Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/FlI3XrxupV21v50gcffXs37lzj0.roa
File:                     FlI3XrxupV21v50gcffXs37lzj0.roa (raw, json)
Hash identifier:          8UZkNI3xcsRDUkqsUbHUUg2Z4qt4hS4qG6I4EkhBwws=
Subject key identifier:   16:52:37:5E:BC:6E:A5:5D:B5:BF:9D:20:71:F7:D7:B3:7E:E5:CE:3D
Certificate issuer:       /CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
Certificate serial:       018CC9BCB7279B8C48605E2958776DD76F16
Authority key identifier: 30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/FlI3XrxupV21v50gcffXs37lzj0.roa
Signing time:             Tue 02 Jan 2024 10:33:57 +0000
ROA not before:           Tue 02 Jan 2024 10:33:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13195
IP address blocks:        195.55.34.0/24 maxlen: 24
                          2a02:9010:74::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:b7:27:9b:8c:48:60:5e:29:58:77:6d:d7:6f:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
        Validity
            Not Before: Jan  2 10:33:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1652375ebc6ea55db5bf9d2071f7d7b37ee5ce3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:e6:d4:70:9f:5d:c9:3f:93:5f:4f:8b:43:08:
                    7e:fe:32:b4:10:a3:e6:35:6c:3b:b9:10:d1:ac:37:
                    81:87:d9:7b:28:29:bb:af:6c:fc:0b:93:b2:e2:aa:
                    a7:de:a9:fe:73:18:ff:f0:59:01:03:95:3d:3e:9e:
                    bb:eb:15:6d:c1:1b:cc:20:28:48:b9:06:08:fa:ce:
                    69:fa:5c:b5:8b:c3:f3:81:24:1c:0b:08:7a:55:4b:
                    89:c3:d5:40:26:18:b2:a7:2f:ca:ed:2e:08:e9:ac:
                    97:2e:d4:7e:d2:ed:c7:04:0d:f8:d5:82:3e:b8:f8:
                    bb:a7:87:84:7b:ae:6f:d9:2e:f3:9d:4a:81:0c:b9:
                    e4:16:56:7d:c1:2e:0e:c0:a2:1e:13:f8:7a:5b:15:
                    c4:ad:a7:17:a6:0e:66:c6:e0:68:24:0d:32:5a:ce:
                    6e:72:13:95:d4:d8:cd:8c:2a:bb:6f:8c:9a:b8:4d:
                    0c:97:78:44:84:50:e9:7e:98:f4:94:6f:b9:52:d1:
                    73:fa:9d:ed:29:7c:1a:e9:cd:0e:6d:d3:db:7f:0d:
                    54:4a:00:df:3a:9e:3d:b6:6d:c8:7f:60:80:dd:a5:
                    bf:ed:95:c3:ee:b0:98:2f:59:b3:93:88:4e:ad:d3:
                    83:a8:e5:4b:e7:09:27:9b:f9:ad:05:96:97:56:53:
                    9d:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:52:37:5E:BC:6E:A5:5D:B5:BF:9D:20:71:F7:D7:B3:7E:E5:CE:3D
            X509v3 Authority Key Identifier:
                keyid:30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/FlI3XrxupV21v50gcffXs37lzj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.55.34.0/24
                IPv6:
                  2a02:9010:74::/48

    Signature Algorithm: sha256WithRSAEncryption
         77:19:6d:86:09:6d:cc:ef:19:3c:fe:19:2c:d4:63:90:96:ae:
         f0:f4:02:b8:55:43:d7:16:ca:45:7d:ca:b5:6c:71:3b:f9:df:
         ef:78:f3:44:da:08:19:c0:93:f9:e4:8d:09:17:b7:05:e1:7f:
         c8:90:57:cb:bb:ed:ea:a7:3f:1b:a8:de:74:23:00:12:21:f3:
         32:08:a8:2e:01:89:aa:76:54:9b:3c:2d:29:c3:d0:0c:56:17:
         51:33:4a:a6:6d:26:66:44:3d:a3:79:05:7f:b0:a4:22:eb:7c:
         0a:fd:ac:d6:27:c5:48:1c:68:a3:4b:94:d5:65:db:9d:f4:ce:
         93:bf:04:a2:c9:5f:ef:3c:ae:9d:4c:01:66:a7:ab:ab:18:ad:
         64:31:25:86:7b:3c:13:55:91:31:25:05:8f:01:93:61:71:ed:
         c5:35:94:5a:f4:ed:e4:c3:1e:f4:60:0a:04:80:c0:72:bc:87:
         ab:50:83:ab:fa:1e:d3:3d:f2:5d:62:0e:61:99:80:5b:ef:97:
         5c:01:19:14:e2:a5:aa:14:44:be:f2:e2:c0:51:03:32:3d:2d:
         34:6a:08:43:09:e9:75:a1:f2:d9:3b:0f:28:f1:07:f3:1a:ae:
         8a:1d:4f:aa:ff:8b:34:0a:21:16:38:05:66:05:55:00:55:ec:
         18:b1:a2:ef
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJvLcnm4xIYF4pWHdt128WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwN2Y1ZmUyNzQwYTJiNmRlNGMzNzA5ZDI5NjQxMTViM2M5
NjdkYTEwHhcNMjQwMTAyMTAzMzU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjUyMzc1ZWJjNmVhNTVkYjViZjlkMjA3MWY3ZDdiMzdlZTVjZTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ObUcJ9dyT+TX0+LQwh+/jK0EKPm
NWw7uRDRrDeBh9l7KCm7r2z8C5Oy4qqn3qn+cxj/8FkBA5U9Pp676xVtwRvMIChI
uQYI+s5p+ly1i8PzgSQcCwh6VUuJw9VAJhiypy/K7S4I6ayXLtR+0u3HBA341YI+
uPi7p4eEe65v2S7znUqBDLnkFlZ9wS4OwKIeE/h6WxXEracXpg5mxuBoJA0yWs5u
chOV1NjNjCq7b4yauE0Ml3hEhFDpfpj0lG+5UtFz+p3tKXwa6c0ObdPbfw1USgDf
Op49tm3If2CA3aW/7ZXD7rCYL1mzk4hOrdODqOVL5wknm/mtBZaXVlOdrwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBZSN168bqVdtb+dIHH317N+5c49MB8GA1UdIwQY
MBaAFDB/X+J0Citt5MNwnSlkEVs8ln2hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQt
NGJhMmY4ZjFmODNiLzEvRmxJM1hyeHVwVjIxdjUwZ2NmZlhzMzdsemowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQtNGJhMmY4ZjFmODNi
LzEvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwzciMA8E
AgACMAkDBwAqApAQAHQwDQYJKoZIhvcNAQELBQADggEBAHcZbYYJbczvGTz+GSzU
Y5CWrvD0ArhVQ9cWykV9yrVscTv53+9480TaCBnAk/nkjQkXtwXhf8iQV8u77eqn
Pxuo3nQjABIh8zIIqC4Biap2VJs8LSnD0AxWF1EzSqZtJmZEPaN5BX+wpCLrfAr9
rNYnxUgcaKNLlNVl2530zpO/BKLJX+88rp1MAWanq6sYrWQxJYZ7PBNVkTElBY8B
k2Fx7cU1lFr07eTDHvRgCgSAwHK8h6tQg6v6HtM98l1iDmGZgFvvl1wBGRTipaoU
RL7y4sBRAzI9LTRqCEMJ6XWh8tk7DyjxB/MaroodT6r/izQKIRY4BWYFVQBV7Bix
ou8=
-----END CERTIFICATE-----