Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/gZDp52mLrD3ehIfvaLEKrYEhWcQ.roa
File:                     gZDp52mLrD3ehIfvaLEKrYEhWcQ.roa (raw, json)
Hash identifier:          lMeWSoR4Q0LSVLDwL3afCOVFcb7LlthyPkKF4b1TRIQ=
Subject key identifier:   81:90:E9:E7:69:8B:AC:3D:DE:84:87:EF:68:B1:0A:AD:81:21:59:C4
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       018CC94DC2BE8697ADBC880253EF9DE398F1
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/gZDp52mLrD3ehIfvaLEKrYEhWcQ.roa
Signing time:             Tue 02 Jan 2024 08:32:45 +0000
ROA not before:           Tue 02 Jan 2024 08:32:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        195.216.182.0/23 maxlen: 32
                          195.216.182.0/24 maxlen: 32
                          195.216.183.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:c2:be:86:97:ad:bc:88:02:53:ef:9d:e3:98:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: Jan  2 08:32:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8190e9e7698bac3dde8487ef68b10aad812159c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:1d:50:b0:3f:1e:1e:b7:a3:fe:21:1a:20:72:
                    71:8b:08:04:65:f1:e2:4d:e7:36:da:bd:cf:79:be:
                    7f:ba:ef:ed:e3:5a:84:3c:23:85:80:bf:9d:c3:d5:
                    65:4f:a5:c1:af:c2:cf:06:9a:42:3a:8d:03:b4:ec:
                    b4:ed:b7:82:f7:e0:f4:c4:9e:70:33:17:ab:f5:f7:
                    d4:6c:da:34:cc:8f:a9:f0:48:c4:64:79:68:88:9e:
                    7a:94:53:50:a6:2e:de:aa:75:b0:26:da:a4:95:a4:
                    0d:11:e0:6f:5c:17:95:c9:08:45:34:43:7f:82:04:
                    7c:95:ef:61:f5:53:0f:8e:37:4d:0b:8e:2d:a8:f4:
                    3d:9f:89:2c:63:e3:c7:ca:ec:6b:4a:f3:54:52:cc:
                    aa:03:04:99:17:a4:d5:76:92:9d:4b:aa:31:3b:5c:
                    49:6d:56:3e:8f:d8:07:89:bd:33:ff:d6:41:ca:0a:
                    57:7b:20:ce:32:99:9d:13:dc:0a:fc:5e:c5:4b:19:
                    5c:2d:5d:43:9b:47:2c:63:61:6e:20:b8:60:8b:6f:
                    79:9e:10:1a:49:81:c5:6c:2d:d5:db:5c:ea:44:85:
                    06:e1:2d:50:b3:a2:ec:25:b5:94:8a:c8:10:44:c9:
                    42:4c:26:d1:bd:66:ce:1d:df:18:6d:e1:76:b7:f7:
                    04:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:90:E9:E7:69:8B:AC:3D:DE:84:87:EF:68:B1:0A:AD:81:21:59:C4
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/gZDp52mLrD3ehIfvaLEKrYEhWcQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.216.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3e:4d:f0:df:b8:38:6c:78:24:ab:8f:39:b4:87:cd:f9:fc:6e:
         dd:e6:52:72:4d:45:36:0d:b6:e2:86:5f:44:89:67:51:ac:ec:
         ba:36:2e:91:2b:ed:a3:41:ac:a7:32:28:f0:03:3e:51:5d:3a:
         61:fe:51:74:0b:62:e0:51:59:eb:13:39:e8:9f:bb:74:ad:b3:
         f0:41:c9:29:76:9b:84:07:de:ae:dd:fc:b1:ea:e6:c3:7c:eb:
         f1:41:41:7b:2a:26:4c:04:fb:08:72:8b:ce:8c:35:4e:4d:7c:
         eb:4a:b7:6a:c2:c5:de:89:31:50:d1:14:ec:67:e8:23:7b:c3:
         c6:18:19:ef:16:7a:44:05:17:18:c7:1f:ba:a0:7a:bb:b4:b4:
         99:7f:9a:26:23:1a:cd:00:d4:43:92:bd:06:c2:82:58:6a:d1:
         a9:47:7d:b6:0d:2a:43:9e:8f:96:00:b6:f1:f7:8f:fc:f6:a2:
         57:ae:cc:c3:8b:8a:c0:43:3a:e4:e0:b4:b4:f8:90:81:fc:b3:
         0f:e0:a0:c1:fd:4a:19:5a:4f:b1:3b:cf:25:ec:b7:f1:7e:55:
         74:d4:b6:26:bd:aa:87:20:c9:b8:ca:a1:25:54:7b:50:39:e9:
         54:28:92:c5:fd:36:66:1b:c3:9b:9b:04:77:8a:95:92:9d:d9:
         2f:a3:00:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTcK+hpetvIgCU++d45jxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjQwMTAyMDgzMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTkwZTllNzY5OGJhYzNkZGU4NDg3ZWY2OGIxMGFhZDgxMjE1OWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsB1QsD8eHrej/iEaIHJxiwgEZfHi
Tec22r3Peb5/uu/t41qEPCOFgL+dw9VlT6XBr8LPBppCOo0DtOy07beC9+D0xJ5w
Mxer9ffUbNo0zI+p8EjEZHloiJ56lFNQpi7eqnWwJtqklaQNEeBvXBeVyQhFNEN/
ggR8le9h9VMPjjdNC44tqPQ9n4ksY+PHyuxrSvNUUsyqAwSZF6TVdpKdS6oxO1xJ
bVY+j9gHib0z/9ZBygpXeyDOMpmdE9wK/F7FSxlcLV1Dm0csY2FuILhgi295nhAa
SYHFbC3V21zqRIUG4S1Qs6LsJbWUisgQRMlCTCbRvWbOHd8YbeF2t/cEIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIGQ6edpi6w93oSH72ixCq2BIVnEMB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvZ1pEcDUybUxyRDNlaElmdmFMRUtyWUVoV2NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw9i2MA0G
CSqGSIb3DQEBCwUAA4IBAQA+TfDfuDhseCSrjzm0h835/G7d5lJyTUU2Dbbihl9E
iWdRrOy6Ni6RK+2jQaynMijwAz5RXTph/lF0C2LgUVnrEznon7t0rbPwQckpdpuE
B96u3fyx6ubDfOvxQUF7KiZMBPsIcovOjDVOTXzrSrdqwsXeiTFQ0RTsZ+gje8PG
GBnvFnpEBRcYxx+6oHq7tLSZf5omIxrNANRDkr0GwoJYatGpR322DSpDno+WALbx
94/89qJXrszDi4rAQzrk4LS0+JCB/LMP4KDB/UoZWk+xO88l7LfxflV01LYmvaqH
IMm4yqElVHtQOelUKJLF/TZmG8ObmwR3ipWSndkvowCD
-----END CERTIFICATE-----