Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/ae175a-1c00-4091-a061-9ba4ec31cb6b/1/dmtrpwptwr9hPNxzDT_CZJFmKt8.roa
File:                     dmtrpwptwr9hPNxzDT_CZJFmKt8.roa (raw, json)
Hash identifier:          NmXg86iyWPbYwU3Mw7PK21dCDF7KBHHcSdiYWJSGSRY=
Subject key identifier:   76:6B:6B:A7:0A:6D:C2:BF:61:3C:DC:73:0D:3F:C2:64:91:66:2A:DF
Certificate issuer:       /CN=f589823ba14758007cde873af4bf47fd9c39737b
Certificate serial:       018CC26D7302EF908E6A2213C2CD37EE8339
Authority key identifier: F5:89:82:3B:A1:47:58:00:7C:DE:87:3A:F4:BF:47:FD:9C:39:73:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9YmCO6FHWAB83oc69L9H_Zw5c3s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/ae175a-1c00-4091-a061-9ba4ec31cb6b/1/dmtrpwptwr9hPNxzDT_CZJFmKt8.roa
Signing time:             Mon 01 Jan 2024 00:30:01 +0000
ROA not before:           Mon 01 Jan 2024 00:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6782
IP address blocks:        195.196.30.0/24 maxlen: 24
                          2a00:ff40::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/ae175a-1c00-4091-a061-9ba4ec31cb6b/1/9YmCO6FHWAB83oc69L9H_Zw5c3s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/ae175a-1c00-4091-a061-9ba4ec31cb6b/1/9YmCO6FHWAB83oc69L9H_Zw5c3s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9YmCO6FHWAB83oc69L9H_Zw5c3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:73:02:ef:90:8e:6a:22:13:c2:cd:37:ee:83:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f589823ba14758007cde873af4bf47fd9c39737b
        Validity
            Not Before: Jan  1 00:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=766b6ba70a6dc2bf613cdc730d3fc26491662adf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:60:d9:05:6b:a1:e3:ca:ad:d4:6d:d8:0e:d0:
                    17:c1:84:e4:ae:81:10:b6:6b:d6:9a:90:3b:fb:3b:
                    e0:aa:df:62:2d:33:ef:39:a0:e8:82:62:17:6a:fb:
                    9f:25:b3:b4:56:09:d6:3a:0b:5c:b0:c8:31:61:96:
                    c1:57:5b:5d:75:74:c2:27:cc:f4:9d:0d:45:69:ef:
                    57:6e:34:5b:14:a7:51:3b:1a:f6:61:e4:95:36:0b:
                    a4:10:63:1f:87:ae:72:c7:f4:4c:e2:28:9a:95:b4:
                    4e:2a:88:f0:e7:2b:d9:e6:d0:22:e1:0a:ad:b4:35:
                    55:23:a4:2c:2e:08:95:7e:92:e1:04:40:28:83:08:
                    fb:87:7b:63:36:93:c9:7e:b6:34:c6:7b:69:84:46:
                    b8:9f:8f:9b:9a:66:0a:7a:e4:4e:02:d8:56:9f:48:
                    3f:5e:84:20:31:b0:21:f3:32:b0:a7:33:72:fa:0b:
                    18:de:0c:17:0d:0c:c5:09:36:3e:0e:5c:20:3f:9c:
                    81:c1:26:22:71:0f:f5:75:f1:73:14:fa:07:00:9a:
                    4c:15:da:73:08:0e:b8:2f:e5:bf:f9:59:d1:de:f3:
                    56:47:8d:6a:e7:2b:31:a9:99:09:7e:37:87:c9:76:
                    ff:46:5e:16:c9:21:df:db:e3:8b:f9:43:a6:ea:78:
                    c4:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:6B:6B:A7:0A:6D:C2:BF:61:3C:DC:73:0D:3F:C2:64:91:66:2A:DF
            X509v3 Authority Key Identifier:
                keyid:F5:89:82:3B:A1:47:58:00:7C:DE:87:3A:F4:BF:47:FD:9C:39:73:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9YmCO6FHWAB83oc69L9H_Zw5c3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/ae175a-1c00-4091-a061-9ba4ec31cb6b/1/dmtrpwptwr9hPNxzDT_CZJFmKt8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/ae175a-1c00-4091-a061-9ba4ec31cb6b/1/9YmCO6FHWAB83oc69L9H_Zw5c3s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.196.30.0/24
                IPv6:
                  2a00:ff40::/32

    Signature Algorithm: sha256WithRSAEncryption
         44:14:dd:fb:fe:c1:22:97:97:12:30:76:b4:b7:0c:75:11:e6:
         1f:26:ff:b3:ce:72:48:f3:a0:40:b8:46:df:ff:c6:4b:97:73:
         ad:70:48:81:e4:e8:4e:22:72:71:86:33:1a:67:30:a5:e2:7a:
         c2:ab:50:fd:03:c2:f5:a5:7f:0d:05:bc:fb:c0:83:86:41:13:
         7f:20:5d:90:08:be:d9:38:a0:8e:8a:9b:5c:b2:69:c5:15:eb:
         b9:30:a7:d9:07:92:57:ca:1b:f1:b8:9e:b1:20:70:ab:a1:90:
         e6:a8:58:65:5c:20:09:b1:f8:84:9b:28:fe:a8:c4:51:bd:0d:
         cc:38:00:a0:fc:bb:0b:e4:61:8e:a9:f1:31:85:8e:4a:13:48:
         32:80:70:a7:90:de:6f:e3:f4:de:6e:d1:7f:32:0a:70:19:f5:
         11:c6:04:59:77:ef:8c:3e:e0:87:6a:f7:16:04:73:aa:34:90:
         fd:27:53:ed:1e:04:13:40:46:42:35:ec:d7:47:7b:e2:f1:4f:
         d2:0b:f9:59:a2:45:ee:5f:da:fb:5e:1a:10:ca:e7:41:f7:d2:
         33:03:d0:e4:bf:9f:a1:a0:f1:a9:90:86:03:5a:91:ba:1b:d5:
         c5:5a:d0:35:77:68:0f:f5:5e:f9:14:62:e3:dc:07:82:01:a0:
         da:0d:a4:db
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzCbXMC75COaiITws037oM5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ODk4MjNiYTE0NzU4MDA3Y2RlODczYWY0YmY0N2ZkOWMz
OTczN2IwHhcNMjQwMTAxMDAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjZiNmJhNzBhNmRjMmJmNjEzY2RjNzMwZDNmYzI2NDkxNjYyYWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi2DZBWuh48qt1G3YDtAXwYTkroEQ
tmvWmpA7+zvgqt9iLTPvOaDogmIXavufJbO0VgnWOgtcsMgxYZbBV1tddXTCJ8z0
nQ1Fae9XbjRbFKdROxr2YeSVNgukEGMfh65yx/RM4iialbROKojw5yvZ5tAi4Qqt
tDVVI6QsLgiVfpLhBEAogwj7h3tjNpPJfrY0xntphEa4n4+bmmYKeuROAthWn0g/
XoQgMbAh8zKwpzNy+gsY3gwXDQzFCTY+DlwgP5yBwSYicQ/1dfFzFPoHAJpMFdpz
CA64L+W/+VnR3vNWR41q5ysxqZkJfjeHyXb/Rl4WySHf2+OL+UOm6njEPQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHZra6cKbcK/YTzccw0/wmSRZirfMB8GA1UdIwQY
MBaAFPWJgjuhR1gAfN6HOvS/R/2cOXN7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVltQ082RkhXQUI4M29jNjlMOUhfWnc1YzNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9hZTE3NWEtMWMwMC00MDkxLWEwNjEt
OWJhNGVjMzFjYjZiLzEvZG10cnB3cHR3cjloUE54ekRUX0NaSkZtS3Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9hZTE3NWEtMWMwMC00MDkxLWEwNjEtOWJhNGVjMzFjYjZi
LzEvOVltQ082RkhXQUI4M29jNjlMOUhfWnc1YzNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAw8QeMA0E
AgACMAcDBQAqAP9AMA0GCSqGSIb3DQEBCwUAA4IBAQBEFN37/sEil5cSMHa0twx1
EeYfJv+zznJI86BAuEbf/8ZLl3OtcEiB5OhOInJxhjMaZzCl4nrCq1D9A8L1pX8N
Bbz7wIOGQRN/IF2QCL7ZOKCOiptcsmnFFeu5MKfZB5JXyhvxuJ6xIHCroZDmqFhl
XCAJsfiEmyj+qMRRvQ3MOACg/LsL5GGOqfExhY5KE0gygHCnkN5v4/TebtF/Mgpw
GfURxgRZd++MPuCHavcWBHOqNJD9J1PtHgQTQEZCNezXR3vi8U/SC/lZokXuX9r7
XhoQyudB99IzA9Dkv5+hoPGpkIYDWpG6G9XFWtA1d2gP9V75FGLj3AeCAaDaDaTb
-----END CERTIFICATE-----