Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/5CKcJ3WWdLnxNxA8zS9MSqemGeU.roa
File:                     5CKcJ3WWdLnxNxA8zS9MSqemGeU.roa (raw, json)
Hash identifier:          F1W/LYRU/swbDsn7VsjuOlThJoPhjHiHTuqYQgQV4vQ=
Subject key identifier:   E4:22:9C:27:75:96:74:B9:F1:37:10:3C:CD:2F:4C:4A:A7:A6:19:E5
Certificate issuer:       /CN=c105adc5c4262dff6b3f3e606830c7f971d766ce
Certificate serial:       01941F8C84CEF9BC452DAA2447DD9A31543D
Authority key identifier: C1:05:AD:C5:C4:26:2D:FF:6B:3F:3E:60:68:30:C7:F9:71:D7:66:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wQWtxcQmLf9rPz5gaDDH-XHXZs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/5CKcJ3WWdLnxNxA8zS9MSqemGeU.roa
Signing time:             Wed 01 Jan 2025 01:48:10 +0000
ROA not before:           Wed 01 Jan 2025 01:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30790
IP address blocks:        195.123.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/wQWtxcQmLf9rPz5gaDDH-XHXZs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/wQWtxcQmLf9rPz5gaDDH-XHXZs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wQWtxcQmLf9rPz5gaDDH-XHXZs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 06:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:84:ce:f9:bc:45:2d:aa:24:47:dd:9a:31:54:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c105adc5c4262dff6b3f3e606830c7f971d766ce
        Validity
            Not Before: Jan  1 01:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e4229c27759674b9f137103ccd2f4c4aa7a619e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:d3:6d:12:b0:77:d0:5b:ea:98:a4:aa:05:af:
                    97:8e:9c:17:33:41:26:99:7f:48:82:70:85:23:cf:
                    98:fe:bf:af:b6:e6:82:86:9b:8c:13:24:fe:a2:7d:
                    e5:ff:39:11:14:c4:d0:6e:e4:ba:48:8c:95:b5:f7:
                    cc:1a:f0:5d:ef:28:24:a8:72:69:48:d1:40:5d:df:
                    98:e4:e8:e6:41:fc:59:12:c4:ee:89:fe:da:15:38:
                    2a:ae:cc:ec:1f:f6:e3:7b:27:95:43:59:13:8f:13:
                    01:87:f6:6e:a4:05:4d:ef:6f:33:a0:fa:84:16:0f:
                    c9:5c:e4:f2:2a:59:6f:cf:a3:ff:39:8e:3a:c5:3a:
                    db:1e:02:35:5a:85:5e:21:b6:b9:7c:b5:28:9e:68:
                    69:31:c7:62:fe:6c:8c:fe:8a:6e:40:69:b8:51:39:
                    18:b7:24:33:4c:4c:e8:43:9f:df:82:3c:2c:24:11:
                    0b:3a:94:43:6d:af:b8:b2:e1:0c:f1:2a:28:74:a2:
                    be:c5:c8:c4:8b:d6:8a:71:72:81:fc:68:5b:fa:df:
                    49:49:dc:87:4d:d5:93:0f:f4:5b:ef:86:4f:d1:f5:
                    43:54:5d:50:26:23:01:84:ee:4f:42:93:96:bb:4d:
                    af:9b:9e:3b:a4:03:53:ce:74:d8:57:5d:7a:84:0e:
                    1b:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:22:9C:27:75:96:74:B9:F1:37:10:3C:CD:2F:4C:4A:A7:A6:19:E5
            X509v3 Authority Key Identifier:
                keyid:C1:05:AD:C5:C4:26:2D:FF:6B:3F:3E:60:68:30:C7:F9:71:D7:66:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wQWtxcQmLf9rPz5gaDDH-XHXZs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/5CKcJ3WWdLnxNxA8zS9MSqemGeU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/wQWtxcQmLf9rPz5gaDDH-XHXZs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.123.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:5f:3e:18:b6:77:58:05:66:24:71:8e:d2:ba:58:d1:fc:ae:
         50:88:9b:10:06:e1:42:e0:51:8f:b3:3b:d0:fe:ab:7a:56:7d:
         15:06:c9:03:4e:b6:ac:1f:3e:fe:ee:46:8a:33:5b:9b:a2:49:
         f3:fe:9f:4b:86:06:44:11:29:fa:bc:7b:8f:d1:01:bf:45:d5:
         88:6a:7b:69:14:bc:fc:fb:f3:36:25:ed:ea:f8:f7:2e:61:ac:
         da:7e:e6:fe:f7:06:b7:10:87:d6:a8:22:d7:c8:07:98:ab:8a:
         e9:f9:8d:e3:f6:fc:cd:d9:06:89:e7:c2:42:a0:03:21:8b:8b:
         69:40:db:fe:4e:bc:27:e0:ea:52:c7:b8:26:f4:26:90:e6:cf:
         5b:f2:31:8d:fd:05:34:88:d1:60:38:30:c1:48:97:6c:86:8a:
         a8:84:b6:5f:56:41:e5:0b:94:c9:70:5e:49:50:37:f4:44:c3:
         53:1d:fd:3c:01:39:8d:f3:3b:f7:68:08:aa:e9:1d:40:87:66:
         76:77:e5:d1:39:04:03:36:e1:19:b3:a0:48:14:a3:78:a8:8a:
         b2:63:e6:69:32:a4:e1:2d:f6:05:84:de:59:78:85:0f:d9:2f:
         64:c2:b4:a3:5b:5b:d8:36:47:a4:38:7c:22:f1:2d:98:e3:ac:
         80:dd:f7:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjITO+bxFLaokR92aMVQ9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMDVhZGM1YzQyNjJkZmY2YjNmM2U2MDY4MzBjN2Y5NzFk
NzY2Y2UwHhcNMjUwMTAxMDE0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDIyOWMyNzc1OTY3NGI5ZjEzNzEwM2NjZDJmNGM0YWE3YTYxOWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9NtErB30FvqmKSqBa+XjpwXM0Em
mX9IgnCFI8+Y/r+vtuaChpuMEyT+on3l/zkRFMTQbuS6SIyVtffMGvBd7ygkqHJp
SNFAXd+Y5OjmQfxZEsTuif7aFTgqrszsH/bjeyeVQ1kTjxMBh/ZupAVN728zoPqE
Fg/JXOTyKllvz6P/OY46xTrbHgI1WoVeIba5fLUonmhpMcdi/myM/opuQGm4UTkY
tyQzTEzoQ5/fgjwsJBELOpRDba+4suEM8SoodKK+xcjEi9aKcXKB/Ghb+t9JSdyH
TdWTD/Rb74ZP0fVDVF1QJiMBhO5PQpOWu02vm547pANTznTYV116hA4bHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOQinCd1lnS58TcQPM0vTEqnphnlMB8GA1UdIwQY
MBaAFMEFrcXEJi3/az8+YGgwx/lx12bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1FXdHhjUW1MZjlyUHo1Z2FEREgtWEhYWnM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9jNDkxNzItZjhkYS00MTI4LTg2ODkt
NTE1ODQ1ZTZjMzE3LzEvNUNLY0ozV1dkTG54TnhBOHpTOU1TcWVtR2VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9jNDkxNzItZjhkYS00MTI4LTg2ODktNTE1ODQ1ZTZjMzE3
LzEvd1FXdHhjUW1MZjlyUHo1Z2FEREgtWEhYWnM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw3u6MA0G
CSqGSIb3DQEBCwUAA4IBAQBUXz4YtndYBWYkcY7SuljR/K5QiJsQBuFC4FGPszvQ
/qt6Vn0VBskDTrasHz7+7kaKM1uboknz/p9LhgZEESn6vHuP0QG/RdWIantpFLz8
+/M2Je3q+PcuYazafub+9wa3EIfWqCLXyAeYq4rp+Y3j9vzN2QaJ58JCoAMhi4tp
QNv+Trwn4OpSx7gm9CaQ5s9b8jGN/QU0iNFgODDBSJdshoqohLZfVkHlC5TJcF5J
UDf0RMNTHf08ATmN8zv3aAiq6R1Ah2Z2d+XROQQDNuEZs6BIFKN4qIqyY+ZpMqTh
LfYFhN5ZeIUP2S9kwrSjW1vYNkekOHwi8S2Y46yA3fcd
-----END CERTIFICATE-----