Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/ae1166-d606-45b7-9a22-7bc83220fb62/1/N3gDeS19Y9DS7iAexxOGZS2oXf8.roa
File:                     N3gDeS19Y9DS7iAexxOGZS2oXf8.roa (raw, json)
Hash identifier:          oL3rRrO87Lk8vRr/OetyDeGjv8GXiUVX1PVNJOOJsPw=
Subject key identifier:   37:78:03:79:2D:7D:63:D0:D2:EE:20:1E:C7:13:86:65:2D:A8:5D:FF
Certificate issuer:       /CN=97f697013433b891d64697d928663be734dba4e7
Certificate serial:       018CC501285B9D34A7855E6F703116F688EE
Authority key identifier: 97:F6:97:01:34:33:B8:91:D6:46:97:D9:28:66:3B:E7:34:DB:A4:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l_aXATQzuJHWRpfZKGY75zTbpOc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/ae1166-d606-45b7-9a22-7bc83220fb62/1/N3gDeS19Y9DS7iAexxOGZS2oXf8.roa
Signing time:             Mon 01 Jan 2024 12:30:36 +0000
ROA not before:           Mon 01 Jan 2024 12:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21147
IP address blocks:        195.190.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/ae1166-d606-45b7-9a22-7bc83220fb62/1/l_aXATQzuJHWRpfZKGY75zTbpOc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/ae1166-d606-45b7-9a22-7bc83220fb62/1/l_aXATQzuJHWRpfZKGY75zTbpOc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l_aXATQzuJHWRpfZKGY75zTbpOc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:28:5b:9d:34:a7:85:5e:6f:70:31:16:f6:88:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97f697013433b891d64697d928663be734dba4e7
        Validity
            Not Before: Jan  1 12:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=377803792d7d63d0d2ee201ec71386652da85dff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:26:7d:1d:30:7d:8c:a4:2a:84:d1:43:13:6b:
                    41:cf:a0:9c:3c:0e:28:94:71:59:22:09:bf:ef:8c:
                    27:04:9e:fa:ef:74:6c:5e:2e:26:49:63:36:42:5e:
                    59:0e:e4:e6:f2:d9:ac:0f:52:14:25:b3:98:de:7d:
                    f4:d5:b4:26:51:f4:6a:2a:6d:fa:3e:3b:c9:c6:92:
                    05:5c:3f:f7:1f:ff:2a:56:fb:49:0e:0e:9c:a5:ed:
                    1e:ed:79:ff:41:c0:8d:f3:a7:1a:5d:b1:ac:f9:2e:
                    ea:31:d4:39:04:ee:df:44:d3:f9:39:cb:dc:5e:a1:
                    70:69:09:54:ae:91:40:3d:a5:da:da:2f:5b:4a:98:
                    0b:87:30:05:c0:ea:cc:ff:e7:5f:1e:64:b1:6a:ef:
                    f2:ff:f8:77:95:21:eb:38:f9:2c:51:92:a4:fc:5a:
                    d8:bd:6d:57:96:a8:a4:c8:26:d4:87:0c:56:d4:9d:
                    c7:4e:06:a1:15:ee:d7:e1:2c:b0:16:74:89:ce:eb:
                    1f:5e:95:d1:e4:75:91:8b:e8:4b:50:9e:ac:85:26:
                    ff:25:9e:d8:b7:d4:32:a3:31:8b:b0:7c:99:c7:89:
                    a8:ca:ad:3a:95:13:96:77:5d:65:54:bb:e3:7a:f4:
                    66:5b:00:0c:91:ad:cb:29:81:5f:f5:6b:d5:a7:03:
                    0d:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:78:03:79:2D:7D:63:D0:D2:EE:20:1E:C7:13:86:65:2D:A8:5D:FF
            X509v3 Authority Key Identifier:
                keyid:97:F6:97:01:34:33:B8:91:D6:46:97:D9:28:66:3B:E7:34:DB:A4:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l_aXATQzuJHWRpfZKGY75zTbpOc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/ae1166-d606-45b7-9a22-7bc83220fb62/1/N3gDeS19Y9DS7iAexxOGZS2oXf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/ae1166-d606-45b7-9a22-7bc83220fb62/1/l_aXATQzuJHWRpfZKGY75zTbpOc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.190.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:49:76:f8:ab:77:dc:f3:ae:61:03:9c:cc:ec:99:aa:0d:5a:
         f1:d7:14:25:d0:bc:fb:01:b8:e0:30:58:f9:c7:b1:6a:98:04:
         48:cc:72:f8:3d:91:f9:c3:f3:38:6c:cc:e4:97:69:15:22:e1:
         49:4f:66:2a:48:b5:d1:fb:fd:bd:22:39:27:e1:22:2b:17:dd:
         83:09:32:c2:cc:4c:37:48:9f:c4:9d:db:a9:05:15:7b:95:4a:
         57:fe:a8:44:af:35:9d:8b:1f:04:b4:e7:6b:80:4d:0e:d1:5b:
         95:6b:17:a6:77:09:73:03:32:5a:d9:40:f9:e8:6e:44:be:e7:
         44:00:c8:42:54:d2:df:f6:d1:73:ea:db:72:b6:17:d5:1b:38:
         75:82:78:fc:4b:0c:21:30:a7:14:6d:f1:22:52:f9:44:bd:5f:
         68:7c:5e:1e:4f:97:42:40:dd:b0:95:e3:f8:65:ad:65:d8:7c:
         29:d2:21:dc:7a:72:27:e2:e5:56:ee:79:47:37:1c:74:c6:bd:
         69:08:1b:5c:7f:55:9a:fd:cd:ec:8a:3e:0a:37:34:a7:9f:a8:
         cc:a3:d5:ec:79:24:7f:c8:7f:18:6c:ff:85:ed:a5:5d:e4:63:
         54:69:c0:e0:5c:1a:8a:77:1d:e8:f4:a7:42:ac:9a:ea:dc:1c:
         fe:f6:da:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAShbnTSnhV5vcDEW9ojuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3ZjY5NzAxMzQzM2I4OTFkNjQ2OTdkOTI4NjYzYmU3MzRk
YmE0ZTcwHhcNMjQwMTAxMTIzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzc4MDM3OTJkN2Q2M2QwZDJlZTIwMWVjNzEzODY2NTJkYTg1ZGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyyZ9HTB9jKQqhNFDE2tBz6CcPA4o
lHFZIgm/74wnBJ7673RsXi4mSWM2Ql5ZDuTm8tmsD1IUJbOY3n301bQmUfRqKm36
PjvJxpIFXD/3H/8qVvtJDg6cpe0e7Xn/QcCN86caXbGs+S7qMdQ5BO7fRNP5Ocvc
XqFwaQlUrpFAPaXa2i9bSpgLhzAFwOrM/+dfHmSxau/y//h3lSHrOPksUZKk/FrY
vW1XlqikyCbUhwxW1J3HTgahFe7X4SywFnSJzusfXpXR5HWRi+hLUJ6shSb/JZ7Y
t9QyozGLsHyZx4moyq06lROWd11lVLvjevRmWwAMka3LKYFf9WvVpwMNJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDd4A3ktfWPQ0u4gHscThmUtqF3/MB8GA1UdIwQY
MBaAFJf2lwE0M7iR1kaX2ShmO+c026TnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbF9hWEFUUXp1SkhXUnBmWktHWTc1elRicE9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9hZTExNjYtZDYwNi00NWI3LTlhMjIt
N2JjODMyMjBmYjYyLzEvTjNnRGVTMTlZOURTN2lBZXh4T0daUzJvWGY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9hZTExNjYtZDYwNi00NWI3LTlhMjItN2JjODMyMjBmYjYy
LzEvbF9hWEFUUXp1SkhXUnBmWktHWTc1elRicE9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw76NMA0G
CSqGSIb3DQEBCwUAA4IBAQBOSXb4q3fc865hA5zM7JmqDVrx1xQl0Lz7AbjgMFj5
x7FqmARIzHL4PZH5w/M4bMzkl2kVIuFJT2YqSLXR+/29Ijkn4SIrF92DCTLCzEw3
SJ/EndupBRV7lUpX/qhErzWdix8EtOdrgE0O0VuVaxemdwlzAzJa2UD56G5EvudE
AMhCVNLf9tFz6ttythfVGzh1gnj8SwwhMKcUbfEiUvlEvV9ofF4eT5dCQN2wleP4
Za1l2Hwp0iHcenIn4uVW7nlHNxx0xr1pCBtcf1Wa/c3sij4KNzSnn6jMo9XseSR/
yH8YbP+F7aVd5GNUacDgXBqKdx3o9KdCrJrq3Bz+9trx
-----END CERTIFICATE-----