Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/gewsFfibh95H4MSKhsDnj393ozg.roa
File:                     gewsFfibh95H4MSKhsDnj393ozg.roa (raw, json)
Hash identifier:          JzEG6jVuV+4DaqtNuVMqfAbXRmPwWOszoeMuYYqG4co=
Subject key identifier:   81:EC:2C:15:F8:9B:87:DE:47:E0:C4:8A:86:C0:E7:8F:7F:77:A3:38
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       018CCA2BE211662CB61907540D7AE8B0BD3E
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/gewsFfibh95H4MSKhsDnj393ozg.roa
Signing time:             Tue 02 Jan 2024 12:35:22 +0000
ROA not before:           Tue 02 Jan 2024 12:35:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216045
IP address blocks:        195.8.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:e2:11:66:2c:b6:19:07:54:0d:7a:e8:b0:bd:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Jan  2 12:35:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81ec2c15f89b87de47e0c48a86c0e78f7f77a338
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:1a:6e:60:de:8f:9c:0c:e2:3b:57:b1:80:a8:
                    ac:8d:a4:d4:7c:15:21:f4:3d:cc:bd:ec:9e:06:a5:
                    cb:cf:a4:42:19:b2:64:cb:a0:55:96:ab:24:ad:94:
                    f9:fb:68:1c:d1:7b:46:93:d8:b7:79:d4:99:13:4c:
                    95:f6:10:e2:13:3e:f5:24:f1:68:6d:1b:09:e2:6e:
                    51:d8:f6:ad:4a:91:0f:c3:f0:55:cd:c5:6d:3e:cc:
                    f4:ca:42:1d:03:59:03:95:ba:71:58:bf:df:71:c9:
                    0f:70:63:1e:68:bf:87:75:f8:04:94:31:0b:06:76:
                    84:70:3f:9b:ac:9c:98:14:8e:80:a1:35:2e:b4:fa:
                    a1:36:d9:be:b1:86:3b:8a:d2:39:8b:03:e8:29:5b:
                    6d:0d:2e:ae:cb:f5:ba:39:ac:98:e9:21:1e:15:36:
                    a5:05:db:c1:dd:23:0a:a3:e7:8e:15:49:52:3d:6f:
                    6a:e0:f6:20:1c:39:97:1c:c4:cc:96:1b:94:34:56:
                    a7:d4:b2:e6:dc:a1:70:3b:9f:43:fc:10:41:07:9b:
                    9d:18:88:b1:fb:71:53:5b:9d:d5:eb:93:cd:a6:be:
                    e6:da:4b:c2:b4:60:7b:e7:66:5f:78:02:f1:fa:58:
                    a8:18:8e:66:4a:2f:0c:ee:97:bf:68:e6:90:b2:11:
                    5b:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:EC:2C:15:F8:9B:87:DE:47:E0:C4:8A:86:C0:E7:8F:7F:77:A3:38
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/gewsFfibh95H4MSKhsDnj393ozg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.8.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:e4:77:7e:6f:45:91:3a:cb:94:34:d6:15:52:6e:c7:b0:28:
         48:20:41:12:35:0a:12:a4:73:f0:5f:0f:8e:c6:79:db:3d:47:
         44:43:28:bb:f5:77:14:50:9a:97:9b:05:24:5f:bc:21:45:6c:
         06:08:13:06:de:48:71:88:e5:d5:c2:7a:ce:49:f1:13:3b:a8:
         ce:11:8e:45:31:1d:e0:93:3e:de:58:6e:7a:2a:4e:d7:ac:39:
         78:5c:30:56:cf:75:20:0c:0e:9e:4c:20:94:cb:13:94:5c:5e:
         d7:e3:9b:4f:39:80:11:71:de:d9:b2:b8:31:bb:d0:c0:18:af:
         df:b2:ff:e1:04:28:ce:72:21:48:b1:a6:d1:f3:27:8a:f8:de:
         68:c2:2c:16:d1:38:af:51:06:8d:32:4a:09:55:a0:c1:f6:74:
         d3:9d:43:29:2d:39:cb:d7:36:e7:53:dc:49:13:af:45:18:01:
         3c:89:e6:a3:e3:4d:0c:1f:7f:7e:98:61:67:eb:dc:d4:19:93:
         02:77:8f:29:61:f8:7f:89:7b:8e:60:25:56:23:dd:95:ad:8f:
         ac:1a:87:87:0b:5c:50:42:7a:5a:a9:e0:7d:da:33:43:ea:3e:
         a7:e4:d6:25:d9:30:c3:33:29:3a:c6:a4:94:b9:ad:bd:bb:21:
         5c:ed:18:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK+IRZiy2GQdUDXrosL0+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjQwMTAyMTIzNTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWVjMmMxNWY4OWI4N2RlNDdlMGM0OGE4NmMwZTc4ZjdmNzdhMzM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjRpuYN6PnAziO1exgKisjaTUfBUh
9D3MveyeBqXLz6RCGbJky6BVlqskrZT5+2gc0XtGk9i3edSZE0yV9hDiEz71JPFo
bRsJ4m5R2PatSpEPw/BVzcVtPsz0ykIdA1kDlbpxWL/fcckPcGMeaL+HdfgElDEL
BnaEcD+brJyYFI6AoTUutPqhNtm+sYY7itI5iwPoKVttDS6uy/W6OayY6SEeFTal
BdvB3SMKo+eOFUlSPW9q4PYgHDmXHMTMlhuUNFan1LLm3KFwO59D/BBBB5udGIix
+3FTW53V65PNpr7m2kvCtGB752ZfeALx+lioGI5mSi8M7pe/aOaQshFb5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIHsLBX4m4feR+DEiobA549/d6M4MB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvZ2V3c0ZmaWJoOTVINE1TS2hzRG5qMzkzb3pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwjIMA0G
CSqGSIb3DQEBCwUAA4IBAQCy5Hd+b0WROsuUNNYVUm7HsChIIEESNQoSpHPwXw+O
xnnbPUdEQyi79XcUUJqXmwUkX7whRWwGCBMG3khxiOXVwnrOSfETO6jOEY5FMR3g
kz7eWG56Kk7XrDl4XDBWz3UgDA6eTCCUyxOUXF7X45tPOYARcd7Zsrgxu9DAGK/f
sv/hBCjOciFIsabR8yeK+N5owiwW0TivUQaNMkoJVaDB9nTTnUMpLTnL1zbnU9xJ
E69FGAE8ieaj400MH39+mGFn69zUGZMCd48pYfh/iXuOYCVWI92VrY+sGoeHC1xQ
QnpaqeB92jND6j6n5NYl2TDDMyk6xqSUua29uyFc7RiI
-----END CERTIFICATE-----