Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/b664cb-349a-4ffb-b268-090e5bd580b3/1/5omw7afr4uhU5H1TT3iPA-D-qdw.roa
File:                     5omw7afr4uhU5H1TT3iPA-D-qdw.roa (raw, json)
Hash identifier:          C+MCzOl4Nih1KuTuIps0X61eEjLwfLkApKVrSg2Calk=
Subject key identifier:   E6:89:B0:ED:A7:EB:E2:E8:54:E4:7D:53:4F:78:8F:03:E0:FE:A9:DC
Certificate issuer:       /CN=c77a11ccad12e455286f5d0eb3040e863f30c993
Certificate serial:       018CC8DF2BDEA9D17B9818C8BA610D761923
Authority key identifier: C7:7A:11:CC:AD:12:E4:55:28:6F:5D:0E:B3:04:0E:86:3F:30:C9:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x3oRzK0S5FUob10OswQOhj8wyZM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/b664cb-349a-4ffb-b268-090e5bd580b3/1/5omw7afr4uhU5H1TT3iPA-D-qdw.roa
Signing time:             Tue 02 Jan 2024 06:31:58 +0000
ROA not before:           Tue 02 Jan 2024 06:31:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20847
IP address blocks:        195.60.212.0/22 maxlen: 24
                          2001:67c:78::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/b664cb-349a-4ffb-b268-090e5bd580b3/1/x3oRzK0S5FUob10OswQOhj8wyZM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/b664cb-349a-4ffb-b268-090e5bd580b3/1/x3oRzK0S5FUob10OswQOhj8wyZM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x3oRzK0S5FUob10OswQOhj8wyZM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:2b:de:a9:d1:7b:98:18:c8:ba:61:0d:76:19:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c77a11ccad12e455286f5d0eb3040e863f30c993
        Validity
            Not Before: Jan  2 06:31:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e689b0eda7ebe2e854e47d534f788f03e0fea9dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:49:c3:98:1b:b7:ef:64:43:5a:ef:01:06:5e:
                    6a:93:e5:6d:94:7b:eb:ff:0a:97:06:de:68:44:20:
                    16:dd:4b:0f:83:e3:79:69:26:b9:cb:c1:eb:fc:37:
                    1e:33:b7:e3:c3:66:e6:25:a9:fc:1d:9a:18:86:71:
                    4a:fc:f3:0d:08:52:d5:9a:53:d5:1c:49:be:46:8e:
                    dd:f8:1f:7c:fa:c7:d2:af:c0:4a:ee:b5:1b:92:a0:
                    9f:8d:14:5d:8e:b1:b0:e1:12:38:fd:28:84:76:2c:
                    33:96:8d:e7:2c:98:f9:c8:f7:ff:d5:01:13:43:ac:
                    64:d6:46:aa:95:79:bb:c4:29:34:b4:67:70:6f:4a:
                    5e:4f:ec:f6:67:64:2c:6f:8b:4a:50:88:36:c6:d5:
                    b2:08:04:2e:ef:e9:1e:79:1a:6d:33:89:ac:43:ac:
                    f9:62:85:77:ff:c3:36:a8:d2:0f:58:25:38:6b:f2:
                    89:a2:d5:cc:bf:3c:80:7c:60:52:c3:c4:12:08:17:
                    ad:5d:8e:38:98:9d:6d:69:28:26:2f:fe:df:fe:6b:
                    31:2f:6d:ff:4e:ec:d5:5b:26:5a:94:dd:74:81:c6:
                    d9:65:2b:1f:dc:8b:e6:e6:71:2e:93:d4:d9:5c:17:
                    d9:8d:80:da:5d:a6:84:41:4d:3d:45:40:f1:1e:0c:
                    9e:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:89:B0:ED:A7:EB:E2:E8:54:E4:7D:53:4F:78:8F:03:E0:FE:A9:DC
            X509v3 Authority Key Identifier:
                keyid:C7:7A:11:CC:AD:12:E4:55:28:6F:5D:0E:B3:04:0E:86:3F:30:C9:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x3oRzK0S5FUob10OswQOhj8wyZM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/b664cb-349a-4ffb-b268-090e5bd580b3/1/5omw7afr4uhU5H1TT3iPA-D-qdw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/b664cb-349a-4ffb-b268-090e5bd580b3/1/x3oRzK0S5FUob10OswQOhj8wyZM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.60.212.0/22
                IPv6:
                  2001:67c:78::/48

    Signature Algorithm: sha256WithRSAEncryption
         ab:9a:1f:12:ea:97:19:a6:56:33:7d:63:94:a8:0a:53:5d:73:
         1a:20:f6:69:7e:27:a3:56:a9:0f:3d:f4:a3:e2:71:d0:04:52:
         ed:e1:a0:78:45:94:92:e7:b6:2c:54:4e:d2:e4:0a:06:2f:66:
         fa:3d:98:d8:d2:36:2f:c0:75:33:c6:ff:8f:cb:6e:3f:88:81:
         e2:4c:33:b2:e7:b5:c7:7a:60:b9:c3:c0:af:69:e9:d9:f5:d5:
         ea:5f:ed:c2:08:86:4c:ca:8b:0b:67:52:26:51:39:a8:a0:b8:
         4f:4f:99:56:53:a3:f3:4c:8f:a8:e1:2b:6e:51:ac:c5:63:d4:
         f9:0c:74:3e:76:c7:99:45:9e:93:9d:4f:5d:e5:51:0c:cf:01:
         eb:29:72:e8:e5:ee:10:db:f4:38:af:99:25:19:b5:ba:fc:9e:
         59:e8:5e:d0:76:de:32:90:2d:90:d7:0d:2f:1f:6f:c5:c9:06:
         77:ce:51:2a:49:62:fc:71:36:ed:11:92:23:81:78:39:97:ae:
         b6:ce:db:1f:4d:57:7b:bd:12:ce:4c:1f:66:a8:5c:23:74:79:
         54:8c:85:4f:af:c7:40:e5:fe:70:01:ed:43:75:13:4c:e2:0a:
         36:a7:51:ac:b5:55:8a:17:a9:d8:8b:5b:b7:63:5e:cf:2b:1b:
         9d:b3:4e:99
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzI3yveqdF7mBjIumENdhkjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3N2ExMWNjYWQxMmU0NTUyODZmNWQwZWIzMDQwZTg2M2Yz
MGM5OTMwHhcNMjQwMTAyMDYzMTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjg5YjBlZGE3ZWJlMmU4NTRlNDdkNTM0Zjc4OGYwM2UwZmVhOWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUnDmBu372RDWu8BBl5qk+VtlHvr
/wqXBt5oRCAW3UsPg+N5aSa5y8Hr/DceM7fjw2bmJan8HZoYhnFK/PMNCFLVmlPV
HEm+Ro7d+B98+sfSr8BK7rUbkqCfjRRdjrGw4RI4/SiEdiwzlo3nLJj5yPf/1QET
Q6xk1kaqlXm7xCk0tGdwb0peT+z2Z2Qsb4tKUIg2xtWyCAQu7+keeRptM4msQ6z5
YoV3/8M2qNIPWCU4a/KJotXMvzyAfGBSw8QSCBetXY44mJ1taSgmL/7f/msxL23/
TuzVWyZalN10gcbZZSsf3Ivm5nEuk9TZXBfZjYDaXaaEQU09RUDxHgyeKQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOaJsO2n6+LoVOR9U094jwPg/qncMB8GA1UdIwQY
MBaAFMd6EcytEuRVKG9dDrMEDoY/MMmTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDNvUnpLMFM1RlVvYjEwT3N3UU9oajh3eVpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9iNjY0Y2ItMzQ5YS00ZmZiLWIyNjgt
MDkwZTViZDU4MGIzLzEvNW9tdzdhZnI0dWhVNUgxVFQzaVBBLUQtcWR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9iNjY0Y2ItMzQ5YS00ZmZiLWIyNjgtMDkwZTViZDU4MGIz
LzEveDNvUnpLMFM1RlVvYjEwT3N3UU9oajh3eVpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCwzzUMA8E
AgACMAkDBwAgAQZ8AHgwDQYJKoZIhvcNAQELBQADggEBAKuaHxLqlxmmVjN9Y5So
ClNdcxog9ml+J6NWqQ899KPicdAEUu3hoHhFlJLntixUTtLkCgYvZvo9mNjSNi/A
dTPG/4/Lbj+IgeJMM7Lntcd6YLnDwK9p6dn11epf7cIIhkzKiwtnUiZROaiguE9P
mVZTo/NMj6jhK25RrMVj1PkMdD52x5lFnpOdT13lUQzPAespcujl7hDb9DivmSUZ
tbr8nlnoXtB23jKQLZDXDS8fb8XJBnfOUSpJYvxxNu0RkiOBeDmXrrbO2x9NV3u9
Es5MH2aoXCN0eVSMhU+vx0Dl/nAB7UN1E0ziCjanUay1VYoXqdiLW7djXs8rG52z
Tpk=
-----END CERTIFICATE-----