Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/dIb4UKpTWpto9-sXYDN-JTVQRXg.roa
File:                     dIb4UKpTWpto9-sXYDN-JTVQRXg.roa (raw, json)
Hash identifier:          +FL+EGgrDGrTQHmwYOlNU7oD8GKfHqxw1UYkYVHXefE=
Subject key identifier:   74:86:F8:50:AA:53:5A:9B:68:F7:EB:17:60:33:7E:25:35:50:45:78
Certificate issuer:       /CN=c2d21e804ab7713ad7877dde603aa7824b31983c
Certificate serial:       018CC86F80164FDE34B03C5BD7480CC561A0
Authority key identifier: C2:D2:1E:80:4A:B7:71:3A:D7:87:7D:DE:60:3A:A7:82:4B:31:98:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/dIb4UKpTWpto9-sXYDN-JTVQRXg.roa
Signing time:             Tue 02 Jan 2024 04:29:59 +0000
ROA not before:           Tue 02 Jan 2024 04:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        195.182.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:80:16:4f:de:34:b0:3c:5b:d7:48:0c:c5:61:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2d21e804ab7713ad7877dde603aa7824b31983c
        Validity
            Not Before: Jan  2 04:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7486f850aa535a9b68f7eb1760337e2535504578
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:b7:0b:e8:32:a9:b8:86:14:fb:aa:cd:96:f2:
                    5a:45:a0:5d:d3:5c:80:b9:47:03:f2:0d:99:c7:f1:
                    a0:bf:a9:1b:c3:56:0f:00:f9:2c:b2:70:3c:de:43:
                    a8:5d:0c:59:52:27:2f:62:88:de:03:22:b1:27:e6:
                    65:c9:eb:36:ea:fe:e1:84:82:78:8f:8a:a5:f1:37:
                    10:75:0b:88:0e:5a:ca:23:aa:ae:a7:78:a2:0f:be:
                    88:dd:e1:27:55:ca:e6:7f:ee:30:c4:27:d7:8c:94:
                    0a:72:05:c2:98:98:e1:6e:ab:ed:77:57:5f:86:70:
                    16:2c:c0:f1:0f:46:85:22:0e:5e:65:79:f7:a8:91:
                    69:f2:0d:81:c0:81:40:59:e3:11:7e:66:2e:26:9c:
                    28:bc:d3:66:1b:8e:1e:ab:21:1c:2f:cc:6e:ab:e6:
                    75:4d:08:d4:de:a3:eb:8d:a8:8d:1d:86:2a:8f:ff:
                    03:55:b6:e3:3c:15:54:56:17:8d:8d:fa:ad:38:e4:
                    1c:4a:fa:7a:35:7e:47:31:98:7a:2d:5d:f9:c5:d7:
                    33:73:0e:b2:33:3a:6b:aa:40:77:66:2f:44:6c:46:
                    74:95:9f:ea:3c:62:1b:e5:b4:06:e1:f5:e8:73:56:
                    6b:93:20:19:55:53:97:a3:e3:d6:6f:dd:0f:52:90:
                    f5:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:86:F8:50:AA:53:5A:9B:68:F7:EB:17:60:33:7E:25:35:50:45:78
            X509v3 Authority Key Identifier:
                keyid:C2:D2:1E:80:4A:B7:71:3A:D7:87:7D:DE:60:3A:A7:82:4B:31:98:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/dIb4UKpTWpto9-sXYDN-JTVQRXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.182.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:8c:2c:ed:02:c2:c7:79:98:fc:ff:6c:d0:99:e8:85:cf:05:
         8b:0c:98:1d:c4:cb:ff:18:b5:08:fd:86:d9:3c:0a:6d:48:05:
         d4:ee:e9:ba:27:5d:88:51:1e:d1:b2:79:09:82:30:e2:26:2a:
         2a:63:a6:00:3d:83:c1:80:bc:b7:a1:b8:14:b4:aa:15:d8:02:
         f0:85:4e:51:66:a2:6a:95:1f:22:f8:8c:ad:dd:b7:97:eb:eb:
         b8:e1:73:19:83:b5:e5:07:a1:27:b0:9e:c0:57:86:f3:31:0e:
         d6:e4:96:c7:3e:54:1b:50:ad:d7:85:21:94:99:53:86:9d:5c:
         99:75:b8:af:cb:87:72:9a:0d:62:73:bd:23:9c:e6:3b:37:bc:
         d6:3e:0b:06:63:07:f1:db:d8:69:94:10:23:8a:09:70:2a:4d:
         ca:ea:d8:83:fe:68:ec:1b:e2:50:7f:a2:4c:78:2a:48:2d:5b:
         4a:9f:04:f2:88:28:f5:ec:20:01:f0:45:29:b0:dc:72:a2:a8:
         92:63:6b:f1:61:b0:26:85:43:f0:73:68:56:17:1a:a2:ae:90:
         92:14:16:3b:c1:04:3a:5b:6f:b2:99:e8:93:46:39:8c:7e:2a:
         a8:6e:28:dd:07:e3:9f:1f:64:c9:56:86:a3:0d:66:80:eb:80:
         80:54:e4:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb4AWT940sDxb10gMxWGgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZDIxZTgwNGFiNzcxM2FkNzg3N2RkZTYwM2FhNzgyNGIz
MTk4M2MwHhcNMjQwMTAyMDQyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDg2Zjg1MGFhNTM1YTliNjhmN2ViMTc2MDMzN2UyNTM1NTA0NTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArLcL6DKpuIYU+6rNlvJaRaBd01yA
uUcD8g2Zx/Ggv6kbw1YPAPkssnA83kOoXQxZUicvYojeAyKxJ+Zlyes26v7hhIJ4
j4ql8TcQdQuIDlrKI6qup3iiD76I3eEnVcrmf+4wxCfXjJQKcgXCmJjhbqvtd1df
hnAWLMDxD0aFIg5eZXn3qJFp8g2BwIFAWeMRfmYuJpwovNNmG44eqyEcL8xuq+Z1
TQjU3qPrjaiNHYYqj/8DVbbjPBVUVheNjfqtOOQcSvp6NX5HMZh6LV35xdczcw6y
MzprqkB3Zi9EbEZ0lZ/qPGIb5bQG4fXoc1ZrkyAZVVOXo+PWb90PUpD1rQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHSG+FCqU1qbaPfrF2AzfiU1UEV4MB8GA1UdIwQY
MBaAFMLSHoBKt3E614d93mA6p4JLMZg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3RJZWdFcTNjVHJYaDMzZVlEcW5na3N4bUR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wNGI0NDYtNGFlMS00ZmU1LWI2NDYt
NTlhZTA5ZWRiZWI5LzEvZEliNFVLcFRXcHRvOS1zWFlETi1KVFZRUlhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wNGI0NDYtNGFlMS00ZmU1LWI2NDYtNTlhZTA5ZWRiZWI5
LzEvd3RJZWdFcTNjVHJYaDMzZVlEcW5na3N4bUR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7bGMA0G
CSqGSIb3DQEBCwUAA4IBAQAZjCztAsLHeZj8/2zQmeiFzwWLDJgdxMv/GLUI/YbZ
PAptSAXU7um6J12IUR7RsnkJgjDiJioqY6YAPYPBgLy3obgUtKoV2ALwhU5RZqJq
lR8i+Iyt3beX6+u44XMZg7XlB6EnsJ7AV4bzMQ7W5JbHPlQbUK3XhSGUmVOGnVyZ
dbivy4dymg1ic70jnOY7N7zWPgsGYwfx29hplBAjiglwKk3K6tiD/mjsG+JQf6JM
eCpILVtKnwTyiCj17CAB8EUpsNxyoqiSY2vxYbAmhUPwc2hWFxqirpCSFBY7wQQ6
W2+ymeiTRjmMfiqobijdB+OfH2TJVoajDWaA64CAVOQc
-----END CERTIFICATE-----