Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/c4e7e9-f6be-41a3-a459-195389330edf/1/M1TczoOBwHMa55k9y-flczi3qFA.roa
File:                     M1TczoOBwHMa55k9y-flczi3qFA.roa (raw, json)
Hash identifier:          3dThC3w0w9iFrIR/r17sHODhkhBeO4gKlAjIr/eAnhU=
Subject key identifier:   33:54:DC:CE:83:81:C0:73:1A:E7:99:3D:CB:E7:E5:73:38:B7:A8:50
Certificate issuer:       /CN=bf817dc8552df3610ffc45441b3f81464e489dc8
Certificate serial:       018CC56EF93A54F4B13085C34243FC7B2E94
Authority key identifier: BF:81:7D:C8:55:2D:F3:61:0F:FC:45:44:1B:3F:81:46:4E:48:9D:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4F9yFUt82EP_EVEGz-BRk5Incg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/c4e7e9-f6be-41a3-a459-195389330edf/1/M1TczoOBwHMa55k9y-flczi3qFA.roa
Signing time:             Mon 01 Jan 2024 14:30:33 +0000
ROA not before:           Mon 01 Jan 2024 14:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2116
IP address blocks:        195.88.54.0/23 maxlen: 23
                          2001:67c:21e0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/c4e7e9-f6be-41a3-a459-195389330edf/1/v4F9yFUt82EP_EVEGz-BRk5Incg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/c4e7e9-f6be-41a3-a459-195389330edf/1/v4F9yFUt82EP_EVEGz-BRk5Incg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v4F9yFUt82EP_EVEGz-BRk5Incg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:f9:3a:54:f4:b1:30:85:c3:42:43:fc:7b:2e:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf817dc8552df3610ffc45441b3f81464e489dc8
        Validity
            Not Before: Jan  1 14:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3354dcce8381c0731ae7993dcbe7e57338b7a850
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:ad:fc:83:0e:22:76:aa:79:ff:06:09:3d:d7:
                    c2:da:62:88:80:94:eb:e9:a4:43:ea:87:c8:f1:e4:
                    9e:8f:26:1d:bf:7f:13:7a:ce:07:82:5c:c0:f3:7b:
                    84:35:69:77:dd:ac:35:68:96:fb:ae:02:d9:8a:bf:
                    98:a0:29:a0:3a:09:c7:2e:55:7b:86:c9:eb:17:6a:
                    4f:cd:fe:e0:11:0b:29:6a:29:02:90:36:80:61:7c:
                    ed:ea:64:99:4f:c1:d2:58:61:b1:86:b7:ae:da:be:
                    d5:b7:f3:5b:a3:42:01:3a:3f:31:c2:22:e0:bb:0b:
                    6d:d7:46:af:42:46:d3:74:35:f7:c2:8e:fc:66:54:
                    a2:ff:9c:90:72:1e:27:f7:ac:9d:1a:da:9d:85:cf:
                    4b:1e:44:51:8f:bc:84:70:60:52:ca:fc:44:cf:0e:
                    ad:48:88:bb:06:89:1a:7f:05:15:95:d1:2c:28:66:
                    8b:c5:8c:82:49:7d:51:10:98:95:89:66:aa:a0:a1:
                    7d:5b:1a:d9:ec:42:8d:91:d3:5b:f5:3e:87:81:a1:
                    c5:62:83:9b:8d:fb:8a:33:bd:35:d0:68:cb:5c:44:
                    10:ef:2f:e3:e3:0f:14:a1:b3:14:d7:18:e1:36:3c:
                    56:3c:93:1d:89:72:80:0d:a6:d3:df:73:8a:f0:df:
                    47:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:54:DC:CE:83:81:C0:73:1A:E7:99:3D:CB:E7:E5:73:38:B7:A8:50
            X509v3 Authority Key Identifier:
                keyid:BF:81:7D:C8:55:2D:F3:61:0F:FC:45:44:1B:3F:81:46:4E:48:9D:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4F9yFUt82EP_EVEGz-BRk5Incg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/c4e7e9-f6be-41a3-a459-195389330edf/1/M1TczoOBwHMa55k9y-flczi3qFA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/c4e7e9-f6be-41a3-a459-195389330edf/1/v4F9yFUt82EP_EVEGz-BRk5Incg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.54.0/23
                IPv6:
                  2001:67c:21e0::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:1e:57:14:56:8f:de:32:99:01:a8:6b:01:cc:0f:2b:5d:0d:
         58:22:b9:de:e5:f7:74:43:75:13:15:06:68:62:ee:82:7d:90:
         95:de:5a:3a:be:e3:f7:2c:85:63:05:18:e7:2a:12:f8:2b:75:
         ce:27:4a:8e:15:5a:82:3b:97:98:05:f1:cd:ba:c9:5d:10:89:
         cc:0b:51:71:9b:80:9e:18:04:9f:b3:f4:51:ca:bc:80:40:4e:
         78:59:bd:fd:fc:92:f3:be:0d:62:43:45:5c:d0:00:a2:02:13:
         22:d1:2e:39:b7:fb:6d:77:0b:f2:78:09:63:85:af:02:b7:92:
         0d:1a:a8:16:42:43:47:51:76:70:b1:df:17:88:aa:7c:de:9e:
         1d:a7:e9:05:a6:5c:f8:64:0e:dd:25:b6:c4:0b:c1:d2:86:b3:
         08:40:99:3c:35:c1:54:dc:ff:c5:3e:72:08:6e:3b:90:a6:11:
         e7:7e:85:46:9f:34:dc:6a:7d:f7:5b:9c:0f:bf:23:32:a4:bf:
         a0:9e:90:ad:d5:ec:19:7c:62:13:16:d6:01:8d:cb:82:c9:b6:
         f4:8c:34:37:fb:af:25:c8:c7:af:00:7d:13:a9:33:7d:ee:3b:
         53:3d:c8:c8:63:00:c7:63:10:7a:21:cf:8e:f6:7f:dd:7b:54:
         5f:72:cd:24
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzFbvk6VPSxMIXDQkP8ey6UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODE3ZGM4NTUyZGYzNjEwZmZjNDU0NDFiM2Y4MTQ2NGU0
ODlkYzgwHhcNMjQwMTAxMTQzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzU0ZGNjZTgzODFjMDczMWFlNzk5M2RjYmU3ZTU3MzM4YjdhODUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2638gw4idqp5/wYJPdfC2mKIgJTr
6aRD6ofI8eSejyYdv38Tes4HglzA83uENWl33aw1aJb7rgLZir+YoCmgOgnHLlV7
hsnrF2pPzf7gEQspaikCkDaAYXzt6mSZT8HSWGGxhreu2r7Vt/Nbo0IBOj8xwiLg
uwtt10avQkbTdDX3wo78ZlSi/5yQch4n96ydGtqdhc9LHkRRj7yEcGBSyvxEzw6t
SIi7BokafwUVldEsKGaLxYyCSX1REJiViWaqoKF9WxrZ7EKNkdNb9T6HgaHFYoOb
jfuKM7010GjLXEQQ7y/j4w8UobMU1xjhNjxWPJMdiXKADabT33OK8N9HbQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDNU3M6DgcBzGueZPcvn5XM4t6hQMB8GA1UdIwQY
MBaAFL+BfchVLfNhD/xFRBs/gUZOSJ3IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRGOXlGVXQ4MkVQX0VWRUd6LUJSazVJbmNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni9jNGU3ZTktZjZiZS00MWEzLWE0NTkt
MTk1Mzg5MzMwZWRmLzEvTTFUY3pvT0J3SE1hNTVrOXktZmxjemkzcUZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni9jNGU3ZTktZjZiZS00MWEzLWE0NTktMTk1Mzg5MzMwZWRm
LzEvdjRGOXlGVXQ4MkVQX0VWRUd6LUJSazVJbmNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBw1g2MA8E
AgACMAkDBwAgAQZ8IeAwDQYJKoZIhvcNAQELBQADggEBAHweVxRWj94ymQGoawHM
DytdDVgiud7l93RDdRMVBmhi7oJ9kJXeWjq+4/cshWMFGOcqEvgrdc4nSo4VWoI7
l5gF8c26yV0QicwLUXGbgJ4YBJ+z9FHKvIBATnhZvf38kvO+DWJDRVzQAKICEyLR
Ljm3+213C/J4CWOFrwK3kg0aqBZCQ0dRdnCx3xeIqnzenh2n6QWmXPhkDt0ltsQL
wdKGswhAmTw1wVTc/8U+cghuO5CmEed+hUafNNxqffdbnA+/IzKkv6CekK3V7Bl8
YhMW1gGNy4LJtvSMNDf7ryXIx68AfROpM33uO1M9yMhjAMdjEHohz472f917VF9y
zSQ=
-----END CERTIFICATE-----