Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/abdafc-b389-4518-b12d-2cc342b00519/1/uV0NgrNEXBC0viZgEhknno8qFB4.roa
File:                     uV0NgrNEXBC0viZgEhknno8qFB4.roa (raw, json)
Hash identifier:          mJBAeHnn3+2cQxcYsF6Q7nnPDnBBr0bWkVSZ3eMqjvM=
Subject key identifier:   B9:5D:0D:82:B3:44:5C:10:B4:BE:26:60:12:19:27:9E:8F:2A:14:1E
Certificate issuer:       /CN=c84ac52e2b572cc2a99a741257e569aa371e3568
Certificate serial:       018CC56E1C17AA9CF1C931885BA533F80B7A
Authority key identifier: C8:4A:C5:2E:2B:57:2C:C2:A9:9A:74:12:57:E5:69:AA:37:1E:35:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yErFLitXLMKpmnQSV-VpqjceNWg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/abdafc-b389-4518-b12d-2cc342b00519/1/uV0NgrNEXBC0viZgEhknno8qFB4.roa
Signing time:             Mon 01 Jan 2024 14:29:36 +0000
ROA not before:           Mon 01 Jan 2024 14:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196651
IP address blocks:        195.246.244.0/24 maxlen: 24
                          195.246.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/abdafc-b389-4518-b12d-2cc342b00519/1/yErFLitXLMKpmnQSV-VpqjceNWg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/abdafc-b389-4518-b12d-2cc342b00519/1/yErFLitXLMKpmnQSV-VpqjceNWg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yErFLitXLMKpmnQSV-VpqjceNWg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:1c:17:aa:9c:f1:c9:31:88:5b:a5:33:f8:0b:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c84ac52e2b572cc2a99a741257e569aa371e3568
        Validity
            Not Before: Jan  1 14:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b95d0d82b3445c10b4be26601219279e8f2a141e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:84:82:ea:72:a1:0a:75:ee:28:4c:b4:61:85:
                    3a:3b:4b:4a:e7:1d:8e:db:c9:21:0f:e2:1e:d3:6d:
                    bf:29:49:f5:9d:64:c9:d4:c5:c5:fa:37:7a:4e:47:
                    c5:a0:1b:45:59:72:6d:af:51:0b:85:c7:d0:51:59:
                    51:66:6f:62:27:4d:60:45:8b:6d:30:79:50:28:cf:
                    96:af:39:3e:a8:4e:27:32:a9:9f:3f:2b:3e:02:51:
                    ac:28:4a:1f:33:ad:f3:54:ac:2e:a2:cf:2f:9c:39:
                    5f:11:61:9f:95:81:9a:ae:1a:da:9f:fb:4b:88:1c:
                    d0:4e:eb:f9:c0:44:26:00:8a:86:f8:09:33:e6:2f:
                    b2:44:b3:8c:8c:7f:9d:b3:92:69:d0:f0:28:7d:46:
                    98:73:d8:89:72:c8:be:0a:63:a7:bd:90:23:bc:d2:
                    50:88:8e:af:08:5d:75:1c:14:be:62:e7:7b:1d:01:
                    77:91:7c:11:a0:85:50:84:7e:55:82:59:ef:ce:cd:
                    31:7b:c9:92:d7:d5:2b:bb:0d:ac:15:42:3b:19:39:
                    b8:fe:f2:46:0f:21:2e:d5:40:20:5c:4f:a7:f8:eb:
                    1f:53:59:fd:73:40:b9:8d:bb:bb:ef:94:45:86:bf:
                    ee:f3:11:91:e0:e8:9a:c0:d7:da:fe:72:8b:36:c6:
                    ce:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:5D:0D:82:B3:44:5C:10:B4:BE:26:60:12:19:27:9E:8F:2A:14:1E
            X509v3 Authority Key Identifier:
                keyid:C8:4A:C5:2E:2B:57:2C:C2:A9:9A:74:12:57:E5:69:AA:37:1E:35:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yErFLitXLMKpmnQSV-VpqjceNWg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/abdafc-b389-4518-b12d-2cc342b00519/1/uV0NgrNEXBC0viZgEhknno8qFB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/abdafc-b389-4518-b12d-2cc342b00519/1/yErFLitXLMKpmnQSV-VpqjceNWg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.246.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9d:40:8c:cd:2d:5b:81:aa:40:d6:9a:91:cf:89:e3:1a:e0:05:
         62:5e:ae:9a:28:cf:00:b0:c1:af:0c:02:49:57:5c:a7:95:28:
         3e:e1:31:e3:a8:bd:d9:84:b3:d8:a5:bc:b9:c7:c8:91:aa:ce:
         5d:5f:7a:f8:4f:ef:ba:19:86:c5:83:21:63:8b:f7:63:51:9c:
         aa:1e:78:46:cb:50:87:00:45:17:c2:0b:62:bc:52:a1:54:aa:
         d3:7c:2a:42:15:79:6f:c6:ba:d1:7e:9b:22:2d:0f:5e:28:89:
         88:97:d2:a4:1f:46:e7:b3:ff:41:69:55:10:35:06:9c:b7:38:
         78:4f:dd:ee:39:d6:25:a8:c3:72:c6:05:30:14:08:8e:4b:a8:
         d8:7c:1f:76:a1:db:52:05:5e:26:c0:a3:b0:1e:af:b5:5a:97:
         f2:39:cc:eb:68:ab:e0:33:a5:8a:80:f6:88:18:11:cc:b1:fb:
         06:29:ba:dd:2e:55:85:91:0f:0b:1f:e4:21:9b:34:91:8e:05:
         cd:7f:2e:ad:44:52:30:ad:0d:d7:1c:27:57:3d:a1:5f:e8:84:
         92:f4:81:e2:66:41:3e:a0:eb:41:6b:ad:ef:20:cc:79:99:10:
         9b:9c:2e:96:29:2c:9c:98:2e:b3:77:dd:a4:5e:b8:99:a9:c2:
         41:75:3a:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhwXqpzxyTGIW6Uz+At6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NGFjNTJlMmI1NzJjYzJhOTlhNzQxMjU3ZTU2OWFhMzcx
ZTM1NjgwHhcNMjQwMTAxMTQyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTVkMGQ4MmIzNDQ1YzEwYjRiZTI2NjAxMjE5Mjc5ZThmMmExNDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhoSC6nKhCnXuKEy0YYU6O0tK5x2O
28khD+Ie022/KUn1nWTJ1MXF+jd6TkfFoBtFWXJtr1ELhcfQUVlRZm9iJ01gRYtt
MHlQKM+Wrzk+qE4nMqmfPys+AlGsKEofM63zVKwuos8vnDlfEWGflYGarhran/tL
iBzQTuv5wEQmAIqG+Akz5i+yRLOMjH+ds5Jp0PAofUaYc9iJcsi+CmOnvZAjvNJQ
iI6vCF11HBS+Yud7HQF3kXwRoIVQhH5Vglnvzs0xe8mS19Uruw2sFUI7GTm4/vJG
DyEu1UAgXE+n+OsfU1n9c0C5jbu775RFhr/u8xGR4OiawNfa/nKLNsbOWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLldDYKzRFwQtL4mYBIZJ56PKhQeMB8GA1UdIwQY
MBaAFMhKxS4rVyzCqZp0Elflaao3HjVoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUVyRkxpdFhMTUtwbW5RU1YtVnBxamNlTldnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS9hYmRhZmMtYjM4OS00NTE4LWIxMmQt
MmNjMzQyYjAwNTE5LzEvdVYwTmdyTkVYQkMwdmlaZ0Voa25ubzhxRkI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS9hYmRhZmMtYjM4OS00NTE4LWIxMmQtMmNjMzQyYjAwNTE5
LzEveUVyRkxpdFhMTUtwbW5RU1YtVnBxamNlTldnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw/b0MA0G
CSqGSIb3DQEBCwUAA4IBAQCdQIzNLVuBqkDWmpHPieMa4AViXq6aKM8AsMGvDAJJ
V1ynlSg+4THjqL3ZhLPYpby5x8iRqs5dX3r4T++6GYbFgyFji/djUZyqHnhGy1CH
AEUXwgtivFKhVKrTfCpCFXlvxrrRfpsiLQ9eKImIl9KkH0bns/9BaVUQNQactzh4
T93uOdYlqMNyxgUwFAiOS6jYfB92odtSBV4mwKOwHq+1WpfyOczraKvgM6WKgPaI
GBHMsfsGKbrdLlWFkQ8LH+QhmzSRjgXNfy6tRFIwrQ3XHCdXPaFf6ISS9IHiZkE+
oOtBa63vIMx5mRCbnC6WKSycmC6zd92kXriZqcJBdTpY
-----END CERTIFICATE-----