Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/06e27a-c039-48df-ae7e-3f8e7f103899/1/AxE22lzFBbmtAC1GmdqQZJ2fHL0.roa
File:                     AxE22lzFBbmtAC1GmdqQZJ2fHL0.roa (raw, json)
Hash identifier:          S1Z7RPkGeWijknehBamkx9rCcS6FTFRLyrRuvsGqAtQ=
Subject key identifier:   03:11:36:DA:5C:C5:05:B9:AD:00:2D:46:99:DA:90:64:9D:9F:1C:BD
Certificate issuer:       /CN=46ed275c5a738888d580695edd36715959447921
Certificate serial:       018CC3B720C6D1AEDE0239BD511DB9D39AC9
Authority key identifier: 46:ED:27:5C:5A:73:88:88:D5:80:69:5E:DD:36:71:59:59:44:79:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ru0nXFpziIjVgGle3TZxWVlEeSE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/06e27a-c039-48df-ae7e-3f8e7f103899/1/AxE22lzFBbmtAC1GmdqQZJ2fHL0.roa
Signing time:             Mon 01 Jan 2024 06:30:07 +0000
ROA not before:           Mon 01 Jan 2024 06:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198223
IP address blocks:        195.88.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/06e27a-c039-48df-ae7e-3f8e7f103899/1/Ru0nXFpziIjVgGle3TZxWVlEeSE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/06e27a-c039-48df-ae7e-3f8e7f103899/1/Ru0nXFpziIjVgGle3TZxWVlEeSE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ru0nXFpziIjVgGle3TZxWVlEeSE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:20:c6:d1:ae:de:02:39:bd:51:1d:b9:d3:9a:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46ed275c5a738888d580695edd36715959447921
        Validity
            Not Before: Jan  1 06:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=031136da5cc505b9ad002d4699da90649d9f1cbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:10:66:21:88:83:9c:1a:00:fb:8f:55:fd:62:
                    86:64:45:7b:d0:fe:a4:29:42:87:c1:98:1f:83:f1:
                    74:81:f8:73:41:d2:90:56:9f:67:64:e4:7a:3b:a6:
                    45:29:84:ff:78:7e:6c:6f:3b:1e:ee:1f:88:9b:5d:
                    65:f7:dc:4d:6d:98:4a:d1:f6:82:45:f0:a2:58:6b:
                    4e:09:96:79:fc:d3:ff:68:1d:67:30:df:19:4e:0e:
                    63:5d:41:7b:ff:56:39:56:ca:bd:27:15:fa:b3:b3:
                    61:6f:51:f7:bb:ee:ef:4c:a7:35:4d:98:c3:75:7e:
                    36:34:59:f3:7c:3a:bf:3a:59:b7:41:e4:6c:f0:ff:
                    4e:86:14:1a:b9:d8:6d:55:75:5c:d9:d9:ce:ea:47:
                    f0:84:82:ef:96:4e:73:53:c7:0d:91:21:f8:e4:ef:
                    73:c5:ff:ea:c7:c6:4a:2c:58:fc:18:cb:02:0f:91:
                    1f:ff:5a:87:7e:90:2d:3c:d1:31:6a:3b:02:69:4b:
                    0c:3e:f0:d4:14:1a:56:23:13:33:69:6c:82:6f:2a:
                    cc:a1:0c:62:92:9d:26:9b:0f:bf:85:97:43:27:cf:
                    43:9a:96:2b:e3:36:a1:d8:59:ee:41:81:f0:5a:86:
                    20:58:00:63:9a:d2:36:5c:c5:e8:9e:17:20:78:22:
                    d4:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:11:36:DA:5C:C5:05:B9:AD:00:2D:46:99:DA:90:64:9D:9F:1C:BD
            X509v3 Authority Key Identifier:
                keyid:46:ED:27:5C:5A:73:88:88:D5:80:69:5E:DD:36:71:59:59:44:79:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ru0nXFpziIjVgGle3TZxWVlEeSE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/06e27a-c039-48df-ae7e-3f8e7f103899/1/AxE22lzFBbmtAC1GmdqQZJ2fHL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/06e27a-c039-48df-ae7e-3f8e7f103899/1/Ru0nXFpziIjVgGle3TZxWVlEeSE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:87:bb:f7:f5:3a:6d:30:49:47:32:23:a3:cb:6b:00:0a:9e:
         d0:ca:37:c4:6c:5e:7c:30:fa:90:23:b7:18:e5:c9:53:86:73:
         7b:18:ed:9f:3a:07:35:d6:00:b5:59:db:2d:01:8b:28:61:94:
         6f:47:88:35:bd:1c:2f:ee:db:18:35:13:53:74:d1:bb:05:40:
         f6:01:2d:e8:d5:03:c0:bf:14:00:9f:30:a6:b8:7c:ce:b6:f5:
         cd:d1:95:01:c8:95:b2:07:7b:1b:df:7e:b8:5a:58:48:74:d7:
         8c:93:72:01:47:47:54:88:85:90:1e:70:74:28:5f:14:4c:1f:
         2d:75:95:52:49:fd:a2:06:d2:66:1b:98:d1:4b:d1:24:fb:49:
         0d:13:4b:d1:a5:cb:79:16:bb:f6:5c:ff:e0:c0:b5:51:c1:92:
         1b:fc:fa:2e:37:f4:50:be:a9:55:b5:59:d3:e1:9c:55:66:0e:
         c0:58:d6:d2:1f:4c:8b:12:ee:c6:6b:c8:a5:f0:58:e0:fd:0d:
         3f:ab:a4:ab:a9:d0:9c:df:c6:8d:4f:b5:39:9c:ff:e8:f3:4b:
         8e:a6:03:aa:ea:58:2d:bc:aa:39:0b:59:46:cd:c4:81:80:1b:
         29:c7:87:1d:82:cb:64:df:8e:01:54:07:be:8d:60:07:54:de:
         75:41:4f:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtyDG0a7eAjm9UR2505rJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2ZWQyNzVjNWE3Mzg4ODhkNTgwNjk1ZWRkMzY3MTU5NTk0
NDc5MjEwHhcNMjQwMTAxMDYzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzExMzZkYTVjYzUwNWI5YWQwMDJkNDY5OWRhOTA2NDlkOWYxY2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhBmIYiDnBoA+49V/WKGZEV70P6k
KUKHwZgfg/F0gfhzQdKQVp9nZOR6O6ZFKYT/eH5sbzse7h+Im11l99xNbZhK0faC
RfCiWGtOCZZ5/NP/aB1nMN8ZTg5jXUF7/1Y5Vsq9JxX6s7Nhb1H3u+7vTKc1TZjD
dX42NFnzfDq/Olm3QeRs8P9OhhQaudhtVXVc2dnO6kfwhILvlk5zU8cNkSH45O9z
xf/qx8ZKLFj8GMsCD5Ef/1qHfpAtPNExajsCaUsMPvDUFBpWIxMzaWyCbyrMoQxi
kp0mmw+/hZdDJ89DmpYr4zah2FnuQYHwWoYgWABjmtI2XMXonhcgeCLU5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAMRNtpcxQW5rQAtRpnakGSdnxy9MB8GA1UdIwQY
MBaAFEbtJ1xac4iI1YBpXt02cVlZRHkhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnUwblhGcHppSWpWZ0dsZTNUWnhXVmxFZVNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS8wNmUyN2EtYzAzOS00OGRmLWFlN2Ut
M2Y4ZTdmMTAzODk5LzEvQXhFMjJsekZCYm10QUMxR21kcVFaSjJmSEwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS8wNmUyN2EtYzAzOS00OGRmLWFlN2UtM2Y4ZTdmMTAzODk5
LzEvUnUwblhGcHppSWpWZ0dsZTNUWnhXVmxFZVNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1j7MA0G
CSqGSIb3DQEBCwUAA4IBAQBih7v39TptMElHMiOjy2sACp7QyjfEbF58MPqQI7cY
5clThnN7GO2fOgc11gC1WdstAYsoYZRvR4g1vRwv7tsYNRNTdNG7BUD2AS3o1QPA
vxQAnzCmuHzOtvXN0ZUByJWyB3sb3364WlhIdNeMk3IBR0dUiIWQHnB0KF8UTB8t
dZVSSf2iBtJmG5jRS9Ek+0kNE0vRpct5Frv2XP/gwLVRwZIb/PouN/RQvqlVtVnT
4ZxVZg7AWNbSH0yLEu7Ga8il8Fjg/Q0/q6SrqdCc38aNT7U5nP/o80uOpgOq6lgt
vKo5C1lGzcSBgBspx4cdgstk344BVAe+jWAHVN51QU8J
-----END CERTIFICATE-----