Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/8603e1-9b6b-43a6-b95e-36878f657e12/1/w2m972IFHtKEUt0oSW19Tc8ZJhA.roa
File:                     w2m972IFHtKEUt0oSW19Tc8ZJhA.roa (raw, json)
Hash identifier:          Wr3HbgKyKcRU9MvKghOJeetZfXQqrV+TDjaQZtWNKf0=
Subject key identifier:   C3:69:BD:EF:62:05:1E:D2:84:52:DD:28:49:6D:7D:4D:CF:19:26:10
Certificate issuer:       /CN=a898496b8d1dd825b487038fb87ca199b13b93df
Certificate serial:       018CC5DC5D36B4451B96F0211968760DB7F2
Authority key identifier: A8:98:49:6B:8D:1D:D8:25:B4:87:03:8F:B8:7C:A1:99:B1:3B:93:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qJhJa40d2CW0hwOPuHyhmbE7k98.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/8603e1-9b6b-43a6-b95e-36878f657e12/1/w2m972IFHtKEUt0oSW19Tc8ZJhA.roa
Signing time:             Mon 01 Jan 2024 16:30:02 +0000
ROA not before:           Mon 01 Jan 2024 16:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56533
IP address blocks:        195.211.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/8603e1-9b6b-43a6-b95e-36878f657e12/1/qJhJa40d2CW0hwOPuHyhmbE7k98.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/8603e1-9b6b-43a6-b95e-36878f657e12/1/qJhJa40d2CW0hwOPuHyhmbE7k98.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qJhJa40d2CW0hwOPuHyhmbE7k98.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:5d:36:b4:45:1b:96:f0:21:19:68:76:0d:b7:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a898496b8d1dd825b487038fb87ca199b13b93df
        Validity
            Not Before: Jan  1 16:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c369bdef62051ed28452dd28496d7d4dcf192610
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:0e:38:94:c2:25:20:47:3c:e8:78:63:f6:1a:
                    7b:0f:93:a0:a1:02:c6:79:f5:21:91:04:71:c3:3b:
                    df:14:1e:c3:85:5f:36:89:7f:36:4d:2a:23:f2:57:
                    23:34:0f:c8:74:fc:cc:db:88:b2:c7:03:67:30:e9:
                    b9:d1:f9:1d:30:c3:40:cf:79:02:42:39:0d:da:89:
                    ab:de:95:ae:9c:69:2e:cd:64:9a:dd:77:c8:69:45:
                    78:2b:62:0c:d1:3c:59:ee:37:eb:5e:7c:ab:1c:43:
                    b8:05:07:b4:9b:45:da:e2:83:b2:62:f8:ef:aa:67:
                    58:82:7b:66:f1:6b:8a:46:79:a0:ca:4b:a4:70:52:
                    ce:8f:31:ab:60:d6:bc:39:43:d1:99:60:84:15:37:
                    e5:06:d4:bb:b0:69:9e:0c:6d:7d:a0:5f:d2:e7:5c:
                    1a:01:72:f4:f9:a4:0d:fd:15:af:cf:27:e4:01:28:
                    de:c5:f9:83:11:e1:77:68:6b:8c:00:85:08:2a:c4:
                    08:bb:3e:05:b6:04:b3:d4:9a:a1:8f:68:c1:ef:67:
                    1b:e4:32:66:f6:78:b4:69:65:fb:af:8b:03:a4:f6:
                    fe:23:91:51:57:a1:54:f2:10:81:8c:31:83:72:9d:
                    9c:5c:e5:99:45:63:52:97:98:b9:82:dc:a1:a3:97:
                    e1:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:69:BD:EF:62:05:1E:D2:84:52:DD:28:49:6D:7D:4D:CF:19:26:10
            X509v3 Authority Key Identifier:
                keyid:A8:98:49:6B:8D:1D:D8:25:B4:87:03:8F:B8:7C:A1:99:B1:3B:93:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qJhJa40d2CW0hwOPuHyhmbE7k98.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/8603e1-9b6b-43a6-b95e-36878f657e12/1/w2m972IFHtKEUt0oSW19Tc8ZJhA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/8603e1-9b6b-43a6-b95e-36878f657e12/1/qJhJa40d2CW0hwOPuHyhmbE7k98.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.211.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:e9:d3:3a:09:c8:b7:fa:5c:1e:51:df:1f:b7:1f:3e:5c:8c:
         5e:fe:2a:a9:45:95:aa:54:79:92:e8:a3:ef:db:fa:f8:fb:7e:
         a4:17:d0:08:5d:78:29:8f:d9:57:af:2f:a4:a6:b8:7e:a0:24:
         1d:0e:d4:8d:ad:7d:2b:3a:e0:c4:bd:80:f2:36:14:0d:36:8f:
         c7:3a:a7:ab:3e:d7:9d:75:89:4e:1c:b1:68:e0:e4:84:6f:ca:
         04:b1:af:b5:7b:14:47:4d:83:ab:90:02:a3:8c:d4:3e:6c:00:
         fe:f9:d1:91:70:10:36:c4:75:02:90:00:a0:ee:3e:85:f4:4a:
         81:65:75:91:19:85:16:1c:ec:97:ca:c2:e3:1e:3d:f4:43:ca:
         d0:3b:86:38:83:50:63:94:72:c0:25:eb:f4:1e:49:60:57:a8:
         7e:d7:09:c8:1e:5c:6a:8f:df:56:f2:18:e2:e4:5a:59:64:4b:
         99:29:4f:fa:56:42:d5:51:97:7d:bd:87:0c:ff:99:d6:67:64:
         a2:b4:d8:5a:47:e1:e9:98:c5:6c:06:25:52:32:82:fc:2f:2f:
         58:ad:fd:40:94:20:ba:45:01:12:ea:6b:94:8a:ec:cd:4b:a2:
         a0:05:56:7f:c4:46:5d:4e:7d:4b:24:6e:4f:93:00:ee:ae:fb:
         28:1d:22:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3F02tEUblvAhGWh2DbfyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4OTg0OTZiOGQxZGQ4MjViNDg3MDM4ZmI4N2NhMTk5YjEz
YjkzZGYwHhcNMjQwMTAxMTYzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzY5YmRlZjYyMDUxZWQyODQ1MmRkMjg0OTZkN2Q0ZGNmMTkyNjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqg44lMIlIEc86Hhj9hp7D5OgoQLG
efUhkQRxwzvfFB7DhV82iX82TSoj8lcjNA/IdPzM24iyxwNnMOm50fkdMMNAz3kC
QjkN2omr3pWunGkuzWSa3XfIaUV4K2IM0TxZ7jfrXnyrHEO4BQe0m0Xa4oOyYvjv
qmdYgntm8WuKRnmgykukcFLOjzGrYNa8OUPRmWCEFTflBtS7sGmeDG19oF/S51wa
AXL0+aQN/RWvzyfkASjexfmDEeF3aGuMAIUIKsQIuz4FtgSz1Jqhj2jB72cb5DJm
9ni0aWX7r4sDpPb+I5FRV6FU8hCBjDGDcp2cXOWZRWNSl5i5gtyho5fhrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMNpve9iBR7ShFLdKEltfU3PGSYQMB8GA1UdIwQY
MBaAFKiYSWuNHdgltIcDj7h8oZmxO5PfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUpoSmE0MGQyQ1cwaHdPUHVIeWhtYkU3azk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS84NjAzZTEtOWI2Yi00M2E2LWI5NWUt
MzY4NzhmNjU3ZTEyLzEvdzJtOTcySUZIdEtFVXQwb1NXMTlUYzhaSmhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS84NjAzZTEtOWI2Yi00M2E2LWI5NWUtMzY4NzhmNjU3ZTEy
LzEvcUpoSmE0MGQyQ1cwaHdPUHVIeWhtYkU3azk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9P6MA0G
CSqGSIb3DQEBCwUAA4IBAQC26dM6Cci3+lweUd8ftx8+XIxe/iqpRZWqVHmS6KPv
2/r4+36kF9AIXXgpj9lXry+kprh+oCQdDtSNrX0rOuDEvYDyNhQNNo/HOqerPted
dYlOHLFo4OSEb8oEsa+1exRHTYOrkAKjjNQ+bAD++dGRcBA2xHUCkACg7j6F9EqB
ZXWRGYUWHOyXysLjHj30Q8rQO4Y4g1BjlHLAJev0HklgV6h+1wnIHlxqj99W8hji
5FpZZEuZKU/6VkLVUZd9vYcM/5nWZ2SitNhaR+HpmMVsBiVSMoL8Ly9Yrf1AlCC6
RQES6muUiuzNS6KgBVZ/xEZdTn1LJG5PkwDurvsoHSJq
-----END CERTIFICATE-----