Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/006d43-3dbf-4cf8-815d-5dc2fa6a3503/1/lw0TiWoewgVW_p66F6cNrz1zZis.roa
File:                     lw0TiWoewgVW_p66F6cNrz1zZis.roa (raw, json)
Hash identifier:          yMOY7uozJld9j8CftNGW5J72iQrotaX1OxiZKcUNDZ0=
Subject key identifier:   97:0D:13:89:6A:1E:C2:05:56:FE:9E:BA:17:A7:0D:AF:3D:73:66:2B
Certificate issuer:       /CN=cd65ee23bff42ccf679d7377fe4da695d341aef0
Certificate serial:       018DB4E4AD20333AB877B6E414F709B38AFF
Authority key identifier: CD:65:EE:23:BF:F4:2C:CF:67:9D:73:77:FE:4D:A6:95:D3:41:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zWXuI7_0LM9nnXN3_k2mldNBrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/006d43-3dbf-4cf8-815d-5dc2fa6a3503/1/lw0TiWoewgVW_p66F6cNrz1zZis.roa
Signing time:             Sat 17 Feb 2024 02:28:21 +0000
ROA not before:           Sat 17 Feb 2024 02:28:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3301
IP address blocks:        195.43.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/006d43-3dbf-4cf8-815d-5dc2fa6a3503/1/zWXuI7_0LM9nnXN3_k2mldNBrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/006d43-3dbf-4cf8-815d-5dc2fa6a3503/1/zWXuI7_0LM9nnXN3_k2mldNBrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zWXuI7_0LM9nnXN3_k2mldNBrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:b4:e4:ad:20:33:3a:b8:77:b6:e4:14:f7:09:b3:8a:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd65ee23bff42ccf679d7377fe4da695d341aef0
        Validity
            Not Before: Feb 17 02:28:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=970d13896a1ec20556fe9eba17a70daf3d73662b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:c7:4c:af:1b:6c:79:55:49:1b:1b:2c:21:14:
                    26:0c:4a:62:d3:12:3f:74:6c:c9:d7:2a:2a:80:c8:
                    0e:ac:89:31:76:b1:d5:39:e6:65:39:5c:f8:75:6c:
                    e1:1d:c8:cd:90:97:16:d0:2d:af:b1:2f:04:35:0c:
                    ed:de:58:5d:78:ef:9f:16:06:cb:a6:00:36:b9:5e:
                    fa:3e:f8:a8:22:58:29:eb:58:e3:df:88:42:c0:30:
                    df:7c:50:82:b0:de:a2:c2:82:f6:24:1f:e5:4c:ea:
                    f2:d9:7b:f1:ad:0f:03:9c:74:6b:b6:bb:a4:9b:1c:
                    77:e8:7e:af:f8:6b:52:a3:95:fa:42:c1:eb:e8:95:
                    ee:8d:fc:80:df:4f:de:e5:d6:8f:5f:e7:58:e5:e5:
                    43:ee:c6:72:3d:42:77:af:5d:26:4a:69:1b:8b:5b:
                    bb:b4:fa:71:76:b0:5d:cb:dd:29:04:0d:d4:38:be:
                    b4:68:33:a2:9f:31:ba:33:59:09:af:65:b6:4a:42:
                    ee:0a:bc:16:2e:b5:7a:64:de:cb:fa:bc:4e:ed:dc:
                    ef:5b:dd:61:0a:43:6b:0a:c8:35:4a:42:43:30:1c:
                    05:6a:7a:55:02:2b:42:b6:7e:b6:d2:d3:bf:38:e4:
                    20:2a:ef:fa:dc:81:34:f7:d4:ad:17:4e:ff:ea:76:
                    2d:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:0D:13:89:6A:1E:C2:05:56:FE:9E:BA:17:A7:0D:AF:3D:73:66:2B
            X509v3 Authority Key Identifier:
                keyid:CD:65:EE:23:BF:F4:2C:CF:67:9D:73:77:FE:4D:A6:95:D3:41:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zWXuI7_0LM9nnXN3_k2mldNBrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/006d43-3dbf-4cf8-815d-5dc2fa6a3503/1/lw0TiWoewgVW_p66F6cNrz1zZis.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/006d43-3dbf-4cf8-815d-5dc2fa6a3503/1/zWXuI7_0LM9nnXN3_k2mldNBrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.43.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:d0:f9:23:e3:15:f2:95:0f:c1:f5:e8:26:53:b7:8c:6c:2e:
         e9:a8:35:19:a8:4f:69:9f:80:20:21:07:b4:53:63:83:cb:c0:
         57:da:47:c0:2c:b7:27:d2:86:6a:48:ae:41:a9:ef:88:6d:92:
         d0:57:39:6b:fd:27:f0:17:0f:0f:1f:6d:a5:d2:c0:ef:f5:9f:
         c7:69:59:47:43:67:67:6b:60:9c:b1:46:ca:a3:c9:8d:10:48:
         9e:87:5e:0f:50:4a:15:39:ec:4a:68:95:e6:8b:97:f4:de:05:
         8d:c8:f6:82:a7:76:9d:c9:52:16:01:c3:2c:f6:0f:06:85:1f:
         2d:80:64:4b:c5:81:bb:2e:f6:0b:36:21:2e:0d:d2:bc:e9:a1:
         d8:26:2e:64:8e:ed:ea:45:7f:af:a9:41:64:04:92:52:ac:ce:
         9f:37:f1:0d:4a:aa:88:b7:e7:b9:6a:c6:8e:5d:89:81:d8:dd:
         3b:6e:7b:3b:56:22:4a:4b:4e:b4:34:48:61:78:63:3f:38:91:
         9e:96:e7:f7:1b:0b:e4:3b:66:b5:b8:08:a5:33:af:58:50:c3:
         f3:13:d6:2b:e8:b0:9c:11:74:1c:7d:43:57:67:20:4f:05:e4:
         fa:97:00:46:62:75:18:a3:c1:2c:91:13:0c:0c:31:71:40:ad:
         c7:05:1b:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY205K0gMzq4d7bkFPcJs4r/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNjVlZTIzYmZmNDJjY2Y2NzlkNzM3N2ZlNGRhNjk1ZDM0
MWFlZjAwHhcNMjQwMjE3MDIyODIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzBkMTM4OTZhMWVjMjA1NTZmZTllYmExN2E3MGRhZjNkNzM2NjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApsdMrxtseVVJGxssIRQmDEpi0xI/
dGzJ1yoqgMgOrIkxdrHVOeZlOVz4dWzhHcjNkJcW0C2vsS8ENQzt3lhdeO+fFgbL
pgA2uV76PvioIlgp61jj34hCwDDffFCCsN6iwoL2JB/lTOry2XvxrQ8DnHRrtruk
mxx36H6v+GtSo5X6QsHr6JXujfyA30/e5daPX+dY5eVD7sZyPUJ3r10mSmkbi1u7
tPpxdrBdy90pBA3UOL60aDOinzG6M1kJr2W2SkLuCrwWLrV6ZN7L+rxO7dzvW91h
CkNrCsg1SkJDMBwFanpVAitCtn620tO/OOQgKu/63IE099StF07/6nYtXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJcNE4lqHsIFVv6euhenDa89c2YrMB8GA1UdIwQY
MBaAFM1l7iO/9CzPZ51zd/5NppXTQa7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveldYdUk3XzBMTTlublhOM19rMm1sZE5CcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS8wMDZkNDMtM2RiZi00Y2Y4LTgxNWQt
NWRjMmZhNmEzNTAzLzEvbHcwVGlXb2V3Z1ZXX3A2NkY2Y05yejF6WmlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS8wMDZkNDMtM2RiZi00Y2Y4LTgxNWQtNWRjMmZhNmEzNTAz
LzEveldYdUk3XzBMTTlublhOM19rMm1sZE5CcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwyuXMA0G
CSqGSIb3DQEBCwUAA4IBAQCj0Pkj4xXylQ/B9egmU7eMbC7pqDUZqE9pn4AgIQe0
U2ODy8BX2kfALLcn0oZqSK5Bqe+IbZLQVzlr/SfwFw8PH22l0sDv9Z/HaVlHQ2dn
a2CcsUbKo8mNEEieh14PUEoVOexKaJXmi5f03gWNyPaCp3adyVIWAcMs9g8GhR8t
gGRLxYG7LvYLNiEuDdK86aHYJi5kju3qRX+vqUFkBJJSrM6fN/ENSqqIt+e5asaO
XYmB2N07bns7ViJKS060NEhheGM/OJGeluf3GwvkO2a1uAilM69YUMPzE9Yr6LCc
EXQcfUNXZyBPBeT6lwBGYnUYo8EskRMMDDFxQK3HBRuC
-----END CERTIFICATE-----