Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/34e91f-a8a9-4937-9fb5-7a01bddd6560/1/wABM6IttrHJouZEg9lRlXIl9bDE.roa
File:                     wABM6IttrHJouZEg9lRlXIl9bDE.roa (raw, json)
Hash identifier:          zxgOB3i4t8Me+izvy0ay4L2P3g0TfyPfC/JtK52i44w=
Subject key identifier:   C0:00:4C:E8:8B:6D:AC:72:68:B9:91:20:F6:54:65:5C:89:7D:6C:31
Certificate issuer:       /CN=99d35619ed210be0ac29d170a2bb5cd7455693bc
Certificate serial:       018CC94E3AB0764DC405F2D0A903130DFE92
Authority key identifier: 99:D3:56:19:ED:21:0B:E0:AC:29:D1:70:A2:BB:5C:D7:45:56:93:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mdNWGe0hC-CsKdFwortc10VWk7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/34e91f-a8a9-4937-9fb5-7a01bddd6560/1/wABM6IttrHJouZEg9lRlXIl9bDE.roa
Signing time:             Tue 02 Jan 2024 08:33:16 +0000
ROA not before:           Tue 02 Jan 2024 08:33:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60798
IP address blocks:        195.39.202.0/23 maxlen: 24
                          195.39.194.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/34e91f-a8a9-4937-9fb5-7a01bddd6560/1/mdNWGe0hC-CsKdFwortc10VWk7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/34e91f-a8a9-4937-9fb5-7a01bddd6560/1/mdNWGe0hC-CsKdFwortc10VWk7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mdNWGe0hC-CsKdFwortc10VWk7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:3a:b0:76:4d:c4:05:f2:d0:a9:03:13:0d:fe:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99d35619ed210be0ac29d170a2bb5cd7455693bc
        Validity
            Not Before: Jan  2 08:33:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c0004ce88b6dac7268b99120f654655c897d6c31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:5f:bd:ad:0b:34:10:4a:4b:05:06:a5:39:26:
                    02:4a:27:dd:17:83:04:78:e3:60:7c:e0:96:ea:6a:
                    1b:39:bb:83:c3:71:14:08:e3:af:5a:21:f9:1e:fd:
                    f5:76:d1:a8:a5:b7:dc:e9:79:d7:3f:b5:34:28:d7:
                    65:1c:41:7c:89:f6:8e:28:ea:63:a2:42:91:57:db:
                    62:6b:4e:a6:47:ad:11:6d:8e:ca:f1:11:0d:68:b8:
                    ed:10:ac:c9:b8:29:ec:21:e5:7a:5b:fa:16:77:99:
                    e0:a0:77:44:b2:56:b1:ba:62:0e:ad:b8:ac:87:4c:
                    e1:a9:6a:20:0b:e4:9a:59:1c:08:37:d4:b8:12:69:
                    c2:5f:13:60:d5:16:a5:89:65:58:e3:57:37:f7:d5:
                    df:f5:1e:e7:92:e2:29:2c:e9:58:4d:05:58:bb:11:
                    9a:71:90:a4:7f:58:5b:9f:bd:58:83:50:73:7c:e3:
                    8f:92:ce:7d:2a:05:c8:39:d2:bd:51:1d:e1:bc:48:
                    5a:7c:52:8c:2a:d8:02:10:63:90:2b:1f:28:b9:86:
                    05:40:0c:06:d7:47:8a:95:44:f7:c1:f1:91:e6:d3:
                    0a:c6:07:11:28:c5:51:c7:e3:0b:2e:6e:97:c4:40:
                    2e:0b:20:09:32:f6:f1:48:79:a5:fd:6b:58:ca:70:
                    28:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:00:4C:E8:8B:6D:AC:72:68:B9:91:20:F6:54:65:5C:89:7D:6C:31
            X509v3 Authority Key Identifier:
                keyid:99:D3:56:19:ED:21:0B:E0:AC:29:D1:70:A2:BB:5C:D7:45:56:93:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mdNWGe0hC-CsKdFwortc10VWk7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/34e91f-a8a9-4937-9fb5-7a01bddd6560/1/wABM6IttrHJouZEg9lRlXIl9bDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/34e91f-a8a9-4937-9fb5-7a01bddd6560/1/mdNWGe0hC-CsKdFwortc10VWk7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.39.194.0/23
                  195.39.202.0/23

    Signature Algorithm: sha256WithRSAEncryption
         47:e1:d2:93:e8:16:8a:ae:ee:ee:98:a5:f6:fa:35:7a:50:47:
         af:7e:f0:11:fe:3e:bb:3e:6e:3c:5c:e9:f6:45:79:dd:9d:a4:
         7f:72:27:b2:bd:28:4c:cb:90:f1:65:2d:8c:f5:aa:4e:5d:3f:
         6e:aa:e2:d5:fe:49:ad:7b:e0:1a:99:c8:00:9c:bc:99:e1:f5:
         0e:9d:25:32:9f:74:bf:f2:19:b5:be:df:5b:76:0f:7a:00:a7:
         b1:28:46:79:81:c6:cf:57:d7:52:3b:eb:0d:cf:77:3d:81:d2:
         4b:b4:79:a8:de:d2:08:16:e8:f4:f9:ed:5d:e2:ac:bc:e3:b5:
         99:dd:9f:ec:90:8a:8e:d2:e7:f3:0a:a4:83:71:43:6c:26:c4:
         c0:ed:55:75:d0:2c:5e:e6:73:06:b0:b7:cb:6f:20:20:bf:cc:
         80:54:b2:0a:7f:0b:2f:53:5d:03:bd:f2:41:0d:ed:49:6d:04:
         49:51:54:be:ec:99:dc:fc:fa:ad:a8:06:4b:f0:75:1c:90:72:
         92:65:c5:e9:f3:ff:a8:16:ba:d8:21:4c:85:93:45:e4:c4:91:
         e5:46:ba:7e:9b:7b:f6:fc:94:54:22:4d:02:76:7c:5e:7b:73:
         ae:e8:d3:c4:c4:ae:59:82:c7:36:ed:f1:c8:73:73:3e:d3:9b:
         73:5f:3d:e7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTjqwdk3EBfLQqQMTDf6SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5ZDM1NjE5ZWQyMTBiZTBhYzI5ZDE3MGEyYmI1Y2Q3NDU1
NjkzYmMwHhcNMjQwMTAyMDgzMzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDAwNGNlODhiNmRhYzcyNjhiOTkxMjBmNjU0NjU1Yzg5N2Q2YzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlF+9rQs0EEpLBQalOSYCSifdF4ME
eONgfOCW6mobObuDw3EUCOOvWiH5Hv31dtGopbfc6XnXP7U0KNdlHEF8ifaOKOpj
okKRV9tia06mR60RbY7K8RENaLjtEKzJuCnsIeV6W/oWd5ngoHdEslaxumIOrbis
h0zhqWogC+SaWRwIN9S4EmnCXxNg1RaliWVY41c399Xf9R7nkuIpLOlYTQVYuxGa
cZCkf1hbn71Yg1BzfOOPks59KgXIOdK9UR3hvEhafFKMKtgCEGOQKx8ouYYFQAwG
10eKlUT3wfGR5tMKxgcRKMVRx+MLLm6XxEAuCyAJMvbxSHml/WtYynAo4QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMAATOiLbaxyaLmRIPZUZVyJfWwxMB8GA1UdIwQY
MBaAFJnTVhntIQvgrCnRcKK7XNdFVpO8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWROV0dlMGhDLUNzS2RGd29ydGMxMFZXazd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8zNGU5MWYtYThhOS00OTM3LTlmYjUt
N2EwMWJkZGQ2NTYwLzEvd0FCTTZJdHRySEpvdVpFZzlsUmxYSWw5YkRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8zNGU5MWYtYThhOS00OTM3LTlmYjUtN2EwMWJkZGQ2NTYw
LzEvbWROV0dlMGhDLUNzS2RGd29ydGMxMFZXazd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwyfCAwQB
wyfKMA0GCSqGSIb3DQEBCwUAA4IBAQBH4dKT6BaKru7umKX2+jV6UEevfvAR/j67
Pm48XOn2RXndnaR/cieyvShMy5DxZS2M9apOXT9uquLV/kmte+AamcgAnLyZ4fUO
nSUyn3S/8hm1vt9bdg96AKexKEZ5gcbPV9dSO+sNz3c9gdJLtHmo3tIIFuj0+e1d
4qy847WZ3Z/skIqO0ufzCqSDcUNsJsTA7VV10Cxe5nMGsLfLbyAgv8yAVLIKfwsv
U10DvfJBDe1JbQRJUVS+7Jnc/PqtqAZL8HUckHKSZcXp8/+oFrrYIUyFk0XkxJHl
Rrp+m3v2/JRUIk0Cdnxee3Ou6NPExK5Zgsc27fHIc3M+05tzXz3n
-----END CERTIFICATE-----