Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/4dTOZjWeEgiLHXLXxTfudTJUsQY.roa
File:                     4dTOZjWeEgiLHXLXxTfudTJUsQY.roa (raw, json)
Hash identifier:          wGRsLcdQqnconTq6nHCv8g3t+oIVZMlT8Cnve2SiC2Q=
Subject key identifier:   E1:D4:CE:66:35:9E:12:08:8B:1D:72:D7:C5:37:EE:75:32:54:B1:06
Certificate issuer:       /CN=c105adc5c4262dff6b3f3e606830c7f971d766ce
Certificate serial:       018EBCE1BD36A4A4AC7B7613DC36C2540FB3
Authority key identifier: C1:05:AD:C5:C4:26:2D:FF:6B:3F:3E:60:68:30:C7:F9:71:D7:66:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wQWtxcQmLf9rPz5gaDDH-XHXZs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/4dTOZjWeEgiLHXLXxTfudTJUsQY.roa
Signing time:             Mon 08 Apr 2024 08:44:54 +0000
ROA not before:           Mon 08 Apr 2024 08:44:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49227
IP address blocks:        195.123.192.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/wQWtxcQmLf9rPz5gaDDH-XHXZs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/wQWtxcQmLf9rPz5gaDDH-XHXZs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wQWtxcQmLf9rPz5gaDDH-XHXZs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:bc:e1:bd:36:a4:a4:ac:7b:76:13:dc:36:c2:54:0f:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c105adc5c4262dff6b3f3e606830c7f971d766ce
        Validity
            Not Before: Apr  8 08:44:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1d4ce66359e12088b1d72d7c537ee753254b106
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:ee:b3:63:c8:11:e8:56:01:13:6d:a7:79:98:
                    04:50:24:e1:4b:22:dc:e8:fb:46:06:43:10:90:f3:
                    6a:a5:eb:3f:c1:7a:74:af:fa:99:ee:94:c5:20:76:
                    4e:ec:22:44:af:03:9b:b2:01:75:d2:87:2e:96:c4:
                    ff:16:83:0c:c8:4e:12:dc:bf:f1:14:43:0a:c0:9e:
                    82:e9:37:8b:03:03:46:af:ad:15:0a:fe:ff:27:03:
                    ef:c0:4f:c7:da:f3:49:07:e3:24:e5:df:a5:ca:87:
                    39:bb:bc:9e:c8:f8:80:15:8d:da:fb:a4:c1:34:da:
                    f2:cd:8e:f0:53:58:62:76:6c:66:f9:50:cf:a3:96:
                    49:91:3c:a7:0a:4b:a4:1e:80:51:3d:ea:4c:a2:83:
                    89:81:e8:ed:d3:e6:7b:10:5f:20:3f:37:88:23:49:
                    9b:7f:a1:83:6e:51:f3:59:11:9f:2a:66:d4:e0:56:
                    82:d2:7e:8e:b8:b7:a2:5b:65:01:62:c5:8b:58:e0:
                    0f:ac:0d:62:90:d0:c7:38:fa:69:26:bd:69:a7:dc:
                    9c:ef:2b:a4:37:d8:03:cd:7d:ce:90:f3:26:7d:98:
                    e0:18:e5:f5:98:38:f4:a5:95:a2:1e:0d:d4:12:0f:
                    ae:51:1e:55:ea:80:5d:b3:42:13:60:70:6d:8f:6c:
                    80:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:D4:CE:66:35:9E:12:08:8B:1D:72:D7:C5:37:EE:75:32:54:B1:06
            X509v3 Authority Key Identifier:
                keyid:C1:05:AD:C5:C4:26:2D:FF:6B:3F:3E:60:68:30:C7:F9:71:D7:66:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wQWtxcQmLf9rPz5gaDDH-XHXZs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/4dTOZjWeEgiLHXLXxTfudTJUsQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/wQWtxcQmLf9rPz5gaDDH-XHXZs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.123.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:5b:5d:5d:8c:2a:92:d9:06:c0:00:fb:01:ae:57:ae:89:8c:
         ab:49:aa:c5:a9:a7:b3:2a:80:f4:b7:c4:38:a6:35:e1:93:6c:
         6e:8d:44:0d:bb:65:31:9a:a7:ac:13:8f:f2:b7:65:71:38:74:
         49:7d:48:c5:04:c8:2f:33:bd:0c:59:f7:bd:0e:c5:d1:b5:25:
         a8:b1:6b:98:18:ec:77:92:45:ea:d2:62:66:d4:51:ad:f7:f8:
         b4:8f:dc:3c:d6:11:c7:24:e5:94:4f:d4:25:6c:b5:fa:aa:39:
         48:c9:a8:51:5f:bf:8e:97:14:b6:45:59:4d:da:9f:db:80:03:
         b5:94:c2:f9:0c:fe:95:9c:8f:64:c8:91:6e:b7:97:c4:e7:d9:
         04:dd:62:31:85:e4:10:c2:3a:73:e6:56:fc:d1:b5:31:12:a0:
         6d:08:54:8b:11:18:96:8c:7e:b5:bf:da:e2:ea:ba:3d:73:af:
         27:7c:47:01:70:42:25:23:84:d1:a9:7e:26:93:9d:08:3d:01:
         2e:87:00:63:87:e8:5f:3d:85:93:49:c5:87:09:25:67:56:fa:
         d7:de:65:de:26:30:57:bd:65:80:b9:92:e0:b5:95:2d:a4:f8:
         36:03:d1:10:51:df:da:bd:04:4b:85:db:4a:f7:b8:fb:3a:f4:
         dc:69:3c:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY684b02pKSse3YT3DbCVA+zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMDVhZGM1YzQyNjJkZmY2YjNmM2U2MDY4MzBjN2Y5NzFk
NzY2Y2UwHhcNMjQwNDA4MDg0NDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWQ0Y2U2NjM1OWUxMjA4OGIxZDcyZDdjNTM3ZWU3NTMyNTRiMTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzO6zY8gR6FYBE22neZgEUCThSyLc
6PtGBkMQkPNqpes/wXp0r/qZ7pTFIHZO7CJErwObsgF10oculsT/FoMMyE4S3L/x
FEMKwJ6C6TeLAwNGr60VCv7/JwPvwE/H2vNJB+Mk5d+lyoc5u7yeyPiAFY3a+6TB
NNryzY7wU1hidmxm+VDPo5ZJkTynCkukHoBRPepMooOJgejt0+Z7EF8gPzeII0mb
f6GDblHzWRGfKmbU4FaC0n6OuLeiW2UBYsWLWOAPrA1ikNDHOPppJr1pp9yc7yuk
N9gDzX3OkPMmfZjgGOX1mDj0pZWiHg3UEg+uUR5V6oBds0ITYHBtj2yA0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOHUzmY1nhIIix1y18U37nUyVLEGMB8GA1UdIwQY
MBaAFMEFrcXEJi3/az8+YGgwx/lx12bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1FXdHhjUW1MZjlyUHo1Z2FEREgtWEhYWnM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9jNDkxNzItZjhkYS00MTI4LTg2ODkt
NTE1ODQ1ZTZjMzE3LzEvNGRUT1pqV2VFZ2lMSFhMWHhUZnVkVEpVc1FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9jNDkxNzItZjhkYS00MTI4LTg2ODktNTE1ODQ1ZTZjMzE3
LzEvd1FXdHhjUW1MZjlyUHo1Z2FEREgtWEhYWnM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw3vAMA0G
CSqGSIb3DQEBCwUAA4IBAQApW11djCqS2QbAAPsBrleuiYyrSarFqaezKoD0t8Q4
pjXhk2xujUQNu2UxmqesE4/yt2VxOHRJfUjFBMgvM70MWfe9DsXRtSWosWuYGOx3
kkXq0mJm1FGt9/i0j9w81hHHJOWUT9QlbLX6qjlIyahRX7+OlxS2RVlN2p/bgAO1
lML5DP6VnI9kyJFut5fE59kE3WIxheQQwjpz5lb80bUxEqBtCFSLERiWjH61v9ri
6ro9c68nfEcBcEIlI4TRqX4mk50IPQEuhwBjh+hfPYWTScWHCSVnVvrX3mXeJjBX
vWWAuZLgtZUtpPg2A9EQUd/avQRLhdtK97j7OvTcaTzs
-----END CERTIFICATE-----