Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/0FUpzQlZHmJAfl-6bnFCG_OsqKA.roa
File:                     0FUpzQlZHmJAfl-6bnFCG_OsqKA.roa (raw, json)
Hash identifier:          usHqdISMWMqlGRxNFnWCbwZ14tkgBOCViUfGw+y74JA=
Subject key identifier:   D0:55:29:CD:09:59:1E:62:40:7E:5F:BA:6E:71:42:1B:F3:AC:A8:A0
Certificate issuer:       /CN=c105adc5c4262dff6b3f3e606830c7f971d766ce
Certificate serial:       019102B5F47259D3C030E0EF72C344166AF5
Authority key identifier: C1:05:AD:C5:C4:26:2D:FF:6B:3F:3E:60:68:30:C7:F9:71:D7:66:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wQWtxcQmLf9rPz5gaDDH-XHXZs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/0FUpzQlZHmJAfl-6bnFCG_OsqKA.roa
Signing time:             Tue 30 Jul 2024 08:16:04 +0000
ROA not before:           Tue 30 Jul 2024 08:16:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206462
IP address blocks:        195.123.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/wQWtxcQmLf9rPz5gaDDH-XHXZs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/wQWtxcQmLf9rPz5gaDDH-XHXZs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wQWtxcQmLf9rPz5gaDDH-XHXZs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:02:b5:f4:72:59:d3:c0:30:e0:ef:72:c3:44:16:6a:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c105adc5c4262dff6b3f3e606830c7f971d766ce
        Validity
            Not Before: Jul 30 08:16:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d05529cd09591e62407e5fba6e71421bf3aca8a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ce:59:29:01:ee:7e:6b:79:66:d6:ad:28:e1:
                    36:81:fa:97:5c:b2:65:66:1d:7d:2e:90:40:2c:2d:
                    f2:62:76:39:1f:64:7a:b7:9d:47:0a:4f:12:91:88:
                    29:48:a9:29:1b:6d:08:65:99:78:90:31:42:ad:c3:
                    12:aa:78:f0:ce:22:67:3b:3e:54:1f:9b:47:f1:d8:
                    51:ee:84:12:86:da:09:1a:2c:a7:04:3e:6a:eb:59:
                    da:03:7e:80:17:ee:d7:bb:66:e4:1a:e3:81:af:29:
                    aa:b4:da:2f:d8:51:f7:42:0c:b1:87:2d:a6:00:9d:
                    08:34:43:5e:00:5e:f3:7a:7f:88:52:05:e8:fa:0d:
                    bf:85:ee:aa:d5:cb:33:5d:c7:49:5e:af:2b:12:ed:
                    be:01:16:6b:e1:05:81:97:1d:5d:3c:40:d1:2c:bc:
                    99:f8:73:60:af:b8:a5:37:3c:75:51:3e:49:68:33:
                    ee:fa:4a:7f:1d:60:36:db:e4:cd:83:ac:d6:bd:7f:
                    13:b0:c8:0e:23:09:07:c9:65:1f:e9:c0:8f:a1:b7:
                    d0:60:57:75:cc:e2:b6:88:1a:77:4f:03:95:84:a3:
                    2a:59:aa:f8:4b:00:79:11:1f:d3:80:af:2b:98:df:
                    f7:b5:4e:d4:9e:9c:30:87:26:e6:df:4a:db:06:92:
                    05:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:55:29:CD:09:59:1E:62:40:7E:5F:BA:6E:71:42:1B:F3:AC:A8:A0
            X509v3 Authority Key Identifier:
                keyid:C1:05:AD:C5:C4:26:2D:FF:6B:3F:3E:60:68:30:C7:F9:71:D7:66:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wQWtxcQmLf9rPz5gaDDH-XHXZs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/0FUpzQlZHmJAfl-6bnFCG_OsqKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/wQWtxcQmLf9rPz5gaDDH-XHXZs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.123.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:e7:62:75:2f:a5:50:c0:48:35:f0:f4:e5:c2:46:4c:5e:5f:
         54:42:a3:4f:1d:8e:42:3a:8b:a1:33:eb:67:0c:ba:00:86:7d:
         29:23:de:b8:c0:26:4c:fd:8f:3a:48:9f:a4:56:f9:0c:97:11:
         18:ce:50:67:44:fc:67:44:74:71:31:ab:56:14:b3:87:87:33:
         78:58:fb:9f:bf:5e:85:4f:6a:c2:0a:07:fd:dd:60:9c:40:91:
         bd:f1:3e:cc:47:a4:50:e5:62:2e:cb:42:fb:40:db:e8:0d:97:
         bc:a8:d0:ec:a5:59:dc:16:05:9d:b7:77:76:3c:84:4f:c3:30:
         96:a7:13:97:6f:9f:ce:bc:6a:10:d5:95:b8:43:9a:ab:7f:9c:
         7e:bc:71:e6:03:70:93:77:68:f3:09:48:a9:3c:ca:ea:52:3b:
         24:ac:83:c6:40:87:96:5c:3c:a4:e6:57:bf:21:89:15:b2:ab:
         2d:33:a5:f0:b5:72:b0:4f:8f:19:b5:17:78:21:96:8d:72:73:
         17:a6:77:6b:bd:09:b4:91:b7:cf:fb:67:22:24:fc:6c:f8:3b:
         48:36:1c:32:aa:b2:ab:41:c7:95:58:3c:22:59:f5:0e:f0:5a:
         e3:cf:00:b3:c2:82:cc:df:c4:00:34:d9:32:cd:c2:38:59:c6:
         00:49:8a:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZECtfRyWdPAMODvcsNEFmr1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMDVhZGM1YzQyNjJkZmY2YjNmM2U2MDY4MzBjN2Y5NzFk
NzY2Y2UwHhcNMjQwNzMwMDgxNjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDU1MjljZDA5NTkxZTYyNDA3ZTVmYmE2ZTcxNDIxYmYzYWNhOGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvs5ZKQHufmt5ZtatKOE2gfqXXLJl
Zh19LpBALC3yYnY5H2R6t51HCk8SkYgpSKkpG20IZZl4kDFCrcMSqnjwziJnOz5U
H5tH8dhR7oQShtoJGiynBD5q61naA36AF+7Xu2bkGuOBrymqtNov2FH3Qgyxhy2m
AJ0INENeAF7zen+IUgXo+g2/he6q1cszXcdJXq8rEu2+ARZr4QWBlx1dPEDRLLyZ
+HNgr7ilNzx1UT5JaDPu+kp/HWA22+TNg6zWvX8TsMgOIwkHyWUf6cCPobfQYFd1
zOK2iBp3TwOVhKMqWar4SwB5ER/TgK8rmN/3tU7Unpwwhybm30rbBpIFaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNBVKc0JWR5iQH5fum5xQhvzrKigMB8GA1UdIwQY
MBaAFMEFrcXEJi3/az8+YGgwx/lx12bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1FXdHhjUW1MZjlyUHo1Z2FEREgtWEhYWnM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9jNDkxNzItZjhkYS00MTI4LTg2ODkt
NTE1ODQ1ZTZjMzE3LzEvMEZVcHpRbFpIbUpBZmwtNmJuRkNHX09zcUtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9jNDkxNzItZjhkYS00MTI4LTg2ODktNTE1ODQ1ZTZjMzE3
LzEvd1FXdHhjUW1MZjlyUHo1Z2FEREgtWEhYWnM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw3utMA0G
CSqGSIb3DQEBCwUAA4IBAQB+52J1L6VQwEg18PTlwkZMXl9UQqNPHY5COouhM+tn
DLoAhn0pI964wCZM/Y86SJ+kVvkMlxEYzlBnRPxnRHRxMatWFLOHhzN4WPufv16F
T2rCCgf93WCcQJG98T7MR6RQ5WIuy0L7QNvoDZe8qNDspVncFgWdt3d2PIRPwzCW
pxOXb5/OvGoQ1ZW4Q5qrf5x+vHHmA3CTd2jzCUipPMrqUjskrIPGQIeWXDyk5le/
IYkVsqstM6XwtXKwT48ZtRd4IZaNcnMXpndrvQm0kbfP+2ciJPxs+DtINhwyqrKr
QceVWDwiWfUO8FrjzwCzwoLM38QANNkyzcI4WcYASYqY
-----END CERTIFICATE-----