Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/7a4b48-a719-454e-8c98-b3e8595d1cee/1/kUr9DjEwmehbKgfncE1Pj-8N80w.roa
File:                     kUr9DjEwmehbKgfncE1Pj-8N80w.roa (raw, json)
Hash identifier:          uRvPZbPZA85Z01MYPkPEQAj8iDxJ5N/90GVH1bYc8ZE=
Subject key identifier:   91:4A:FD:0E:31:30:99:E8:5B:2A:07:E7:70:4D:4F:8F:EF:0D:F3:4C
Certificate issuer:       /CN=065c4bff9a0ee9f987951f480f8157b91a8983f8
Certificate serial:       018CC8DF0782D37A51D9B4BFCA47290D9BA2
Authority key identifier: 06:5C:4B:FF:9A:0E:E9:F9:87:95:1F:48:0F:81:57:B9:1A:89:83:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BlxL_5oO6fmHlR9ID4FXuRqJg_g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/7a4b48-a719-454e-8c98-b3e8595d1cee/1/kUr9DjEwmehbKgfncE1Pj-8N80w.roa
Signing time:             Tue 02 Jan 2024 06:31:48 +0000
ROA not before:           Tue 02 Jan 2024 06:31:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51073
IP address blocks:        195.254.168.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/7a4b48-a719-454e-8c98-b3e8595d1cee/1/BlxL_5oO6fmHlR9ID4FXuRqJg_g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/7a4b48-a719-454e-8c98-b3e8595d1cee/1/BlxL_5oO6fmHlR9ID4FXuRqJg_g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BlxL_5oO6fmHlR9ID4FXuRqJg_g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 23:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:07:82:d3:7a:51:d9:b4:bf:ca:47:29:0d:9b:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=065c4bff9a0ee9f987951f480f8157b91a8983f8
        Validity
            Not Before: Jan  2 06:31:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=914afd0e313099e85b2a07e7704d4f8fef0df34c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:94:4f:ab:c6:c3:a7:a0:cc:c2:63:d3:98:a5:
                    4c:e1:05:5e:d4:0a:17:26:16:3c:4c:98:41:76:21:
                    69:50:cd:e8:18:cf:92:c6:e7:c5:10:e9:21:c9:24:
                    20:7f:34:bc:3c:4f:6f:be:96:95:fb:52:e0:58:30:
                    b9:1b:39:de:04:87:72:6c:4e:7b:32:59:5f:85:05:
                    43:db:f1:3b:1a:01:d3:ca:54:2f:25:b8:bf:69:20:
                    b8:d9:22:01:6b:6c:67:e7:a6:8b:b4:59:67:14:80:
                    f5:88:75:cc:6d:cd:cf:90:c1:d2:31:9a:19:4f:8d:
                    10:b0:4b:7a:fd:0e:20:b0:26:8a:f0:a3:63:ba:76:
                    74:8c:2e:cc:2e:2c:db:1e:c4:bf:f5:a9:16:aa:7d:
                    a4:f9:ca:a7:78:d3:47:06:fe:36:77:ad:13:c8:93:
                    18:65:ca:f1:de:0c:14:c8:04:46:33:f3:fe:59:17:
                    db:92:75:2b:0a:9c:73:f3:e1:94:0f:e2:92:0e:e7:
                    d8:c3:bb:4d:6e:bc:bf:55:d5:b1:7f:0f:d0:e5:d9:
                    d7:ae:d1:79:32:e0:06:54:a3:03:62:e8:48:bb:7a:
                    07:5f:c7:98:6c:55:0f:b4:6f:89:e1:c2:2e:11:41:
                    0e:98:79:ef:b3:f1:71:f4:62:ab:e4:96:db:82:d4:
                    dc:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:4A:FD:0E:31:30:99:E8:5B:2A:07:E7:70:4D:4F:8F:EF:0D:F3:4C
            X509v3 Authority Key Identifier:
                keyid:06:5C:4B:FF:9A:0E:E9:F9:87:95:1F:48:0F:81:57:B9:1A:89:83:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BlxL_5oO6fmHlR9ID4FXuRqJg_g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7a4b48-a719-454e-8c98-b3e8595d1cee/1/kUr9DjEwmehbKgfncE1Pj-8N80w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7a4b48-a719-454e-8c98-b3e8595d1cee/1/BlxL_5oO6fmHlR9ID4FXuRqJg_g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.254.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         64:dd:41:29:50:88:c4:df:03:49:97:13:ba:6f:c1:51:a1:cd:
         39:a3:a3:00:04:b0:a7:93:b9:64:f8:c0:ce:a5:11:2f:97:2b:
         45:ce:1c:48:d6:48:ef:0b:15:cd:74:32:ae:67:9a:f2:6e:d8:
         6d:17:b4:54:1a:2e:23:10:14:c0:e5:9f:74:bc:c7:ca:3c:a9:
         7a:f8:82:1c:91:f9:d2:2a:30:85:5c:c6:88:93:9c:42:04:25:
         ee:34:aa:bd:59:fa:5c:c0:8f:80:e5:f0:7e:c0:78:9b:0b:44:
         df:d4:c1:48:d6:a1:67:51:c0:d0:ad:ca:42:f0:a1:2b:31:57:
         23:f9:89:cc:1e:54:3c:94:e5:31:05:fe:9b:21:59:0c:c9:5b:
         9b:90:3b:01:c1:28:ed:26:b0:54:9b:85:43:06:d1:2b:37:27:
         d6:49:8b:43:2c:c1:c5:85:49:ed:57:a7:57:65:84:1c:ab:40:
         2f:12:1e:f3:d1:fe:1f:28:ac:a1:f6:82:f0:c0:59:c0:73:ae:
         d9:7c:09:76:a2:d3:fd:ae:93:6a:08:8b:bd:1b:25:55:e5:ca:
         76:18:d3:1b:88:03:32:1d:30:38:b5:28:46:59:b0:78:41:24:
         db:9f:25:b9:f7:ef:bb:f0:b7:89:e6:31:07:d4:f1:75:a2:0d:
         57:51:55:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3weC03pR2bS/ykcpDZuiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NWM0YmZmOWEwZWU5Zjk4Nzk1MWY0ODBmODE1N2I5MWE4
OTgzZjgwHhcNMjQwMTAyMDYzMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTRhZmQwZTMxMzA5OWU4NWIyYTA3ZTc3MDRkNGY4ZmVmMGRmMzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgJRPq8bDp6DMwmPTmKVM4QVe1AoX
JhY8TJhBdiFpUM3oGM+SxufFEOkhySQgfzS8PE9vvpaV+1LgWDC5GzneBIdybE57
MllfhQVD2/E7GgHTylQvJbi/aSC42SIBa2xn56aLtFlnFID1iHXMbc3PkMHSMZoZ
T40QsEt6/Q4gsCaK8KNjunZ0jC7MLizbHsS/9akWqn2k+cqneNNHBv42d60TyJMY
Zcrx3gwUyARGM/P+WRfbknUrCpxz8+GUD+KSDufYw7tNbry/VdWxfw/Q5dnXrtF5
MuAGVKMDYuhIu3oHX8eYbFUPtG+J4cIuEUEOmHnvs/Fx9GKr5JbbgtTchQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJFK/Q4xMJnoWyoH53BNT4/vDfNMMB8GA1UdIwQY
MBaAFAZcS/+aDun5h5UfSA+BV7kaiYP4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmx4TF81b082Zm1IbFI5SUQ0Rlh1UnFKZ19nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83YTRiNDgtYTcxOS00NTRlLThjOTgt
YjNlODU5NWQxY2VlLzEva1VyOURqRXdtZWhiS2dmbmNFMVBqLThOODB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83YTRiNDgtYTcxOS00NTRlLThjOTgtYjNlODU5NWQxY2Vl
LzEvQmx4TF81b082Zm1IbFI5SUQ0Rlh1UnFKZ19nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw/6oMA0G
CSqGSIb3DQEBCwUAA4IBAQBk3UEpUIjE3wNJlxO6b8FRoc05o6MABLCnk7lk+MDO
pREvlytFzhxI1kjvCxXNdDKuZ5rybthtF7RUGi4jEBTA5Z90vMfKPKl6+IIckfnS
KjCFXMaIk5xCBCXuNKq9WfpcwI+A5fB+wHibC0Tf1MFI1qFnUcDQrcpC8KErMVcj
+YnMHlQ8lOUxBf6bIVkMyVubkDsBwSjtJrBUm4VDBtErNyfWSYtDLMHFhUntV6dX
ZYQcq0AvEh7z0f4fKKyh9oLwwFnAc67ZfAl2otP9rpNqCIu9GyVV5cp2GNMbiAMy
HTA4tShGWbB4QSTbnyW59++78LeJ5jEH1PF1og1XUVVF
-----END CERTIFICATE-----