Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/9d5bcf-2db9-4afa-b000-822953f8cf77/1/q6s8J7oPKF30WYZssj-P3xA29Kc.roa
File:                     q6s8J7oPKF30WYZssj-P3xA29Kc.roa (raw, json)
Hash identifier:          5G/rZyucOxBSgEPTh+uOBQDqoOayTTbC2CG9jW8WSqw=
Subject key identifier:   AB:AB:3C:27:BA:0F:28:5D:F4:59:86:6C:B2:3F:8F:DF:10:36:F4:A7
Certificate issuer:       /CN=09fbb3ed2f029c4bacc6ea2c4c7f4c1cd6e80e79
Certificate serial:       018CC8704FBE5C81A1EF8A2E4BB19A7CF162
Authority key identifier: 09:FB:B3:ED:2F:02:9C:4B:AC:C6:EA:2C:4C:7F:4C:1C:D6:E8:0E:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Cfuz7S8CnEusxuosTH9MHNboDnk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/9d5bcf-2db9-4afa-b000-822953f8cf77/1/q6s8J7oPKF30WYZssj-P3xA29Kc.roa
Signing time:             Tue 02 Jan 2024 04:30:52 +0000
ROA not before:           Tue 02 Jan 2024 04:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212062
IP address blocks:        195.244.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/9d5bcf-2db9-4afa-b000-822953f8cf77/1/Cfuz7S8CnEusxuosTH9MHNboDnk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/9d5bcf-2db9-4afa-b000-822953f8cf77/1/Cfuz7S8CnEusxuosTH9MHNboDnk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Cfuz7S8CnEusxuosTH9MHNboDnk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:4f:be:5c:81:a1:ef:8a:2e:4b:b1:9a:7c:f1:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09fbb3ed2f029c4bacc6ea2c4c7f4c1cd6e80e79
        Validity
            Not Before: Jan  2 04:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=abab3c27ba0f285df459866cb23f8fdf1036f4a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:f2:17:b8:d6:1a:ac:26:40:49:c5:22:a5:3e:
                    a3:59:e3:a8:0a:f8:a0:b9:14:f9:ed:a1:bb:42:b2:
                    83:03:7e:dd:13:6f:e3:be:07:d3:35:cd:06:6e:76:
                    b1:63:d6:51:74:5f:43:9b:79:cc:11:bb:2e:ba:9b:
                    0e:ec:1a:d0:a1:1d:7f:ef:5b:ea:90:70:11:d5:37:
                    a8:a0:a1:cd:90:15:74:bf:b7:9d:c9:df:52:b3:14:
                    f7:45:4f:9d:34:af:f7:71:34:30:7b:3e:14:4a:c8:
                    58:31:46:4e:53:f9:70:13:31:99:18:f0:cf:af:7f:
                    6e:d0:19:1c:6b:e4:33:b9:9b:aa:1e:1b:1d:7a:c7:
                    4b:cd:1e:f8:f9:fe:1f:b7:8e:42:8b:3d:8c:a4:39:
                    30:43:bb:e0:ee:da:fc:66:96:ec:fb:57:cd:7e:52:
                    28:6c:ad:ac:d1:19:a1:4e:63:a6:c0:bb:c7:c8:e3:
                    b8:51:a3:e5:4a:56:9a:7f:8a:80:ff:6a:de:24:1e:
                    41:5e:0b:0c:d2:68:c0:20:dc:65:d6:ea:94:9d:ea:
                    7c:b5:6d:55:5b:c1:c2:78:e1:62:03:1b:8e:34:e3:
                    51:a5:18:31:19:92:ff:40:26:c2:70:ee:31:04:c4:
                    d7:98:e8:b0:23:4d:1f:02:1f:61:14:1c:25:9a:0d:
                    fb:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:AB:3C:27:BA:0F:28:5D:F4:59:86:6C:B2:3F:8F:DF:10:36:F4:A7
            X509v3 Authority Key Identifier:
                keyid:09:FB:B3:ED:2F:02:9C:4B:AC:C6:EA:2C:4C:7F:4C:1C:D6:E8:0E:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cfuz7S8CnEusxuosTH9MHNboDnk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/9d5bcf-2db9-4afa-b000-822953f8cf77/1/q6s8J7oPKF30WYZssj-P3xA29Kc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/9d5bcf-2db9-4afa-b000-822953f8cf77/1/Cfuz7S8CnEusxuosTH9MHNboDnk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.244.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:69:63:a6:45:64:d9:08:6a:68:e9:a6:f0:40:61:f9:53:c2:
         a3:38:6e:bc:35:ec:c2:13:7a:db:54:5c:a5:d7:01:19:4c:75:
         98:d9:80:aa:bf:32:d1:6e:8c:ea:b2:6b:33:2d:d2:cd:16:b2:
         68:ba:cf:d9:3e:e8:12:ca:f5:81:6c:e3:0e:bd:56:17:31:02:
         46:08:f1:e7:45:47:e8:1d:0e:4d:9b:0a:5d:47:2b:17:51:be:
         eb:02:ad:b1:04:09:c9:f5:72:ab:4b:59:4b:e6:78:40:b0:95:
         13:51:25:79:ca:66:a1:e7:de:0a:2a:69:74:4a:09:dc:bb:d4:
         6b:80:13:b1:6b:ec:d3:c3:e6:2d:33:df:5e:6b:66:5c:b5:db:
         f3:2a:86:0c:06:49:2c:5b:e9:8c:20:88:12:82:6c:7c:11:ab:
         9a:cf:1c:a2:24:2b:8d:ee:2d:4f:57:cd:bd:f0:6c:8e:6e:cc:
         b4:01:5c:68:ce:56:40:05:fa:49:d0:0e:27:c4:a2:46:2f:f7:
         e8:f3:21:2c:33:15:e3:0e:e9:b9:ee:9a:d0:b4:6a:4d:52:05:
         05:6e:69:83:22:cb:fb:a0:48:44:7c:4c:90:26:48:08:d1:96:
         38:0e:71:75:a5:f9:04:79:1b:a9:fb:c5:9f:c5:9b:18:d0:25:
         45:97:f7:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcE++XIGh74ouS7GafPFiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5ZmJiM2VkMmYwMjljNGJhY2M2ZWEyYzRjN2Y0YzFjZDZl
ODBlNzkwHhcNMjQwMTAyMDQzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmFiM2MyN2JhMGYyODVkZjQ1OTg2NmNiMjNmOGZkZjEwMzZmNGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvIXuNYarCZAScUipT6jWeOoCvig
uRT57aG7QrKDA37dE2/jvgfTNc0GbnaxY9ZRdF9Dm3nMEbsuupsO7BrQoR1/71vq
kHAR1TeooKHNkBV0v7edyd9SsxT3RU+dNK/3cTQwez4USshYMUZOU/lwEzGZGPDP
r39u0Bkca+QzuZuqHhsdesdLzR74+f4ft45Ciz2MpDkwQ7vg7tr8Zpbs+1fNflIo
bK2s0RmhTmOmwLvHyOO4UaPlSlaaf4qA/2reJB5BXgsM0mjAINxl1uqUnep8tW1V
W8HCeOFiAxuONONRpRgxGZL/QCbCcO4xBMTXmOiwI00fAh9hFBwlmg37PQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKurPCe6Dyhd9FmGbLI/j98QNvSnMB8GA1UdIwQY
MBaAFAn7s+0vApxLrMbqLEx/TBzW6A55MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2Z1ejdTOENuRXVzeHVvc1RIOU1ITmJvRG5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS85ZDViY2YtMmRiOS00YWZhLWIwMDAt
ODIyOTUzZjhjZjc3LzEvcTZzOEo3b1BLRjMwV1lac3NqLVAzeEEyOUtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS85ZDViY2YtMmRiOS00YWZhLWIwMDAtODIyOTUzZjhjZjc3
LzEvQ2Z1ejdTOENuRXVzeHVvc1RIOU1ITmJvRG5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/QNMA0G
CSqGSIb3DQEBCwUAA4IBAQBAaWOmRWTZCGpo6abwQGH5U8KjOG68NezCE3rbVFyl
1wEZTHWY2YCqvzLRbozqsmszLdLNFrJous/ZPugSyvWBbOMOvVYXMQJGCPHnRUfo
HQ5NmwpdRysXUb7rAq2xBAnJ9XKrS1lL5nhAsJUTUSV5ymah594KKml0Sgncu9Rr
gBOxa+zTw+YtM99ea2ZctdvzKoYMBkksW+mMIIgSgmx8EauazxyiJCuN7i1PV829
8GyObsy0AVxozlZABfpJ0A4nxKJGL/fo8yEsMxXjDum57prQtGpNUgUFbmmDIsv7
oEhEfEyQJkgI0ZY4DnF1pfkEeRup+8WfxZsY0CVFl/fd
-----END CERTIFICATE-----