Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/b9e4c4-a3dc-46e8-aa3e-397f36c91982/1/Cmgke5dVPmcDA5xCcLmQV4LgWrk.roa
File:                     Cmgke5dVPmcDA5xCcLmQV4LgWrk.roa (raw, json)
Hash identifier:          Y36LKlqcrKLjLA40sCoQONRIqc9NzJcMezfouyrXSLc=
Subject key identifier:   0A:68:24:7B:97:55:3E:67:03:03:9C:42:70:B9:90:57:82:E0:5A:B9
Certificate issuer:       /CN=64f873adb6a1f3e81b3343c74998947526c43dcf
Certificate serial:       018CC5DC76FD4B883AC0E33D6BB1C6D4A36B
Authority key identifier: 64:F8:73:AD:B6:A1:F3:E8:1B:33:43:C7:49:98:94:75:26:C4:3D:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZPhzrbah8-gbM0PHSZiUdSbEPc8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/b9e4c4-a3dc-46e8-aa3e-397f36c91982/1/Cmgke5dVPmcDA5xCcLmQV4LgWrk.roa
Signing time:             Mon 01 Jan 2024 16:30:09 +0000
ROA not before:           Mon 01 Jan 2024 16:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59657
IP address blocks:        195.190.135.0/24 maxlen: 24
                          194.37.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/b9e4c4-a3dc-46e8-aa3e-397f36c91982/1/ZPhzrbah8-gbM0PHSZiUdSbEPc8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/b9e4c4-a3dc-46e8-aa3e-397f36c91982/1/ZPhzrbah8-gbM0PHSZiUdSbEPc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZPhzrbah8-gbM0PHSZiUdSbEPc8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 19:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:76:fd:4b:88:3a:c0:e3:3d:6b:b1:c6:d4:a3:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64f873adb6a1f3e81b3343c74998947526c43dcf
        Validity
            Not Before: Jan  1 16:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a68247b97553e6703039c4270b9905782e05ab9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:5d:20:7f:24:ff:2c:12:6d:92:48:f3:2c:69:
                    b2:cc:a9:7a:93:f2:18:11:75:f6:ea:e7:d8:c3:ac:
                    ff:e5:ad:32:5e:02:3d:5e:02:ed:d5:45:93:fc:83:
                    b4:44:03:99:0c:ca:6b:b2:f5:ce:cd:bb:5e:f1:b8:
                    1c:fd:b8:b0:5b:5c:a3:22:e9:20:62:04:ed:f0:58:
                    31:7f:a3:7b:53:d4:83:4e:f3:2d:f9:57:56:db:43:
                    7b:2c:79:73:cf:5e:89:46:c6:66:6e:72:2b:a5:c8:
                    0d:4a:59:a7:39:6a:73:dd:15:bf:5a:8b:61:3b:f7:
                    a3:d1:87:cf:ed:67:bf:d5:81:61:01:a1:f5:43:c6:
                    5e:5c:df:69:f2:c2:ff:54:77:8e:42:8b:be:71:e8:
                    35:e4:ca:8c:7e:94:24:bc:49:27:a7:c2:7e:cf:e3:
                    be:42:cd:e5:43:a1:43:e4:ce:46:19:9e:16:57:84:
                    02:b2:e8:0d:b6:73:6d:29:47:c5:a7:46:45:8a:0f:
                    cd:d6:ff:db:05:26:45:c4:6e:ce:6a:48:b7:fe:6d:
                    b0:b5:32:80:74:90:a5:41:98:88:10:89:f5:11:e1:
                    74:75:99:b8:94:93:56:88:5c:ca:16:ad:bf:5a:f6:
                    b2:b8:2c:f2:1a:02:9b:26:97:cb:82:cd:dc:76:4c:
                    8d:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:68:24:7B:97:55:3E:67:03:03:9C:42:70:B9:90:57:82:E0:5A:B9
            X509v3 Authority Key Identifier:
                keyid:64:F8:73:AD:B6:A1:F3:E8:1B:33:43:C7:49:98:94:75:26:C4:3D:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZPhzrbah8-gbM0PHSZiUdSbEPc8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/b9e4c4-a3dc-46e8-aa3e-397f36c91982/1/Cmgke5dVPmcDA5xCcLmQV4LgWrk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/b9e4c4-a3dc-46e8-aa3e-397f36c91982/1/ZPhzrbah8-gbM0PHSZiUdSbEPc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.37.255.0/24
                  195.190.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:87:f2:c1:8a:45:19:d3:e4:50:98:b9:04:10:0d:51:f8:d7:
         9b:f6:c9:1e:ee:48:4e:ab:72:fa:d2:b6:83:68:e3:95:80:22:
         4a:a5:1c:f0:77:ba:b3:8e:a2:85:bb:e6:ee:af:d4:36:59:18:
         5a:c0:03:6e:b1:c5:15:5a:85:d3:ff:65:4a:ae:67:1f:ca:58:
         f3:b2:ee:11:21:fd:1d:83:83:85:5f:ce:c4:60:5e:f5:79:c2:
         10:49:c7:ab:28:83:f7:f5:41:c7:47:1a:33:3b:09:99:09:4e:
         8d:87:f4:51:b3:f5:0d:2a:ad:45:cc:6c:f0:1d:07:e4:06:90:
         ca:ad:b5:ff:83:b8:cf:60:40:f0:e6:f8:22:76:a6:e2:6a:cd:
         01:89:10:11:04:e9:12:32:b5:75:ce:84:74:31:44:f3:a8:de:
         62:d6:59:75:da:8f:4c:31:88:03:90:c9:c2:e6:aa:91:16:5e:
         df:2f:5e:57:05:43:1a:54:59:25:54:91:7d:d4:e1:bb:70:64:
         20:94:b8:5d:15:f9:09:0b:d4:d7:7f:9c:02:d7:9e:84:0c:95:
         16:6b:4d:44:4e:87:d8:f2:0f:1c:bc:f0:49:05:05:6e:f1:0a:
         60:2c:65:aa:b4:25:4e:1b:1e:1d:b2:65:4e:9a:22:1e:dc:4e:
         c8:69:45:58
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF3Hb9S4g6wOM9a7HG1KNrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0Zjg3M2FkYjZhMWYzZTgxYjMzNDNjNzQ5OTg5NDc1MjZj
NDNkY2YwHhcNMjQwMTAxMTYzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTY4MjQ3Yjk3NTUzZTY3MDMwMzljNDI3MGI5OTA1NzgyZTA1YWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA910gfyT/LBJtkkjzLGmyzKl6k/IY
EXX26ufYw6z/5a0yXgI9XgLt1UWT/IO0RAOZDMprsvXOzbte8bgc/biwW1yjIukg
YgTt8Fgxf6N7U9SDTvMt+VdW20N7LHlzz16JRsZmbnIrpcgNSlmnOWpz3RW/Woth
O/ej0YfP7We/1YFhAaH1Q8ZeXN9p8sL/VHeOQou+ceg15MqMfpQkvEknp8J+z+O+
Qs3lQ6FD5M5GGZ4WV4QCsugNtnNtKUfFp0ZFig/N1v/bBSZFxG7Oaki3/m2wtTKA
dJClQZiIEIn1EeF0dZm4lJNWiFzKFq2/WvayuCzyGgKbJpfLgs3cdkyNtQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFApoJHuXVT5nAwOcQnC5kFeC4Fq5MB8GA1UdIwQY
MBaAFGT4c622ofPoGzNDx0mYlHUmxD3PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlBoenJiYWg4LWdiTTBQSFNaaVVkU2JFUGM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi9iOWU0YzQtYTNkYy00NmU4LWFhM2Ut
Mzk3ZjM2YzkxOTgyLzEvQ21na2U1ZFZQbWNEQTV4Q2NMbVFWNExnV3JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi9iOWU0YzQtYTNkYy00NmU4LWFhM2UtMzk3ZjM2YzkxOTgy
LzEvWlBoenJiYWg4LWdiTTBQSFNaaVVkU2JFUGM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwiX/AwQA
w76HMA0GCSqGSIb3DQEBCwUAA4IBAQAAh/LBikUZ0+RQmLkEEA1R+Neb9ske7khO
q3L60raDaOOVgCJKpRzwd7qzjqKFu+bur9Q2WRhawANuscUVWoXT/2VKrmcfyljz
su4RIf0dg4OFX87EYF71ecIQScerKIP39UHHRxozOwmZCU6Nh/RRs/UNKq1FzGzw
HQfkBpDKrbX/g7jPYEDw5vgidqbias0BiRARBOkSMrV1zoR0MUTzqN5i1ll12o9M
MYgDkMnC5qqRFl7fL15XBUMaVFklVJF91OG7cGQglLhdFfkJC9TXf5wC156EDJUW
a01ETofY8g8cvPBJBQVu8QpgLGWqtCVOGx4dsmVOmiIe3E7IaUVY
-----END CERTIFICATE-----