Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/b31392-2d1c-4934-a59e-ed433aac7828/1/Nzvr0WDSK_lhCxbv62DyT5cKF-o.roa
File:                     Nzvr0WDSK_lhCxbv62DyT5cKF-o.roa (raw, json)
Hash identifier:          xvSPIvr41yxFF5t3qB7CbjM8GCAp+ahO3U6+60VleNM=
Subject key identifier:   37:3B:EB:D1:60:D2:2B:F9:61:0B:16:EF:EB:60:F2:4F:97:0A:17:EA
Certificate issuer:       /CN=29390ec0adca5f0743d181145c7899f991fb65e0
Certificate serial:       018CC7271B107E6FFFCA3EFA4244E075A627
Authority key identifier: 29:39:0E:C0:AD:CA:5F:07:43:D1:81:14:5C:78:99:F9:91:FB:65:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KTkOwK3KXwdD0YEUXHiZ-ZH7ZeA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/b31392-2d1c-4934-a59e-ed433aac7828/1/Nzvr0WDSK_lhCxbv62DyT5cKF-o.roa
Signing time:             Mon 01 Jan 2024 22:31:17 +0000
ROA not before:           Mon 01 Jan 2024 22:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51964
IP address blocks:        195.151.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/b31392-2d1c-4934-a59e-ed433aac7828/1/KTkOwK3KXwdD0YEUXHiZ-ZH7ZeA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/b31392-2d1c-4934-a59e-ed433aac7828/1/KTkOwK3KXwdD0YEUXHiZ-ZH7ZeA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KTkOwK3KXwdD0YEUXHiZ-ZH7ZeA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:1b:10:7e:6f:ff:ca:3e:fa:42:44:e0:75:a6:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29390ec0adca5f0743d181145c7899f991fb65e0
        Validity
            Not Before: Jan  1 22:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=373bebd160d22bf9610b16efeb60f24f970a17ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:b2:2d:56:1d:b3:dd:9b:ab:15:32:e4:49:bf:
                    15:40:2c:96:e3:ad:24:aa:7e:9a:4c:76:2d:88:8d:
                    b5:a5:ef:60:6c:ea:c5:5c:fe:ce:56:12:6a:37:37:
                    11:cd:ac:57:2c:f9:8e:b0:4e:9e:ac:bf:0a:0e:0e:
                    f6:a2:2f:91:47:80:ea:95:85:aa:0c:42:2a:cd:e1:
                    8c:01:fb:b0:3b:29:5c:9e:85:18:a7:bb:16:16:b5:
                    a2:df:68:ef:f2:bc:83:96:bc:08:16:d3:e1:1e:25:
                    3e:1b:06:01:3e:98:98:4d:71:ea:1d:d0:66:80:fc:
                    01:da:70:cf:a2:26:e8:3d:4f:cd:91:3b:e1:93:ac:
                    4c:29:c0:10:7f:eb:62:1e:b3:a5:78:70:72:bd:40:
                    6b:8e:de:84:ad:a4:05:83:68:e2:35:8f:4e:56:fd:
                    cb:b5:56:db:72:df:c2:e7:03:48:b8:cd:d8:b4:1a:
                    d5:fa:b0:6e:51:4e:6b:8e:03:87:0f:8f:37:8b:b8:
                    8e:00:b3:55:68:a5:18:5a:4d:aa:2b:40:6c:50:60:
                    03:a5:31:1b:73:5a:46:2d:4b:25:f1:ff:5d:1a:9f:
                    b6:5d:53:d4:6f:c0:13:a5:33:93:91:8a:27:79:7a:
                    08:71:c2:45:88:ad:c5:85:c0:31:79:22:72:c2:c9:
                    63:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:3B:EB:D1:60:D2:2B:F9:61:0B:16:EF:EB:60:F2:4F:97:0A:17:EA
            X509v3 Authority Key Identifier:
                keyid:29:39:0E:C0:AD:CA:5F:07:43:D1:81:14:5C:78:99:F9:91:FB:65:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KTkOwK3KXwdD0YEUXHiZ-ZH7ZeA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/b31392-2d1c-4934-a59e-ed433aac7828/1/Nzvr0WDSK_lhCxbv62DyT5cKF-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/b31392-2d1c-4934-a59e-ed433aac7828/1/KTkOwK3KXwdD0YEUXHiZ-ZH7ZeA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.151.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:35:2d:61:6e:9e:33:51:b1:1a:a2:25:53:ef:53:da:62:48:
         e5:f5:3c:54:2a:9d:de:40:83:54:a3:03:fa:e4:99:33:67:56:
         1b:e8:62:0b:11:c8:0a:6e:3f:96:62:70:05:58:20:61:b2:83:
         52:2d:36:07:0e:5f:3c:01:c7:56:ee:92:be:3a:f6:61:e9:0d:
         d7:9b:87:73:7e:91:c9:c0:76:13:34:8d:d9:01:9c:f6:2f:b7:
         ce:34:3b:fd:e1:80:6e:d3:b7:c0:00:3d:b7:c9:dc:18:86:a6:
         2d:a6:a6:c2:1f:96:ba:0e:6d:c5:3f:c4:b9:5e:c2:f2:62:cf:
         59:4a:1e:9e:8f:34:2e:3d:21:c5:77:c1:46:f3:08:a9:32:c8:
         50:39:b2:1b:5c:45:00:2d:8e:42:95:e8:a4:82:13:c5:8f:d5:
         cd:00:9a:fd:f6:da:6c:f0:d4:56:fd:b1:79:d9:97:36:d9:8a:
         c4:eb:66:6b:d9:39:3a:09:f6:74:1e:da:a8:89:b5:f0:cf:72:
         2a:d3:6f:af:01:39:16:4f:43:6d:7d:b4:e9:fc:fd:41:e9:d8:
         4e:65:5c:cb:9c:af:e4:96:d3:4c:33:99:08:65:24:cd:0e:c6:
         a1:06:4c:5a:02:67:77:81:40:e1:b2:57:e9:50:94:c4:9a:ed:
         4b:fa:87:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJxsQfm//yj76QkTgdaYnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MzkwZWMwYWRjYTVmMDc0M2QxODExNDVjNzg5OWY5OTFm
YjY1ZTAwHhcNMjQwMTAxMjIzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzNiZWJkMTYwZDIyYmY5NjEwYjE2ZWZlYjYwZjI0Zjk3MGExN2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbItVh2z3ZurFTLkSb8VQCyW460k
qn6aTHYtiI21pe9gbOrFXP7OVhJqNzcRzaxXLPmOsE6erL8KDg72oi+RR4DqlYWq
DEIqzeGMAfuwOylcnoUYp7sWFrWi32jv8ryDlrwIFtPhHiU+GwYBPpiYTXHqHdBm
gPwB2nDPoiboPU/NkTvhk6xMKcAQf+tiHrOleHByvUBrjt6EraQFg2jiNY9OVv3L
tVbbct/C5wNIuM3YtBrV+rBuUU5rjgOHD483i7iOALNVaKUYWk2qK0BsUGADpTEb
c1pGLUsl8f9dGp+2XVPUb8ATpTOTkYoneXoIccJFiK3FhcAxeSJywsljfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDc769Fg0iv5YQsW7+tg8k+XChfqMB8GA1UdIwQY
MBaAFCk5DsCtyl8HQ9GBFFx4mfmR+2XgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1RrT3dLM0tYd2REMFlFVVhIaVotWkg3WmVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9iMzEzOTItMmQxYy00OTM0LWE1OWUt
ZWQ0MzNhYWM3ODI4LzEvTnp2cjBXRFNLX2xoQ3hidjYyRHlUNWNLRi1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9iMzEzOTItMmQxYy00OTM0LWE1OWUtZWQ0MzNhYWM3ODI4
LzEvS1RrT3dLM0tYd2REMFlFVVhIaVotWkg3WmVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw5egMA0G
CSqGSIb3DQEBCwUAA4IBAQBgNS1hbp4zUbEaoiVT71PaYkjl9TxUKp3eQINUowP6
5JkzZ1Yb6GILEcgKbj+WYnAFWCBhsoNSLTYHDl88AcdW7pK+OvZh6Q3Xm4dzfpHJ
wHYTNI3ZAZz2L7fONDv94YBu07fAAD23ydwYhqYtpqbCH5a6Dm3FP8S5XsLyYs9Z
Sh6ejzQuPSHFd8FG8wipMshQObIbXEUALY5CleikghPFj9XNAJr99tps8NRW/bF5
2Zc22YrE62Zr2Tk6CfZ0HtqoibXwz3Iq02+vATkWT0NtfbTp/P1B6dhOZVzLnK/k
ltNMM5kIZSTNDsahBkxaAmd3gUDhslfpUJTEmu1L+ofU
-----END CERTIFICATE-----