Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/ghuqRfYijSqDy6vvmfL30Nn92e8.roa
File:                     ghuqRfYijSqDy6vvmfL30Nn92e8.roa (raw, json)
Hash identifier:          KhIYd7KFVuhhPrTQrQQd2vSORMH9DNKUFVo9ZPyNLHk=
Subject key identifier:   82:1B:AA:45:F6:22:8D:2A:83:CB:AB:EF:99:F2:F7:D0:D9:FD:D9:EF
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       018CC4938992E65F0B16C6C2310468DDCBFB
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/ghuqRfYijSqDy6vvmfL30Nn92e8.roa
Signing time:             Mon 01 Jan 2024 10:30:52 +0000
ROA not before:           Mon 01 Jan 2024 10:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199524
IP address blocks:        193.148.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:89:92:e6:5f:0b:16:c6:c2:31:04:68:dd:cb:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: Jan  1 10:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=821baa45f6228d2a83cbabef99f2f7d0d9fdd9ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:55:1c:6c:49:a0:a0:b8:fd:35:59:98:1c:35:
                    30:9a:6b:fe:a3:08:fa:06:e7:27:b1:37:d4:b7:92:
                    cf:c5:fb:1e:37:e0:8d:dd:d3:a7:05:79:e9:b4:e2:
                    98:08:df:64:b1:c3:f3:30:73:66:57:6f:93:24:ba:
                    ce:e7:7b:bc:16:67:8d:e2:ed:01:80:69:fa:55:4f:
                    6e:1c:8f:52:c0:a7:68:44:d9:06:96:fa:ab:a4:9f:
                    5e:34:1f:94:8b:8f:78:8c:94:54:ea:7a:7a:67:44:
                    56:83:95:76:a8:df:74:d4:52:c1:5a:c8:a9:88:30:
                    76:f3:29:f4:e6:e9:13:3a:73:83:2c:fa:8f:42:3c:
                    79:e4:b8:4d:50:cb:9a:0e:0e:f5:02:17:64:01:54:
                    ec:ea:96:ca:45:d7:68:e8:c1:b3:d2:1c:87:10:00:
                    8b:5a:af:24:ed:86:e1:98:2c:8d:bf:a8:01:2d:00:
                    8a:b0:af:0f:16:0f:60:66:76:6d:77:0c:a5:0b:b0:
                    51:d3:63:f1:4d:44:90:96:2e:5c:d0:7c:f3:d3:04:
                    50:e5:73:8f:c6:4e:5b:f9:36:fb:39:79:97:e3:c6:
                    95:5f:90:e2:c2:36:39:07:11:05:d7:d8:f7:04:7e:
                    f6:62:ee:f5:90:12:06:93:1e:e4:c6:ca:65:5f:63:
                    1a:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:1B:AA:45:F6:22:8D:2A:83:CB:AB:EF:99:F2:F7:D0:D9:FD:D9:EF
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/ghuqRfYijSqDy6vvmfL30Nn92e8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.148.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:3e:24:cf:bc:eb:94:ac:ef:f3:d6:ec:76:1f:40:c5:70:41:
         0f:76:ff:b9:16:a2:f8:05:5a:53:70:2f:a4:33:a8:4e:77:79:
         fa:79:1f:13:f4:01:95:f2:b5:be:16:07:63:9b:ab:1a:a8:1e:
         ab:61:20:ed:58:52:fc:4a:c8:d0:4f:66:30:34:d2:e3:b5:9a:
         fa:50:9e:a2:53:5a:c7:c5:99:19:d2:cb:1a:19:2d:ba:5d:62:
         ba:da:33:48:11:d3:48:02:4e:ad:92:1c:db:07:da:36:de:12:
         85:9b:99:8e:91:8b:8f:78:d3:0a:33:c4:05:20:90:5b:c8:6a:
         ce:7c:50:80:a4:e3:18:78:7e:c0:50:a2:7a:a4:26:e3:db:2a:
         13:c2:2d:91:cc:b9:b2:b2:72:10:9c:b4:97:e6:bc:38:38:7e:
         c8:4c:9a:0e:bc:36:24:d5:ba:0f:2e:12:92:96:92:5d:66:15:
         e8:07:ba:1d:96:2e:ba:bc:21:6c:7d:84:5a:ce:41:cf:a2:1d:
         9a:f5:82:14:8f:27:ac:10:44:ce:2f:00:b6:4c:b8:96:3e:ca:
         ff:4b:8e:a5:1e:69:13:5b:26:0c:47:9a:00:e7:06:00:00:fd:
         1e:53:db:7f:eb:15:e3:c2:70:a1:48:30:06:1f:69:7b:03:8c:
         8f:c3:17:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk4mS5l8LFsbCMQRo3cv7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjQwMTAxMTAzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjFiYWE0NWY2MjI4ZDJhODNjYmFiZWY5OWYyZjdkMGQ5ZmRkOWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgVUcbEmgoLj9NVmYHDUwmmv+owj6
BucnsTfUt5LPxfseN+CN3dOnBXnptOKYCN9kscPzMHNmV2+TJLrO53u8FmeN4u0B
gGn6VU9uHI9SwKdoRNkGlvqrpJ9eNB+Ui494jJRU6np6Z0RWg5V2qN901FLBWsip
iDB28yn05ukTOnODLPqPQjx55LhNUMuaDg71AhdkAVTs6pbKRddo6MGz0hyHEACL
Wq8k7YbhmCyNv6gBLQCKsK8PFg9gZnZtdwylC7BR02PxTUSQli5c0Hzz0wRQ5XOP
xk5b+Tb7OXmX48aVX5DiwjY5BxEF19j3BH72Yu71kBIGkx7kxsplX2MajQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIIbqkX2Io0qg8ur75ny99DZ/dnvMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvZ2h1cVJmWWlqU3FEeTZ2dm1mTDMwTm45MmU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwZRfMA0G
CSqGSIb3DQEBCwUAA4IBAQB1PiTPvOuUrO/z1ux2H0DFcEEPdv+5FqL4BVpTcC+k
M6hOd3n6eR8T9AGV8rW+Fgdjm6saqB6rYSDtWFL8SsjQT2YwNNLjtZr6UJ6iU1rH
xZkZ0ssaGS26XWK62jNIEdNIAk6tkhzbB9o23hKFm5mOkYuPeNMKM8QFIJBbyGrO
fFCApOMYeH7AUKJ6pCbj2yoTwi2RzLmysnIQnLSX5rw4OH7ITJoOvDYk1boPLhKS
lpJdZhXoB7odli66vCFsfYRazkHPoh2a9YIUjyesEETOLwC2TLiWPsr/S46lHmkT
WyYMR5oA5wYAAP0eU9t/6xXjwnChSDAGH2l7A4yPwxdk
-----END CERTIFICATE-----