Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/abmlryuhF913F_jhNbR4uxWzqfs.roa
File:                     abmlryuhF913F_jhNbR4uxWzqfs.roa (raw, json)
Hash identifier:          y5HCmSvLbDuSqOdh+xykiN5hB+lycubCz3WNxpSS6aE=
Subject key identifier:   69:B9:A5:AF:2B:A1:17:DD:77:17:F8:E1:35:B4:78:BB:15:B3:A9:FB
Certificate issuer:       /CN=c441738baab988b1d68693bb05e29bfbb4f0f671
Certificate serial:       018CC50152F8DB0236236BD1C358F5A85467
Authority key identifier: C4:41:73:8B:AA:B9:88:B1:D6:86:93:BB:05:E2:9B:FB:B4:F0:F6:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/abmlryuhF913F_jhNbR4uxWzqfs.roa
Signing time:             Mon 01 Jan 2024 12:30:47 +0000
ROA not before:           Mon 01 Jan 2024 12:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41905
IP address blocks:        195.137.238.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:52:f8:db:02:36:23:6b:d1:c3:58:f5:a8:54:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c441738baab988b1d68693bb05e29bfbb4f0f671
        Validity
            Not Before: Jan  1 12:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69b9a5af2ba117dd7717f8e135b478bb15b3a9fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:30:f8:b6:6a:cd:83:f5:9a:bc:a6:58:9e:8e:
                    2a:eb:b8:17:b8:b6:8c:57:a8:f0:36:a8:c2:41:c0:
                    4e:d8:b3:10:04:7f:25:0f:7b:09:7f:40:45:87:23:
                    80:12:cf:27:2f:b4:d2:5a:33:86:69:76:7b:da:fa:
                    37:df:48:fd:f3:fc:73:86:4d:c7:33:9b:e2:29:2c:
                    31:d5:33:f9:f4:e6:7c:0a:f8:5a:ef:11:94:8c:ac:
                    35:3c:ba:0c:08:53:73:b4:40:d0:e7:e9:ad:f9:fb:
                    04:a0:a0:bd:3d:a3:69:ad:ca:0f:3a:d9:59:bb:77:
                    8a:a1:af:34:eb:23:63:2b:14:83:d7:b0:32:bf:d1:
                    34:76:2c:39:df:06:7b:65:e6:56:5d:5a:f4:61:46:
                    39:f5:da:c8:ba:07:e9:30:14:e0:ab:cc:a6:48:b8:
                    65:49:90:45:b8:3e:20:46:2a:8d:eb:0e:3e:65:93:
                    3f:95:34:a4:7c:0a:25:01:62:17:b5:e8:d0:56:79:
                    f8:55:dd:ec:78:d2:19:2b:e1:b5:73:5a:3b:d8:76:
                    1f:af:49:ec:76:7d:90:6e:39:d9:78:dc:6e:2d:1f:
                    07:b3:f5:b8:13:18:15:32:69:b3:a8:fb:e0:56:29:
                    72:83:65:f4:ac:bc:e9:d4:8e:17:7a:4d:14:7f:ce:
                    4d:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:B9:A5:AF:2B:A1:17:DD:77:17:F8:E1:35:B4:78:BB:15:B3:A9:FB
            X509v3 Authority Key Identifier:
                keyid:C4:41:73:8B:AA:B9:88:B1:D6:86:93:BB:05:E2:9B:FB:B4:F0:F6:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/abmlryuhF913F_jhNbR4uxWzqfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.137.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         bc:ba:28:82:48:aa:9c:23:8b:97:29:74:17:71:6e:f1:60:3b:
         63:76:47:00:02:2d:1d:36:0c:7c:04:e4:46:9f:79:b6:06:16:
         6a:9f:67:a9:f0:1e:ca:05:e0:01:b8:8e:72:0c:cf:fd:80:b7:
         8b:53:ae:57:21:c6:bd:06:f5:c2:30:3b:92:31:50:81:f1:79:
         92:4b:57:78:79:95:f4:dc:11:c2:23:43:18:a5:1e:e5:49:cc:
         4c:26:dc:83:ed:3e:65:80:f5:c1:33:a4:19:95:9d:f2:51:6a:
         b0:ac:9d:8c:4a:ab:a2:ad:eb:19:00:68:7f:6b:af:c8:00:0f:
         3b:db:54:1e:f0:57:11:4c:46:03:8c:af:8a:00:dc:c6:16:af:
         8b:17:c8:7d:e0:ab:30:ed:7f:dd:24:65:4d:62:74:1c:be:83:
         8d:32:9e:0b:2b:47:40:b0:16:1a:dd:b6:93:53:7d:55:82:e2:
         11:e0:e2:bc:29:2a:da:7c:9e:a4:0c:09:09:b7:2e:b1:29:79:
         65:f1:d1:38:54:0a:35:c1:b2:8c:7d:85:c7:2d:ba:5e:ae:3f:
         f5:3f:87:1e:91:19:c4:d2:b5:35:a5:8d:90:81:09:8d:e0:9b:
         01:e3:6a:35:32:61:95:dd:8a:cd:0a:1b:b4:d9:6e:f9:33:aa:
         10:dd:0d:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAVL42wI2I2vRw1j1qFRnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NDE3MzhiYWFiOTg4YjFkNjg2OTNiYjA1ZTI5YmZiYjRm
MGY2NzEwHhcNMjQwMTAxMTIzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWI5YTVhZjJiYTExN2RkNzcxN2Y4ZTEzNWI0NzhiYjE1YjNhOWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTD4tmrNg/WavKZYno4q67gXuLaM
V6jwNqjCQcBO2LMQBH8lD3sJf0BFhyOAEs8nL7TSWjOGaXZ72vo330j98/xzhk3H
M5viKSwx1TP59OZ8Cvha7xGUjKw1PLoMCFNztEDQ5+mt+fsEoKC9PaNprcoPOtlZ
u3eKoa806yNjKxSD17Ayv9E0diw53wZ7ZeZWXVr0YUY59drIugfpMBTgq8ymSLhl
SZBFuD4gRiqN6w4+ZZM/lTSkfAolAWIXtejQVnn4Vd3seNIZK+G1c1o72HYfr0ns
dn2QbjnZeNxuLR8Hs/W4ExgVMmmzqPvgVilyg2X0rLzp1I4Xek0Uf85NlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGm5pa8roRfddxf44TW0eLsVs6n7MB8GA1UdIwQY
MBaAFMRBc4uquYix1oaTuwXim/u08PZxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEVGemk2cTVpTEhXaHBPN0JlS2ItN1R3OW5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9mODMxNGUtYTNiYy00NWU5LWE5ZjUt
NGM5OGQ5YTUxNDA1LzEvYWJtbHJ5dWhGOTEzRl9qaE5iUjR1eFd6cWZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9mODMxNGUtYTNiYy00NWU5LWE5ZjUtNGM5OGQ5YTUxNDA1
LzEveEVGemk2cTVpTEhXaHBPN0JlS2ItN1R3OW5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw4nuMA0G
CSqGSIb3DQEBCwUAA4IBAQC8uiiCSKqcI4uXKXQXcW7xYDtjdkcAAi0dNgx8BORG
n3m2BhZqn2ep8B7KBeABuI5yDM/9gLeLU65XIca9BvXCMDuSMVCB8XmSS1d4eZX0
3BHCI0MYpR7lScxMJtyD7T5lgPXBM6QZlZ3yUWqwrJ2MSquiresZAGh/a6/IAA87
21Qe8FcRTEYDjK+KANzGFq+LF8h94Ksw7X/dJGVNYnQcvoONMp4LK0dAsBYa3baT
U31VguIR4OK8KSrafJ6kDAkJty6xKXll8dE4VAo1wbKMfYXHLbperj/1P4cekRnE
0rU1pY2QgQmN4JsB42o1MmGV3YrNChu02W75M6oQ3Q3O
-----END CERTIFICATE-----