Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/3c42db-1565-4ebe-b4bc-fddb96e6dad1/1/GuYk0aQA0pgEw3N0C-v50Ls9Jpc.roa
File:                     GuYk0aQA0pgEw3N0C-v50Ls9Jpc.roa (raw, json)
Hash identifier:          SznoNB6LAigw17DW19M9EYVuTCRz/FY3elEsd4ZSwDk=
Subject key identifier:   1A:E6:24:D1:A4:00:D2:98:04:C3:73:74:0B:EB:F9:D0:BB:3D:26:97
Certificate issuer:       /CN=6cc57691c15c9eb3a379917806d294fd39175e07
Certificate serial:       018CC492F047630F8E619DE8F80682ED6ADA
Authority key identifier: 6C:C5:76:91:C1:5C:9E:B3:A3:79:91:78:06:D2:94:FD:39:17:5E:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bMV2kcFcnrOjeZF4BtKU_TkXXgc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/3c42db-1565-4ebe-b4bc-fddb96e6dad1/1/GuYk0aQA0pgEw3N0C-v50Ls9Jpc.roa
Signing time:             Mon 01 Jan 2024 10:30:13 +0000
ROA not before:           Mon 01 Jan 2024 10:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47698
IP address blocks:        195.47.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/3c42db-1565-4ebe-b4bc-fddb96e6dad1/1/bMV2kcFcnrOjeZF4BtKU_TkXXgc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/3c42db-1565-4ebe-b4bc-fddb96e6dad1/1/bMV2kcFcnrOjeZF4BtKU_TkXXgc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bMV2kcFcnrOjeZF4BtKU_TkXXgc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:01:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:f0:47:63:0f:8e:61:9d:e8:f8:06:82:ed:6a:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cc57691c15c9eb3a379917806d294fd39175e07
        Validity
            Not Before: Jan  1 10:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ae624d1a400d29804c373740bebf9d0bb3d2697
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:65:4e:5c:ac:be:29:ed:5d:ab:28:5a:bb:cb:
                    6d:eb:a7:69:6d:3b:86:35:0f:a6:17:68:4b:8c:39:
                    7a:af:f7:18:7a:ed:b7:4b:b4:fd:c1:21:bc:b4:ea:
                    55:ad:ab:c1:e5:a4:f1:4a:f3:20:d5:6d:73:05:85:
                    9a:e7:ef:a2:c2:60:6d:13:03:84:3c:be:99:7b:e5:
                    7c:53:66:3a:20:ca:e4:1b:6d:f8:61:4f:3d:a1:82:
                    9d:07:f9:69:ba:ab:ac:0e:d8:a2:95:07:dd:dd:73:
                    83:de:be:e7:dc:29:de:94:10:6b:38:8e:23:95:81:
                    2f:32:c9:02:ec:44:d2:e2:31:5a:0e:2f:b6:1c:7d:
                    19:5b:55:23:0e:fa:71:ae:0b:af:95:8f:ce:76:da:
                    3f:c2:48:da:29:aa:e5:3f:38:df:a3:a2:fc:f8:ed:
                    4e:2e:3a:31:84:7f:0f:09:26:36:11:d5:f6:45:e2:
                    a8:a4:2e:9c:c8:45:20:77:d6:61:c7:fd:0f:4d:3f:
                    db:09:e9:53:03:bc:42:5d:ec:d3:01:bc:83:62:70:
                    0b:29:5f:3b:e3:8e:0c:55:c7:99:f5:46:1a:71:a2:
                    e7:85:6c:dc:37:c7:cb:7e:bd:df:08:67:22:b0:95:
                    87:d7:24:42:c0:f0:e4:e1:91:af:0f:40:09:78:a0:
                    3b:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:E6:24:D1:A4:00:D2:98:04:C3:73:74:0B:EB:F9:D0:BB:3D:26:97
            X509v3 Authority Key Identifier:
                keyid:6C:C5:76:91:C1:5C:9E:B3:A3:79:91:78:06:D2:94:FD:39:17:5E:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bMV2kcFcnrOjeZF4BtKU_TkXXgc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/3c42db-1565-4ebe-b4bc-fddb96e6dad1/1/GuYk0aQA0pgEw3N0C-v50Ls9Jpc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/3c42db-1565-4ebe-b4bc-fddb96e6dad1/1/bMV2kcFcnrOjeZF4BtKU_TkXXgc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.47.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:ad:0d:bd:3d:81:5c:19:57:11:cd:cb:2d:48:a7:e4:e6:6a:
         60:1e:72:ef:45:af:b4:1f:3e:ff:f0:cd:b2:62:9e:f8:1b:b3:
         a2:58:f3:43:fd:bd:cd:e2:38:e5:7d:e0:08:a8:2c:22:96:07:
         dd:7c:d2:3a:d1:e6:08:0b:1a:9a:c3:cf:92:b1:6f:92:94:1c:
         f9:73:59:4c:4f:41:9d:95:b1:00:00:14:8d:61:93:32:00:f7:
         a3:8a:cc:5f:fb:08:e4:66:54:f2:18:d3:24:10:a2:e7:d7:ab:
         3e:91:78:c2:7e:01:d2:bd:16:75:a5:37:2c:86:d6:57:a1:88:
         9f:1b:3c:ea:26:ff:9b:48:a2:4d:46:bb:c1:41:79:80:1a:63:
         c3:83:99:4d:7f:42:17:53:23:90:8e:85:e2:c8:e6:ad:53:f2:
         7d:3f:fd:80:ed:7f:eb:9e:6c:0c:29:de:eb:b7:63:a6:cd:bf:
         22:41:00:88:06:cb:2f:ae:42:36:7a:44:27:91:d5:5b:8e:cd:
         95:9d:20:38:f8:9a:b8:5c:67:1b:5b:55:7f:44:6a:2d:0f:7e:
         fb:31:cc:f1:a5:63:58:b0:2c:b4:25:d2:06:a0:ff:7f:bd:1a:
         6d:52:52:dc:cf:7e:54:9f:85:5f:6b:ec:0a:d5:68:79:cb:32:
         67:2e:b7:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkvBHYw+OYZ3o+AaC7WraMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjYzU3NjkxYzE1YzllYjNhMzc5OTE3ODA2ZDI5NGZkMzkx
NzVlMDcwHhcNMjQwMTAxMTAzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWU2MjRkMWE0MDBkMjk4MDRjMzczNzQwYmViZjlkMGJiM2QyNjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjGVOXKy+Ke1dqyhau8tt66dpbTuG
NQ+mF2hLjDl6r/cYeu23S7T9wSG8tOpVravB5aTxSvMg1W1zBYWa5++iwmBtEwOE
PL6Ze+V8U2Y6IMrkG234YU89oYKdB/lpuqusDtiilQfd3XOD3r7n3CnelBBrOI4j
lYEvMskC7ETS4jFaDi+2HH0ZW1UjDvpxrguvlY/Odto/wkjaKarlPzjfo6L8+O1O
LjoxhH8PCSY2EdX2ReKopC6cyEUgd9Zhx/0PTT/bCelTA7xCXezTAbyDYnALKV87
444MVceZ9UYacaLnhWzcN8fLfr3fCGcisJWH1yRCwPDk4ZGvD0AJeKA7JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBrmJNGkANKYBMNzdAvr+dC7PSaXMB8GA1UdIwQY
MBaAFGzFdpHBXJ6zo3mReAbSlP05F14HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk1WMmtjRmNuck9qZVpGNEJ0S1VfVGtYWGdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8zYzQyZGItMTU2NS00ZWJlLWI0YmMt
ZmRkYjk2ZTZkYWQxLzEvR3VZazBhUUEwcGdFdzNOMEMtdjUwTHM5SnBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8zYzQyZGItMTU2NS00ZWJlLWI0YmMtZmRkYjk2ZTZkYWQx
LzEvYk1WMmtjRmNuck9qZVpGNEJ0S1VfVGtYWGdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwy/+MA0G
CSqGSIb3DQEBCwUAA4IBAQCUrQ29PYFcGVcRzcstSKfk5mpgHnLvRa+0Hz7/8M2y
Yp74G7OiWPND/b3N4jjlfeAIqCwilgfdfNI60eYICxqaw8+SsW+SlBz5c1lMT0Gd
lbEAABSNYZMyAPejisxf+wjkZlTyGNMkEKLn16s+kXjCfgHSvRZ1pTcshtZXoYif
GzzqJv+bSKJNRrvBQXmAGmPDg5lNf0IXUyOQjoXiyOatU/J9P/2A7X/rnmwMKd7r
t2Omzb8iQQCIBssvrkI2ekQnkdVbjs2VnSA4+Jq4XGcbW1V/RGotD377MczxpWNY
sCy0JdIGoP9/vRptUlLcz35Un4Vfa+wK1Wh5yzJnLrel
-----END CERTIFICATE-----