Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/d777e6-0e58-4345-b0a4-4cbd22917d65/1/RFB7jUvhuZPlswB0DE5N0P3Up18.roa
File:                     RFB7jUvhuZPlswB0DE5N0P3Up18.roa (raw, json)
Hash identifier:          T3dPoQHKHgo/arimJ+YAEJp/I8F5dVE79Xh5Cdk2sW8=
Subject key identifier:   44:50:7B:8D:4B:E1:B9:93:E5:B3:00:74:0C:4E:4D:D0:FD:D4:A7:5F
Certificate issuer:       /CN=4b8528b8acbc8742764a581a8d979a184295663e
Certificate serial:       0191319B6E4AFE99E4F373649E2D12E46675
Authority key identifier: 4B:85:28:B8:AC:BC:87:42:76:4A:58:1A:8D:97:9A:18:42:95:66:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S4UouKy8h0J2SlgajZeaGEKVZj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/d777e6-0e58-4345-b0a4-4cbd22917d65/1/RFB7jUvhuZPlswB0DE5N0P3Up18.roa
Signing time:             Thu 08 Aug 2024 10:49:15 +0000
ROA not before:           Thu 08 Aug 2024 10:49:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39410
IP address blocks:        195.80.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/d777e6-0e58-4345-b0a4-4cbd22917d65/1/S4UouKy8h0J2SlgajZeaGEKVZj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/d777e6-0e58-4345-b0a4-4cbd22917d65/1/S4UouKy8h0J2SlgajZeaGEKVZj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S4UouKy8h0J2SlgajZeaGEKVZj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:31:9b:6e:4a:fe:99:e4:f3:73:64:9e:2d:12:e4:66:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b8528b8acbc8742764a581a8d979a184295663e
        Validity
            Not Before: Aug  8 10:49:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44507b8d4be1b993e5b300740c4e4dd0fdd4a75f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:67:d5:27:38:56:cc:f8:fc:71:fb:79:7c:22:
                    40:86:e2:93:ab:c9:32:ca:d5:c3:47:d9:55:8a:c7:
                    34:b1:5b:ca:60:98:75:48:40:29:9b:43:71:ad:04:
                    fe:d1:b1:50:93:cf:f0:37:74:47:4b:b2:d9:d5:54:
                    f7:65:a5:bb:9f:f9:68:0a:97:7f:c2:a2:0a:4d:83:
                    a3:1e:1f:1c:3c:bd:2a:0a:f7:3a:93:9c:ee:db:48:
                    e4:c5:9f:20:6e:a8:7a:15:3e:4b:9a:33:9d:ef:23:
                    03:90:d8:2a:6d:91:1d:04:87:26:fe:d1:b6:f0:37:
                    84:9c:09:4b:de:1a:fa:63:c7:6a:aa:19:21:6e:88:
                    e7:ee:bd:47:01:bc:e1:0e:21:77:9a:a9:d9:19:b1:
                    09:78:fb:89:a8:3b:91:18:fb:91:ba:a0:d7:6f:14:
                    55:5a:18:da:55:f1:cd:b4:6d:ca:f2:6a:ad:fa:ae:
                    56:6d:b2:e7:d1:62:f5:75:d4:9f:04:20:63:e8:98:
                    b0:3d:9b:f8:65:b1:df:f8:88:b2:b4:ad:38:0c:ae:
                    73:59:a7:15:bd:d5:83:68:b4:61:14:2b:b8:3e:b8:
                    c6:40:0e:2e:55:49:5f:e0:ba:73:69:5d:85:61:e1:
                    0d:83:3c:7c:81:0c:83:b9:6e:2f:d3:4e:54:cb:5d:
                    23:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:50:7B:8D:4B:E1:B9:93:E5:B3:00:74:0C:4E:4D:D0:FD:D4:A7:5F
            X509v3 Authority Key Identifier:
                keyid:4B:85:28:B8:AC:BC:87:42:76:4A:58:1A:8D:97:9A:18:42:95:66:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S4UouKy8h0J2SlgajZeaGEKVZj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/d777e6-0e58-4345-b0a4-4cbd22917d65/1/RFB7jUvhuZPlswB0DE5N0P3Up18.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/d777e6-0e58-4345-b0a4-4cbd22917d65/1/S4UouKy8h0J2SlgajZeaGEKVZj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.80.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:47:7c:a8:ea:46:86:ac:75:4e:29:e8:91:e5:6e:88:97:5c:
         e5:31:11:cb:b7:9d:0d:6a:dc:94:7d:98:cf:88:ef:20:d9:5e:
         3b:aa:94:2e:f1:aa:c4:6d:24:00:72:78:84:65:d2:65:d2:fa:
         a5:84:5c:d3:20:4e:7a:0e:1e:fb:f5:4e:9e:b5:63:9f:ea:c5:
         59:5e:dd:c2:82:44:14:2b:c4:63:8d:23:e1:0c:5c:b8:9f:16:
         d4:e8:ae:36:91:4c:27:9d:d9:18:80:99:3f:68:25:91:bf:ac:
         7e:3c:b4:75:75:4f:0e:70:5f:88:c9:6a:d4:98:47:0c:31:68:
         0f:9f:b0:b1:53:1d:99:fd:b3:20:04:0d:72:e8:4a:ef:fd:6f:
         87:64:92:af:c7:18:66:9d:2b:1c:15:6b:8b:8a:9b:2f:23:fc:
         3d:76:cd:20:2b:2f:a5:8e:68:4f:4d:b8:75:4a:19:b1:65:a2:
         6b:de:f0:f8:9a:c4:9f:d6:83:42:d7:ba:a0:bc:aa:0e:d6:61:
         8c:46:d6:9f:f3:29:50:d2:72:05:2e:45:4b:e0:64:ed:d3:86:
         45:7b:45:9f:bd:41:dc:5e:25:5f:8a:b0:cf:ce:0a:a6:fd:74:
         ba:8b:13:7b:c0:5d:3e:54:f2:da:05:9f:ef:60:a7:33:2c:1d:
         c7:ac:f3:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZExm25K/pnk83Nkni0S5GZ1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiODUyOGI4YWNiYzg3NDI3NjRhNTgxYThkOTc5YTE4NDI5
NTY2M2UwHhcNMjQwODA4MTA0OTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDUwN2I4ZDRiZTFiOTkzZTViMzAwNzQwYzRlNGRkMGZkZDRhNzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWfVJzhWzPj8cft5fCJAhuKTq8ky
ytXDR9lVisc0sVvKYJh1SEApm0NxrQT+0bFQk8/wN3RHS7LZ1VT3ZaW7n/loCpd/
wqIKTYOjHh8cPL0qCvc6k5zu20jkxZ8gbqh6FT5LmjOd7yMDkNgqbZEdBIcm/tG2
8DeEnAlL3hr6Y8dqqhkhbojn7r1HAbzhDiF3mqnZGbEJePuJqDuRGPuRuqDXbxRV
WhjaVfHNtG3K8mqt+q5WbbLn0WL1ddSfBCBj6JiwPZv4ZbHf+IiytK04DK5zWacV
vdWDaLRhFCu4PrjGQA4uVUlf4LpzaV2FYeENgzx8gQyDuW4v005Uy10jyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFERQe41L4bmT5bMAdAxOTdD91KdfMB8GA1UdIwQY
MBaAFEuFKLisvIdCdkpYGo2XmhhClWY+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzRVb3VLeThoMEoyU2xnYWpaZWFHRUtWWmo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9kNzc3ZTYtMGU1OC00MzQ1LWIwYTQt
NGNiZDIyOTE3ZDY1LzEvUkZCN2pVdmh1WlBsc3dCMERFNU4wUDNVcDE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9kNzc3ZTYtMGU1OC00MzQ1LWIwYTQtNGNiZDIyOTE3ZDY1
LzEvUzRVb3VLeThoMEoyU2xnYWpaZWFHRUtWWmo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1CKMA0G
CSqGSIb3DQEBCwUAA4IBAQCbR3yo6kaGrHVOKeiR5W6Il1zlMRHLt50NatyUfZjP
iO8g2V47qpQu8arEbSQAcniEZdJl0vqlhFzTIE56Dh779U6etWOf6sVZXt3CgkQU
K8RjjSPhDFy4nxbU6K42kUwnndkYgJk/aCWRv6x+PLR1dU8OcF+IyWrUmEcMMWgP
n7CxUx2Z/bMgBA1y6Erv/W+HZJKvxxhmnSscFWuLipsvI/w9ds0gKy+ljmhPTbh1
ShmxZaJr3vD4msSf1oNC17qgvKoO1mGMRtaf8ylQ0nIFLkVL4GTt04ZFe0WfvUHc
XiVfirDPzgqm/XS6ixN7wF0+VPLaBZ/vYKczLB3HrPN5
-----END CERTIFICATE-----