Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/iiRK6SjrQDzD7LRT1RkruJaueuc.roa
File:                     iiRK6SjrQDzD7LRT1RkruJaueuc.roa (raw, json)
Hash identifier:          8FC6K78lQwGpmO0Beoh5RbQ7gdZMY1Pg+ogF2LxCPQs=
Subject key identifier:   8A:24:4A:E9:28:EB:40:3C:C3:EC:B4:53:D5:19:2B:B8:96:AE:7A:E7
Certificate issuer:       /CN=081b7a22e51cfb9cf84205e4449998ad55d8f065
Certificate serial:       018CC64B2AAE290605A1DECB68B5440ABA9B
Authority key identifier: 08:1B:7A:22:E5:1C:FB:9C:F8:42:05:E4:44:99:98:AD:55:D8:F0:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/iiRK6SjrQDzD7LRT1RkruJaueuc.roa
Signing time:             Mon 01 Jan 2024 18:31:04 +0000
ROA not before:           Mon 01 Jan 2024 18:31:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60248
IP address blocks:        195.110.38.0/24 maxlen: 24
                          195.110.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/CBt6IuUc-5z4QgXkRJmYrVXY8GU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/CBt6IuUc-5z4QgXkRJmYrVXY8GU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:2a:ae:29:06:05:a1:de:cb:68:b5:44:0a:ba:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=081b7a22e51cfb9cf84205e4449998ad55d8f065
        Validity
            Not Before: Jan  1 18:31:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a244ae928eb403cc3ecb453d5192bb896ae7ae7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:f4:4b:c5:cc:53:88:f0:19:71:bb:03:db:f6:
                    60:41:c2:01:84:c8:b0:df:23:0a:0b:d0:14:a7:20:
                    1c:0a:e7:53:20:b0:44:f1:34:e6:29:0e:f1:c3:fb:
                    7b:15:f4:0d:77:9a:3b:94:02:5a:a2:af:c7:8d:af:
                    67:dc:e1:e9:fb:2a:ac:5e:18:45:fa:18:6f:2c:a3:
                    b7:2c:10:62:8c:4d:6d:90:2d:70:ed:49:77:8d:70:
                    23:31:e2:6c:6c:cf:13:d6:18:c2:7b:5a:20:bf:e5:
                    49:68:9e:b6:83:21:ad:fd:d2:88:da:44:cc:56:42:
                    45:68:4d:d9:47:30:c9:0f:ab:1f:92:a1:3f:b7:26:
                    80:b3:b0:52:db:12:9b:58:83:21:af:27:e6:79:ac:
                    35:11:ea:57:70:fd:35:51:e4:e5:07:46:d6:5e:48:
                    c7:95:ba:fc:3f:2d:8a:9c:2e:6c:24:4f:00:5d:97:
                    c7:34:70:f1:31:cb:23:cf:21:29:fc:dc:a7:6a:38:
                    60:16:e6:78:3f:e4:ea:bd:3c:f5:d5:54:7d:ce:38:
                    7b:1a:3a:71:86:15:bf:ff:28:3e:f7:28:48:45:f2:
                    16:04:b1:81:9c:3d:dd:b7:62:9a:ed:2a:ad:59:fa:
                    78:3a:db:9a:2e:3c:43:58:67:51:ca:73:e4:f6:f6:
                    90:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:24:4A:E9:28:EB:40:3C:C3:EC:B4:53:D5:19:2B:B8:96:AE:7A:E7
            X509v3 Authority Key Identifier:
                keyid:08:1B:7A:22:E5:1C:FB:9C:F8:42:05:E4:44:99:98:AD:55:D8:F0:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/iiRK6SjrQDzD7LRT1RkruJaueuc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/CBt6IuUc-5z4QgXkRJmYrVXY8GU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.110.38.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a5:f1:61:ee:94:a0:3e:58:3b:57:d1:76:45:72:ff:45:ac:86:
         9f:26:58:ae:17:91:a7:04:d8:12:cf:c4:a0:6b:95:97:e1:2b:
         12:36:91:d3:a5:36:43:65:47:14:28:c5:b7:80:fc:c0:3e:87:
         87:e6:e1:ca:01:2b:12:c7:53:1d:0c:56:68:51:b4:68:ad:ae:
         91:6c:e1:d2:d3:ad:ef:24:7e:5e:82:80:df:c6:a5:ca:9c:9e:
         a1:c3:c6:fa:35:28:67:07:ed:a1:85:4a:79:77:d3:6b:0f:f8:
         a6:5f:54:38:0e:b7:0a:15:74:ad:6b:99:8b:58:f7:e4:f2:b5:
         8b:b2:12:0a:72:cc:38:ae:07:79:8a:46:77:b4:77:24:4c:f1:
         30:a2:51:68:35:e5:ae:34:cd:ad:e1:85:38:8d:9d:f4:a9:64:
         5c:a9:93:ff:aa:48:7f:0b:74:4a:a6:f6:b2:30:92:69:58:d0:
         09:72:c3:c5:3f:e6:9f:e6:02:b8:cc:40:df:38:f3:eb:67:59:
         29:37:40:d3:cb:2e:8b:70:b4:7b:9e:df:6d:cc:79:d0:5f:8a:
         8b:b0:55:a9:3f:48:b7:72:34:4a:74:aa:94:7b:95:3a:62:a8:
         d6:7b:55:b5:53:e3:dc:b8:f7:1c:35:40:d5:c3:58:bd:3a:a0:
         a5:46:5a:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSyquKQYFod7LaLVECrqbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MWI3YTIyZTUxY2ZiOWNmODQyMDVlNDQ0OTk5OGFkNTVk
OGYwNjUwHhcNMjQwMTAxMTgzMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTI0NGFlOTI4ZWI0MDNjYzNlY2I0NTNkNTE5MmJiODk2YWU3YWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0/RLxcxTiPAZcbsD2/ZgQcIBhMiw
3yMKC9AUpyAcCudTILBE8TTmKQ7xw/t7FfQNd5o7lAJaoq/Hja9n3OHp+yqsXhhF
+hhvLKO3LBBijE1tkC1w7Ul3jXAjMeJsbM8T1hjCe1ogv+VJaJ62gyGt/dKI2kTM
VkJFaE3ZRzDJD6sfkqE/tyaAs7BS2xKbWIMhryfmeaw1EepXcP01UeTlB0bWXkjH
lbr8Py2KnC5sJE8AXZfHNHDxMcsjzyEp/NynajhgFuZ4P+TqvTz11VR9zjh7Gjpx
hhW//yg+9yhIRfIWBLGBnD3dt2Ka7SqtWfp4OtuaLjxDWGdRynPk9vaQaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIokSuko60A8w+y0U9UZK7iWrnrnMB8GA1UdIwQY
MBaAFAgbeiLlHPuc+EIF5ESZmK1V2PBlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0J0Nkl1VWMtNXo0UWdYa1JKbVlyVlhZOEdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9jNTE1YzktZGYwOC00MjZjLTgwZTYt
MDM2NzI2OGZmODcxLzEvaWlSSzZTanJRRHpEN0xSVDFSa3J1SmF1ZXVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9jNTE1YzktZGYwOC00MjZjLTgwZTYtMDM2NzI2OGZmODcx
LzEvQ0J0Nkl1VWMtNXo0UWdYa1JKbVlyVlhZOEdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw24mMA0G
CSqGSIb3DQEBCwUAA4IBAQCl8WHulKA+WDtX0XZFcv9FrIafJliuF5GnBNgSz8Sg
a5WX4SsSNpHTpTZDZUcUKMW3gPzAPoeH5uHKASsSx1MdDFZoUbRora6RbOHS063v
JH5egoDfxqXKnJ6hw8b6NShnB+2hhUp5d9NrD/imX1Q4DrcKFXSta5mLWPfk8rWL
shIKcsw4rgd5ikZ3tHckTPEwolFoNeWuNM2t4YU4jZ30qWRcqZP/qkh/C3RKpvay
MJJpWNAJcsPFP+af5gK4zEDfOPPrZ1kpN0DTyy6LcLR7nt9tzHnQX4qLsFWpP0i3
cjRKdKqUe5U6YqjWe1W1U+PcuPccNUDVw1i9OqClRlrI
-----END CERTIFICATE-----