Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/d50905-007a-4074-9a05-a6c8bd8742a4/1/TxdQapx1WnD1asKjn2Zjw0B71Vg.roa
File:                     TxdQapx1WnD1asKjn2Zjw0B71Vg.roa (raw, json)
Hash identifier:          WjL/MMmk8/pz7aZYd1Z558atNrQrf93WQXz+IOEmrh0=
Subject key identifier:   4F:17:50:6A:9C:75:5A:70:F5:6A:C2:A3:9F:66:63:C3:40:7B:D5:58
Certificate issuer:       /CN=ec9269185f63dc3356037f713ce8a0909ff07225
Certificate serial:       018CCA2B35D192418D4CF84327B364E7D13A
Authority key identifier: EC:92:69:18:5F:63:DC:33:56:03:7F:71:3C:E8:A0:90:9F:F0:72:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7JJpGF9j3DNWA39xPOigkJ_wciU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/d50905-007a-4074-9a05-a6c8bd8742a4/1/TxdQapx1WnD1asKjn2Zjw0B71Vg.roa
Signing time:             Tue 02 Jan 2024 12:34:38 +0000
ROA not before:           Tue 02 Jan 2024 12:34:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12301
IP address blocks:        195.144.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/d50905-007a-4074-9a05-a6c8bd8742a4/1/7JJpGF9j3DNWA39xPOigkJ_wciU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/d50905-007a-4074-9a05-a6c8bd8742a4/1/7JJpGF9j3DNWA39xPOigkJ_wciU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7JJpGF9j3DNWA39xPOigkJ_wciU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:35:d1:92:41:8d:4c:f8:43:27:b3:64:e7:d1:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec9269185f63dc3356037f713ce8a0909ff07225
        Validity
            Not Before: Jan  2 12:34:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f17506a9c755a70f56ac2a39f6663c3407bd558
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:da:33:9b:cf:06:e8:da:65:91:5f:99:d7:c1:
                    4d:91:b9:94:74:56:1f:bf:33:73:77:79:49:34:e0:
                    08:6c:75:8a:20:dc:b0:a2:95:13:69:ee:fa:43:1f:
                    73:94:85:9a:a1:62:bf:ec:a4:9e:ac:eb:f0:1f:97:
                    64:67:30:ee:3a:1c:8f:e0:78:cd:32:f4:b3:c3:d4:
                    1d:d0:3e:86:5f:e2:06:75:ef:9b:5e:5c:d4:91:92:
                    9b:a5:56:c7:37:62:d8:29:31:b1:d2:df:5e:d4:3f:
                    55:83:4e:e8:e0:d2:02:31:a5:e3:c2:a7:dd:9b:0d:
                    27:a1:05:ac:c0:f0:10:b2:dc:2b:51:df:d8:81:31:
                    16:55:49:3d:b9:54:10:3b:b6:05:04:0e:cd:fb:35:
                    3c:0a:f3:fb:4a:78:05:84:42:34:0a:e1:9a:b0:03:
                    3e:6c:ff:46:ca:c6:48:56:39:ce:29:3d:3d:13:f1:
                    5c:59:93:16:ef:b6:ca:03:d0:b3:e6:b9:6d:e4:d3:
                    89:4f:d6:65:57:23:78:cf:e1:9f:48:a5:71:f7:a0:
                    2c:fd:fd:ce:3e:c7:de:d1:d4:ae:c5:9a:77:42:eb:
                    61:33:04:c2:8c:a2:c1:78:b5:03:84:8b:27:3a:0a:
                    3e:5a:44:7b:89:1e:25:a4:2b:74:da:4d:58:7c:d4:
                    5e:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:17:50:6A:9C:75:5A:70:F5:6A:C2:A3:9F:66:63:C3:40:7B:D5:58
            X509v3 Authority Key Identifier:
                keyid:EC:92:69:18:5F:63:DC:33:56:03:7F:71:3C:E8:A0:90:9F:F0:72:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7JJpGF9j3DNWA39xPOigkJ_wciU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/d50905-007a-4074-9a05-a6c8bd8742a4/1/TxdQapx1WnD1asKjn2Zjw0B71Vg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/d50905-007a-4074-9a05-a6c8bd8742a4/1/7JJpGF9j3DNWA39xPOigkJ_wciU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.144.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:1d:85:9d:4d:2f:b9:c8:72:59:1f:ff:56:ef:52:23:30:8e:
         d8:57:b5:a3:70:07:85:95:fc:76:d5:66:33:9f:12:b6:6a:89:
         03:c1:be:69:e5:57:77:f3:b7:4d:a9:80:fb:ba:c2:63:c7:a6:
         dd:15:f8:5e:6f:32:3d:e6:63:74:05:51:b6:b9:80:7f:84:28:
         10:04:22:de:dd:b7:81:6e:ae:3b:9f:79:e1:a6:3f:1e:4d:bb:
         97:64:79:1b:61:a4:3a:a2:c8:7f:bd:29:45:c5:f0:a2:ae:51:
         b3:90:12:db:84:89:65:ef:92:4a:bc:b0:d2:97:31:8f:c0:d6:
         83:00:db:27:40:4a:cc:cf:2a:0b:ac:d8:9e:90:6f:ea:cf:e9:
         ce:16:bf:85:13:24:1d:be:9d:fe:1f:e1:46:5b:73:2a:11:64:
         ba:6d:fe:9b:31:84:c7:2f:3d:94:9d:4e:7c:31:af:1d:e9:ea:
         53:8f:8c:da:be:dd:f4:9c:de:6d:c8:e0:ce:f4:58:5e:de:42:
         47:91:44:0b:76:8b:a8:12:11:88:2e:07:d9:42:00:a4:ac:84:
         b9:0a:da:8f:6e:b2:db:30:be:41:d2:0d:29:2e:d9:94:f7:0a:
         67:2e:3b:54:78:3e:6c:92:6d:ae:00:c9:33:ea:4e:8e:2b:36:
         b1:e9:db:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKzXRkkGNTPhDJ7Nk59E6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjOTI2OTE4NWY2M2RjMzM1NjAzN2Y3MTNjZThhMDkwOWZm
MDcyMjUwHhcNMjQwMTAyMTIzNDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjE3NTA2YTljNzU1YTcwZjU2YWMyYTM5ZjY2NjNjMzQwN2JkNTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNozm88G6NplkV+Z18FNkbmUdFYf
vzNzd3lJNOAIbHWKINywopUTae76Qx9zlIWaoWK/7KSerOvwH5dkZzDuOhyP4HjN
MvSzw9Qd0D6GX+IGde+bXlzUkZKbpVbHN2LYKTGx0t9e1D9Vg07o4NICMaXjwqfd
mw0noQWswPAQstwrUd/YgTEWVUk9uVQQO7YFBA7N+zU8CvP7SngFhEI0CuGasAM+
bP9GysZIVjnOKT09E/FcWZMW77bKA9Cz5rlt5NOJT9ZlVyN4z+GfSKVx96As/f3O
Psfe0dSuxZp3QuthMwTCjKLBeLUDhIsnOgo+WkR7iR4lpCt02k1YfNReBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE8XUGqcdVpw9WrCo59mY8NAe9VYMB8GA1UdIwQY
MBaAFOySaRhfY9wzVgN/cTzooJCf8HIlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0pKcEdGOWozRE5XQTM5eFBPaWdrSl93Y2lVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9kNTA5MDUtMDA3YS00MDc0LTlhMDUt
YTZjOGJkODc0MmE0LzEvVHhkUWFweDFXbkQxYXNLam4yWmp3MEI3MVZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9kNTA5MDUtMDA3YS00MDc0LTlhMDUtYTZjOGJkODc0MmE0
LzEvN0pKcEdGOWozRE5XQTM5eFBPaWdrSl93Y2lVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw5AUMA0G
CSqGSIb3DQEBCwUAA4IBAQAnHYWdTS+5yHJZH/9W71IjMI7YV7WjcAeFlfx21WYz
nxK2aokDwb5p5Vd387dNqYD7usJjx6bdFfhebzI95mN0BVG2uYB/hCgQBCLe3beB
bq47n3nhpj8eTbuXZHkbYaQ6osh/vSlFxfCirlGzkBLbhIll75JKvLDSlzGPwNaD
ANsnQErMzyoLrNiekG/qz+nOFr+FEyQdvp3+H+FGW3MqEWS6bf6bMYTHLz2UnU58
Ma8d6epTj4zavt30nN5tyODO9Fhe3kJHkUQLdouoEhGILgfZQgCkrIS5CtqPbrLb
ML5B0g0pLtmU9wpnLjtUeD5skm2uAMkz6k6OKzax6dvm
-----END CERTIFICATE-----