Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/bb4854-1c51-4bc7-8b24-9bc3e56f7af7/1/G4nNtG1N5fSsMzEXaRdi1cA8mkI.roa
File:                     G4nNtG1N5fSsMzEXaRdi1cA8mkI.roa (raw, json)
Hash identifier:          EvdiDNTnhK3QfnHR3XXfVwvKNRIFZfiN1G5ITBMHrfU=
Subject key identifier:   1B:89:CD:B4:6D:4D:E5:F4:AC:33:31:17:69:17:62:D5:C0:3C:9A:42
Certificate issuer:       /CN=b992f38b55bfc137bb9ed026fa0033eef8fa7d50
Certificate serial:       018CC6B929D57627FC5FE18B59F6378497CF
Authority key identifier: B9:92:F3:8B:55:BF:C1:37:BB:9E:D0:26:FA:00:33:EE:F8:FA:7D:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZLzi1W_wTe7ntAm-gAz7vj6fVA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/bb4854-1c51-4bc7-8b24-9bc3e56f7af7/1/G4nNtG1N5fSsMzEXaRdi1cA8mkI.roa
Signing time:             Mon 01 Jan 2024 20:31:12 +0000
ROA not before:           Mon 01 Jan 2024 20:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39296
IP address blocks:        195.250.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/bb4854-1c51-4bc7-8b24-9bc3e56f7af7/1/uZLzi1W_wTe7ntAm-gAz7vj6fVA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/bb4854-1c51-4bc7-8b24-9bc3e56f7af7/1/uZLzi1W_wTe7ntAm-gAz7vj6fVA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZLzi1W_wTe7ntAm-gAz7vj6fVA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:29:d5:76:27:fc:5f:e1:8b:59:f6:37:84:97:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b992f38b55bfc137bb9ed026fa0033eef8fa7d50
        Validity
            Not Before: Jan  1 20:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b89cdb46d4de5f4ac333117691762d5c03c9a42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:cc:e4:df:67:cb:47:66:7b:5c:f9:3c:a9:98:
                    f1:81:11:e3:c6:f7:bc:73:04:5d:94:7c:ba:04:fc:
                    4b:4a:a7:d8:30:94:86:1e:9c:c7:2e:68:b5:20:1f:
                    73:f9:db:11:6a:4d:8b:51:b6:ed:65:18:91:49:29:
                    b9:f0:42:49:43:23:cb:a4:b2:bf:f3:58:94:07:85:
                    82:7c:41:de:48:35:b1:e9:4f:9e:a2:b2:89:e1:c1:
                    9d:ef:d9:c7:bc:ff:b2:ca:ca:6b:41:c5:97:83:b7:
                    1c:4b:4c:f2:85:04:6f:1a:3b:cc:59:c9:7e:49:9b:
                    e9:42:d2:95:bd:66:ea:0c:3f:44:b9:1c:1a:54:34:
                    77:ee:dd:b2:be:03:f5:a5:a4:80:11:8e:4f:88:f4:
                    e1:ea:21:23:1d:8c:3b:22:9f:c0:95:71:89:73:72:
                    fb:a0:d6:d1:91:47:53:02:d4:45:5c:ca:4f:02:7c:
                    3b:ce:03:a0:a0:19:45:5b:67:be:9a:60:70:17:e8:
                    ae:40:21:9d:d6:5a:3b:36:22:5b:59:50:8c:4e:e6:
                    33:04:54:17:4d:28:e3:e0:cc:61:22:3d:94:f1:cb:
                    c7:d1:85:f6:8e:c6:13:16:8d:bc:2e:64:66:3f:ab:
                    07:77:67:2b:7b:5d:32:55:68:2d:26:19:19:12:a8:
                    14:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:89:CD:B4:6D:4D:E5:F4:AC:33:31:17:69:17:62:D5:C0:3C:9A:42
            X509v3 Authority Key Identifier:
                keyid:B9:92:F3:8B:55:BF:C1:37:BB:9E:D0:26:FA:00:33:EE:F8:FA:7D:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZLzi1W_wTe7ntAm-gAz7vj6fVA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/bb4854-1c51-4bc7-8b24-9bc3e56f7af7/1/G4nNtG1N5fSsMzEXaRdi1cA8mkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/bb4854-1c51-4bc7-8b24-9bc3e56f7af7/1/uZLzi1W_wTe7ntAm-gAz7vj6fVA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.250.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:bd:f4:ed:7b:2a:ae:d9:54:81:57:a5:3b:07:39:da:56:b0:
         d2:aa:e9:ed:cd:cf:6b:5d:aa:7d:3d:a1:76:dc:00:c2:6d:79:
         95:96:69:5b:9e:74:59:eb:81:64:18:eb:54:58:5e:be:ab:c0:
         d3:a4:cd:e0:08:13:86:39:7b:f8:db:e9:0a:d7:65:20:ca:b4:
         07:51:5c:ef:95:66:ab:9a:01:85:8d:19:93:4d:dd:72:3e:58:
         74:71:78:68:6a:2e:24:30:bc:55:63:aa:e6:63:73:e0:cf:b7:
         54:82:d3:3d:a6:ae:3a:28:06:31:49:88:d2:04:4d:16:b8:96:
         dc:f3:d6:20:5c:8c:cd:67:09:c6:44:13:a2:c3:5a:1e:5e:42:
         ea:87:6a:0d:f0:cc:fc:2b:54:ef:15:c8:53:b5:49:57:19:c2:
         47:d1:d8:41:ba:5b:d8:7b:a9:ce:df:f7:f3:ad:d4:4a:d0:88:
         5b:39:14:2f:4f:36:91:6e:9e:44:2a:81:99:66:71:5e:a3:26:
         9c:de:70:3c:21:88:1c:26:42:62:63:7e:d5:bc:da:fb:1d:dd:
         9b:fa:ca:c5:9c:4f:36:ee:c3:b1:df:4f:ea:ab:90:1e:bb:a3:
         99:19:5d:e4:36:0b:5c:cc:42:e9:ea:13:80:c5:b1:ca:e1:25:
         69:2c:e9:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuSnVdif8X+GLWfY3hJfPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTJmMzhiNTViZmMxMzdiYjllZDAyNmZhMDAzM2VlZjhm
YTdkNTAwHhcNMjQwMTAxMjAzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjg5Y2RiNDZkNGRlNWY0YWMzMzMxMTc2OTE3NjJkNWMwM2M5YTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8zk32fLR2Z7XPk8qZjxgRHjxve8
cwRdlHy6BPxLSqfYMJSGHpzHLmi1IB9z+dsRak2LUbbtZRiRSSm58EJJQyPLpLK/
81iUB4WCfEHeSDWx6U+eorKJ4cGd79nHvP+yysprQcWXg7ccS0zyhQRvGjvMWcl+
SZvpQtKVvWbqDD9EuRwaVDR37t2yvgP1paSAEY5PiPTh6iEjHYw7Ip/AlXGJc3L7
oNbRkUdTAtRFXMpPAnw7zgOgoBlFW2e+mmBwF+iuQCGd1lo7NiJbWVCMTuYzBFQX
TSjj4MxhIj2U8cvH0YX2jsYTFo28LmRmP6sHd2cre10yVWgtJhkZEqgULwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBuJzbRtTeX0rDMxF2kXYtXAPJpCMB8GA1UdIwQY
MBaAFLmS84tVv8E3u57QJvoAM+74+n1QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpMemkxV193VGU3bnRBbS1nQXo3dmo2ZlZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi9iYjQ4NTQtMWM1MS00YmM3LThiMjQt
OWJjM2U1NmY3YWY3LzEvRzRuTnRHMU41ZlNzTXpFWGFSZGkxY0E4bWtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi9iYjQ4NTQtMWM1MS00YmM3LThiMjQtOWJjM2U1NmY3YWY3
LzEvdVpMemkxV193VGU3bnRBbS1nQXo3dmo2ZlZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/o0MA0G
CSqGSIb3DQEBCwUAA4IBAQDBvfTteyqu2VSBV6U7BznaVrDSquntzc9rXap9PaF2
3ADCbXmVlmlbnnRZ64FkGOtUWF6+q8DTpM3gCBOGOXv42+kK12UgyrQHUVzvlWar
mgGFjRmTTd1yPlh0cXhoai4kMLxVY6rmY3Pgz7dUgtM9pq46KAYxSYjSBE0WuJbc
89YgXIzNZwnGRBOiw1oeXkLqh2oN8Mz8K1TvFchTtUlXGcJH0dhBulvYe6nO3/fz
rdRK0IhbORQvTzaRbp5EKoGZZnFeoyac3nA8IYgcJkJiY37VvNr7Hd2b+srFnE82
7sOx30/qq5Aeu6OZGV3kNgtczELp6hOAxbHK4SVpLOmM
-----END CERTIFICATE-----