Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/465556-70d1-4152-a65a-6c63e152242d/1/Mj6cnOrzwqmswVzipQ1nh27anw8.roa
File:                     Mj6cnOrzwqmswVzipQ1nh27anw8.roa (raw, json)
Hash identifier:          SRnCJOZ9CNj3EF1aJLdtaOPtZima99ll7AquzihBsig=
Subject key identifier:   32:3E:9C:9C:EA:F3:C2:A9:AC:C1:5C:E2:A5:0D:67:87:6E:DA:9F:0F
Certificate issuer:       /CN=d0d6e65505b4f4e4f4f31d90b8b21a3a7cfb0ebf
Certificate serial:       018CC9BBBC7AA5CEC317F07A6F0DC722DA23
Authority key identifier: D0:D6:E6:55:05:B4:F4:E4:F4:F3:1D:90:B8:B2:1A:3A:7C:FB:0E:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0NbmVQW09OT08x2QuLIaOnz7Dr8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/465556-70d1-4152-a65a-6c63e152242d/1/Mj6cnOrzwqmswVzipQ1nh27anw8.roa
Signing time:             Tue 02 Jan 2024 10:32:52 +0000
ROA not before:           Tue 02 Jan 2024 10:32:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197511
IP address blocks:        195.20.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/465556-70d1-4152-a65a-6c63e152242d/1/0NbmVQW09OT08x2QuLIaOnz7Dr8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/465556-70d1-4152-a65a-6c63e152242d/1/0NbmVQW09OT08x2QuLIaOnz7Dr8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0NbmVQW09OT08x2QuLIaOnz7Dr8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:bc:7a:a5:ce:c3:17:f0:7a:6f:0d:c7:22:da:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0d6e65505b4f4e4f4f31d90b8b21a3a7cfb0ebf
        Validity
            Not Before: Jan  2 10:32:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=323e9c9ceaf3c2a9acc15ce2a50d67876eda9f0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:5f:13:30:25:b9:52:96:e4:bd:56:5a:09:8d:
                    61:a1:30:76:04:f4:31:df:f6:02:f5:f7:8a:d7:4d:
                    3b:d9:86:dc:fd:08:c5:90:be:d0:46:5d:ec:23:6e:
                    46:39:83:c8:e8:04:89:b4:0d:44:f5:8e:4d:73:73:
                    e7:d9:80:c0:7d:ec:4c:25:b0:d5:ca:92:a4:31:72:
                    ae:bb:29:e3:30:8f:61:ab:5c:19:24:cb:4f:15:ea:
                    1c:dc:85:d9:a4:e9:7e:30:d1:3d:3b:12:1e:19:cb:
                    0c:09:bf:61:04:a8:37:76:22:ed:cc:72:bf:a4:e3:
                    dc:1f:73:e1:ec:6e:e5:ad:7d:2e:15:0e:42:a0:8f:
                    f5:1c:49:ec:c2:64:79:67:3c:0c:e4:af:a9:24:d2:
                    23:3f:89:c1:87:76:a6:58:69:dd:e4:d6:89:84:a3:
                    ff:1c:cc:c5:c0:9a:cc:58:3c:23:38:cc:59:c7:0a:
                    a2:6b:b2:61:a2:59:a7:92:cf:c4:f7:62:a6:65:1d:
                    66:8c:a9:6b:2c:45:8b:07:86:bc:0e:cf:11:bf:30:
                    cf:74:b1:e6:e3:2c:4b:19:db:90:8a:1e:9b:e8:90:
                    fb:32:75:b0:7d:66:65:27:9a:f5:05:b6:c1:52:f8:
                    a9:ad:00:98:5d:2e:71:b0:67:cc:5f:a7:04:2c:ce:
                    5f:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:3E:9C:9C:EA:F3:C2:A9:AC:C1:5C:E2:A5:0D:67:87:6E:DA:9F:0F
            X509v3 Authority Key Identifier:
                keyid:D0:D6:E6:55:05:B4:F4:E4:F4:F3:1D:90:B8:B2:1A:3A:7C:FB:0E:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0NbmVQW09OT08x2QuLIaOnz7Dr8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/465556-70d1-4152-a65a-6c63e152242d/1/Mj6cnOrzwqmswVzipQ1nh27anw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/465556-70d1-4152-a65a-6c63e152242d/1/0NbmVQW09OT08x2QuLIaOnz7Dr8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.20.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:6d:fe:fc:89:25:43:00:21:1f:db:2c:1b:f1:d9:92:3a:2d:
         82:36:35:66:db:7d:67:b2:ad:5f:f7:1b:8c:49:b3:ab:4d:e7:
         13:64:03:a0:94:ef:49:1f:d4:8c:a9:6d:da:80:da:bd:5b:0c:
         e4:e6:ba:46:31:3b:7c:9b:eb:bf:d7:89:3d:41:95:2a:b5:0e:
         ea:e4:3c:69:76:51:c0:cd:10:fb:0e:d6:b6:ff:ba:94:23:44:
         2d:da:75:ea:2d:14:75:36:ad:89:ab:13:f2:9b:4a:19:f4:7f:
         44:eb:dd:fc:ab:3d:46:d7:7e:30:80:6f:c8:ce:0d:15:3e:0b:
         75:39:a4:87:d2:4f:01:ad:f1:5b:01:bd:88:bb:e3:27:37:50:
         97:da:2e:17:7c:52:18:12:fb:4a:da:bf:90:a7:1d:8a:d0:2e:
         81:46:55:61:47:78:9f:16:4f:df:a3:44:78:f7:20:3b:29:b2:
         fa:70:3e:b9:98:9c:60:59:66:c7:01:45:a2:eb:f5:cf:9d:0b:
         6f:e3:c8:d4:50:65:cc:71:0c:e1:64:fb:ad:3e:6a:db:57:18:
         16:34:0a:b4:2b:72:8f:40:4a:31:34:97:66:a7:dd:db:ad:3a:
         6d:2a:cb:ef:ab:c5:eb:73:2d:b6:c2:b3:da:bd:a1:73:50:a2:
         f7:4a:16:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu7x6pc7DF/B6bw3HItojMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwZDZlNjU1MDViNGY0ZTRmNGYzMWQ5MGI4YjIxYTNhN2Nm
YjBlYmYwHhcNMjQwMTAyMTAzMjUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjNlOWM5Y2VhZjNjMmE5YWNjMTVjZTJhNTBkNjc4NzZlZGE5ZjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjV8TMCW5UpbkvVZaCY1hoTB2BPQx
3/YC9feK10072Ybc/QjFkL7QRl3sI25GOYPI6ASJtA1E9Y5Nc3Pn2YDAfexMJbDV
ypKkMXKuuynjMI9hq1wZJMtPFeoc3IXZpOl+MNE9OxIeGcsMCb9hBKg3diLtzHK/
pOPcH3Ph7G7lrX0uFQ5CoI/1HEnswmR5ZzwM5K+pJNIjP4nBh3amWGnd5NaJhKP/
HMzFwJrMWDwjOMxZxwqia7Jholmnks/E92KmZR1mjKlrLEWLB4a8Ds8RvzDPdLHm
4yxLGduQih6b6JD7MnWwfWZlJ5r1BbbBUviprQCYXS5xsGfMX6cELM5fawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDI+nJzq88KprMFc4qUNZ4du2p8PMB8GA1UdIwQY
MBaAFNDW5lUFtPTk9PMdkLiyGjp8+w6/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvME5ibVZRVzA5T1QwOHgyUXVMSWFPbno3RHI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC80NjU1NTYtNzBkMS00MTUyLWE2NWEt
NmM2M2UxNTIyNDJkLzEvTWo2Y25Pcnp3cW1zd1Z6aXBRMW5oMjdhbnc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC80NjU1NTYtNzBkMS00MTUyLWE2NWEtNmM2M2UxNTIyNDJk
LzEvME5ibVZRVzA5T1QwOHgyUXVMSWFPbno3RHI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxSOMA0G
CSqGSIb3DQEBCwUAA4IBAQC0bf78iSVDACEf2ywb8dmSOi2CNjVm231nsq1f9xuM
SbOrTecTZAOglO9JH9SMqW3agNq9Wwzk5rpGMTt8m+u/14k9QZUqtQ7q5DxpdlHA
zRD7Dta2/7qUI0Qt2nXqLRR1Nq2JqxPym0oZ9H9E6938qz1G134wgG/Izg0VPgt1
OaSH0k8BrfFbAb2Iu+MnN1CX2i4XfFIYEvtK2r+Qpx2K0C6BRlVhR3ifFk/fo0R4
9yA7KbL6cD65mJxgWWbHAUWi6/XPnQtv48jUUGXMcQzhZPutPmrbVxgWNAq0K3KP
QEoxNJdmp93brTptKsvvq8Xrcy22wrPavaFzUKL3ShbY
-----END CERTIFICATE-----