Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/15863b-787f-4084-b7f6-5944960e31cf/1/qs2y2e1YffTY--rhpo9tVMvXaa8.roa
File:                     qs2y2e1YffTY--rhpo9tVMvXaa8.roa (raw, json)
Hash identifier:          Me3HRikb1Jy9x6ZNcDW7FhNOEY6fTGxIYKxuWEE8L80=
Subject key identifier:   AA:CD:B2:D9:ED:58:7D:F4:D8:FB:EA:E1:A6:8F:6D:54:CB:D7:69:AF
Certificate issuer:       /CN=9aeecb353f1cdc5fd3a9d54a8873531efd285c46
Certificate serial:       018CC5009ACF1AC7AC12D60CD69080713480
Authority key identifier: 9A:EE:CB:35:3F:1C:DC:5F:D3:A9:D5:4A:88:73:53:1E:FD:28:5C:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu7LNT8c3F_TqdVKiHNTHv0oXEY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/15863b-787f-4084-b7f6-5944960e31cf/1/qs2y2e1YffTY--rhpo9tVMvXaa8.roa
Signing time:             Mon 01 Jan 2024 12:30:00 +0000
ROA not before:           Mon 01 Jan 2024 12:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7117502
IP address blocks:        195.96.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/15863b-787f-4084-b7f6-5944960e31cf/1/mu7LNT8c3F_TqdVKiHNTHv0oXEY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/15863b-787f-4084-b7f6-5944960e31cf/1/mu7LNT8c3F_TqdVKiHNTHv0oXEY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mu7LNT8c3F_TqdVKiHNTHv0oXEY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:9a:cf:1a:c7:ac:12:d6:0c:d6:90:80:71:34:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aeecb353f1cdc5fd3a9d54a8873531efd285c46
        Validity
            Not Before: Jan  1 12:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aacdb2d9ed587df4d8fbeae1a68f6d54cbd769af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:0c:8d:e5:ad:f8:c1:5f:ba:9b:28:9f:6b:91:
                    92:73:2b:0b:29:d6:fe:1e:d6:18:00:86:ef:eb:45:
                    9e:3a:7b:5a:59:88:f5:90:9e:18:0b:1a:5e:94:21:
                    59:6a:b2:21:46:5c:58:17:05:c0:c4:1f:19:bf:b7:
                    97:ec:bc:45:33:88:71:d7:01:7c:37:ee:17:f6:c6:
                    99:21:10:d9:65:00:ab:1f:63:a0:d4:b3:31:a1:0d:
                    72:a8:28:69:cc:64:05:6e:21:9e:21:fe:70:48:81:
                    90:b2:42:40:28:83:9d:df:52:bc:90:8f:de:b8:63:
                    85:b8:91:6f:60:b5:63:11:01:62:5e:79:2a:d1:3f:
                    76:31:43:9c:cc:d7:e5:8b:19:0a:44:ba:74:ec:cb:
                    aa:9f:80:19:ad:46:6b:c9:21:2f:c1:91:e5:e0:55:
                    f7:1b:02:19:01:ea:a9:3d:2c:ca:fd:9d:10:f3:d0:
                    14:bf:60:e8:38:30:6a:17:a0:cb:a1:69:ec:36:86:
                    3b:da:bb:dc:b0:f4:50:08:f0:6d:5f:9c:f4:e2:9e:
                    72:80:9f:39:84:d2:1e:d2:95:98:70:4d:52:a1:6c:
                    15:53:39:d2:ad:55:73:fb:21:9a:74:66:b8:41:aa:
                    ad:0a:45:45:bb:7f:b5:8d:e4:7e:a3:8b:6d:4f:8e:
                    c9:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:CD:B2:D9:ED:58:7D:F4:D8:FB:EA:E1:A6:8F:6D:54:CB:D7:69:AF
            X509v3 Authority Key Identifier:
                keyid:9A:EE:CB:35:3F:1C:DC:5F:D3:A9:D5:4A:88:73:53:1E:FD:28:5C:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu7LNT8c3F_TqdVKiHNTHv0oXEY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/15863b-787f-4084-b7f6-5944960e31cf/1/qs2y2e1YffTY--rhpo9tVMvXaa8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/15863b-787f-4084-b7f6-5944960e31cf/1/mu7LNT8c3F_TqdVKiHNTHv0oXEY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.96.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:14:20:b8:9a:ec:4d:4c:54:a5:78:7a:f3:f7:20:b0:3f:55:
         4f:a0:d9:a1:17:cb:7a:68:2a:74:35:e8:86:21:de:7b:b6:0b:
         56:01:e4:b0:bf:a0:f8:56:ee:b4:18:35:94:d7:f1:ff:1d:3c:
         eb:05:65:05:23:9a:0e:5f:39:bb:fe:2a:21:b8:7c:3e:bb:17:
         9c:d9:a9:9d:41:07:07:fc:aa:30:f0:e4:cb:cd:f0:e8:0d:6f:
         bd:1f:0b:6d:b6:ed:3f:c7:ce:bc:d6:2f:6b:9e:5d:49:4f:5a:
         1c:5b:80:aa:62:1c:59:9e:6a:4a:8c:a1:97:fe:d3:5c:73:03:
         b2:8a:6a:15:94:f8:62:67:f3:8f:ff:5d:89:8b:87:2b:cb:df:
         74:23:d2:a4:32:9c:46:5a:1d:7f:eb:60:6e:e8:4c:b6:90:44:
         df:7a:d9:a2:62:20:c9:1d:98:40:5e:cf:92:0e:cd:60:e0:93:
         3b:e5:a0:56:ef:be:24:c4:79:a9:b8:82:cb:b5:ab:62:6d:9b:
         5a:a1:84:ab:75:4f:a1:bc:bd:38:45:c7:ce:78:5c:8f:7a:c9:
         5c:0e:d0:99:c5:29:70:13:36:2d:bc:a4:5e:9f:5c:75:f7:eb:
         35:de:38:80:9d:10:ed:c4:1a:12:15:f3:4f:6e:8a:e1:02:7a:
         d8:40:14:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAJrPGsesEtYM1pCAcTSAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWVjYjM1M2YxY2RjNWZkM2E5ZDU0YTg4NzM1MzFlZmQy
ODVjNDYwHhcNMjQwMTAxMTIzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWNkYjJkOWVkNTg3ZGY0ZDhmYmVhZTFhNjhmNmQ1NGNiZDc2OWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhwyN5a34wV+6myifa5GScysLKdb+
HtYYAIbv60WeOntaWYj1kJ4YCxpelCFZarIhRlxYFwXAxB8Zv7eX7LxFM4hx1wF8
N+4X9saZIRDZZQCrH2Og1LMxoQ1yqChpzGQFbiGeIf5wSIGQskJAKIOd31K8kI/e
uGOFuJFvYLVjEQFiXnkq0T92MUOczNflixkKRLp07Muqn4AZrUZrySEvwZHl4FX3
GwIZAeqpPSzK/Z0Q89AUv2DoODBqF6DLoWnsNoY72rvcsPRQCPBtX5z04p5ygJ85
hNIe0pWYcE1SoWwVUznSrVVz+yGadGa4QaqtCkVFu3+1jeR+o4ttT47JTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKrNstntWH302Pvq4aaPbVTL12mvMB8GA1UdIwQY
MBaAFJruyzU/HNxf06nVSohzUx79KFxGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU3TE5UOGMzRl9UcWRWS2lITlRIdjBvWEVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8xNTg2M2ItNzg3Zi00MDg0LWI3ZjYt
NTk0NDk2MGUzMWNmLzEvcXMyeTJlMVlmZlRZLS1yaHBvOXRWTXZYYWE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC8xNTg2M2ItNzg3Zi00MDg0LWI3ZjYtNTk0NDk2MGUzMWNm
LzEvbXU3TE5UOGMzRl9UcWRWS2lITlRIdjBvWEVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw2CKMA0G
CSqGSIb3DQEBCwUAA4IBAQAJFCC4muxNTFSleHrz9yCwP1VPoNmhF8t6aCp0NeiG
Id57tgtWAeSwv6D4Vu60GDWU1/H/HTzrBWUFI5oOXzm7/iohuHw+uxec2amdQQcH
/Kow8OTLzfDoDW+9Hwtttu0/x8681i9rnl1JT1ocW4CqYhxZnmpKjKGX/tNccwOy
imoVlPhiZ/OP/12Ji4cry990I9KkMpxGWh1/62Bu6Ey2kETfetmiYiDJHZhAXs+S
Ds1g4JM75aBW774kxHmpuILLtatibZtaoYSrdU+hvL04RcfOeFyPeslcDtCZxSlw
EzYtvKRen1x19+s13jiAnRDtxBoSFfNPborhAnrYQBRa
-----END CERTIFICATE-----