Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/3103a1-bc58-444c-8231-43d8a6fd1f45/1/Q4v9Rs_nDiTsniQCyX25IKan_hw.roa
File:                     Q4v9Rs_nDiTsniQCyX25IKan_hw.roa (raw, json)
Hash identifier:          axxarVmcqfhsCNNH/6V4mA7v5d2iLdGaDnTWGafAWHc=
Subject key identifier:   43:8B:FD:46:CF:E7:0E:24:EC:9E:24:02:C9:7D:B9:20:A6:A7:FE:1C
Certificate issuer:       /CN=f41ffe7d297ee4e1d4d23335a9ab4a0088c025d7
Certificate serial:       018CC94E0CA22CED5798C358C237F473F01E
Authority key identifier: F4:1F:FE:7D:29:7E:E4:E1:D4:D2:33:35:A9:AB:4A:00:88:C0:25:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9B_-fSl-5OHU0jM1qatKAIjAJdc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/3103a1-bc58-444c-8231-43d8a6fd1f45/1/Q4v9Rs_nDiTsniQCyX25IKan_hw.roa
Signing time:             Tue 02 Jan 2024 08:33:04 +0000
ROA not before:           Tue 02 Jan 2024 08:33:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41150
IP address blocks:        195.64.191.0/24 maxlen: 24
                          195.64.190.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/3103a1-bc58-444c-8231-43d8a6fd1f45/1/9B_-fSl-5OHU0jM1qatKAIjAJdc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/3103a1-bc58-444c-8231-43d8a6fd1f45/1/9B_-fSl-5OHU0jM1qatKAIjAJdc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9B_-fSl-5OHU0jM1qatKAIjAJdc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:0c:a2:2c:ed:57:98:c3:58:c2:37:f4:73:f0:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f41ffe7d297ee4e1d4d23335a9ab4a0088c025d7
        Validity
            Not Before: Jan  2 08:33:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=438bfd46cfe70e24ec9e2402c97db920a6a7fe1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:cf:99:24:76:77:1e:54:ea:3f:1f:6f:a1:60:
                    04:d2:87:96:51:38:7a:b2:3a:51:6f:e8:4a:4a:15:
                    ed:69:18:1d:6d:72:10:5c:cf:51:a9:b8:33:45:1c:
                    67:f7:b6:a5:cb:46:49:75:33:c5:81:85:0a:bf:8f:
                    dd:67:c9:d5:1a:ac:9b:76:2e:6c:a7:e0:e9:03:8c:
                    07:0e:b5:5b:2a:24:32:5f:0a:3b:ca:56:21:67:32:
                    dc:11:24:0c:96:35:fe:bb:cc:7b:8a:79:c3:12:08:
                    cf:62:cb:a2:b7:35:b3:25:43:8b:8d:13:84:19:d1:
                    a3:6f:83:fc:1d:b4:3d:d0:b0:4e:80:b1:7f:69:3d:
                    67:b3:75:41:43:60:d5:57:a7:a9:5b:48:d9:ba:2c:
                    91:89:ff:44:e7:81:40:b9:9a:5a:44:d9:e9:b8:a3:
                    f1:66:4e:d0:5b:d8:5a:d8:63:d9:94:3a:0f:09:de:
                    9f:a1:6d:f9:19:64:b4:90:e6:17:7e:61:b1:72:6f:
                    57:cf:06:44:85:54:99:36:d9:60:2f:69:aa:7f:43:
                    be:40:8e:8a:82:a1:dc:44:c8:f1:15:4f:97:85:dd:
                    af:b4:29:b1:c1:04:f7:ba:1e:67:97:59:2f:38:61:
                    44:14:a2:7f:dd:1b:fa:59:35:40:54:e5:26:34:40:
                    da:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:8B:FD:46:CF:E7:0E:24:EC:9E:24:02:C9:7D:B9:20:A6:A7:FE:1C
            X509v3 Authority Key Identifier:
                keyid:F4:1F:FE:7D:29:7E:E4:E1:D4:D2:33:35:A9:AB:4A:00:88:C0:25:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9B_-fSl-5OHU0jM1qatKAIjAJdc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/3103a1-bc58-444c-8231-43d8a6fd1f45/1/Q4v9Rs_nDiTsniQCyX25IKan_hw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/3103a1-bc58-444c-8231-43d8a6fd1f45/1/9B_-fSl-5OHU0jM1qatKAIjAJdc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.64.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         39:25:54:fd:9d:b1:46:d8:35:84:79:1e:73:6f:3e:a6:f2:72:
         1a:d5:98:f0:e6:0e:92:f0:10:19:44:63:d3:5e:24:f1:71:cc:
         b2:10:27:2c:92:d8:60:54:fe:0d:8c:14:aa:a6:43:30:67:f7:
         82:8f:91:d6:77:13:88:e4:4a:0f:79:04:1a:64:cb:52:ee:2e:
         c2:5a:0e:84:cb:c8:53:1b:71:12:d3:d1:29:48:b5:ae:32:8c:
         f6:83:16:3e:41:fb:ba:12:d3:cd:f6:a1:9b:30:ae:bf:30:8d:
         a5:78:33:92:04:bc:2b:9e:bb:a9:07:19:56:43:74:54:02:37:
         a4:d8:c0:31:e7:3e:48:56:1f:cb:95:83:90:42:1a:83:76:5c:
         0b:af:f0:9e:2d:e6:82:58:c4:0a:4a:25:7f:ee:73:f1:01:7a:
         4f:eb:dd:32:f3:0d:c0:77:d2:2b:58:0f:9b:c4:bc:b7:2a:cd:
         7f:13:c8:84:09:29:56:03:ea:a5:29:d9:67:82:55:92:2d:77:
         82:4a:a1:60:37:51:dd:23:a3:2d:46:4e:f8:5b:26:a4:79:f3:
         58:2a:43:90:38:b5:27:41:86:fa:ff:af:f4:04:78:fa:b5:a7:
         1c:0c:8a:f9:2d:b6:bb:0b:53:79:9d:6a:4d:d0:46:55:8c:b2:
         1d:5d:33:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTgyiLO1XmMNYwjf0c/AeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0MWZmZTdkMjk3ZWU0ZTFkNGQyMzMzNWE5YWI0YTAwODhj
MDI1ZDcwHhcNMjQwMTAyMDgzMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzhiZmQ0NmNmZTcwZTI0ZWM5ZTI0MDJjOTdkYjkyMGE2YTdmZTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArc+ZJHZ3HlTqPx9voWAE0oeWUTh6
sjpRb+hKShXtaRgdbXIQXM9RqbgzRRxn97aly0ZJdTPFgYUKv4/dZ8nVGqybdi5s
p+DpA4wHDrVbKiQyXwo7ylYhZzLcESQMljX+u8x7innDEgjPYsuitzWzJUOLjROE
GdGjb4P8HbQ90LBOgLF/aT1ns3VBQ2DVV6epW0jZuiyRif9E54FAuZpaRNnpuKPx
Zk7QW9ha2GPZlDoPCd6foW35GWS0kOYXfmGxcm9XzwZEhVSZNtlgL2mqf0O+QI6K
gqHcRMjxFU+Xhd2vtCmxwQT3uh5nl1kvOGFEFKJ/3Rv6WTVAVOUmNEDabwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEOL/UbP5w4k7J4kAsl9uSCmp/4cMB8GA1UdIwQY
MBaAFPQf/n0pfuTh1NIzNamrSgCIwCXXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUJfLWZTbC01T0hVMGpNMXFhdEtBSWpBSmRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8zMTAzYTEtYmM1OC00NDRjLTgyMzEt
NDNkOGE2ZmQxZjQ1LzEvUTR2OVJzX25EaVRzbmlRQ3lYMjVJS2FuX2h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8zMTAzYTEtYmM1OC00NDRjLTgyMzEtNDNkOGE2ZmQxZjQ1
LzEvOUJfLWZTbC01T0hVMGpNMXFhdEtBSWpBSmRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw0C+MA0G
CSqGSIb3DQEBCwUAA4IBAQA5JVT9nbFG2DWEeR5zbz6m8nIa1Zjw5g6S8BAZRGPT
XiTxccyyECcskthgVP4NjBSqpkMwZ/eCj5HWdxOI5EoPeQQaZMtS7i7CWg6Ey8hT
G3ES09EpSLWuMoz2gxY+Qfu6EtPN9qGbMK6/MI2leDOSBLwrnrupBxlWQ3RUAjek
2MAx5z5IVh/LlYOQQhqDdlwLr/CeLeaCWMQKSiV/7nPxAXpP690y8w3Ad9IrWA+b
xLy3Ks1/E8iECSlWA+qlKdlnglWSLXeCSqFgN1HdI6MtRk74WyakefNYKkOQOLUn
QYb6/6/0BHj6taccDIr5Lba7C1N5nWpN0EZVjLIdXTMd
-----END CERTIFICATE-----