Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/ijw1esTWmd-cotzflzR8JY8cdoM.roa
File:                     ijw1esTWmd-cotzflzR8JY8cdoM.roa (raw, json)
Hash identifier:          vlDaP/R6XP6k/cz9iEZNGlNrLFf0c5wL83pQobKozrg=
Subject key identifier:   8A:3C:35:7A:C4:D6:99:DF:9C:A2:DC:DF:97:34:7C:25:8F:1C:76:83
Certificate issuer:       /CN=3aba1172472ea80265d12982967de0a8b0bc5901
Certificate serial:       018CC492441BDE6188A63EF47311B2BB22D0
Authority key identifier: 3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/ijw1esTWmd-cotzflzR8JY8cdoM.roa
Signing time:             Mon 01 Jan 2024 10:29:29 +0000
ROA not before:           Mon 01 Jan 2024 10:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136744
IP address blocks:        195.96.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:44:1b:de:61:88:a6:3e:f4:73:11:b2:bb:22:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aba1172472ea80265d12982967de0a8b0bc5901
        Validity
            Not Before: Jan  1 10:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a3c357ac4d699df9ca2dcdf97347c258f1c7683
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:ca:e5:34:1b:71:94:b1:37:b6:e8:b4:b2:fa:
                    9d:2d:02:ac:56:7f:01:43:1d:96:db:d1:b4:1e:6e:
                    d3:c0:32:db:15:22:0d:a7:6b:b0:3c:bd:0a:8e:9e:
                    b6:72:9a:97:13:bc:db:1f:93:82:23:59:51:8d:48:
                    4c:ae:41:a3:12:92:80:07:48:a8:2c:1e:b5:56:47:
                    15:fd:53:6b:89:0d:1e:b5:65:f2:dd:97:95:54:d3:
                    f6:34:b4:93:c8:05:33:3d:26:e0:10:d1:e9:b4:db:
                    b7:10:b1:3c:18:de:66:62:fb:3d:b7:95:20:dd:76:
                    65:df:55:b9:3e:6f:69:20:b7:37:d9:53:f6:76:c7:
                    08:af:a9:fa:1e:42:8a:94:89:6f:bd:5a:ce:0b:c5:
                    6f:9a:6d:5e:49:d4:c2:f8:ff:45:c4:89:cb:15:73:
                    38:ef:0f:b6:ff:fe:4c:d8:77:4b:68:9a:f2:12:b9:
                    dd:87:b0:a0:8e:6c:66:7f:20:9e:08:eb:d5:97:69:
                    46:fb:8e:e9:07:00:4d:59:e3:e9:ca:24:87:91:90:
                    e8:0e:f1:1e:d3:8f:20:eb:39:c6:5e:b8:d7:75:32:
                    89:41:8d:18:74:8e:98:20:22:8e:f1:55:94:18:f8:
                    bb:84:69:4c:3f:55:de:1b:bc:f5:fe:93:5f:65:50:
                    f4:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:3C:35:7A:C4:D6:99:DF:9C:A2:DC:DF:97:34:7C:25:8F:1C:76:83
            X509v3 Authority Key Identifier:
                keyid:3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/ijw1esTWmd-cotzflzR8JY8cdoM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.96.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:e2:fc:a3:a5:34:ba:1b:21:c0:1d:e6:ee:21:38:55:dc:f4:
         57:43:e6:f4:5d:78:9a:c5:61:dc:ed:00:e7:f7:ef:f9:f3:a5:
         9b:37:f9:f9:2e:b3:ff:e2:39:e1:24:22:84:d8:a3:80:90:d3:
         98:9d:85:32:ab:bc:b4:5c:d0:cf:a0:79:53:db:f7:4f:d1:21:
         22:29:57:a7:45:f8:e2:f7:e6:92:a0:31:1a:99:fb:d8:8f:15:
         9c:f1:70:70:47:3c:3d:0a:8b:aa:3c:37:4c:0b:af:4c:a4:3f:
         84:aa:dd:20:59:3c:dc:f5:d7:06:7e:c8:9e:69:f2:80:ab:6d:
         93:32:e7:b5:f2:31:c6:62:ca:05:f3:1f:27:64:62:65:fc:30:
         84:e4:f7:fe:da:5c:c0:41:45:4d:4e:9c:06:23:94:13:92:8d:
         76:4b:0c:68:59:82:89:b5:c4:8f:fa:d9:9d:ad:71:58:86:a4:
         fa:06:94:39:a2:f5:ef:90:60:b6:60:f7:e1:87:ed:5f:fe:88:
         84:a8:2c:d5:6d:cf:04:73:f8:cd:04:d3:9f:9b:52:de:24:05:
         8c:df:ad:ce:7c:ea:02:6b:3f:11:1e:bc:40:9b:76:30:6f:46:
         1b:e8:20:8d:04:e7:25:dc:f6:bb:73:39:94:ac:70:48:20:ad:
         b7:13:b9:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkkQb3mGIpj70cxGyuyLQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYmExMTcyNDcyZWE4MDI2NWQxMjk4Mjk2N2RlMGE4YjBi
YzU5MDEwHhcNMjQwMTAxMTAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTNjMzU3YWM0ZDY5OWRmOWNhMmRjZGY5NzM0N2MyNThmMWM3NjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4crlNBtxlLE3tui0svqdLQKsVn8B
Qx2W29G0Hm7TwDLbFSINp2uwPL0Kjp62cpqXE7zbH5OCI1lRjUhMrkGjEpKAB0io
LB61VkcV/VNriQ0etWXy3ZeVVNP2NLSTyAUzPSbgENHptNu3ELE8GN5mYvs9t5Ug
3XZl31W5Pm9pILc32VP2dscIr6n6HkKKlIlvvVrOC8Vvmm1eSdTC+P9FxInLFXM4
7w+2//5M2HdLaJryErndh7CgjmxmfyCeCOvVl2lG+47pBwBNWePpyiSHkZDoDvEe
048g6znGXrjXdTKJQY0YdI6YICKO8VWUGPi7hGlMP1XeG7z1/pNfZVD0xQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIo8NXrE1pnfnKLc35c0fCWPHHaDMB8GA1UdIwQY
MBaAFDq6EXJHLqgCZdEpgpZ94KiwvFkBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgt
NGRkMDQzNDZhYmMzLzEvaWp3MWVzVFdtZC1jb3R6Zmx6UjhKWThjZG9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgtNGRkMDQzNDZhYmMz
LzEvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw2CEMA0G
CSqGSIb3DQEBCwUAA4IBAQAF4vyjpTS6GyHAHebuIThV3PRXQ+b0XXiaxWHc7QDn
9+/586WbN/n5LrP/4jnhJCKE2KOAkNOYnYUyq7y0XNDPoHlT2/dP0SEiKVenRfji
9+aSoDEamfvYjxWc8XBwRzw9CouqPDdMC69MpD+Eqt0gWTzc9dcGfsieafKAq22T
Mue18jHGYsoF8x8nZGJl/DCE5Pf+2lzAQUVNTpwGI5QTko12SwxoWYKJtcSP+tmd
rXFYhqT6BpQ5ovXvkGC2YPfhh+1f/oiEqCzVbc8Ec/jNBNOfm1LeJAWM363OfOoC
az8RHrxAm3Ywb0Yb6CCNBOcl3Pa7czmUrHBIIK23E7l+
-----END CERTIFICATE-----