Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/8b01c2-ecbe-4f88-ae37-504c8fc220ea/1/Obw24SFg-Zzms8Ido4pBF5Dt24E.roa
File:                     Obw24SFg-Zzms8Ido4pBF5Dt24E.roa (raw, json)
Hash identifier:          s1cKqIglPV697bgqEX4oYD9q1avpxrj+PTqn5q70UMM=
Subject key identifier:   39:BC:36:E1:21:60:F9:9C:E6:B3:C2:1D:A3:8A:41:17:90:ED:DB:81
Certificate issuer:       /CN=0562d5a67b7a20f865e753163a6ed0e5f347e839
Certificate serial:       018CC7955AEA639DC56FFD79619BAA2C5B3D
Authority key identifier: 05:62:D5:A6:7B:7A:20:F8:65:E7:53:16:3A:6E:D0:E5:F3:47:E8:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BWLVpnt6IPhl51MWOm7Q5fNH6Dk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/8b01c2-ecbe-4f88-ae37-504c8fc220ea/1/Obw24SFg-Zzms8Ido4pBF5Dt24E.roa
Signing time:             Tue 02 Jan 2024 00:31:43 +0000
ROA not before:           Tue 02 Jan 2024 00:31:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12905
IP address blocks:        195.146.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/8b01c2-ecbe-4f88-ae37-504c8fc220ea/1/BWLVpnt6IPhl51MWOm7Q5fNH6Dk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/8b01c2-ecbe-4f88-ae37-504c8fc220ea/1/BWLVpnt6IPhl51MWOm7Q5fNH6Dk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BWLVpnt6IPhl51MWOm7Q5fNH6Dk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:5a:ea:63:9d:c5:6f:fd:79:61:9b:aa:2c:5b:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0562d5a67b7a20f865e753163a6ed0e5f347e839
        Validity
            Not Before: Jan  2 00:31:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39bc36e12160f99ce6b3c21da38a411790eddb81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:3a:40:db:d7:2d:bb:d9:64:89:b3:2d:14:ba:
                    07:e7:84:94:be:fc:92:c8:1c:c5:08:75:a3:16:28:
                    49:1b:1c:5a:45:a8:c7:22:df:4e:4c:a3:a9:05:d3:
                    f5:52:37:0a:46:9b:6c:cf:95:d7:20:46:58:00:70:
                    76:36:f4:64:b3:83:1c:ba:bb:74:b9:41:0d:84:0c:
                    bf:80:8e:96:dc:48:2e:15:16:02:6d:8a:20:5c:f4:
                    05:89:9c:3a:93:69:7c:f6:9b:c3:26:19:96:80:28:
                    09:b7:b6:7c:fb:f5:92:38:fa:8c:3a:c1:8b:07:92:
                    46:88:d3:a3:26:e0:c1:68:71:73:64:e9:54:7d:4a:
                    21:83:f5:d3:98:46:12:49:3d:ec:fd:ed:d6:06:90:
                    ef:d2:67:c0:bd:2c:5d:8f:de:5f:6a:4e:ad:18:45:
                    60:09:64:f3:e6:75:64:d4:4c:f2:7b:3d:28:13:d7:
                    fd:35:b8:53:bc:e6:52:5c:78:e8:1e:15:2c:60:ed:
                    1f:7b:ab:df:36:92:84:dc:39:fa:f4:dd:e8:d8:0b:
                    35:85:e3:83:92:69:7f:ca:39:a6:ad:33:50:d8:44:
                    eb:38:54:ad:0f:b5:19:5c:01:aa:41:9c:8c:2b:ae:
                    7c:6b:03:7d:a3:06:96:dc:8f:86:31:3e:01:f2:3f:
                    42:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:BC:36:E1:21:60:F9:9C:E6:B3:C2:1D:A3:8A:41:17:90:ED:DB:81
            X509v3 Authority Key Identifier:
                keyid:05:62:D5:A6:7B:7A:20:F8:65:E7:53:16:3A:6E:D0:E5:F3:47:E8:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BWLVpnt6IPhl51MWOm7Q5fNH6Dk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/8b01c2-ecbe-4f88-ae37-504c8fc220ea/1/Obw24SFg-Zzms8Ido4pBF5Dt24E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/8b01c2-ecbe-4f88-ae37-504c8fc220ea/1/BWLVpnt6IPhl51MWOm7Q5fNH6Dk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.146.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:51:f8:d2:0c:91:2e:f2:64:8b:f1:70:fe:58:1f:c0:74:04:
         a4:6e:26:46:6a:92:20:65:15:70:f9:6b:b7:e4:60:13:57:c9:
         c2:b0:12:b1:77:b6:ca:6c:26:64:32:38:4d:94:31:54:ab:cb:
         ec:3b:16:e5:85:de:f5:da:9a:aa:73:7c:a8:cb:b2:20:d8:4b:
         51:43:b3:70:4b:49:aa:c7:f2:34:ce:70:eb:c9:03:98:c0:27:
         09:70:47:6a:99:b3:00:8a:43:45:8c:8d:6c:22:7a:79:2c:23:
         dd:51:90:c7:66:c5:62:b0:b8:6e:a3:85:1d:5a:6d:d9:1a:9b:
         8a:87:38:82:2d:2f:80:68:b3:2c:46:3a:22:ac:da:b7:18:bf:
         a1:11:aa:75:a4:b0:e2:db:80:6a:d2:42:d2:0f:3f:e6:b9:fe:
         57:04:42:11:ae:30:86:91:79:73:e0:7b:a4:f7:c4:05:e7:47:
         50:56:71:d4:9d:c1:03:5d:f3:bf:22:e6:34:0c:ef:45:cb:93:
         36:74:94:3e:32:94:7a:48:67:7d:a6:b5:25:ad:b5:ed:a5:24:
         8e:e4:a9:eb:1e:15:b2:81:51:8b:4f:62:6d:a5:68:14:2e:d6:
         0f:e1:bc:37:41:98:96:25:07:53:d8:af:74:45:46:a7:16:ba:
         ae:67:16:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlVrqY53Fb/15YZuqLFs9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NjJkNWE2N2I3YTIwZjg2NWU3NTMxNjNhNmVkMGU1ZjM0
N2U4MzkwHhcNMjQwMTAyMDAzMTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWJjMzZlMTIxNjBmOTljZTZiM2MyMWRhMzhhNDExNzkwZWRkYjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjjpA29ctu9lkibMtFLoH54SUvvyS
yBzFCHWjFihJGxxaRajHIt9OTKOpBdP1UjcKRptsz5XXIEZYAHB2NvRks4Mcurt0
uUENhAy/gI6W3EguFRYCbYogXPQFiZw6k2l89pvDJhmWgCgJt7Z8+/WSOPqMOsGL
B5JGiNOjJuDBaHFzZOlUfUohg/XTmEYSST3s/e3WBpDv0mfAvSxdj95fak6tGEVg
CWTz5nVk1Ezyez0oE9f9NbhTvOZSXHjoHhUsYO0fe6vfNpKE3Dn69N3o2As1heOD
kml/yjmmrTNQ2ETrOFStD7UZXAGqQZyMK658awN9owaW3I+GMT4B8j9CIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDm8NuEhYPmc5rPCHaOKQReQ7duBMB8GA1UdIwQY
MBaAFAVi1aZ7eiD4ZedTFjpu0OXzR+g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQldMVnBudDZJUGhsNTFNV09tN1E1Zk5INkRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi84YjAxYzItZWNiZS00Zjg4LWFlMzct
NTA0YzhmYzIyMGVhLzEvT2J3MjRTRmctWnptczhJZG80cEJGNUR0MjRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi84YjAxYzItZWNiZS00Zjg4LWFlMzctNTA0YzhmYzIyMGVh
LzEvQldMVnBudDZJUGhsNTFNV09tN1E1Zk5INkRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw5INMA0G
CSqGSIb3DQEBCwUAA4IBAQCUUfjSDJEu8mSL8XD+WB/AdASkbiZGapIgZRVw+Wu3
5GATV8nCsBKxd7bKbCZkMjhNlDFUq8vsOxblhd712pqqc3yoy7Ig2EtRQ7NwS0mq
x/I0znDryQOYwCcJcEdqmbMAikNFjI1sInp5LCPdUZDHZsVisLhuo4UdWm3ZGpuK
hziCLS+AaLMsRjoirNq3GL+hEap1pLDi24Bq0kLSDz/muf5XBEIRrjCGkXlz4Huk
98QF50dQVnHUncEDXfO/IuY0DO9Fy5M2dJQ+MpR6SGd9prUlrbXtpSSO5KnrHhWy
gVGLT2JtpWgULtYP4bw3QZiWJQdT2K90RUanFrquZxaY
-----END CERTIFICATE-----