Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/pQ-FkRaEsl0Bsntxt40U2YMKpbc.roa
File:                     pQ-FkRaEsl0Bsntxt40U2YMKpbc.roa (raw, json)
Hash identifier:          339nvpl+Hdk/qw4TwFsle0uKi4XFmCucC9buIxfUOEs=
Subject key identifier:   A5:0F:85:91:16:84:B2:5D:01:B2:7B:71:B7:8D:14:D9:83:0A:A5:B7
Certificate issuer:       /CN=5a6f9295521df30a158f506ba7cb873ab9529dc3
Certificate serial:       018CC348FADA651BD4DD231EF3A2E666662A
Authority key identifier: 5A:6F:92:95:52:1D:F3:0A:15:8F:50:6B:A7:CB:87:3A:B9:52:9D:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wm-SlVId8woVj1Brp8uHOrlSncM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/pQ-FkRaEsl0Bsntxt40U2YMKpbc.roa
Signing time:             Mon 01 Jan 2024 04:29:49 +0000
ROA not before:           Mon 01 Jan 2024 04:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50148
IP address blocks:        195.130.122.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/Wm-SlVId8woVj1Brp8uHOrlSncM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/Wm-SlVId8woVj1Brp8uHOrlSncM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wm-SlVId8woVj1Brp8uHOrlSncM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:fa:da:65:1b:d4:dd:23:1e:f3:a2:e6:66:66:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a6f9295521df30a158f506ba7cb873ab9529dc3
        Validity
            Not Before: Jan  1 04:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a50f85911684b25d01b27b71b78d14d9830aa5b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:b6:15:82:15:b4:36:91:40:78:dd:b5:6e:fd:
                    3e:3f:95:ed:06:ae:4f:8a:e5:13:4d:f3:b9:95:98:
                    0b:62:64:bf:65:b4:c3:26:d5:3e:d1:5e:a6:a1:45:
                    6d:91:fc:f7:4f:0d:01:56:32:26:e0:0e:97:d3:56:
                    02:b2:a7:c9:ad:77:6d:62:17:f1:2d:98:98:5f:6f:
                    6d:b3:93:5f:b9:4e:af:e5:a4:9f:00:1d:db:0c:69:
                    74:f3:b1:00:44:26:2e:20:a5:77:0f:59:61:58:40:
                    d0:1f:7f:c8:ab:a6:2d:02:f8:41:9d:ec:01:44:d6:
                    88:bf:fb:1b:a7:c3:a2:53:b4:9c:c3:fa:62:af:79:
                    51:d8:0e:df:df:c0:a6:77:af:db:fa:74:6c:df:f2:
                    06:2c:83:59:6f:9c:78:4f:8a:2e:0f:c7:ef:1a:7d:
                    09:2a:31:cd:c5:33:c4:0f:50:41:2b:64:ed:ab:8e:
                    3e:77:30:7f:6e:f1:3c:84:af:e8:b8:72:ad:0a:53:
                    b0:f2:d2:e9:4e:67:61:ff:bf:88:31:0d:ff:5a:8d:
                    cf:46:92:74:e9:f5:90:6c:43:34:cb:36:0f:a8:6d:
                    bd:d8:3a:ba:0a:3a:c2:3a:77:50:c7:85:f3:00:62:
                    6f:c3:28:a9:13:88:14:ba:58:d2:48:59:78:d0:6e:
                    65:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:0F:85:91:16:84:B2:5D:01:B2:7B:71:B7:8D:14:D9:83:0A:A5:B7
            X509v3 Authority Key Identifier:
                keyid:5A:6F:92:95:52:1D:F3:0A:15:8F:50:6B:A7:CB:87:3A:B9:52:9D:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wm-SlVId8woVj1Brp8uHOrlSncM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/pQ-FkRaEsl0Bsntxt40U2YMKpbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/Wm-SlVId8woVj1Brp8uHOrlSncM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.130.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:b8:87:b2:4a:5b:63:98:28:4c:2e:b1:2d:51:22:cd:e9:3e:
         5c:0d:b9:9c:fb:88:ed:88:11:93:9f:8d:fc:ce:aa:57:57:78:
         51:b0:93:15:3a:01:98:10:c8:63:e9:41:fb:2f:16:d6:ea:5b:
         b0:e4:6c:91:9f:8a:19:79:1b:93:dc:92:c3:2f:53:f9:76:cb:
         be:ca:e9:8b:f1:71:db:d9:df:32:c6:44:5d:80:f5:75:a3:cd:
         af:05:56:2b:63:30:a3:51:9e:38:55:a2:d9:d0:fa:64:b8:ab:
         96:76:c3:66:35:a1:ae:3a:be:a7:92:f5:d4:65:0e:47:44:75:
         2d:84:1d:36:5e:72:9c:66:01:85:c3:78:cf:3b:77:31:0c:f5:
         f2:a1:e4:8c:00:91:bb:7d:3c:b7:74:38:a0:db:92:7e:31:d3:
         49:76:00:71:5f:8e:e9:6b:24:62:a7:05:d2:58:f8:69:35:f5:
         3b:8a:63:f6:c8:7b:2f:18:ed:26:40:40:bd:f6:22:d9:16:ec:
         cd:af:91:a0:53:7a:ed:28:a6:c8:87:f3:74:fa:33:2e:07:a1:
         20:1d:27:51:d3:33:09:39:5f:1b:89:2b:cb:15:ef:e4:71:ae:
         b5:81:bd:7d:16:43:d7:4d:42:d0:9d:80:72:52:18:f7:c3:63:
         a9:5d:af:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSPraZRvU3SMe86LmZmYqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhNmY5Mjk1NTIxZGYzMGExNThmNTA2YmE3Y2I4NzNhYjk1
MjlkYzMwHhcNMjQwMTAxMDQyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTBmODU5MTE2ODRiMjVkMDFiMjdiNzFiNzhkMTRkOTgzMGFhNWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7YVghW0NpFAeN21bv0+P5XtBq5P
iuUTTfO5lZgLYmS/ZbTDJtU+0V6moUVtkfz3Tw0BVjIm4A6X01YCsqfJrXdtYhfx
LZiYX29ts5NfuU6v5aSfAB3bDGl087EARCYuIKV3D1lhWEDQH3/Iq6YtAvhBnewB
RNaIv/sbp8OiU7Scw/pir3lR2A7f38Cmd6/b+nRs3/IGLINZb5x4T4ouD8fvGn0J
KjHNxTPED1BBK2Ttq44+dzB/bvE8hK/ouHKtClOw8tLpTmdh/7+IMQ3/Wo3PRpJ0
6fWQbEM0yzYPqG292Dq6CjrCOndQx4XzAGJvwyipE4gUuljSSFl40G5lyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKUPhZEWhLJdAbJ7cbeNFNmDCqW3MB8GA1UdIwQY
MBaAFFpvkpVSHfMKFY9Qa6fLhzq5Up3DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV20tU2xWSWQ4d29WajFCcnA4dUhPcmxTbmNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWY5M2ItYmUzMS00NWNmLWFhN2Ut
YWFhNDU1M2QyYWJkLzEvcFEtRmtSYUVzbDBCc250eHQ0MFUyWU1LcGJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWY5M2ItYmUzMS00NWNmLWFhN2UtYWFhNDU1M2QyYWJk
LzEvV20tU2xWSWQ4d29WajFCcnA4dUhPcmxTbmNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4J6MA0G
CSqGSIb3DQEBCwUAA4IBAQAGuIeySltjmChMLrEtUSLN6T5cDbmc+4jtiBGTn438
zqpXV3hRsJMVOgGYEMhj6UH7LxbW6luw5GyRn4oZeRuT3JLDL1P5dsu+yumL8XHb
2d8yxkRdgPV1o82vBVYrYzCjUZ44VaLZ0PpkuKuWdsNmNaGuOr6nkvXUZQ5HRHUt
hB02XnKcZgGFw3jPO3cxDPXyoeSMAJG7fTy3dDig25J+MdNJdgBxX47payRipwXS
WPhpNfU7imP2yHsvGO0mQEC99iLZFuzNr5GgU3rtKKbIh/N0+jMuB6EgHSdR0zMJ
OV8biSvLFe/kca61gb19FkPXTULQnYByUhj3w2OpXa8/
-----END CERTIFICATE-----