Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/5a49bf-c059-4bea-88d3-cf0124ced4d6/1/Sq_B9QhNK6jIxfdaIvTgCwl1zYQ.roa
File:                     Sq_B9QhNK6jIxfdaIvTgCwl1zYQ.roa (raw, json)
Hash identifier:          8TBSGSitasFyNmM41N+hKCCIVz1Z0jhXWx7pBD41Vyg=
Subject key identifier:   4A:AF:C1:F5:08:4D:2B:A8:C8:C5:F7:5A:22:F4:E0:0B:09:75:CD:84
Certificate issuer:       /CN=cdee78ad857607523b50b60acd9e22ca5a107854
Certificate serial:       018CC26D4DF1C36DCBA93DDADD3868409FC5
Authority key identifier: CD:EE:78:AD:85:76:07:52:3B:50:B6:0A:CD:9E:22:CA:5A:10:78:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ze54rYV2B1I7ULYKzZ4iyloQeFQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/5a49bf-c059-4bea-88d3-cf0124ced4d6/1/Sq_B9QhNK6jIxfdaIvTgCwl1zYQ.roa
Signing time:             Mon 01 Jan 2024 00:29:52 +0000
ROA not before:           Mon 01 Jan 2024 00:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48455
IP address blocks:        195.162.2.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/5a49bf-c059-4bea-88d3-cf0124ced4d6/1/ze54rYV2B1I7ULYKzZ4iyloQeFQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/5a49bf-c059-4bea-88d3-cf0124ced4d6/1/ze54rYV2B1I7ULYKzZ4iyloQeFQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ze54rYV2B1I7ULYKzZ4iyloQeFQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:4d:f1:c3:6d:cb:a9:3d:da:dd:38:68:40:9f:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdee78ad857607523b50b60acd9e22ca5a107854
        Validity
            Not Before: Jan  1 00:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4aafc1f5084d2ba8c8c5f75a22f4e00b0975cd84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:a9:1b:16:d4:06:6a:a0:99:54:d6:92:c4:00:
                    b0:79:78:37:5a:d5:13:e5:80:57:77:02:48:36:d7:
                    b0:01:bd:bd:f1:35:5f:37:3b:22:90:2e:7b:3e:df:
                    19:b5:a5:87:6f:c2:ae:27:65:04:46:07:2f:14:27:
                    0c:7d:4e:0a:94:b9:05:51:9e:63:78:bf:d5:2a:b5:
                    99:51:5e:2a:c2:19:6e:b7:a8:e1:05:0b:81:9a:c7:
                    b3:99:37:8b:bb:8f:9b:7a:77:49:12:54:b7:d2:9e:
                    b2:e7:98:b6:09:59:c5:d5:4a:30:59:eb:29:66:71:
                    b3:21:6b:d6:46:97:da:b2:2e:d6:a2:0b:6b:f5:f1:
                    ac:e7:cc:21:aa:d0:bb:62:4e:33:9a:65:36:fc:61:
                    24:b9:5c:a4:23:3b:da:cc:5f:c8:cf:11:29:68:9a:
                    df:65:6e:eb:08:1e:59:71:7b:47:0e:f9:32:85:ef:
                    a2:a2:a8:95:b2:a5:1b:95:62:0b:ef:54:00:f6:63:
                    e8:39:a3:cf:43:83:65:19:03:4a:a9:31:7e:c1:c6:
                    09:24:ff:65:c4:11:f0:42:06:91:59:4a:19:75:28:
                    91:4c:03:c5:15:3c:49:24:a1:58:79:d7:88:00:f3:
                    63:46:20:cb:7a:4b:80:d2:ed:24:59:a9:e3:39:27:
                    19:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:AF:C1:F5:08:4D:2B:A8:C8:C5:F7:5A:22:F4:E0:0B:09:75:CD:84
            X509v3 Authority Key Identifier:
                keyid:CD:EE:78:AD:85:76:07:52:3B:50:B6:0A:CD:9E:22:CA:5A:10:78:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ze54rYV2B1I7ULYKzZ4iyloQeFQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/5a49bf-c059-4bea-88d3-cf0124ced4d6/1/Sq_B9QhNK6jIxfdaIvTgCwl1zYQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/5a49bf-c059-4bea-88d3-cf0124ced4d6/1/ze54rYV2B1I7ULYKzZ4iyloQeFQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.162.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1e:1c:b9:fc:33:b1:a4:f0:f6:6e:30:d8:27:1a:a6:72:9c:bb:
         4b:90:1d:fb:98:67:ec:c0:b7:69:7b:28:45:59:b1:53:0d:81:
         40:7a:8d:ea:55:04:7c:7b:f2:fd:79:76:20:ff:91:39:99:f5:
         a9:72:8d:69:d5:89:42:d0:6b:81:81:34:09:d6:ed:50:e3:88:
         15:4d:2e:ed:a2:80:cd:21:4e:0a:7c:6c:42:09:82:f4:95:7b:
         69:73:8d:7a:49:d7:75:65:27:db:82:ae:17:5e:38:c8:50:d2:
         f5:7f:7a:ce:e3:88:ab:44:fa:58:67:45:e7:b4:4f:87:1b:6c:
         2f:23:48:3e:c6:31:04:42:7f:ca:f8:36:99:3b:85:5d:43:d4:
         60:a8:7b:57:42:60:41:cb:4f:49:fe:3d:64:56:1b:85:fc:ae:
         c8:fd:f9:08:de:ca:46:be:9d:5d:4b:54:b0:c7:45:7e:da:f0:
         a2:2e:31:22:d0:a9:bd:d7:45:0a:60:c7:25:06:ff:94:24:ed:
         1e:67:cd:c5:6f:f3:0d:a9:c4:e2:a7:7c:f8:0d:4a:25:84:79:
         0f:da:45:15:f7:a1:ec:6d:64:8e:cf:85:44:c4:cd:ac:e5:1e:
         7a:37:e6:e7:f9:a6:5c:c1:66:5c:06:1d:1a:2b:7e:44:f8:b5:
         ad:33:9d:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbU3xw23LqT3a3ThoQJ/FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkZWU3OGFkODU3NjA3NTIzYjUwYjYwYWNkOWUyMmNhNWEx
MDc4NTQwHhcNMjQwMTAxMDAyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWFmYzFmNTA4NGQyYmE4YzhjNWY3NWEyMmY0ZTAwYjA5NzVjZDg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4qkbFtQGaqCZVNaSxACweXg3WtUT
5YBXdwJINtewAb298TVfNzsikC57Pt8ZtaWHb8KuJ2UERgcvFCcMfU4KlLkFUZ5j
eL/VKrWZUV4qwhlut6jhBQuBmsezmTeLu4+bendJElS30p6y55i2CVnF1UowWesp
ZnGzIWvWRpfasi7Wogtr9fGs58whqtC7Yk4zmmU2/GEkuVykIzvazF/IzxEpaJrf
ZW7rCB5ZcXtHDvkyhe+ioqiVsqUblWIL71QA9mPoOaPPQ4NlGQNKqTF+wcYJJP9l
xBHwQgaRWUoZdSiRTAPFFTxJJKFYedeIAPNjRiDLekuA0u0kWanjOScZwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEqvwfUITSuoyMX3WiL04AsJdc2EMB8GA1UdIwQY
MBaAFM3ueK2FdgdSO1C2Cs2eIspaEHhUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemU1NHJZVjJCMUk3VUxZS3paNGl5bG9RZUZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy81YTQ5YmYtYzA1OS00YmVhLTg4ZDMt
Y2YwMTI0Y2VkNGQ2LzEvU3FfQjlRaE5LNmpJeGZkYUl2VGdDd2wxellRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy81YTQ5YmYtYzA1OS00YmVhLTg4ZDMtY2YwMTI0Y2VkNGQ2
LzEvemU1NHJZVjJCMUk3VUxZS3paNGl5bG9RZUZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw6ICMA0G
CSqGSIb3DQEBCwUAA4IBAQAeHLn8M7Gk8PZuMNgnGqZynLtLkB37mGfswLdpeyhF
WbFTDYFAeo3qVQR8e/L9eXYg/5E5mfWpco1p1YlC0GuBgTQJ1u1Q44gVTS7tooDN
IU4KfGxCCYL0lXtpc416Sdd1ZSfbgq4XXjjIUNL1f3rO44irRPpYZ0XntE+HG2wv
I0g+xjEEQn/K+DaZO4VdQ9RgqHtXQmBBy09J/j1kVhuF/K7I/fkI3spGvp1dS1Sw
x0V+2vCiLjEi0Km910UKYMclBv+UJO0eZ83Fb/MNqcTip3z4DUolhHkP2kUV96Hs
bWSOz4VExM2s5R56N+bn+aZcwWZcBh0aK35E+LWtM50D
-----END CERTIFICATE-----