Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/b26859-9b14-450f-bb85-592ed73761ca/1/kjfwGIJ0iUb_Qo461r3ECsqvUdg.roa
File:                     kjfwGIJ0iUb_Qo461r3ECsqvUdg.roa (raw, json)
Hash identifier:          L8Fdi2QBmIab/DANF2RbIIEdSrPt9nvg6tb1KpWKKR4=
Subject key identifier:   92:37:F0:18:82:74:89:46:FF:42:8E:3A:D6:BD:C4:0A:CA:AF:51:D8
Certificate issuer:       /CN=ad2464ecc946f292e404f2c351922ecf4c590fd8
Certificate serial:       018CC86EFDC6259DE3792D7E00BBA06B1C13
Authority key identifier: AD:24:64:EC:C9:46:F2:92:E4:04:F2:C3:51:92:2E:CF:4C:59:0F:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rSRk7MlG8pLkBPLDUZIuz0xZD9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/b26859-9b14-450f-bb85-592ed73761ca/1/kjfwGIJ0iUb_Qo461r3ECsqvUdg.roa
Signing time:             Tue 02 Jan 2024 04:29:26 +0000
ROA not before:           Tue 02 Jan 2024 04:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60453
IP address blocks:        195.62.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/b26859-9b14-450f-bb85-592ed73761ca/1/rSRk7MlG8pLkBPLDUZIuz0xZD9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/b26859-9b14-450f-bb85-592ed73761ca/1/rSRk7MlG8pLkBPLDUZIuz0xZD9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rSRk7MlG8pLkBPLDUZIuz0xZD9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:fd:c6:25:9d:e3:79:2d:7e:00:bb:a0:6b:1c:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad2464ecc946f292e404f2c351922ecf4c590fd8
        Validity
            Not Before: Jan  2 04:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9237f01882748946ff428e3ad6bdc40acaaf51d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:a5:60:7f:6b:b0:44:35:f0:92:14:35:52:f2:
                    4e:73:5a:bf:42:c5:c3:e6:dc:aa:2d:58:eb:d5:7f:
                    99:00:8e:38:a9:42:51:6f:36:a9:21:0f:f6:dd:1f:
                    4f:5d:89:39:04:e7:57:b1:f4:90:e5:e1:71:84:3f:
                    33:31:fe:ae:41:4e:64:b6:11:14:b4:3f:d0:e1:26:
                    94:66:b4:f5:70:ff:6d:c3:73:18:8e:3a:51:53:0a:
                    4b:39:1f:b6:4d:3d:8e:ba:5d:68:a0:8a:f5:f7:71:
                    a3:1c:22:2b:ba:b2:29:1a:9e:59:e6:a9:b9:00:f4:
                    8b:d1:ac:d1:cf:d1:ea:9b:15:d2:07:a3:80:d7:cc:
                    b9:8e:c4:1b:66:5d:72:48:74:71:9f:ea:ff:8d:bd:
                    fe:ac:10:e3:d5:8d:0f:83:c9:48:c9:96:7d:0d:4d:
                    83:e0:78:27:af:c8:be:a2:f1:56:86:c5:fc:52:30:
                    6b:f4:99:c8:89:6a:62:7f:0a:31:f2:f7:9e:cb:c2:
                    ba:3d:54:4a:77:00:38:2d:a4:b2:13:70:7d:9a:80:
                    bf:be:57:8e:81:2e:8e:e7:b9:17:23:4c:6d:ae:13:
                    4c:92:16:5e:6d:d6:05:5a:a3:78:60:ad:cf:ac:0e:
                    32:22:3c:1b:0a:51:d0:c9:e7:08:7a:f8:90:43:21:
                    e7:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:37:F0:18:82:74:89:46:FF:42:8E:3A:D6:BD:C4:0A:CA:AF:51:D8
            X509v3 Authority Key Identifier:
                keyid:AD:24:64:EC:C9:46:F2:92:E4:04:F2:C3:51:92:2E:CF:4C:59:0F:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rSRk7MlG8pLkBPLDUZIuz0xZD9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/b26859-9b14-450f-bb85-592ed73761ca/1/kjfwGIJ0iUb_Qo461r3ECsqvUdg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/b26859-9b14-450f-bb85-592ed73761ca/1/rSRk7MlG8pLkBPLDUZIuz0xZD9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.62.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:00:3f:60:b5:78:9f:b0:20:d7:89:0b:99:b1:78:8c:9e:86:
         75:d1:89:de:8a:6e:7d:1a:28:ad:f3:b8:65:95:ea:22:7f:ca:
         ca:c4:e2:01:26:0c:5a:0d:1f:b7:de:66:bd:bb:14:14:3c:6c:
         37:c7:89:e0:c0:31:1c:1c:91:83:91:2d:d7:ff:f0:bb:fb:b4:
         c4:a1:58:e5:17:12:a6:ad:30:3f:23:03:12:b5:f4:8b:26:15:
         6c:2d:30:a5:52:2d:4a:f9:26:e4:d4:4d:1a:f0:15:e8:99:71:
         3b:a2:43:93:91:c4:04:9d:9e:9f:f0:0a:d2:5e:6a:7d:68:2c:
         b3:43:c8:e5:a8:a0:df:bd:62:0a:c1:1e:db:08:2e:10:c0:a9:
         3c:38:20:a8:0e:65:6a:41:22:22:f9:eb:c3:04:93:ee:5a:fa:
         da:1b:ac:71:88:ba:13:ed:65:cf:7e:e1:0f:48:be:c6:47:94:
         3d:bb:7d:bc:3e:70:b3:7e:c0:97:0d:ca:fe:75:77:14:5a:58:
         bd:95:6d:1a:0e:bb:17:fa:10:88:9e:ec:cc:5f:31:91:50:d2:
         db:73:99:11:62:d9:aa:1d:21:c0:cd:d6:93:f3:55:d5:23:03:
         b1:e3:fc:2e:6f:b4:dd:9a:9c:4b:73:f3:26:24:41:cf:fd:19:
         50:a4:c8:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbv3GJZ3jeS1+ALugaxwTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMjQ2NGVjYzk0NmYyOTJlNDA0ZjJjMzUxOTIyZWNmNGM1
OTBmZDgwHhcNMjQwMTAyMDQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjM3ZjAxODgyNzQ4OTQ2ZmY0MjhlM2FkNmJkYzQwYWNhYWY1MWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx6Vgf2uwRDXwkhQ1UvJOc1q/QsXD
5tyqLVjr1X+ZAI44qUJRbzapIQ/23R9PXYk5BOdXsfSQ5eFxhD8zMf6uQU5kthEU
tD/Q4SaUZrT1cP9tw3MYjjpRUwpLOR+2TT2Oul1ooIr193GjHCIrurIpGp5Z5qm5
APSL0azRz9HqmxXSB6OA18y5jsQbZl1ySHRxn+r/jb3+rBDj1Y0Pg8lIyZZ9DU2D
4Hgnr8i+ovFWhsX8UjBr9JnIiWpifwox8veey8K6PVRKdwA4LaSyE3B9moC/vleO
gS6O57kXI0xtrhNMkhZebdYFWqN4YK3PrA4yIjwbClHQyecIeviQQyHnvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJI38BiCdIlG/0KOOta9xArKr1HYMB8GA1UdIwQY
MBaAFK0kZOzJRvKS5ATyw1GSLs9MWQ/YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclNSazdNbEc4cExrQlBMRFVaSXV6MHhaRDlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9iMjY4NTktOWIxNC00NTBmLWJiODUt
NTkyZWQ3Mzc2MWNhLzEva2pmd0dJSjBpVWJfUW80NjFyM0VDc3F2VWRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9iMjY4NTktOWIxNC00NTBmLWJiODUtNTkyZWQ3Mzc2MWNh
LzEvclNSazdNbEc4cExrQlBMRFVaSXV6MHhaRDlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwz4zMA0G
CSqGSIb3DQEBCwUAA4IBAQBWAD9gtXifsCDXiQuZsXiMnoZ10Yneim59Giit87hl
leoif8rKxOIBJgxaDR+33ma9uxQUPGw3x4ngwDEcHJGDkS3X//C7+7TEoVjlFxKm
rTA/IwMStfSLJhVsLTClUi1K+Sbk1E0a8BXomXE7okOTkcQEnZ6f8ArSXmp9aCyz
Q8jlqKDfvWIKwR7bCC4QwKk8OCCoDmVqQSIi+evDBJPuWvraG6xxiLoT7WXPfuEP
SL7GR5Q9u328PnCzfsCXDcr+dXcUWli9lW0aDrsX+hCInuzMXzGRUNLbc5kRYtmq
HSHAzdaT81XVIwOx4/wub7TdmpxLc/MmJEHP/RlQpMia
-----END CERTIFICATE-----