Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/37a93b-87b5-4995-9e8c-6635debc395c/1/s--ORwJvEPT2doqV0F3BlR9f2mw.roa
File:                     s--ORwJvEPT2doqV0F3BlR9f2mw.roa (raw, json)
Hash identifier:          RwaJbekSVQ6179gJc/fpKHsf7pp7S9dUG9SGcdvXAHQ=
Subject key identifier:   B3:EF:8E:47:02:6F:10:F4:F6:76:8A:95:D0:5D:C1:95:1F:5F:DA:6C
Certificate issuer:       /CN=617252ebbb33484adcec7405adea4de08a0afb04
Certificate serial:       018CC72583873A8F39240C98444B67EC951E
Authority key identifier: 61:72:52:EB:BB:33:48:4A:DC:EC:74:05:AD:EA:4D:E0:8A:0A:FB:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YXJS67szSErc7HQFrepN4IoK-wQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/37a93b-87b5-4995-9e8c-6635debc395c/1/s--ORwJvEPT2doqV0F3BlR9f2mw.roa
Signing time:             Mon 01 Jan 2024 22:29:33 +0000
ROA not before:           Mon 01 Jan 2024 22:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34420
IP address blocks:        195.149.119.0/24 maxlen: 24
                          195.170.167.0/24 maxlen: 24
                          2a0b:8bc7::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/37a93b-87b5-4995-9e8c-6635debc395c/1/YXJS67szSErc7HQFrepN4IoK-wQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/37a93b-87b5-4995-9e8c-6635debc395c/1/YXJS67szSErc7HQFrepN4IoK-wQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YXJS67szSErc7HQFrepN4IoK-wQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:83:87:3a:8f:39:24:0c:98:44:4b:67:ec:95:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=617252ebbb33484adcec7405adea4de08a0afb04
        Validity
            Not Before: Jan  1 22:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3ef8e47026f10f4f6768a95d05dc1951f5fda6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:d7:7b:ce:a9:44:f4:34:bb:52:2b:30:43:7e:
                    73:9f:44:73:85:10:bf:6b:dd:05:a6:69:79:86:f5:
                    5e:b4:9d:0d:8d:66:76:47:9f:d7:df:77:0d:53:66:
                    bd:91:74:d3:da:d2:d1:57:7a:dd:67:a3:70:3d:9d:
                    fc:4e:56:ca:58:20:7c:d3:a3:8f:9f:79:91:70:02:
                    93:df:ae:5e:1a:b6:38:d1:4b:10:e8:e6:4f:9e:2b:
                    76:65:ab:fc:93:0b:48:ab:aa:1d:56:2f:34:9a:d9:
                    98:80:33:74:19:3b:58:a7:ac:21:b5:0f:7c:70:bd:
                    35:13:f8:0e:c0:50:3f:22:18:fe:2b:b8:f4:34:12:
                    13:1b:e5:56:97:b2:7c:57:4b:d8:df:1a:23:a8:76:
                    f4:aa:6b:8a:02:b1:a7:ba:c7:c2:6d:87:c2:a3:b3:
                    30:a6:20:30:7e:fa:85:0f:06:6c:13:80:13:db:1a:
                    c7:2e:f1:85:8f:59:bf:1c:ff:97:37:68:a9:d7:f1:
                    24:ce:4e:46:4e:5a:c6:b3:f3:0e:17:d9:a1:e7:b9:
                    43:84:29:99:46:38:bf:ab:ba:b6:da:57:9f:56:3d:
                    a0:66:cf:57:2b:86:0c:e8:19:27:2c:33:aa:48:7d:
                    40:32:c0:dc:16:13:af:1e:9a:67:27:82:b7:3f:06:
                    f9:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:EF:8E:47:02:6F:10:F4:F6:76:8A:95:D0:5D:C1:95:1F:5F:DA:6C
            X509v3 Authority Key Identifier:
                keyid:61:72:52:EB:BB:33:48:4A:DC:EC:74:05:AD:EA:4D:E0:8A:0A:FB:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YXJS67szSErc7HQFrepN4IoK-wQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/37a93b-87b5-4995-9e8c-6635debc395c/1/s--ORwJvEPT2doqV0F3BlR9f2mw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/37a93b-87b5-4995-9e8c-6635debc395c/1/YXJS67szSErc7HQFrepN4IoK-wQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.149.119.0/24
                  195.170.167.0/24
                IPv6:
                  2a0b:8bc7::/32

    Signature Algorithm: sha256WithRSAEncryption
         6e:73:25:08:ba:e3:86:70:8b:75:55:29:0c:f1:21:fb:9e:74:
         c0:4b:26:18:df:88:a8:9d:dc:d1:cf:35:d8:9a:74:47:78:76:
         c1:a3:26:e7:2c:52:80:92:f9:2c:e3:d8:d2:69:a8:bd:f2:ce:
         a3:ab:f2:fd:4d:ca:dd:46:32:19:d1:ab:31:25:a9:e0:0c:bd:
         8c:39:06:84:90:4c:25:3b:c1:fd:07:c6:ec:d2:9d:c7:1b:8b:
         e7:59:32:b5:67:6d:d6:f1:12:fa:85:b8:60:63:64:9a:a9:26:
         e0:39:84:e5:67:cb:e2:12:dc:7d:84:4f:33:27:d0:86:f2:ca:
         19:2f:a2:d9:eb:7d:93:b4:26:29:c0:a3:d2:5d:29:a5:05:04:
         00:44:6c:aa:48:f4:49:ea:a9:2e:7d:1c:0a:82:3e:21:68:bb:
         4c:86:7f:1a:ca:22:c1:95:22:c9:78:7b:8b:3d:1c:56:5a:bd:
         74:b0:55:2f:48:50:1f:bb:32:1b:0d:f6:04:5f:3f:73:b6:8b:
         9b:b4:bd:24:5c:a9:81:62:b4:2d:84:de:05:3d:25:13:e5:37:
         41:21:47:01:6d:a5:77:04:5d:00:96:75:64:1f:b0:1f:90:12:
         d0:28:7a:26:c9:3f:cc:cb:3e:e1:0f:b7:d2:45:7e:b4:f8:b7:
         36:8d:02:44
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzHJYOHOo85JAyYREtn7JUeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxNzI1MmViYmIzMzQ4NGFkY2VjNzQwNWFkZWE0ZGUwOGEw
YWZiMDQwHhcNMjQwMTAxMjIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2VmOGU0NzAyNmYxMGY0ZjY3NjhhOTVkMDVkYzE5NTFmNWZkYTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtd7zqlE9DS7UiswQ35zn0RzhRC/
a90Fpml5hvVetJ0NjWZ2R5/X33cNU2a9kXTT2tLRV3rdZ6NwPZ38TlbKWCB806OP
n3mRcAKT365eGrY40UsQ6OZPnit2Zav8kwtIq6odVi80mtmYgDN0GTtYp6whtQ98
cL01E/gOwFA/Ihj+K7j0NBITG+VWl7J8V0vY3xojqHb0qmuKArGnusfCbYfCo7Mw
piAwfvqFDwZsE4AT2xrHLvGFj1m/HP+XN2ip1/Ekzk5GTlrGs/MOF9mh57lDhCmZ
Rji/q7q22lefVj2gZs9XK4YM6BknLDOqSH1AMsDcFhOvHppnJ4K3Pwb5CQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLPvjkcCbxD09naKldBdwZUfX9psMB8GA1UdIwQY
MBaAFGFyUuu7M0hK3Ox0Ba3qTeCKCvsEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVhKUzY3c3pTRXJjN0hRRnJlcE40SW9LLXdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8zN2E5M2ItODdiNS00OTk1LTllOGMt
NjYzNWRlYmMzOTVjLzEvcy0tT1J3SnZFUFQyZG9xVjBGM0JsUjlmMm13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8zN2E5M2ItODdiNS00OTk1LTllOGMtNjYzNWRlYmMzOTVj
LzEvWVhKUzY3c3pTRXJjN0hRRnJlcE40SW9LLXdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAw5V3AwQA
w6qnMA0EAgACMAcDBQAqC4vHMA0GCSqGSIb3DQEBCwUAA4IBAQBucyUIuuOGcIt1
VSkM8SH7nnTASyYY34iondzRzzXYmnRHeHbBoybnLFKAkvks49jSaai98s6jq/L9
TcrdRjIZ0asxJangDL2MOQaEkEwlO8H9B8bs0p3HG4vnWTK1Z23W8RL6hbhgY2Sa
qSbgOYTlZ8viEtx9hE8zJ9CG8soZL6LZ632TtCYpwKPSXSmlBQQARGyqSPRJ6qku
fRwKgj4haLtMhn8ayiLBlSLJeHuLPRxWWr10sFUvSFAfuzIbDfYEXz9ztoubtL0k
XKmBYrQthN4FPSUT5TdBIUcBbaV3BF0AlnVkH7AfkBLQKHomyT/Myz7hD7fSRX60
+Lc2jQJE
-----END CERTIFICATE-----