Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/bda7cc-645c-4821-ad22-3e44fcac3bc5/1/Jt0yanr8E4cimx6zNGoOmLYuf38.roa
File:                     Jt0yanr8E4cimx6zNGoOmLYuf38.roa (raw, json)
Hash identifier:          xWE3BzXN5XjQIqPj8JhSCNO20fEKBJIXSGqD9J95GX4=
Subject key identifier:   26:DD:32:6A:7A:FC:13:87:22:9B:1E:B3:34:6A:0E:98:B6:2E:7F:7F
Certificate issuer:       /CN=cf53c0c2a70a9e0ba0b860d22904dbb0e92b920b
Certificate serial:       018DD041C7864C64C1E64B98AFDA9CED5361
Authority key identifier: CF:53:C0:C2:A7:0A:9E:0B:A0:B8:60:D2:29:04:DB:B0:E9:2B:92:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z1PAwqcKnguguGDSKQTbsOkrkgs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/bda7cc-645c-4821-ad22-3e44fcac3bc5/1/Jt0yanr8E4cimx6zNGoOmLYuf38.roa
Signing time:             Thu 22 Feb 2024 09:59:48 +0000
ROA not before:           Thu 22 Feb 2024 09:59:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3330
IP address blocks:        195.242.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/bda7cc-645c-4821-ad22-3e44fcac3bc5/1/z1PAwqcKnguguGDSKQTbsOkrkgs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/bda7cc-645c-4821-ad22-3e44fcac3bc5/1/z1PAwqcKnguguGDSKQTbsOkrkgs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z1PAwqcKnguguGDSKQTbsOkrkgs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d0:41:c7:86:4c:64:c1:e6:4b:98:af:da:9c:ed:53:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf53c0c2a70a9e0ba0b860d22904dbb0e92b920b
        Validity
            Not Before: Feb 22 09:59:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26dd326a7afc1387229b1eb3346a0e98b62e7f7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:0c:5f:41:57:48:bc:ca:94:2a:44:28:56:a6:
                    9e:cb:32:8b:21:15:d0:22:6b:ca:fa:d9:5b:f8:79:
                    79:c5:aa:d7:16:9f:4f:ad:aa:97:9a:ff:3e:e0:0b:
                    1f:fb:37:d8:ce:1e:5c:1f:2b:75:79:9d:8b:03:ab:
                    16:38:f3:19:e8:b4:5b:8d:9b:d1:8a:3d:37:12:e4:
                    1b:29:e5:3e:bc:01:f6:7c:c9:f1:40:35:bc:74:22:
                    ae:b2:b1:41:7a:2c:a8:d7:3d:4f:c3:7c:aa:be:dd:
                    b9:6c:84:03:97:23:01:e7:f5:b6:2a:47:b9:1d:ab:
                    bd:68:69:e6:b5:c1:b8:07:6e:42:85:e9:49:4c:21:
                    f8:9a:13:2c:34:22:f1:bd:e2:06:52:ad:e8:34:bb:
                    7a:bf:ec:a6:5a:1a:1d:3c:41:c7:85:dd:5a:04:ab:
                    ec:d3:f8:ec:50:f0:ff:b4:85:eb:3c:c2:14:e2:ca:
                    90:aa:23:5d:1a:d5:4c:d4:0d:43:f4:a2:9c:5a:e0:
                    a5:78:d1:e0:f4:40:8d:14:af:75:33:55:ea:98:88:
                    e6:7e:6b:70:cb:47:b0:88:6a:e0:22:38:97:0a:de:
                    2d:25:29:77:bc:2c:d6:84:4a:aa:45:ee:4a:c5:93:
                    8e:66:29:5f:7d:fe:73:dc:84:85:62:b5:09:59:21:
                    e1:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:DD:32:6A:7A:FC:13:87:22:9B:1E:B3:34:6A:0E:98:B6:2E:7F:7F
            X509v3 Authority Key Identifier:
                keyid:CF:53:C0:C2:A7:0A:9E:0B:A0:B8:60:D2:29:04:DB:B0:E9:2B:92:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z1PAwqcKnguguGDSKQTbsOkrkgs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/bda7cc-645c-4821-ad22-3e44fcac3bc5/1/Jt0yanr8E4cimx6zNGoOmLYuf38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/bda7cc-645c-4821-ad22-3e44fcac3bc5/1/z1PAwqcKnguguGDSKQTbsOkrkgs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.242.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:ca:db:9d:74:94:7c:c9:6c:74:5f:7b:cd:d8:58:5c:a2:4e:
         ca:3a:e8:b1:ff:6c:7a:49:a8:6a:50:b2:f7:4f:96:da:6e:6a:
         28:6d:cf:a9:7b:67:56:16:15:fd:2b:18:6d:2e:3a:13:e2:c3:
         71:59:c0:1f:e4:cf:77:17:f3:27:19:87:78:0d:2d:48:e3:85:
         bd:c5:d0:91:db:40:ff:bd:1a:c4:67:15:f7:6b:51:ab:3a:00:
         61:18:60:81:ff:f2:c9:1c:d1:5f:ab:f8:42:09:e0:97:4c:75:
         b2:99:bf:e4:ad:d5:14:74:f1:c4:13:3f:de:65:48:36:fa:62:
         3a:ef:8f:0a:31:2c:4d:de:7e:fa:1d:65:6b:ff:5f:86:e9:6d:
         f3:f4:18:a6:cc:4e:08:08:ac:49:97:fc:1f:36:50:9f:b2:c5:
         46:3d:9e:59:bb:17:65:fb:85:6e:e4:4d:90:df:6d:2b:1d:cf:
         90:e8:8e:0e:06:ba:e6:48:30:30:a4:5d:dc:d5:7b:60:a1:50:
         66:98:57:53:56:f4:87:a9:65:89:2f:7f:2c:fd:39:15:73:60:
         70:c3:32:7f:68:bc:4f:f2:6e:f9:c2:0f:f0:af:89:2e:a9:5b:
         bd:62:bf:73:7f:c4:a0:dc:8a:5d:8a:46:26:fa:5c:c1:45:1a:
         d0:d6:13:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3QQceGTGTB5kuYr9qc7VNhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmNTNjMGMyYTcwYTllMGJhMGI4NjBkMjI5MDRkYmIwZTky
YjkyMGIwHhcNMjQwMjIyMDk1OTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmRkMzI2YTdhZmMxMzg3MjI5YjFlYjMzNDZhMGU5OGI2MmU3ZjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQxfQVdIvMqUKkQoVqaeyzKLIRXQ
ImvK+tlb+Hl5xarXFp9PraqXmv8+4Asf+zfYzh5cHyt1eZ2LA6sWOPMZ6LRbjZvR
ij03EuQbKeU+vAH2fMnxQDW8dCKusrFBeiyo1z1Pw3yqvt25bIQDlyMB5/W2Kke5
Hau9aGnmtcG4B25ChelJTCH4mhMsNCLxveIGUq3oNLt6v+ymWhodPEHHhd1aBKvs
0/jsUPD/tIXrPMIU4sqQqiNdGtVM1A1D9KKcWuCleNHg9ECNFK91M1XqmIjmfmtw
y0ewiGrgIjiXCt4tJSl3vCzWhEqqRe5KxZOOZilfff5z3ISFYrUJWSHhtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCbdMmp6/BOHIpseszRqDpi2Ln9/MB8GA1UdIwQY
MBaAFM9TwMKnCp4LoLhg0ikE27DpK5ILMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejFQQXdxY0tuZ3VndUdEU0tRVGJzT2tya2dzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9iZGE3Y2MtNjQ1Yy00ODIxLWFkMjIt
M2U0NGZjYWMzYmM1LzEvSnQweWFucjhFNGNpbXg2ek5Hb09tTFl1ZjM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9iZGE3Y2MtNjQ1Yy00ODIxLWFkMjItM2U0NGZjYWMzYmM1
LzEvejFQQXdxY0tuZ3VndUdEU0tRVGJzT2tya2dzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/KvMA0G
CSqGSIb3DQEBCwUAA4IBAQAPytuddJR8yWx0X3vN2Fhcok7KOuix/2x6SahqULL3
T5babmoobc+pe2dWFhX9KxhtLjoT4sNxWcAf5M93F/MnGYd4DS1I44W9xdCR20D/
vRrEZxX3a1GrOgBhGGCB//LJHNFfq/hCCeCXTHWymb/krdUUdPHEEz/eZUg2+mI6
748KMSxN3n76HWVr/1+G6W3z9BimzE4ICKxJl/wfNlCfssVGPZ5Zuxdl+4Vu5E2Q
320rHc+Q6I4OBrrmSDAwpF3c1XtgoVBmmFdTVvSHqWWJL38s/TkVc2BwwzJ/aLxP
8m75wg/wr4kuqVu9Yr9zf8Sg3IpdikYm+lzBRRrQ1hMp
-----END CERTIFICATE-----