:2d:
         3e:cb:90:cd:60:1f:fe:26:aa:ab:61:de:97:6a:00:9d:c5:19:
         96:2a:cd:95:66:74:90:90:ed:4f:03:1d:d9:27:f6:d4:1c:43:
         b1:1d:a4:9b:60:ba:9e:e4:06:65:42:d7:6a:58:7b:3a:c8:05:
         e0:d8:ca:97:5f:d6:8c:9f:c1:fb:eb:27:cf:f6:29:85:d7:94:
         b1:53:c8:96:69:93:db:17:57:d9:13:61:f5:fe:ee:b0:3f:3e:
         4f:e4:9e:74:b0:3c:3d:0d:e2:cf:7f:fe:7e:c9:83:c4:08:10:
         0a:dd:8c:e0:ff:90:4f:be:b2:b2:6a:88:8b:26:b3:58:02:90:
         fa:db:ae:95:a2:05:c3:75:d3:b6:81:25:5f:73:db:10:5d:f1:
         49:5b:5e:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzPH104JoxRblBKR1nBrtGfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZWQ5OTIwMzA1MzFlN2U4YjUxOGFlZmQ5ZTI2N2NjNTI4
ZWRhOWEwHhcNMjQwMTAzMTEzOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmY2MDhjMTE3NTNlNTFiOWNkMWYwYWY0MDE1NzUwZWExZDM4MmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsybsPVWMMKQWeUWiXuouwYzoIX7W
jomcQq54+ui8TvytFriog0FCrl++9eYdMqjpRDZhePg/jKztMginVKP9bP+idoZu
beEEBQ+b5lic87Bmpx+b/ZuOMv7dkiBnN/n3T5atzaivC1EB7FujwvYvx1K5f/uk
j6aXwsfypyEeKtYsKYdGRUE+wRff4ngtfZK2NPj/nwFq7hOZDOr2/8LuIYtcIdtv
nxvYZnCRBUolMb+Bf5Bj73Zn+0Z/MTL2AHwD8UvEJeq7kRLAKCZ5mik26GzzcAXw
WTFYoPsm61DNxJsVxJlUGWEuSLATgJ7gbsPwXtJdcxacig1iV70Ot6/IqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEb2CMEXU+UbnNHwr0AVdQ6h04K6MB8GA1UdIwQY
MBaAFMztmSAwUx5+i1GK79niZ8xSjtqaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek8yWklEQlRIbjZMVVlydjJlSm56RktPMnBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9hMDVlNzctZjMwMS00MTI1LTkxMTgt
ZTRkMWYwYTI3YjIxLzEvUnZZSXdSZFQ1UnVjMGZDdlFCVjFEcUhUZ3JvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9hMDVlNzctZjMwMS00MTI1LTkxMTgtZTRkMWYwYTI3YjIx
LzEvek8yWklEQlRIbjZMVVlydjJlSm56RktPMnBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw6qjMA0G
CSqGSIb3DQEBCwUAA4IBAQCYwZ8OAg0L4EZnKBcCbGw7BnHoKtSpjg5CI45a9gcD
pZAz+27mvhUY84C7SgqJbPBewy4vHoLVTtTIxpCwbMbb87k8xr3Dsv5pcyk+Nn9W
Xh8TbVVtTN4ESbNuSELKay50CBEJwt77OVIALS0+y5DNYB/+JqqrYd6XagCdxRmW
Ks2VZnSQkO1PAx3ZJ/bUHEOxHaSbYLqe5AZlQtdqWHs6yAXg2MqXX9aMn8H76yfP
9imF15SxU8iWaZPbF1fZE2H1/u6wPz5P5J50sDw9DeLPf/5+yYPECBAK3Yzg/5BP
vrKyaoiLJrNYApD6266VogXDddO2gSVfc9sQXfFJW17x
-----END CERTIFICATE-----