Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/5e4f7a-0a1c-4f07-b2da-673de700f112/1/_KeLkpPXzyVQSlc-Y8eZxer2imA.roa
File:                     _KeLkpPXzyVQSlc-Y8eZxer2imA.roa (raw, json)
Hash identifier:          M/Bt7/Uq1ZL7QI4mRE5BJhJruYGy89AQk6nTaAKEh74=
Subject key identifier:   FC:A7:8B:92:93:D7:CF:25:50:4A:57:3E:63:C7:99:C5:EA:F6:8A:60
Certificate issuer:       /CN=58ce32a57bd4169e5bddb498aa5507ef834e4772
Certificate serial:       018CC94CD7BA087DEB44CFCDFB0B49918B05
Authority key identifier: 58:CE:32:A5:7B:D4:16:9E:5B:DD:B4:98:AA:55:07:EF:83:4E:47:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WM4ypXvUFp5b3bSYqlUH74NOR3I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/5e4f7a-0a1c-4f07-b2da-673de700f112/1/_KeLkpPXzyVQSlc-Y8eZxer2imA.roa
Signing time:             Tue 02 Jan 2024 08:31:45 +0000
ROA not before:           Tue 02 Jan 2024 08:31:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398464
IP address blocks:        195.64.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/5e4f7a-0a1c-4f07-b2da-673de700f112/1/WM4ypXvUFp5b3bSYqlUH74NOR3I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/5e4f7a-0a1c-4f07-b2da-673de700f112/1/WM4ypXvUFp5b3bSYqlUH74NOR3I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WM4ypXvUFp5b3bSYqlUH74NOR3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:d7:ba:08:7d:eb:44:cf:cd:fb:0b:49:91:8b:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ce32a57bd4169e5bddb498aa5507ef834e4772
        Validity
            Not Before: Jan  2 08:31:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fca78b9293d7cf25504a573e63c799c5eaf68a60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:80:00:39:fa:cd:85:6f:a1:e6:00:a5:76:4e:
                    9d:8a:43:6e:02:b7:0e:a6:2a:3b:42:a6:c4:3c:4b:
                    73:a6:12:40:4c:c3:a6:30:bf:cb:8d:b8:e0:ad:a0:
                    33:65:35:ed:74:d3:19:3b:24:63:c3:5c:75:06:7a:
                    7b:1d:08:14:15:93:35:16:4f:43:a1:c7:b8:26:bf:
                    bb:f4:51:ad:da:3b:53:4d:ea:d4:ea:36:dd:fe:23:
                    3b:da:12:80:5b:9d:50:68:02:b1:3f:79:da:0d:05:
                    c1:93:c1:60:1e:cf:78:08:a7:bb:af:3c:4f:6d:65:
                    55:32:b8:60:75:e5:36:3e:ac:02:7f:fa:c9:99:11:
                    f8:35:ec:c4:6b:bb:ad:7b:bf:c0:e1:1c:b2:52:e2:
                    87:00:85:69:d1:15:fa:c1:eb:a4:11:ba:56:dd:7e:
                    4a:85:60:4c:03:7c:36:c4:a9:17:76:7d:19:d3:1c:
                    64:bb:96:39:be:ae:d7:e8:84:51:56:fb:b7:07:1d:
                    dd:b2:fd:bf:d0:98:0c:75:f2:51:d1:00:20:4e:f6:
                    49:37:55:d0:91:08:58:9d:94:29:ae:01:5c:61:a4:
                    ed:d1:32:c6:89:2b:13:f0:c5:a8:4c:ab:8a:f2:73:
                    69:eb:1e:c2:32:c4:a4:e5:91:01:80:74:bc:26:dc:
                    7f:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:A7:8B:92:93:D7:CF:25:50:4A:57:3E:63:C7:99:C5:EA:F6:8A:60
            X509v3 Authority Key Identifier:
                keyid:58:CE:32:A5:7B:D4:16:9E:5B:DD:B4:98:AA:55:07:EF:83:4E:47:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WM4ypXvUFp5b3bSYqlUH74NOR3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/5e4f7a-0a1c-4f07-b2da-673de700f112/1/_KeLkpPXzyVQSlc-Y8eZxer2imA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/5e4f7a-0a1c-4f07-b2da-673de700f112/1/WM4ypXvUFp5b3bSYqlUH74NOR3I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.64.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:ce:65:4e:89:f4:7e:18:1a:e2:3b:77:0a:58:16:05:53:a9:
         f2:f6:f2:5d:6d:f2:e5:40:78:08:8a:44:e1:d3:c3:09:69:f7:
         d8:1f:d8:27:96:06:96:6c:28:cb:bc:1e:b7:f4:30:66:ce:ef:
         44:16:7b:ea:cb:b5:af:65:11:91:c9:c9:9e:76:95:a4:07:ba:
         94:e3:d9:5f:33:3b:65:35:1d:8c:b7:0c:c4:b3:0d:49:d7:75:
         e9:85:0e:63:3b:78:5e:9d:ef:81:20:1b:d2:bc:da:8f:64:78:
         38:ee:7c:48:da:04:5c:cd:b5:5d:78:3c:f0:3e:b1:9b:15:bc:
         54:e0:93:d5:00:18:64:92:de:96:e5:a2:c5:2a:7b:b1:f4:df:
         31:c2:bb:3e:0b:7b:86:be:bb:da:20:49:f1:a7:e7:a9:58:ad:
         fa:52:3a:fb:0b:24:6c:1f:3f:7f:af:60:81:a3:83:05:fc:b3:
         0f:af:d5:e3:bd:cc:3e:fe:8a:02:55:10:d6:bd:22:75:27:f9:
         07:b8:26:0b:73:bc:3a:51:f6:3e:fe:06:41:62:df:61:4b:1a:
         c1:57:64:84:e3:78:57:12:f5:c9:2d:57:06:d2:48:a8:85:0d:
         ba:12:9f:95:7c:c8:57:81:5f:d3:c5:09:f7:0c:fe:bf:af:41:
         d9:c5:dc:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTNe6CH3rRM/N+wtJkYsFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4Y2UzMmE1N2JkNDE2OWU1YmRkYjQ5OGFhNTUwN2VmODM0
ZTQ3NzIwHhcNMjQwMTAyMDgzMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2E3OGI5MjkzZDdjZjI1NTA0YTU3M2U2M2M3OTljNWVhZjY4YTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiIAAOfrNhW+h5gCldk6dikNuArcO
pio7QqbEPEtzphJATMOmML/LjbjgraAzZTXtdNMZOyRjw1x1Bnp7HQgUFZM1Fk9D
oce4Jr+79FGt2jtTTerU6jbd/iM72hKAW51QaAKxP3naDQXBk8FgHs94CKe7rzxP
bWVVMrhgdeU2PqwCf/rJmRH4NezEa7ute7/A4RyyUuKHAIVp0RX6weukEbpW3X5K
hWBMA3w2xKkXdn0Z0xxku5Y5vq7X6IRRVvu3Bx3dsv2/0JgMdfJR0QAgTvZJN1XQ
kQhYnZQprgFcYaTt0TLGiSsT8MWoTKuK8nNp6x7CMsSk5ZEBgHS8Jtx/CQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPyni5KT188lUEpXPmPHmcXq9opgMB8GA1UdIwQY
MBaAFFjOMqV71BaeW920mKpVB++DTkdyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV000eXBYdlVGcDViM2JTWXFsVUg3NE5PUjNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi81ZTRmN2EtMGExYy00ZjA3LWIyZGEt
NjczZGU3MDBmMTEyLzEvX0tlTGtwUFh6eVZRU2xjLVk4ZVp4ZXIyaW1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi81ZTRmN2EtMGExYy00ZjA3LWIyZGEtNjczZGU3MDBmMTEy
LzEvV000eXBYdlVGcDViM2JTWXFsVUg3NE5PUjNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0B3MA0G
CSqGSIb3DQEBCwUAA4IBAQC7zmVOifR+GBriO3cKWBYFU6ny9vJdbfLlQHgIikTh
08MJaffYH9gnlgaWbCjLvB639DBmzu9EFnvqy7WvZRGRycmedpWkB7qU49lfMztl
NR2MtwzEsw1J13XphQ5jO3hene+BIBvSvNqPZHg47nxI2gRczbVdeDzwPrGbFbxU
4JPVABhkkt6W5aLFKnux9N8xwrs+C3uGvrvaIEnxp+epWK36Ujr7CyRsHz9/r2CB
o4MF/LMPr9Xjvcw+/ooCVRDWvSJ1J/kHuCYLc7w6UfY+/gZBYt9hSxrBV2SE43hX
EvXJLVcG0kiohQ26Ep+VfMhXgV/TxQn3DP6/r0HZxdwo
-----END CERTIFICATE-----