Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/4bf3cc-023d-4b02-8028-c59efd348158/1/jxZ94GmkD7el5YHnW31gY0A-pIw.roa
File:                     jxZ94GmkD7el5YHnW31gY0A-pIw.roa (raw, json)
Hash identifier:          qB7+f/c/c60CXX5QVaRicVqEF8PkUxeHGeifTEn1nBI=
Subject key identifier:   8F:16:7D:E0:69:A4:0F:B7:A5:E5:81:E7:5B:7D:60:63:40:3E:A4:8C
Certificate issuer:       /CN=156849587a23bfb5d65b2a1404082232b439271b
Certificate serial:       018CC64A797CDAD347523DCDE9995579C9B8
Authority key identifier: 15:68:49:58:7A:23:BF:B5:D6:5B:2A:14:04:08:22:32:B4:39:27:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FWhJWHojv7XWWyoUBAgiMrQ5Jxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/4bf3cc-023d-4b02-8028-c59efd348158/1/jxZ94GmkD7el5YHnW31gY0A-pIw.roa
Signing time:             Mon 01 Jan 2024 18:30:18 +0000
ROA not before:           Mon 01 Jan 2024 18:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197883
IP address blocks:        195.24.244.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/4bf3cc-023d-4b02-8028-c59efd348158/1/FWhJWHojv7XWWyoUBAgiMrQ5Jxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/4bf3cc-023d-4b02-8028-c59efd348158/1/FWhJWHojv7XWWyoUBAgiMrQ5Jxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FWhJWHojv7XWWyoUBAgiMrQ5Jxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:79:7c:da:d3:47:52:3d:cd:e9:99:55:79:c9:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=156849587a23bfb5d65b2a1404082232b439271b
        Validity
            Not Before: Jan  1 18:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f167de069a40fb7a5e581e75b7d6063403ea48c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:cd:4c:bb:8f:cc:bb:b8:b6:63:00:84:f1:74:
                    24:88:0a:66:e7:ba:1e:3a:46:f7:65:27:8a:cc:7f:
                    1e:ac:cc:e2:3c:d4:0e:a2:f5:fe:25:c0:27:4b:a3:
                    53:a0:39:4c:74:3f:8e:1a:7e:a0:bc:ed:c9:5d:b7:
                    2b:4b:3e:e7:04:1d:24:56:05:6f:c1:bd:8f:7b:10:
                    15:13:e2:1a:5c:c9:bb:74:f6:d3:d7:49:cd:4c:f3:
                    38:97:1e:e2:66:af:7e:b4:0c:2c:1d:69:70:6b:66:
                    6c:da:dd:0a:bc:19:4b:7d:08:ee:dd:63:e5:a3:87:
                    dd:31:99:01:c9:3f:59:2f:fe:28:ee:31:f7:c4:90:
                    d7:1f:d1:bb:04:5c:3f:3b:d8:97:4a:29:23:a7:70:
                    77:c9:c0:c2:af:41:a0:bf:0c:67:53:65:30:6a:ba:
                    b7:98:42:8c:8a:44:b4:e0:df:99:c3:ac:a5:22:11:
                    8c:b0:08:85:88:ee:40:ad:11:82:09:bc:d0:ec:73:
                    b8:18:8e:f2:ef:31:27:b6:eb:2a:d5:a5:ed:68:04:
                    f0:4f:89:b6:fa:29:c1:df:77:89:60:81:4c:7e:99:
                    99:2b:25:11:3b:a5:46:b3:7e:cf:69:f3:fa:a3:8d:
                    02:84:df:88:16:87:74:c4:b4:19:e5:60:ba:a0:29:
                    9d:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:16:7D:E0:69:A4:0F:B7:A5:E5:81:E7:5B:7D:60:63:40:3E:A4:8C
            X509v3 Authority Key Identifier:
                keyid:15:68:49:58:7A:23:BF:B5:D6:5B:2A:14:04:08:22:32:B4:39:27:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FWhJWHojv7XWWyoUBAgiMrQ5Jxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/4bf3cc-023d-4b02-8028-c59efd348158/1/jxZ94GmkD7el5YHnW31gY0A-pIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/4bf3cc-023d-4b02-8028-c59efd348158/1/FWhJWHojv7XWWyoUBAgiMrQ5Jxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.24.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:39:36:55:9e:11:c9:6c:6a:56:2d:ec:7c:3b:cb:b3:af:d0:
         a6:30:02:a6:b9:0b:2a:bf:ef:95:29:78:48:75:a1:ef:c0:ea:
         78:75:60:55:6e:02:a2:98:65:30:c8:ce:10:e2:b8:10:dc:f7:
         ce:1b:02:a3:b8:cc:63:1d:e9:b6:e8:4a:70:8f:57:04:23:57:
         eb:16:d4:0c:d0:2e:59:53:63:fd:28:16:b7:fb:ab:b5:a6:6c:
         10:68:b3:07:65:e8:56:3f:ff:01:7d:08:60:cc:cd:03:06:db:
         09:50:99:a1:46:26:87:31:ac:f6:8c:11:23:dd:84:d3:35:c1:
         c4:00:61:d8:24:6e:4b:9e:c0:ed:43:c1:20:e6:43:16:4e:f7:
         77:1f:44:f1:d1:4a:4a:fe:96:9a:8d:44:8c:70:ae:8c:7f:a8:
         97:d2:94:62:77:5e:bd:69:29:27:f9:5c:d6:5c:8a:ea:36:97:
         2d:28:95:01:cf:73:aa:71:7a:6c:be:4e:eb:81:63:13:cf:83:
         f6:b8:88:e2:2a:ae:c9:e8:0d:9a:4f:88:6d:1d:fe:3e:e5:47:
         ab:35:30:be:bd:e5:1e:56:13:f3:7d:ca:49:85:c9:e6:6d:1b:
         63:69:c7:35:36:41:eb:cf:7d:47:41:de:f2:d6:0e:0b:b0:12:
         a0:06:0d:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSnl82tNHUj3N6ZlVecm4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1Njg0OTU4N2EyM2JmYjVkNjViMmExNDA0MDgyMjMyYjQz
OTI3MWIwHhcNMjQwMTAxMTgzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjE2N2RlMDY5YTQwZmI3YTVlNTgxZTc1YjdkNjA2MzQwM2VhNDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzc1Mu4/Mu7i2YwCE8XQkiApm57oe
Okb3ZSeKzH8erMziPNQOovX+JcAnS6NToDlMdD+OGn6gvO3JXbcrSz7nBB0kVgVv
wb2PexAVE+IaXMm7dPbT10nNTPM4lx7iZq9+tAwsHWlwa2Zs2t0KvBlLfQju3WPl
o4fdMZkByT9ZL/4o7jH3xJDXH9G7BFw/O9iXSikjp3B3ycDCr0GgvwxnU2Uwarq3
mEKMikS04N+Zw6ylIhGMsAiFiO5ArRGCCbzQ7HO4GI7y7zEntusq1aXtaATwT4m2
+inB33eJYIFMfpmZKyURO6VGs37PafP6o40ChN+IFod0xLQZ5WC6oCmdoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI8WfeBppA+3peWB51t9YGNAPqSMMB8GA1UdIwQY
MBaAFBVoSVh6I7+11lsqFAQIIjK0OScbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRldoSldIb2p2N1hXV3lvVUJBZ2lNclE1SnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS80YmYzY2MtMDIzZC00YjAyLTgwMjgt
YzU5ZWZkMzQ4MTU4LzEvanhaOTRHbWtEN2VsNVlIblczMWdZMEEtcEl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS80YmYzY2MtMDIzZC00YjAyLTgwMjgtYzU5ZWZkMzQ4MTU4
LzEvRldoSldIb2p2N1hXV3lvVUJBZ2lNclE1SnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxj0MA0G
CSqGSIb3DQEBCwUAA4IBAQC9OTZVnhHJbGpWLex8O8uzr9CmMAKmuQsqv++VKXhI
daHvwOp4dWBVbgKimGUwyM4Q4rgQ3PfOGwKjuMxjHem26Epwj1cEI1frFtQM0C5Z
U2P9KBa3+6u1pmwQaLMHZehWP/8BfQhgzM0DBtsJUJmhRiaHMaz2jBEj3YTTNcHE
AGHYJG5LnsDtQ8Eg5kMWTvd3H0Tx0UpK/paajUSMcK6Mf6iX0pRid169aSkn+VzW
XIrqNpctKJUBz3OqcXpsvk7rgWMTz4P2uIjiKq7J6A2aT4htHf4+5UerNTC+veUe
VhPzfcpJhcnmbRtjacc1NkHrz31HQd7y1g4LsBKgBg3T
-----END CERTIFICATE-----