Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/SSQiMzaGbi9d8HIcBP24gTxAO9w.roa
File:                     SSQiMzaGbi9d8HIcBP24gTxAO9w.roa (raw, json)
Hash identifier:          4mn6YCnN6h00oIQaYvQwGrwvPE0b1IMpqT6TE9QSKng=
Subject key identifier:   49:24:22:33:36:86:6E:2F:5D:F0:72:1C:04:FD:B8:81:3C:40:3B:DC
Certificate issuer:       /CN=c105adc5c4262dff6b3f3e606830c7f971d766ce
Certificate serial:       018CC3B6DAAA223BDE7FEE2391D4781E5740
Authority key identifier: C1:05:AD:C5:C4:26:2D:FF:6B:3F:3E:60:68:30:C7:F9:71:D7:66:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wQWtxcQmLf9rPz5gaDDH-XHXZs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/SSQiMzaGbi9d8HIcBP24gTxAO9w.roa
Signing time:             Mon 01 Jan 2024 06:29:49 +0000
ROA not before:           Mon 01 Jan 2024 06:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209748
IP address blocks:        195.123.122.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/wQWtxcQmLf9rPz5gaDDH-XHXZs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/wQWtxcQmLf9rPz5gaDDH-XHXZs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wQWtxcQmLf9rPz5gaDDH-XHXZs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:da:aa:22:3b:de:7f:ee:23:91:d4:78:1e:57:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c105adc5c4262dff6b3f3e606830c7f971d766ce
        Validity
            Not Before: Jan  1 06:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4924223336866e2f5df0721c04fdb8813c403bdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:13:b1:67:8a:b3:d4:fa:c1:7e:4c:f1:af:77:
                    05:55:16:73:cb:10:8d:f0:06:b5:bd:6a:5d:71:ed:
                    17:00:2e:b8:87:7f:82:56:0b:6e:a2:61:f1:12:7b:
                    5a:f9:ee:5c:75:6f:1d:46:a2:bf:3d:0e:e5:8a:db:
                    24:a4:c2:38:fc:14:d6:bf:bd:1f:2e:65:80:71:a3:
                    8c:a6:cb:71:fb:28:11:dd:af:42:d4:23:19:6f:a4:
                    ea:76:f0:aa:09:d8:39:15:82:bc:40:04:7c:0e:fc:
                    c2:8c:99:7d:15:f7:ef:14:1c:4a:86:46:03:2f:c7:
                    6e:84:56:de:47:c4:68:1a:4f:9d:4a:a3:2e:df:d1:
                    71:72:d9:c3:f1:c0:33:ee:72:f8:8a:d2:97:8e:2a:
                    a8:7e:c3:3b:a2:e4:3f:d4:46:55:8b:76:1d:11:61:
                    c7:9e:eb:24:54:87:2c:d5:e7:df:11:6d:ff:d2:42:
                    3a:b4:3a:7a:e1:d8:b4:1c:19:b1:d4:25:ef:00:94:
                    8f:cf:2b:2f:20:96:ec:c1:84:47:88:fa:c9:4a:18:
                    0e:29:96:8d:df:a3:87:a7:19:47:28:dd:22:08:2a:
                    4e:2a:f0:4a:4c:aa:c9:09:d8:7a:c4:11:0a:dc:13:
                    68:41:cf:bb:b1:df:58:bb:94:b9:e1:a5:bf:69:6b:
                    69:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:24:22:33:36:86:6E:2F:5D:F0:72:1C:04:FD:B8:81:3C:40:3B:DC
            X509v3 Authority Key Identifier:
                keyid:C1:05:AD:C5:C4:26:2D:FF:6B:3F:3E:60:68:30:C7:F9:71:D7:66:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wQWtxcQmLf9rPz5gaDDH-XHXZs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/SSQiMzaGbi9d8HIcBP24gTxAO9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/wQWtxcQmLf9rPz5gaDDH-XHXZs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.123.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:a8:a6:4e:09:57:b9:74:93:66:fa:68:c1:7f:72:40:99:66:
         53:50:a4:f3:d0:ec:3c:b9:84:98:9b:db:95:17:93:eb:be:87:
         a4:8b:f3:1c:b1:48:17:36:2a:27:62:07:8e:71:6e:ea:fd:7b:
         83:14:c6:ca:eb:34:58:7e:4e:bf:b8:52:e0:48:68:45:bb:70:
         9b:29:76:91:8e:cd:02:52:56:1b:59:89:cb:46:40:f1:7b:5e:
         22:fc:56:fd:78:5d:60:e5:29:fb:c5:c3:72:03:a5:42:c2:27:
         fe:c9:4d:02:ab:1f:c6:1b:b7:3e:7d:a9:7c:8a:22:94:8d:ed:
         22:db:11:34:00:1b:58:03:d9:97:cc:bd:f1:21:3a:f1:69:ac:
         fd:e7:5b:83:aa:55:af:ec:92:a9:75:26:63:91:e3:65:eb:a8:
         b5:a5:14:52:7a:15:59:b2:e3:db:81:9d:1e:0b:16:1c:b8:b9:
         25:1b:7e:0f:e5:07:71:00:2a:dc:d1:b3:7b:be:a3:a7:fc:f9:
         70:f3:ed:87:d0:00:ff:46:6b:b8:f1:96:ca:43:b2:b0:41:94:
         51:a6:28:2c:9f:82:66:a2:f1:7d:73:a1:2a:08:c3:20:8c:ab:
         b2:34:0d:c5:dc:0b:6f:61:9b:65:df:a4:dd:ce:58:71:3b:2c:
         5b:71:51:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDttqqIjvef+4jkdR4HldAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMDVhZGM1YzQyNjJkZmY2YjNmM2U2MDY4MzBjN2Y5NzFk
NzY2Y2UwHhcNMjQwMTAxMDYyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTI0MjIzMzM2ODY2ZTJmNWRmMDcyMWMwNGZkYjg4MTNjNDAzYmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoxOxZ4qz1PrBfkzxr3cFVRZzyxCN
8Aa1vWpdce0XAC64h3+CVgtuomHxEnta+e5cdW8dRqK/PQ7litskpMI4/BTWv70f
LmWAcaOMpstx+ygR3a9C1CMZb6TqdvCqCdg5FYK8QAR8DvzCjJl9FffvFBxKhkYD
L8duhFbeR8RoGk+dSqMu39FxctnD8cAz7nL4itKXjiqofsM7ouQ/1EZVi3YdEWHH
nuskVIcs1effEW3/0kI6tDp64di0HBmx1CXvAJSPzysvIJbswYRHiPrJShgOKZaN
36OHpxlHKN0iCCpOKvBKTKrJCdh6xBEK3BNoQc+7sd9Yu5S54aW/aWtp8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEkkIjM2hm4vXfByHAT9uIE8QDvcMB8GA1UdIwQY
MBaAFMEFrcXEJi3/az8+YGgwx/lx12bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1FXdHhjUW1MZjlyUHo1Z2FEREgtWEhYWnM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9jNDkxNzItZjhkYS00MTI4LTg2ODkt
NTE1ODQ1ZTZjMzE3LzEvU1NRaU16YUdiaTlkOEhJY0JQMjRnVHhBTzl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9jNDkxNzItZjhkYS00MTI4LTg2ODktNTE1ODQ1ZTZjMzE3
LzEvd1FXdHhjUW1MZjlyUHo1Z2FEREgtWEhYWnM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw3t6MA0G
CSqGSIb3DQEBCwUAA4IBAQCUqKZOCVe5dJNm+mjBf3JAmWZTUKTz0Ow8uYSYm9uV
F5Prvoeki/McsUgXNionYgeOcW7q/XuDFMbK6zRYfk6/uFLgSGhFu3CbKXaRjs0C
UlYbWYnLRkDxe14i/Fb9eF1g5Sn7xcNyA6VCwif+yU0Cqx/GG7c+fal8iiKUje0i
2xE0ABtYA9mXzL3xITrxaaz951uDqlWv7JKpdSZjkeNl66i1pRRSehVZsuPbgZ0e
CxYcuLklG34P5QdxACrc0bN7vqOn/Plw8+2H0AD/Rmu48ZbKQ7KwQZRRpigsn4Jm
ovF9c6EqCMMgjKuyNA3F3AtvYZtl36TdzlhxOyxbcVEI
-----END CERTIFICATE-----