Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/3a45ed-b0b8-4a16-9eec-223f5220a7d3/1/Dc4xWznLBPr8dtNP-A9K6CQdFmE.roa
File:                     Dc4xWznLBPr8dtNP-A9K6CQdFmE.roa (raw, json)
Hash identifier:          6XfuZNLn2YVgKp2BqHukFfXMSp0wNsSdp9XZsIKawGA=
Subject key identifier:   0D:CE:31:5B:39:CB:04:FA:FC:76:D3:4F:F8:0F:4A:E8:24:1D:16:61
Certificate issuer:       /CN=b76115d13a586ada3d9cc5df9ae03e5bab4f4dc0
Certificate serial:       018CC4939092DA00CF11168805CF37722CE0
Authority key identifier: B7:61:15:D1:3A:58:6A:DA:3D:9C:C5:DF:9A:E0:3E:5B:AB:4F:4D:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t2EV0TpYato9nMXfmuA-W6tPTcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/3a45ed-b0b8-4a16-9eec-223f5220a7d3/1/Dc4xWznLBPr8dtNP-A9K6CQdFmE.roa
Signing time:             Mon 01 Jan 2024 10:30:54 +0000
ROA not before:           Mon 01 Jan 2024 10:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24971
IP address blocks:        195.140.252.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/3a45ed-b0b8-4a16-9eec-223f5220a7d3/1/t2EV0TpYato9nMXfmuA-W6tPTcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/3a45ed-b0b8-4a16-9eec-223f5220a7d3/1/t2EV0TpYato9nMXfmuA-W6tPTcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t2EV0TpYato9nMXfmuA-W6tPTcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:90:92:da:00:cf:11:16:88:05:cf:37:72:2c:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b76115d13a586ada3d9cc5df9ae03e5bab4f4dc0
        Validity
            Not Before: Jan  1 10:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0dce315b39cb04fafc76d34ff80f4ae8241d1661
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:80:30:fc:cf:09:eb:1e:4b:a6:b0:28:9e:7a:
                    99:f5:2e:95:f3:37:c1:f5:4a:6b:5b:5f:9d:3c:d4:
                    c2:69:23:5d:89:3e:90:11:29:84:ca:a4:76:06:cd:
                    de:fa:48:6b:f3:3f:6d:da:03:9f:c4:5b:b8:90:1c:
                    fa:b5:33:50:b4:80:40:6c:d2:a1:d2:c0:39:4c:07:
                    ac:24:f8:f8:3e:cd:9e:b4:b7:e9:48:43:66:ac:26:
                    af:9f:a6:e1:d2:fe:0e:c2:88:17:d8:77:8a:96:e5:
                    9b:c2:24:c0:97:fe:3f:b6:a6:2d:5e:9b:ff:5d:dc:
                    40:b1:a6:b6:5d:ff:b1:62:a4:fd:32:3c:a3:e8:27:
                    cb:89:c6:98:f2:8f:f2:8d:29:02:bd:f9:20:a5:74:
                    d1:51:96:80:eb:01:e0:f6:e1:2b:40:ac:59:32:f9:
                    7f:54:91:d9:06:0d:d2:d0:f4:50:d2:a7:30:43:ce:
                    e0:72:63:f1:53:18:45:dc:1c:90:9b:c5:49:a4:b5:
                    08:d9:9b:3d:7f:bc:1a:f3:e2:19:d4:d0:33:d0:b7:
                    ac:de:e4:49:ff:c2:95:f9:4b:b5:b6:4a:02:f2:19:
                    ca:7a:69:75:f2:c1:6d:73:94:d1:c3:e3:d5:8f:00:
                    0b:95:4d:6b:af:80:a2:6d:3a:9a:4f:7e:6f:e0:71:
                    14:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:CE:31:5B:39:CB:04:FA:FC:76:D3:4F:F8:0F:4A:E8:24:1D:16:61
            X509v3 Authority Key Identifier:
                keyid:B7:61:15:D1:3A:58:6A:DA:3D:9C:C5:DF:9A:E0:3E:5B:AB:4F:4D:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t2EV0TpYato9nMXfmuA-W6tPTcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/3a45ed-b0b8-4a16-9eec-223f5220a7d3/1/Dc4xWznLBPr8dtNP-A9K6CQdFmE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/3a45ed-b0b8-4a16-9eec-223f5220a7d3/1/t2EV0TpYato9nMXfmuA-W6tPTcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.140.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         63:1f:bc:89:bc:03:5b:25:dc:4e:ca:66:16:4d:d6:5c:cd:69:
         0e:38:43:c4:98:dc:d6:37:62:60:88:d8:c2:5c:7a:ce:ae:61:
         12:a3:af:ca:73:a2:a2:e0:fa:2c:e5:0d:fa:76:ba:e6:71:4a:
         5d:05:e9:01:34:1b:7a:49:07:d5:7d:ef:42:80:5f:ba:7f:5a:
         d2:e7:57:2c:f4:11:26:19:ec:8a:e1:e0:d5:40:6f:8e:1b:de:
         42:10:ac:10:c9:27:15:75:e9:4f:af:05:43:10:35:fc:bc:78:
         fd:66:cf:a4:39:fd:81:d9:73:95:44:bb:8c:29:1c:34:4a:14:
         b6:1c:5e:91:f5:06:e1:15:9e:87:50:cb:38:fc:fc:ed:31:17:
         b1:fa:68:f5:4f:77:dc:5a:eb:54:8e:82:75:28:1d:b5:d4:2b:
         7a:67:c2:04:72:fe:07:4b:38:e0:81:d5:0a:b8:bb:7d:71:e2:
         e9:16:f5:2c:d3:d2:2e:1f:bc:71:25:36:5d:1a:4f:38:0a:bd:
         bd:eb:d4:12:36:d0:22:a6:1b:19:31:f6:9c:8b:d6:e2:d0:e2:
         69:40:91:65:ad:4c:58:cb:43:77:d0:c7:85:43:5b:9a:0d:d2:
         55:c0:00:96:91:9e:1d:fd:71:a9:3b:e5:9f:86:65:c2:c1:5a:
         60:4e:b6:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk5CS2gDPERaIBc83cizgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3NjExNWQxM2E1ODZhZGEzZDljYzVkZjlhZTAzZTViYWI0
ZjRkYzAwHhcNMjQwMTAxMTAzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGNlMzE1YjM5Y2IwNGZhZmM3NmQzNGZmODBmNGFlODI0MWQxNjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhoAw/M8J6x5LprAonnqZ9S6V8zfB
9UprW1+dPNTCaSNdiT6QESmEyqR2Bs3e+khr8z9t2gOfxFu4kBz6tTNQtIBAbNKh
0sA5TAesJPj4Ps2etLfpSENmrCavn6bh0v4OwogX2HeKluWbwiTAl/4/tqYtXpv/
XdxAsaa2Xf+xYqT9Mjyj6CfLicaY8o/yjSkCvfkgpXTRUZaA6wHg9uErQKxZMvl/
VJHZBg3S0PRQ0qcwQ87gcmPxUxhF3ByQm8VJpLUI2Zs9f7wa8+IZ1NAz0Les3uRJ
/8KV+Uu1tkoC8hnKeml18sFtc5TRw+PVjwALlU1rr4CibTqaT35v4HEUXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA3OMVs5ywT6/HbTT/gPSugkHRZhMB8GA1UdIwQY
MBaAFLdhFdE6WGraPZzF35rgPlurT03AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDJFVjBUcFlhdG85bk1YZm11QS1XNnRQVGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi8zYTQ1ZWQtYjBiOC00YTE2LTllZWMt
MjIzZjUyMjBhN2QzLzEvRGM0eFd6bkxCUHI4ZHROUC1BOUs2Q1FkRm1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi8zYTQ1ZWQtYjBiOC00YTE2LTllZWMtMjIzZjUyMjBhN2Qz
LzEvdDJFVjBUcFlhdG85bk1YZm11QS1XNnRQVGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw4z8MA0G
CSqGSIb3DQEBCwUAA4IBAQBjH7yJvANbJdxOymYWTdZczWkOOEPEmNzWN2JgiNjC
XHrOrmESo6/Kc6Ki4Pos5Q36drrmcUpdBekBNBt6SQfVfe9CgF+6f1rS51cs9BEm
GeyK4eDVQG+OG95CEKwQyScVdelPrwVDEDX8vHj9Zs+kOf2B2XOVRLuMKRw0ShS2
HF6R9QbhFZ6HUMs4/PztMRex+mj1T3fcWutUjoJ1KB211Ct6Z8IEcv4HSzjggdUK
uLt9ceLpFvUs09IuH7xxJTZdGk84Cr2969QSNtAiphsZMfaci9bi0OJpQJFlrUxY
y0N30MeFQ1uaDdJVwACWkZ4d/XGpO+WfhmXCwVpgTrYx
-----END CERTIFICATE-----