Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/IMwYnosne_EovQk3HMkbslZO0ZQ.roa
File:                     IMwYnosne_EovQk3HMkbslZO0ZQ.roa (raw, json)
Hash identifier:          4ccFeNpYqJCimvDFBuehK3UGlqwI/cJsi10t3ZcfXX4=
Subject key identifier:   20:CC:18:9E:8B:27:7B:F1:28:BD:09:37:1C:C9:1B:B2:56:4E:D1:94
Certificate issuer:       /CN=af734108705a95796e8577125dd300c751dfd9a8
Certificate serial:       018CF3F7ED4DB6EAAB6D41DFA6625FF05FB3
Authority key identifier: AF:73:41:08:70:5A:95:79:6E:85:77:12:5D:D3:00:C7:51:DF:D9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/IMwYnosne_EovQk3HMkbslZO0ZQ.roa
Signing time:             Wed 10 Jan 2024 15:22:40 +0000
ROA not before:           Wed 10 Jan 2024 15:22:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48944
IP address blocks:        195.238.231.0/24 maxlen: 24
                          2a05:63c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f3:f7:ed:4d:b6:ea:ab:6d:41:df:a6:62:5f:f0:5f:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af734108705a95796e8577125dd300c751dfd9a8
        Validity
            Not Before: Jan 10 15:22:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20cc189e8b277bf128bd09371cc91bb2564ed194
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:6c:55:6e:a0:71:2b:db:90:68:25:e5:d1:64:
                    40:cf:4a:85:9f:59:5e:99:04:45:f0:1b:9c:e8:bf:
                    75:69:9a:9e:36:ae:37:e5:fe:89:07:39:fe:8f:51:
                    94:a1:8c:04:5b:74:bf:31:a6:e3:69:00:e8:ef:2f:
                    96:25:99:97:51:c8:af:0c:ac:3c:6b:29:3d:87:54:
                    49:80:23:ed:d3:5f:a0:11:82:36:e2:5e:8e:d2:a2:
                    96:a3:2c:9b:ee:8c:6c:ca:4e:d4:53:8f:3e:2b:54:
                    f9:f2:43:2b:a0:02:31:c7:a0:73:4d:d4:2b:eb:9c:
                    9e:43:ed:af:9a:70:08:2c:69:5f:31:fc:2d:43:54:
                    be:ef:f8:11:d5:dd:08:8a:51:c6:5a:94:c1:4d:4c:
                    d9:9a:d3:a8:93:7b:3d:d9:92:8d:c4:96:a5:c3:22:
                    7d:0d:e7:89:58:72:8c:24:ee:53:51:cc:3c:7f:49:
                    91:4e:f6:31:9c:3d:e3:92:33:a7:02:78:8b:d9:ae:
                    9d:68:a8:e3:6e:25:57:f4:13:ff:02:ad:f8:e4:60:
                    79:e9:95:4e:a8:9c:b9:77:2d:0e:df:9e:3d:03:ec:
                    ea:a0:a1:c9:a5:2a:6c:dd:b4:10:95:b6:4a:c9:e6:
                    38:9f:d0:c0:93:0a:41:29:2e:79:f2:2c:71:57:f1:
                    04:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:CC:18:9E:8B:27:7B:F1:28:BD:09:37:1C:C9:1B:B2:56:4E:D1:94
            X509v3 Authority Key Identifier:
                keyid:AF:73:41:08:70:5A:95:79:6E:85:77:12:5D:D3:00:C7:51:DF:D9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/IMwYnosne_EovQk3HMkbslZO0ZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.238.231.0/24
                IPv6:
                  2a05:63c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         0f:71:2a:a5:e8:07:ee:a8:5f:79:4c:ab:17:16:2c:3f:cf:60:
         5c:2d:b5:34:28:25:24:af:d9:2b:d1:a5:af:41:fe:96:e9:df:
         0b:4d:86:d0:7b:bf:9b:a4:48:89:eb:f3:2c:06:0a:3b:e9:5f:
         de:55:92:27:d3:a1:4a:20:ca:55:cb:4f:29:ae:64:84:ed:7c:
         78:db:e4:f2:a7:db:33:01:fc:58:44:65:fc:20:bc:f6:8b:fa:
         28:ca:56:12:41:f0:8d:a6:73:98:d6:fa:a2:21:7a:67:03:08:
         c3:49:1d:b0:6c:86:28:4f:5d:c4:42:18:68:73:78:cf:ef:b2:
         e8:8c:84:77:b3:7c:aa:4b:f3:1e:ad:23:c5:94:80:63:47:b9:
         49:bf:2a:69:f7:32:e4:31:40:21:89:fd:1d:a9:36:a7:01:f4:
         4d:7d:ef:f1:b1:45:b7:3c:cb:73:a7:0e:82:e3:0a:b6:c1:b3:
         3d:4d:f3:97:2f:b2:65:f3:43:f0:76:88:90:7e:83:19:34:cd:
         0d:c7:b0:d8:cd:d5:b7:71:bd:12:d6:e6:d8:1b:62:a0:57:22:
         72:e0:c5:d2:c9:d0:e0:ff:6c:09:4b:5a:8d:2b:81:e5:36:fe:
         47:5a:55:e2:c3:9a:7f:5e:b0:2f:b4:83:2d:34:da:32:1e:ad:
         e0:27:f4:15
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzz9+1NtuqrbUHfpmJf8F+zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNzM0MTA4NzA1YTk1Nzk2ZTg1NzcxMjVkZDMwMGM3NTFk
ZmQ5YTgwHhcNMjQwMTEwMTUyMjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGNjMTg5ZThiMjc3YmYxMjhiZDA5MzcxY2M5MWJiMjU2NGVkMTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiGxVbqBxK9uQaCXl0WRAz0qFn1le
mQRF8Buc6L91aZqeNq435f6JBzn+j1GUoYwEW3S/MabjaQDo7y+WJZmXUcivDKw8
ayk9h1RJgCPt01+gEYI24l6O0qKWoyyb7oxsyk7UU48+K1T58kMroAIxx6BzTdQr
65yeQ+2vmnAILGlfMfwtQ1S+7/gR1d0IilHGWpTBTUzZmtOok3s92ZKNxJalwyJ9
DeeJWHKMJO5TUcw8f0mRTvYxnD3jkjOnAniL2a6daKjjbiVX9BP/Aq345GB56ZVO
qJy5dy0O3549A+zqoKHJpSps3bQQlbZKyeY4n9DAkwpBKS558ixxV/EEXwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCDMGJ6LJ3vxKL0JNxzJG7JWTtGUMB8GA1UdIwQY
MBaAFK9zQQhwWpV5boV3El3TAMdR39moMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjNOQkNIQmFsWGx1aFhjU1hkTUF4MUhmMmFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9jOTNhNjYtYzdjNy00YzMzLWE3MjUt
MThkMWE0MDZhYWVkLzEvSU13WW5vc25lX0VvdlFrM0hNa2JzbFpPMFpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9jOTNhNjYtYzdjNy00YzMzLWE3MjUtMThkMWE0MDZhYWVk
LzEvcjNOQkNIQmFsWGx1aFhjU1hkTUF4MUhmMmFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAw+7nMA0E
AgACMAcDBQMqBWPAMA0GCSqGSIb3DQEBCwUAA4IBAQAPcSql6AfuqF95TKsXFiw/
z2BcLbU0KCUkr9kr0aWvQf6W6d8LTYbQe7+bpEiJ6/MsBgo76V/eVZIn06FKIMpV
y08prmSE7Xx42+Typ9szAfxYRGX8ILz2i/ooylYSQfCNpnOY1vqiIXpnAwjDSR2w
bIYoT13EQhhoc3jP77LojIR3s3yqS/MerSPFlIBjR7lJvypp9zLkMUAhif0dqTan
AfRNfe/xsUW3PMtzpw6C4wq2wbM9TfOXL7Jl80PwdoiQfoMZNM0Nx7DYzdW3cb0S
1ubYG2KgVyJy4MXSydDg/2wJS1qNK4HlNv5HWlXiw5p/XrAvtIMtNNoyHq3gJ/QV
-----END CERTIFICATE-----