Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/aJxnB20dBq1_jmz6IrDH41qStQI.roa
File:                     aJxnB20dBq1_jmz6IrDH41qStQI.roa (raw, json)
Hash identifier:          2WmceVXVtnM7zrFIEaDX9yAbk5aCNmJYztwdCJchaC4=
Subject key identifier:   68:9C:67:07:6D:1D:06:AD:7F:8E:6C:FA:22:B0:C7:E3:5A:92:B5:02
Certificate issuer:       /CN=c105adc5c4262dff6b3f3e606830c7f971d766ce
Certificate serial:       018DEF796D1EAD349437460055B0A72095E0
Authority key identifier: C1:05:AD:C5:C4:26:2D:FF:6B:3F:3E:60:68:30:C7:F9:71:D7:66:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wQWtxcQmLf9rPz5gaDDH-XHXZs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/aJxnB20dBq1_jmz6IrDH41qStQI.roa
Signing time:             Wed 28 Feb 2024 11:28:48 +0000
ROA not before:           Wed 28 Feb 2024 11:28:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30790
IP address blocks:        195.123.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/wQWtxcQmLf9rPz5gaDDH-XHXZs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/wQWtxcQmLf9rPz5gaDDH-XHXZs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wQWtxcQmLf9rPz5gaDDH-XHXZs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ef:79:6d:1e:ad:34:94:37:46:00:55:b0:a7:20:95:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c105adc5c4262dff6b3f3e606830c7f971d766ce
        Validity
            Not Before: Feb 28 11:28:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=689c67076d1d06ad7f8e6cfa22b0c7e35a92b502
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:29:c9:56:dc:f0:27:ca:20:9f:3f:27:25:f6:
                    7f:10:81:6b:01:b5:d1:81:25:47:7c:7d:a6:3e:89:
                    78:d7:dc:7d:aa:e3:73:4b:25:7d:52:c1:2b:ad:e8:
                    ba:32:91:e9:d9:81:c4:61:49:de:a3:81:2b:92:7b:
                    35:dd:ec:95:8c:bc:86:b9:1e:dd:15:77:11:a7:c2:
                    e4:4f:7a:37:fc:0b:e9:e0:c5:e2:bb:98:f1:f1:00:
                    fc:b7:8c:dd:a8:06:fa:a2:fb:d5:17:ee:d0:7e:80:
                    9e:af:d4:2a:de:20:bf:e1:17:95:57:c0:ce:76:fe:
                    3d:bb:88:ac:57:3f:84:1d:90:0e:65:16:52:3e:0c:
                    37:53:07:98:a7:2b:84:72:59:c6:e1:c7:a8:a2:5b:
                    c1:a8:08:cd:9b:34:ea:4f:7d:c3:b3:34:dc:c7:81:
                    4d:92:84:59:2c:49:ad:bd:d5:d9:db:c4:3f:91:cd:
                    11:06:32:0b:2a:03:64:66:80:9a:a3:3f:66:93:98:
                    80:88:a9:cb:e0:8f:5a:fe:c1:7e:a8:01:c9:68:96:
                    4e:3e:e3:d5:b0:96:c3:2c:55:12:bc:f4:33:c2:f4:
                    f2:dd:a3:42:4b:e9:48:9f:c1:21:24:24:f5:1e:e7:
                    51:5e:21:18:ac:c0:59:35:b2:85:51:2a:d7:41:b7:
                    b8:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:9C:67:07:6D:1D:06:AD:7F:8E:6C:FA:22:B0:C7:E3:5A:92:B5:02
            X509v3 Authority Key Identifier:
                keyid:C1:05:AD:C5:C4:26:2D:FF:6B:3F:3E:60:68:30:C7:F9:71:D7:66:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wQWtxcQmLf9rPz5gaDDH-XHXZs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/aJxnB20dBq1_jmz6IrDH41qStQI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/wQWtxcQmLf9rPz5gaDDH-XHXZs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.123.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:ba:79:62:e4:45:57:75:e5:e4:51:b0:dd:f9:1c:38:a7:02:
         29:75:5f:55:9c:1d:ff:3b:91:75:1c:10:ef:32:f8:41:df:f7:
         3b:7b:29:f3:6f:e0:33:fd:86:ba:5b:24:e2:48:33:ee:ba:37:
         04:46:12:39:4e:8f:fb:c8:4a:3a:bb:65:e5:2e:31:7e:e7:a6:
         0f:41:25:a4:88:5b:50:a1:8e:b7:16:a8:6c:78:fd:a8:76:27:
         6c:8d:9f:8a:37:de:f5:2e:40:ab:da:77:3f:8b:e6:e0:60:24:
         11:e0:90:9a:1b:79:bc:2f:3d:4c:30:cf:97:a9:53:90:22:b5:
         8d:e3:7e:cd:fa:49:30:4d:2c:50:15:cb:f4:35:fe:89:cf:24:
         db:45:3e:f3:11:bc:cd:e2:ee:0b:eb:ec:29:08:9c:f7:49:27:
         7f:11:7f:19:4c:fc:6e:f7:67:fc:63:91:86:38:b3:b7:1f:d1:
         70:6c:ee:db:e9:ad:98:ad:81:2c:ae:95:95:d7:bd:5b:bc:f6:
         9f:13:20:28:cd:f5:9c:9e:be:cb:5e:72:80:93:5b:88:63:b0:
         9b:ef:02:42:68:af:4c:a1:56:33:53:8c:e3:fc:fc:d5:6b:7c:
         47:cd:83:16:e1:ef:35:48:8e:87:5b:6c:59:db:05:b9:74:3c:
         c9:ec:2d:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3veW0erTSUN0YAVbCnIJXgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMDVhZGM1YzQyNjJkZmY2YjNmM2U2MDY4MzBjN2Y5NzFk
NzY2Y2UwHhcNMjQwMjI4MTEyODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODljNjcwNzZkMWQwNmFkN2Y4ZTZjZmEyMmIwYzdlMzVhOTJiNTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiSnJVtzwJ8ognz8nJfZ/EIFrAbXR
gSVHfH2mPol419x9quNzSyV9UsErrei6MpHp2YHEYUneo4Erkns13eyVjLyGuR7d
FXcRp8LkT3o3/Avp4MXiu5jx8QD8t4zdqAb6ovvVF+7QfoCer9Qq3iC/4ReVV8DO
dv49u4isVz+EHZAOZRZSPgw3UweYpyuEclnG4ceoolvBqAjNmzTqT33DszTcx4FN
koRZLEmtvdXZ28Q/kc0RBjILKgNkZoCaoz9mk5iAiKnL4I9a/sF+qAHJaJZOPuPV
sJbDLFUSvPQzwvTy3aNCS+lIn8EhJCT1HudRXiEYrMBZNbKFUSrXQbe4+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGicZwdtHQatf45s+iKwx+NakrUCMB8GA1UdIwQY
MBaAFMEFrcXEJi3/az8+YGgwx/lx12bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1FXdHhjUW1MZjlyUHo1Z2FEREgtWEhYWnM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9jNDkxNzItZjhkYS00MTI4LTg2ODkt
NTE1ODQ1ZTZjMzE3LzEvYUp4bkIyMGRCcTFfam16NklyREg0MXFTdFFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9jNDkxNzItZjhkYS00MTI4LTg2ODktNTE1ODQ1ZTZjMzE3
LzEvd1FXdHhjUW1MZjlyUHo1Z2FEREgtWEhYWnM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw3u6MA0G
CSqGSIb3DQEBCwUAA4IBAQBAunli5EVXdeXkUbDd+Rw4pwIpdV9VnB3/O5F1HBDv
MvhB3/c7eynzb+Az/Ya6WyTiSDPuujcERhI5To/7yEo6u2XlLjF+56YPQSWkiFtQ
oY63FqhseP2odidsjZ+KN971LkCr2nc/i+bgYCQR4JCaG3m8Lz1MMM+XqVOQIrWN
437N+kkwTSxQFcv0Nf6JzyTbRT7zEbzN4u4L6+wpCJz3SSd/EX8ZTPxu92f8Y5GG
OLO3H9FwbO7b6a2YrYEsrpWV171bvPafEyAozfWcnr7LXnKAk1uIY7Cb7wJCaK9M
oVYzU4zj/PzVa3xHzYMW4e81SI6HW2xZ2wW5dDzJ7C3T
-----END CERTIFICATE-----