Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/34c2e4-4e9b-4847-a8ef-0838f78c0259/1/chUKGzv5Gz7pgzdmq3aOcxt2JdM.roa
File:                     chUKGzv5Gz7pgzdmq3aOcxt2JdM.roa (raw, json)
Hash identifier:          RXGyPDP01EQQfVRQTGz7xUkuLcdIYP3ybCTH3bYLHek=
Subject key identifier:   72:15:0A:1B:3B:F9:1B:3E:E9:83:37:66:AB:76:8E:73:1B:76:25:D3
Certificate issuer:       /CN=f5fde72bf5a00bdec4d1efdd7d02029ee79e4720
Certificate serial:       018CC6B8B6B14B485656F32C969057CEFF45
Authority key identifier: F5:FD:E7:2B:F5:A0:0B:DE:C4:D1:EF:DD:7D:02:02:9E:E7:9E:47:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9f3nK_WgC97E0e_dfQICnueeRyA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/34c2e4-4e9b-4847-a8ef-0838f78c0259/1/chUKGzv5Gz7pgzdmq3aOcxt2JdM.roa
Signing time:             Mon 01 Jan 2024 20:30:43 +0000
ROA not before:           Mon 01 Jan 2024 20:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56753
IP address blocks:        195.254.170.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/34c2e4-4e9b-4847-a8ef-0838f78c0259/1/9f3nK_WgC97E0e_dfQICnueeRyA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/34c2e4-4e9b-4847-a8ef-0838f78c0259/1/9f3nK_WgC97E0e_dfQICnueeRyA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9f3nK_WgC97E0e_dfQICnueeRyA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 16:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:b6:b1:4b:48:56:56:f3:2c:96:90:57:ce:ff:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5fde72bf5a00bdec4d1efdd7d02029ee79e4720
        Validity
            Not Before: Jan  1 20:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72150a1b3bf91b3ee9833766ab768e731b7625d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:22:54:f4:82:02:08:09:52:ba:b5:d2:74:33:
                    fa:77:bf:c2:3d:ff:76:6a:a9:5b:2c:4c:aa:06:49:
                    05:e9:6f:c0:aa:6f:e0:07:af:37:30:3c:8d:b4:57:
                    3f:67:9e:b5:60:75:cd:b7:a5:85:60:dd:ca:9b:b7:
                    63:dc:40:0c:56:65:25:0c:9b:7a:50:bc:85:58:a7:
                    60:74:81:54:e7:86:fc:66:b4:5e:f7:71:7d:94:ec:
                    1f:af:6c:a6:08:09:00:a5:aa:f0:20:d9:87:b7:7b:
                    40:fe:99:f6:bf:fe:16:5b:36:96:4f:e9:c4:a7:66:
                    6e:3b:d9:c1:51:a0:71:28:25:89:84:35:0e:db:2f:
                    58:3a:7c:7d:c4:82:eb:db:0f:34:fd:6b:c5:8b:6a:
                    02:01:07:97:3a:18:eb:13:a8:da:24:6a:e1:8b:ee:
                    b5:45:13:a9:18:18:b0:12:48:66:ba:f6:4c:6e:b4:
                    44:b9:ea:18:52:e0:46:d7:e5:24:62:63:e5:66:e8:
                    8f:d2:d2:33:6b:64:d2:c5:58:9d:91:d8:04:eb:37:
                    66:83:91:42:e9:7d:74:af:26:63:8f:3e:bc:2d:d3:
                    e7:39:c1:99:49:6f:9d:88:51:d8:82:b7:6b:74:0a:
                    5d:21:99:b9:18:1a:c7:c4:3d:a4:90:c8:f9:5a:44:
                    6d:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:15:0A:1B:3B:F9:1B:3E:E9:83:37:66:AB:76:8E:73:1B:76:25:D3
            X509v3 Authority Key Identifier:
                keyid:F5:FD:E7:2B:F5:A0:0B:DE:C4:D1:EF:DD:7D:02:02:9E:E7:9E:47:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f3nK_WgC97E0e_dfQICnueeRyA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/34c2e4-4e9b-4847-a8ef-0838f78c0259/1/chUKGzv5Gz7pgzdmq3aOcxt2JdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/34c2e4-4e9b-4847-a8ef-0838f78c0259/1/9f3nK_WgC97E0e_dfQICnueeRyA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.254.170.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a4:d4:ae:98:c0:3f:06:d8:79:e3:a7:62:61:db:0c:82:6d:7e:
         9b:a0:0c:f9:e4:87:06:56:2b:bc:d3:38:a5:e8:61:26:e3:4d:
         99:e5:41:ce:5b:aa:a6:ff:4d:06:39:f3:37:09:d7:35:d5:2c:
         11:0b:97:44:c0:26:b1:97:36:d3:56:2d:d0:f8:4c:2d:ba:d5:
         4a:b8:87:7b:e1:4e:3d:55:13:16:f2:e8:c7:88:ad:ee:29:a3:
         76:8b:52:ce:c9:d4:46:37:80:e9:1c:22:54:c2:45:63:7c:cb:
         ec:b2:e2:6b:c5:e8:78:28:c9:eb:e0:99:82:a8:70:97:eb:5b:
         6a:ba:26:ba:85:0f:58:a8:36:a5:56:ef:4f:39:58:1c:fc:43:
         bd:08:e3:32:fe:73:a2:6b:af:42:db:fc:d5:0e:a2:c1:dd:4d:
         f9:c7:5e:cc:fd:77:d8:2c:ec:e6:1d:48:94:61:09:bf:d2:1b:
         2c:fd:60:ff:00:ff:58:b8:e6:e7:a9:e9:36:9d:63:5d:43:4b:
         be:95:a7:61:4b:66:b2:c5:05:14:6f:8e:48:49:0f:41:d6:f5:
         70:a3:75:61:f3:55:b4:27:1d:af:b4:70:4d:0b:94:b4:34:44:
         4f:5e:5f:14:06:b4:87:d9:5c:20:ba:fb:1e:c3:ea:89:6c:e2:
         11:0d:e4:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuLaxS0hWVvMslpBXzv9FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ZmRlNzJiZjVhMDBiZGVjNGQxZWZkZDdkMDIwMjllZTc5
ZTQ3MjAwHhcNMjQwMTAxMjAzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjE1MGExYjNiZjkxYjNlZTk4MzM3NjZhYjc2OGU3MzFiNzYyNWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlyJU9IICCAlSurXSdDP6d7/CPf92
aqlbLEyqBkkF6W/Aqm/gB683MDyNtFc/Z561YHXNt6WFYN3Km7dj3EAMVmUlDJt6
ULyFWKdgdIFU54b8ZrRe93F9lOwfr2ymCAkAparwINmHt3tA/pn2v/4WWzaWT+nE
p2ZuO9nBUaBxKCWJhDUO2y9YOnx9xILr2w80/WvFi2oCAQeXOhjrE6jaJGrhi+61
RROpGBiwEkhmuvZMbrREueoYUuBG1+UkYmPlZuiP0tIza2TSxVidkdgE6zdmg5FC
6X10ryZjjz68LdPnOcGZSW+diFHYgrdrdApdIZm5GBrHxD2kkMj5WkRtpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHIVChs7+Rs+6YM3Zqt2jnMbdiXTMB8GA1UdIwQY
MBaAFPX95yv1oAvexNHv3X0CAp7nnkcgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWYzbktfV2dDOTdFMGVfZGZRSUNudWVlUnlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8zNGMyZTQtNGU5Yi00ODQ3LWE4ZWYt
MDgzOGY3OGMwMjU5LzEvY2hVS0d6djVHejdwZ3pkbXEzYU9jeHQySmRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8zNGMyZTQtNGU5Yi00ODQ3LWE4ZWYtMDgzOGY3OGMwMjU5
LzEvOWYzbktfV2dDOTdFMGVfZGZRSUNudWVlUnlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw/6qMA0G
CSqGSIb3DQEBCwUAA4IBAQCk1K6YwD8G2Hnjp2Jh2wyCbX6boAz55IcGViu80zil
6GEm402Z5UHOW6qm/00GOfM3Cdc11SwRC5dEwCaxlzbTVi3Q+EwtutVKuId74U49
VRMW8ujHiK3uKaN2i1LOydRGN4DpHCJUwkVjfMvssuJrxeh4KMnr4JmCqHCX61tq
uia6hQ9YqDalVu9POVgc/EO9COMy/nOia69C2/zVDqLB3U35x17M/XfYLOzmHUiU
YQm/0hss/WD/AP9YuObnqek2nWNdQ0u+ladhS2ayxQUUb45ISQ9B1vVwo3Vh81W0
Jx2vtHBNC5S0NERPXl8UBrSH2Vwguvsew+qJbOIRDeQO
-----END CERTIFICATE-----