Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/V_t8dxwfbbAmHrUMP0owL-KHOyI.roa
File:                     V_t8dxwfbbAmHrUMP0owL-KHOyI.roa (raw, json)
Hash identifier:          nYXqPGGa+VpMEzCTf5skAH0H2zY6c2C3bfYxubFQzrI=
Subject key identifier:   57:FB:7C:77:1C:1F:6D:B0:26:1E:B5:0C:3F:4A:30:2F:E2:87:3B:22
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       018CCA2BDEE21112A3922FB4075FA54A67CD
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/V_t8dxwfbbAmHrUMP0owL-KHOyI.roa
Signing time:             Tue 02 Jan 2024 12:35:21 +0000
ROA not before:           Tue 02 Jan 2024 12:35:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137409
IP address blocks:        195.8.201.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:de:e2:11:12:a3:92:2f:b4:07:5f:a5:4a:67:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Jan  2 12:35:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57fb7c771c1f6db0261eb50c3f4a302fe2873b22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:db:cb:42:e1:67:8c:fd:73:04:7a:c2:be:f2:
                    13:56:c7:a7:88:09:a1:24:15:66:98:a0:ec:0d:3a:
                    1b:6e:e6:80:06:00:6e:fd:7d:ce:d3:61:0b:0c:07:
                    63:24:9c:59:84:de:fc:eb:26:5d:51:31:83:77:bd:
                    72:88:ba:b2:90:06:39:ce:75:e2:fb:bb:ab:87:20:
                    40:e0:83:96:d9:43:54:a6:f8:17:de:6f:67:5c:99:
                    5f:21:bb:d5:41:80:c0:b5:5a:f0:ab:ee:d1:ba:8e:
                    23:2c:d3:f8:c8:f8:64:d4:8a:d2:f1:f5:d9:6d:b9:
                    e5:67:58:cb:21:a5:8b:90:0a:f6:05:bf:61:da:42:
                    42:c0:80:ea:67:ed:87:59:d0:84:82:7c:9d:59:10:
                    dd:41:91:29:bd:1d:1e:66:b0:4c:17:7b:b5:88:95:
                    e4:0d:c0:e2:17:a5:a6:5a:0b:4e:79:70:69:eb:eb:
                    e6:25:77:03:bc:8a:22:ce:6e:87:74:ce:50:d5:36:
                    e4:b1:31:07:01:65:ef:e4:19:2a:01:48:1e:b1:7a:
                    ae:79:3e:13:41:5d:c7:2d:2c:0b:98:43:90:e0:40:
                    85:23:26:2c:70:67:5f:dc:04:b1:cc:4d:31:a2:22:
                    b1:9b:32:72:3a:a9:49:09:50:ea:e5:6e:70:93:d9:
                    94:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:FB:7C:77:1C:1F:6D:B0:26:1E:B5:0C:3F:4A:30:2F:E2:87:3B:22
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/V_t8dxwfbbAmHrUMP0owL-KHOyI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.8.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:ef:f1:17:d0:6d:df:92:31:0d:c3:00:3d:7d:f1:09:db:f6:
         e2:df:79:9d:ae:e4:b3:3c:6e:12:9f:9c:f5:43:2e:bc:f9:87:
         00:fb:24:58:cf:e7:e2:3e:54:63:ce:c9:81:13:6b:17:e6:7c:
         59:ae:e3:0e:8c:26:a8:93:82:1d:0f:bb:46:c1:89:b2:0d:ac:
         38:83:40:91:ff:93:cc:12:37:88:96:f7:32:0e:91:e2:28:21:
         af:be:f3:6f:51:5d:41:e8:a4:d6:1f:d4:12:e8:ab:1f:9c:4a:
         91:7d:4f:e5:0e:99:9c:c4:1a:d5:92:7e:bb:6b:7c:8a:10:d8:
         a0:2a:80:d9:10:9f:3e:00:5d:44:e0:f5:9e:d0:91:8d:7d:5b:
         c8:b0:12:cf:da:35:12:6f:71:1e:a6:00:78:e6:49:62:58:41:
         2d:69:97:d9:80:d5:a2:a1:3a:07:8b:0c:ba:43:b6:8d:9d:0a:
         1e:85:65:2a:1a:e0:fa:fd:9a:07:eb:34:e9:1f:26:78:60:be:
         cb:11:14:78:fa:a4:dd:d5:d0:6d:d1:5f:66:6b:bc:44:31:c5:
         54:d8:a4:a5:b9:08:62:0e:61:13:e2:23:9d:4b:94:66:90:31:
         08:68:91:ae:b9:0b:4b:95:4b:3c:08:e3:a1:29:f0:63:fa:af:
         40:14:ce:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK97iERKjki+0B1+lSmfNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjQwMTAyMTIzNTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2ZiN2M3NzFjMWY2ZGIwMjYxZWI1MGMzZjRhMzAyZmUyODczYjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjdvLQuFnjP1zBHrCvvITVseniAmh
JBVmmKDsDTobbuaABgBu/X3O02ELDAdjJJxZhN786yZdUTGDd71yiLqykAY5znXi
+7urhyBA4IOW2UNUpvgX3m9nXJlfIbvVQYDAtVrwq+7Ruo4jLNP4yPhk1IrS8fXZ
bbnlZ1jLIaWLkAr2Bb9h2kJCwIDqZ+2HWdCEgnydWRDdQZEpvR0eZrBMF3u1iJXk
DcDiF6WmWgtOeXBp6+vmJXcDvIoizm6HdM5Q1TbksTEHAWXv5BkqAUgesXqueT4T
QV3HLSwLmEOQ4ECFIyYscGdf3ASxzE0xoiKxmzJyOqlJCVDq5W5wk9mU1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFf7fHccH22wJh61DD9KMC/ihzsiMB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvVl90OGR4d2ZiYkFtSHJVTVAwb3dMLUtIT3lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwjJMA0G
CSqGSIb3DQEBCwUAA4IBAQAj7/EX0G3fkjENwwA9ffEJ2/bi33mdruSzPG4Sn5z1
Qy68+YcA+yRYz+fiPlRjzsmBE2sX5nxZruMOjCaok4IdD7tGwYmyDaw4g0CR/5PM
EjeIlvcyDpHiKCGvvvNvUV1B6KTWH9QS6KsfnEqRfU/lDpmcxBrVkn67a3yKENig
KoDZEJ8+AF1E4PWe0JGNfVvIsBLP2jUSb3EepgB45kliWEEtaZfZgNWioToHiwy6
Q7aNnQoehWUqGuD6/ZoH6zTpHyZ4YL7LERR4+qTd1dBt0V9ma7xEMcVU2KSluQhi
DmET4iOdS5RmkDEIaJGuuQtLlUs8COOhKfBj+q9AFM6o
-----END CERTIFICATE-----