Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/d56c2f-b999-40d1-adbf-9ebd2f1ab362/1/v2T3DyvjoX3LxPiCcZVDcqwdrbI.roa
File:                     v2T3DyvjoX3LxPiCcZVDcqwdrbI.roa (raw, json)
Hash identifier:          D5JJTY9s1hnlzYxNASvz8vTxi/V+h4Tq4/kOXkOqAR8=
Subject key identifier:   BF:64:F7:0F:2B:E3:A1:7D:CB:C4:F8:82:71:95:43:72:AC:1D:AD:B2
Certificate issuer:       /CN=a7f09ad8aad3b3354875bbeaed05b61a54a03704
Certificate serial:       018CC34890487F21C42F4D24F85183940814
Authority key identifier: A7:F0:9A:D8:AA:D3:B3:35:48:75:BB:EA:ED:05:B6:1A:54:A0:37:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p_Ca2KrTszVIdbvq7QW2GlSgNwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/d56c2f-b999-40d1-adbf-9ebd2f1ab362/1/v2T3DyvjoX3LxPiCcZVDcqwdrbI.roa
Signing time:             Mon 01 Jan 2024 04:29:21 +0000
ROA not before:           Mon 01 Jan 2024 04:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198572
IP address blocks:        195.200.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/d56c2f-b999-40d1-adbf-9ebd2f1ab362/1/p_Ca2KrTszVIdbvq7QW2GlSgNwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/d56c2f-b999-40d1-adbf-9ebd2f1ab362/1/p_Ca2KrTszVIdbvq7QW2GlSgNwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p_Ca2KrTszVIdbvq7QW2GlSgNwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 19:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:90:48:7f:21:c4:2f:4d:24:f8:51:83:94:08:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7f09ad8aad3b3354875bbeaed05b61a54a03704
        Validity
            Not Before: Jan  1 04:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf64f70f2be3a17dcbc4f88271954372ac1dadb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:4d:db:9c:e9:88:0c:e5:b6:32:82:53:7b:f6:
                    b2:11:f1:70:88:62:41:30:d6:32:68:ea:55:61:5e:
                    02:23:81:ac:87:34:af:6a:af:b5:11:3e:91:d3:b9:
                    1a:2d:21:68:e4:5d:b9:be:10:37:9d:41:59:5a:a8:
                    95:ef:82:74:96:66:51:41:54:4a:45:8c:af:c9:ec:
                    2d:18:5b:20:52:01:9c:6e:02:65:5d:bc:bd:9f:86:
                    52:90:79:e0:15:d6:c0:0d:e6:b8:38:d1:c2:e0:00:
                    a8:7a:21:67:8c:f6:4a:28:03:46:b7:fc:83:10:79:
                    1b:80:32:0a:45:65:e7:a7:a1:e5:46:4d:a7:9f:db:
                    37:5d:9f:7f:e7:c2:3a:de:70:46:37:c8:d0:55:b7:
                    20:4e:a9:16:f6:9f:ab:bd:68:52:8b:32:b7:eb:ef:
                    58:88:52:b3:14:68:5f:d0:69:8c:97:5c:fd:7f:8e:
                    d4:61:b4:ba:53:b9:c7:71:a7:e2:30:da:04:cb:26:
                    ac:5b:7c:d8:f2:16:9d:ff:86:ae:00:75:6a:35:8c:
                    7d:81:c7:0b:8c:bb:7c:7b:58:74:c8:74:41:64:d0:
                    c0:ca:dc:9f:58:96:ac:ee:f4:07:bb:1e:96:f3:96:
                    f5:b7:b1:6e:85:76:dc:b5:69:ba:6c:28:6b:5d:d8:
                    6e:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:64:F7:0F:2B:E3:A1:7D:CB:C4:F8:82:71:95:43:72:AC:1D:AD:B2
            X509v3 Authority Key Identifier:
                keyid:A7:F0:9A:D8:AA:D3:B3:35:48:75:BB:EA:ED:05:B6:1A:54:A0:37:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p_Ca2KrTszVIdbvq7QW2GlSgNwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/d56c2f-b999-40d1-adbf-9ebd2f1ab362/1/v2T3DyvjoX3LxPiCcZVDcqwdrbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/d56c2f-b999-40d1-adbf-9ebd2f1ab362/1/p_Ca2KrTszVIdbvq7QW2GlSgNwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.200.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:1a:b4:bb:57:d7:aa:cd:09:e3:58:8d:97:27:9e:d8:32:92:
         55:5a:fe:33:c3:20:02:59:31:85:78:b1:36:23:e1:fb:41:29:
         7e:57:8f:b6:5a:5f:dc:f0:fd:f7:ca:ed:f0:eb:d3:eb:71:68:
         02:bb:b9:1e:2b:db:5d:22:62:4b:6e:78:3d:09:41:f7:33:7e:
         92:f9:c3:f6:f8:9e:3e:d7:b6:94:d1:9b:39:e8:39:82:ff:d7:
         1d:b0:25:a0:4c:ab:a7:cb:77:70:b1:e9:9e:2e:b4:f8:1e:6e:
         89:56:5c:93:aa:b3:93:37:54:bf:30:11:7e:13:05:11:f6:cb:
         cd:83:e4:70:ba:23:f1:41:b8:1f:dc:48:ad:5a:f0:32:b1:bd:
         b7:de:21:0d:0f:31:be:88:72:c2:68:af:47:74:0f:12:2b:fd:
         03:1d:87:60:3e:55:e5:56:c0:04:60:ce:55:0a:a9:f5:ea:a7:
         6d:d8:da:91:bf:39:b6:01:0f:49:8b:4e:b9:86:78:92:87:f7:
         4e:12:a0:38:66:bb:cc:96:da:6f:d5:f2:29:d9:45:90:a1:0a:
         c2:4f:5c:51:28:71:19:5f:3e:0b:3a:44:a1:5a:de:ad:f3:fd:
         b2:fa:64:36:fe:3e:32:b5:2a:3b:23:f2:dc:51:19:1c:db:cf:
         69:a4:60:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSJBIfyHEL00k+FGDlAgUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZjA5YWQ4YWFkM2IzMzU0ODc1YmJlYWVkMDViNjFhNTRh
MDM3MDQwHhcNMjQwMTAxMDQyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjY0ZjcwZjJiZTNhMTdkY2JjNGY4ODI3MTk1NDM3MmFjMWRhZGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU3bnOmIDOW2MoJTe/ayEfFwiGJB
MNYyaOpVYV4CI4GshzSvaq+1ET6R07kaLSFo5F25vhA3nUFZWqiV74J0lmZRQVRK
RYyvyewtGFsgUgGcbgJlXby9n4ZSkHngFdbADea4ONHC4ACoeiFnjPZKKANGt/yD
EHkbgDIKRWXnp6HlRk2nn9s3XZ9/58I63nBGN8jQVbcgTqkW9p+rvWhSizK36+9Y
iFKzFGhf0GmMl1z9f47UYbS6U7nHcafiMNoEyyasW3zY8had/4auAHVqNYx9gccL
jLt8e1h0yHRBZNDAytyfWJas7vQHux6W85b1t7FuhXbctWm6bChrXdhuTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL9k9w8r46F9y8T4gnGVQ3KsHa2yMB8GA1UdIwQY
MBaAFKfwmtiq07M1SHW76u0FthpUoDcEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcF9DYTJLclRzelZJZGJ2cTdRVzJHbFNnTndRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni9kNTZjMmYtYjk5OS00MGQxLWFkYmYt
OWViZDJmMWFiMzYyLzEvdjJUM0R5dmpvWDNMeFBpQ2NaVkRjcXdkcmJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni9kNTZjMmYtYjk5OS00MGQxLWFkYmYtOWViZDJmMWFiMzYy
LzEvcF9DYTJLclRzelZJZGJ2cTdRVzJHbFNnTndRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw8jIMA0G
CSqGSIb3DQEBCwUAA4IBAQCsGrS7V9eqzQnjWI2XJ57YMpJVWv4zwyACWTGFeLE2
I+H7QSl+V4+2Wl/c8P33yu3w69PrcWgCu7keK9tdImJLbng9CUH3M36S+cP2+J4+
17aU0Zs56DmC/9cdsCWgTKuny3dwsemeLrT4Hm6JVlyTqrOTN1S/MBF+EwUR9svN
g+RwuiPxQbgf3EitWvAysb233iENDzG+iHLCaK9HdA8SK/0DHYdgPlXlVsAEYM5V
Cqn16qdt2NqRvzm2AQ9Ji065hniSh/dOEqA4ZrvMltpv1fIp2UWQoQrCT1xRKHEZ
Xz4LOkShWt6t8/2y+mQ2/j4ytSo7I/LcURkc289ppGDz
-----END CERTIFICATE-----