Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/cceaf2-7561-42a7-8d12-8e060ca96fac/1/Nj6Y1umwE8Hw0flALWLf1Ts09wY.roa
File:                     Nj6Y1umwE8Hw0flALWLf1Ts09wY.roa (raw, json)
Hash identifier:          Y4bGQKZq2dG9DDPeI//2wCpZv3vQSFUbMu0G3XO4jSY=
Subject key identifier:   36:3E:98:D6:E9:B0:13:C1:F0:D1:F9:40:2D:62:DF:D5:3B:34:F7:06
Certificate issuer:       /CN=1d861782973c382cc1ce670f5ad50df8fb53c82e
Certificate serial:       018CC493046E1D69BF40AD396E28D9F65A80
Authority key identifier: 1D:86:17:82:97:3C:38:2C:C1:CE:67:0F:5A:D5:0D:F8:FB:53:C8:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HYYXgpc8OCzBzmcPWtUN-PtTyC4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/cceaf2-7561-42a7-8d12-8e060ca96fac/1/Nj6Y1umwE8Hw0flALWLf1Ts09wY.roa
Signing time:             Mon 01 Jan 2024 10:30:18 +0000
ROA not before:           Mon 01 Jan 2024 10:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44704
IP address blocks:        195.42.96.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/cceaf2-7561-42a7-8d12-8e060ca96fac/1/HYYXgpc8OCzBzmcPWtUN-PtTyC4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/cceaf2-7561-42a7-8d12-8e060ca96fac/1/HYYXgpc8OCzBzmcPWtUN-PtTyC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HYYXgpc8OCzBzmcPWtUN-PtTyC4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 10:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:04:6e:1d:69:bf:40:ad:39:6e:28:d9:f6:5a:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d861782973c382cc1ce670f5ad50df8fb53c82e
        Validity
            Not Before: Jan  1 10:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=363e98d6e9b013c1f0d1f9402d62dfd53b34f706
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:10:80:5e:db:e3:26:f6:89:c2:b7:90:64:de:
                    60:b3:72:9d:18:e4:08:3c:6b:77:f5:4e:dd:bd:87:
                    cd:e2:bb:82:92:7f:b8:b3:68:e1:dd:03:be:39:68:
                    0e:41:6d:c9:f1:5f:db:41:08:45:03:d1:a6:58:96:
                    7a:9f:43:3b:9c:09:1e:6f:36:4b:d6:de:8d:b3:aa:
                    19:8b:bc:9c:6b:8d:e4:b9:52:24:22:bc:13:e5:4d:
                    09:92:16:bf:07:cc:2d:62:0d:b8:e5:74:8f:f5:e9:
                    57:df:bb:e9:30:64:af:ee:a8:22:72:b8:23:10:1f:
                    b8:33:fd:27:ac:fc:90:63:1a:fc:2b:d7:0d:9c:e2:
                    e0:13:ba:3c:ce:3d:78:07:76:f6:4c:1e:8d:1b:9b:
                    3b:fa:a6:a4:8d:2c:34:44:78:7a:ab:ee:fb:a0:28:
                    62:3e:d4:61:0d:15:54:91:fc:f6:3e:ed:45:75:49:
                    a5:11:b8:87:cf:4b:60:55:07:94:e1:cf:a5:4b:8f:
                    16:50:1f:48:9e:89:58:8b:42:ae:92:9a:1d:ea:0f:
                    7d:96:c0:0f:be:9e:bb:ee:68:67:71:dc:d0:f9:eb:
                    f4:43:34:af:8c:b3:26:36:1f:92:d0:f3:5d:04:11:
                    1e:4b:5b:38:0d:b0:5c:a5:24:83:1b:d1:bd:91:da:
                    c7:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:3E:98:D6:E9:B0:13:C1:F0:D1:F9:40:2D:62:DF:D5:3B:34:F7:06
            X509v3 Authority Key Identifier:
                keyid:1D:86:17:82:97:3C:38:2C:C1:CE:67:0F:5A:D5:0D:F8:FB:53:C8:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HYYXgpc8OCzBzmcPWtUN-PtTyC4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/cceaf2-7561-42a7-8d12-8e060ca96fac/1/Nj6Y1umwE8Hw0flALWLf1Ts09wY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/cceaf2-7561-42a7-8d12-8e060ca96fac/1/HYYXgpc8OCzBzmcPWtUN-PtTyC4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.42.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b3:a1:60:e8:47:58:de:79:31:7f:67:11:be:9c:af:b9:f2:37:
         c9:3f:66:38:03:e3:89:c0:13:fc:e5:1e:04:ee:c7:22:71:55:
         07:3b:19:97:35:f6:6e:1e:9f:72:fe:9e:8e:dd:76:28:61:7f:
         1f:c4:f0:03:8e:b2:10:9e:22:f3:1f:18:a2:92:57:f4:0d:74:
         12:96:a7:47:97:cc:e5:15:2a:f1:a5:24:bf:cf:fe:ee:97:01:
         58:0c:df:75:a0:80:2b:5f:18:62:fe:70:f0:89:dd:bf:63:eb:
         7f:39:9e:65:17:9e:0a:73:2b:e4:74:3c:65:9f:5b:a2:f6:bb:
         38:09:ee:de:4d:c6:fd:6b:d6:5d:0d:64:20:b6:ff:7d:11:81:
         d2:72:08:4a:6c:38:aa:56:5a:bf:94:e4:78:eb:49:82:74:be:
         42:ae:51:13:46:1f:a9:b8:78:3d:04:fd:4e:d8:de:b7:20:41:
         46:ac:1d:3a:6f:4d:f5:e0:05:73:2f:09:46:e2:45:c4:18:46:
         ba:73:d8:6e:2a:3b:63:a8:ed:9d:9b:92:9a:59:ef:42:81:10:
         80:52:9b:66:20:0b:ae:76:e4:05:6a:9f:97:57:7c:d2:7c:8e:
         6f:45:0d:20:17:10:bf:66:fa:77:1c:9e:67:50:72:f3:cd:ed:
         6c:5b:5b:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkwRuHWm/QK05bijZ9lqAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkODYxNzgyOTczYzM4MmNjMWNlNjcwZjVhZDUwZGY4ZmI1
M2M4MmUwHhcNMjQwMTAxMTAzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjNlOThkNmU5YjAxM2MxZjBkMWY5NDAyZDYyZGZkNTNiMzRmNzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBCAXtvjJvaJwreQZN5gs3KdGOQI
PGt39U7dvYfN4ruCkn+4s2jh3QO+OWgOQW3J8V/bQQhFA9GmWJZ6n0M7nAkebzZL
1t6Ns6oZi7yca43kuVIkIrwT5U0Jkha/B8wtYg245XSP9elX37vpMGSv7qgicrgj
EB+4M/0nrPyQYxr8K9cNnOLgE7o8zj14B3b2TB6NG5s7+qakjSw0RHh6q+77oChi
PtRhDRVUkfz2Pu1FdUmlEbiHz0tgVQeU4c+lS48WUB9InolYi0Kukpod6g99lsAP
vp677mhncdzQ+ev0QzSvjLMmNh+S0PNdBBEeS1s4DbBcpSSDG9G9kdrHywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDY+mNbpsBPB8NH5QC1i39U7NPcGMB8GA1UdIwQY
MBaAFB2GF4KXPDgswc5nD1rVDfj7U8guMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFlZWGdwYzhPQ3pCem1jUFd0VU4tUHRUeUM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9jY2VhZjItNzU2MS00MmE3LThkMTIt
OGUwNjBjYTk2ZmFjLzEvTmo2WTF1bXdFOEh3MGZsQUxXTGYxVHMwOXdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9jY2VhZjItNzU2MS00MmE3LThkMTItOGUwNjBjYTk2ZmFj
LzEvSFlZWGdwYzhPQ3pCem1jUFd0VU4tUHRUeUM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwypgMA0G
CSqGSIb3DQEBCwUAA4IBAQCzoWDoR1jeeTF/ZxG+nK+58jfJP2Y4A+OJwBP85R4E
7scicVUHOxmXNfZuHp9y/p6O3XYoYX8fxPADjrIQniLzHxiiklf0DXQSlqdHl8zl
FSrxpSS/z/7ulwFYDN91oIArXxhi/nDwid2/Y+t/OZ5lF54KcyvkdDxln1ui9rs4
Ce7eTcb9a9ZdDWQgtv99EYHScghKbDiqVlq/lOR460mCdL5CrlETRh+puHg9BP1O
2N63IEFGrB06b0314AVzLwlG4kXEGEa6c9huKjtjqO2dm5KaWe9CgRCAUptmIAuu
duQFap+XV3zSfI5vRQ0gFxC/Zvp3HJ5nUHLzze1sW1sq
-----END CERTIFICATE-----