Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/81ec54-a8a5-4128-9b7d-5f41d75a7e3a/1/VqIq8cZrHOL84zTtZbKY-Am-7ZY.roa
File:                     VqIq8cZrHOL84zTtZbKY-Am-7ZY.roa (raw, json)
Hash identifier:          u0i5x92k7kQnQhUoYk2VDVfRNika6nagCzn5Mi3vwzc=
Subject key identifier:   56:A2:2A:F1:C6:6B:1C:E2:FC:E3:34:ED:65:B2:98:F8:09:BE:ED:96
Certificate issuer:       /CN=6cebe0eff0d425fff2fc43a442905c4dd52bd6a8
Certificate serial:       018CC500D6971EFFA8F56EF36CA4745FD7F3
Authority key identifier: 6C:EB:E0:EF:F0:D4:25:FF:F2:FC:43:A4:42:90:5C:4D:D5:2B:D6:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bOvg7_DUJf_y_EOkQpBcTdUr1qg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/81ec54-a8a5-4128-9b7d-5f41d75a7e3a/1/VqIq8cZrHOL84zTtZbKY-Am-7ZY.roa
Signing time:             Mon 01 Jan 2024 12:30:15 +0000
ROA not before:           Mon 01 Jan 2024 12:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136620
IP address blocks:        195.191.54.0/23 maxlen: 23
                          195.191.56.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/81ec54-a8a5-4128-9b7d-5f41d75a7e3a/1/bOvg7_DUJf_y_EOkQpBcTdUr1qg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/81ec54-a8a5-4128-9b7d-5f41d75a7e3a/1/bOvg7_DUJf_y_EOkQpBcTdUr1qg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bOvg7_DUJf_y_EOkQpBcTdUr1qg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:d6:97:1e:ff:a8:f5:6e:f3:6c:a4:74:5f:d7:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cebe0eff0d425fff2fc43a442905c4dd52bd6a8
        Validity
            Not Before: Jan  1 12:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=56a22af1c66b1ce2fce334ed65b298f809beed96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:94:95:0a:61:4f:c2:95:71:22:5e:b1:d3:cd:
                    46:e7:8b:48:d3:bc:7c:4e:7c:9d:05:9e:bb:25:8b:
                    d7:0d:2f:84:10:9b:ef:24:56:80:4b:79:16:10:61:
                    5f:3a:80:55:3d:b6:ae:33:cb:19:07:3e:ca:54:fd:
                    c7:74:0c:fd:91:24:3b:a0:3e:84:b1:3a:93:74:68:
                    47:0c:52:97:78:37:62:4c:ba:f5:56:7f:f9:06:f5:
                    b0:85:b9:9a:15:80:f6:d6:ed:90:ba:6b:00:08:ac:
                    51:e7:0c:e4:34:b8:d1:15:9f:98:4b:4b:a0:3a:12:
                    5d:db:61:5a:94:c0:a6:e9:7b:74:dc:3b:e5:2e:24:
                    b7:bd:59:40:65:23:1f:b5:bc:9b:ca:12:93:6b:5a:
                    e7:18:be:6a:2f:80:3e:43:8d:02:d8:48:52:40:42:
                    2f:d2:c5:d5:d0:2f:d5:f0:e8:8d:d5:a7:e6:76:1d:
                    0c:71:6a:2e:18:93:06:07:5b:b4:6a:c4:ff:ff:57:
                    b3:fe:9e:00:0e:0c:12:33:df:02:7e:89:c0:17:50:
                    3b:f5:1a:f9:fa:29:36:c5:a0:7e:2d:23:a5:9a:b9:
                    14:52:59:17:a4:7c:89:36:aa:5a:74:69:ed:81:32:
                    df:5f:a5:4a:a6:04:2d:67:31:5f:8c:9d:ea:1f:5d:
                    90:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:A2:2A:F1:C6:6B:1C:E2:FC:E3:34:ED:65:B2:98:F8:09:BE:ED:96
            X509v3 Authority Key Identifier:
                keyid:6C:EB:E0:EF:F0:D4:25:FF:F2:FC:43:A4:42:90:5C:4D:D5:2B:D6:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bOvg7_DUJf_y_EOkQpBcTdUr1qg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/81ec54-a8a5-4128-9b7d-5f41d75a7e3a/1/VqIq8cZrHOL84zTtZbKY-Am-7ZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/81ec54-a8a5-4128-9b7d-5f41d75a7e3a/1/bOvg7_DUJf_y_EOkQpBcTdUr1qg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.191.54.0-195.191.57.255

    Signature Algorithm: sha256WithRSAEncryption
         48:43:70:13:dc:c9:bb:d0:f9:bf:95:66:07:33:d2:90:6b:6c:
         de:3f:ae:4d:f5:05:6a:7d:15:95:75:a3:72:ff:18:97:df:ad:
         76:94:54:f3:13:8f:f7:3d:f1:ab:21:6d:f6:db:e7:89:5e:25:
         a1:51:1e:49:d1:47:2d:65:ca:c1:98:18:5c:c4:6e:a0:20:e1:
         9d:43:3d:e6:4a:7b:45:2c:33:bb:87:4d:16:4e:44:16:d1:b1:
         54:4f:6d:f9:6e:05:57:72:c8:1a:1e:a5:56:14:8b:3d:39:a7:
         e0:01:74:47:18:b8:6a:44:22:d4:49:88:d2:3b:5e:fe:f7:ed:
         1c:45:93:a9:88:15:a1:3f:0d:60:11:7e:2d:96:df:ab:9d:22:
         14:81:7e:f6:91:e1:c9:8c:e5:eb:d3:2d:8e:28:e0:f7:dd:1a:
         bc:56:43:38:e9:64:5a:63:ed:84:62:80:cd:29:be:2f:d7:65:
         93:ea:3d:87:3b:68:ff:a7:d5:15:fa:11:24:61:90:0f:d5:6a:
         cd:f2:80:23:3e:d3:e9:ba:07:4b:41:d4:63:72:70:72:54:aa:
         79:ed:d8:30:5e:2d:ff:ef:93:02:86:3f:07:e9:f0:8b:5c:2a:
         1f:4d:b9:7a:c3:0e:38:9a:3a:69:84:8e:ab:04:fe:66:ab:86:
         7d:ae:24:cd
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzFANaXHv+o9W7zbKR0X9fzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZWJlMGVmZjBkNDI1ZmZmMmZjNDNhNDQyOTA1YzRkZDUy
YmQ2YTgwHhcNMjQwMTAxMTIzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmEyMmFmMWM2NmIxY2UyZmNlMzM0ZWQ2NWIyOThmODA5YmVlZDk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjJSVCmFPwpVxIl6x081G54tI07x8
TnydBZ67JYvXDS+EEJvvJFaAS3kWEGFfOoBVPbauM8sZBz7KVP3HdAz9kSQ7oD6E
sTqTdGhHDFKXeDdiTLr1Vn/5BvWwhbmaFYD21u2QumsACKxR5wzkNLjRFZ+YS0ug
OhJd22FalMCm6Xt03DvlLiS3vVlAZSMftbybyhKTa1rnGL5qL4A+Q40C2EhSQEIv
0sXV0C/V8OiN1afmdh0McWouGJMGB1u0asT//1ez/p4ADgwSM98CfonAF1A79Rr5
+ik2xaB+LSOlmrkUUlkXpHyJNqpadGntgTLfX6VKpgQtZzFfjJ3qH12QgQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFaiKvHGaxzi/OM07WWymPgJvu2WMB8GA1UdIwQY
MBaAFGzr4O/w1CX/8vxDpEKQXE3VK9aoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk92ZzdfRFVKZl95X0VPa1FwQmNUZFVyMXFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS84MWVjNTQtYThhNS00MTI4LTliN2Qt
NWY0MWQ3NWE3ZTNhLzEvVnFJcThjWnJIT0w4NHpUdFpiS1ktQW0tN1pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS84MWVjNTQtYThhNS00MTI4LTliN2QtNWY0MWQ3NWE3ZTNh
LzEvYk92ZzdfRFVKZl95X0VPa1FwQmNUZFVyMXFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAHDvzYD
BAHDvzgwDQYJKoZIhvcNAQELBQADggEBAEhDcBPcybvQ+b+VZgcz0pBrbN4/rk31
BWp9FZV1o3L/GJffrXaUVPMTj/c98ashbfbb54leJaFRHknRRy1lysGYGFzEbqAg
4Z1DPeZKe0UsM7uHTRZORBbRsVRPbfluBVdyyBoepVYUiz05p+ABdEcYuGpEItRJ
iNI7Xv737RxFk6mIFaE/DWARfi2W36udIhSBfvaR4cmM5evTLY4o4PfdGrxWQzjp
ZFpj7YRigM0pvi/XZZPqPYc7aP+n1RX6ESRhkA/Vas3ygCM+0+m6B0tB1GNycHJU
qnnt2DBeLf/vkwKGPwfp8ItcKh9NuXrDDjiaOmmEjqsE/marhn2uJM0=
-----END CERTIFICATE-----