Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/5b4830-7c0f-43d2-bc1f-74016031c238/1/POqrWxeOqiQLVDpCTA9cjzodLjQ.roa
File:                     POqrWxeOqiQLVDpCTA9cjzodLjQ.roa (raw, json)
Hash identifier:          U2SgbeksC6h1zkDK4uJByiNHefONzq0+ubqc8Mdd7l0=
Subject key identifier:   3C:EA:AB:5B:17:8E:AA:24:0B:54:3A:42:4C:0F:5C:8F:3A:1D:2E:34
Certificate issuer:       /CN=a750a9b1d454949f0b19303524d55e625df0ba4b
Certificate serial:       018CC26D1E11F4BD0530E7C95975FDCC711B
Authority key identifier: A7:50:A9:B1:D4:54:94:9F:0B:19:30:35:24:D5:5E:62:5D:F0:BA:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p1CpsdRUlJ8LGTA1JNVeYl3wuks.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/5b4830-7c0f-43d2-bc1f-74016031c238/1/POqrWxeOqiQLVDpCTA9cjzodLjQ.roa
Signing time:             Mon 01 Jan 2024 00:29:40 +0000
ROA not before:           Mon 01 Jan 2024 00:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43877
IP address blocks:        195.245.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/5b4830-7c0f-43d2-bc1f-74016031c238/1/p1CpsdRUlJ8LGTA1JNVeYl3wuks.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/5b4830-7c0f-43d2-bc1f-74016031c238/1/p1CpsdRUlJ8LGTA1JNVeYl3wuks.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p1CpsdRUlJ8LGTA1JNVeYl3wuks.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:1e:11:f4:bd:05:30:e7:c9:59:75:fd:cc:71:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a750a9b1d454949f0b19303524d55e625df0ba4b
        Validity
            Not Before: Jan  1 00:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ceaab5b178eaa240b543a424c0f5c8f3a1d2e34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:ef:e4:69:1d:5a:2e:66:01:c8:89:67:3c:c1:
                    9f:71:ed:93:8d:65:0b:69:1b:c7:85:29:7e:91:96:
                    c1:50:23:44:f9:4b:a4:52:2f:65:2a:a7:c2:96:5c:
                    ac:89:23:c7:df:0c:b1:f6:c5:26:cb:cb:e4:7e:b7:
                    f5:de:ce:0e:54:37:61:82:95:ac:db:ad:cd:df:b8:
                    8d:e0:c8:bf:46:51:39:b0:cb:bf:0d:c8:d9:d6:a8:
                    cf:36:3d:1a:af:ac:11:47:e6:22:95:01:89:b6:45:
                    de:8b:e6:de:82:3f:e5:3f:5e:1f:c2:95:f7:85:40:
                    1f:fe:f8:6b:bc:1b:97:a1:41:b6:1e:76:9a:d9:87:
                    52:25:9d:03:af:f3:49:4b:4b:0a:75:99:4e:20:cf:
                    43:bb:72:5c:4c:09:e6:b6:fb:c3:d2:55:68:a2:a1:
                    02:4c:ec:fd:8e:b7:eb:b9:46:29:ea:29:e1:b4:ef:
                    55:ed:53:32:21:40:54:40:83:80:4f:88:c1:49:93:
                    39:27:2f:7a:2b:87:ba:3e:0e:ce:b7:dc:bc:6f:8f:
                    77:19:89:c5:be:26:4a:e4:fa:f7:5f:a4:b8:ee:cb:
                    0d:6e:f2:4c:c2:d2:cd:1d:e9:b1:c6:38:1f:8a:71:
                    0e:39:1c:0f:1a:85:ca:21:e5:a4:89:fd:f8:64:ee:
                    fd:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:EA:AB:5B:17:8E:AA:24:0B:54:3A:42:4C:0F:5C:8F:3A:1D:2E:34
            X509v3 Authority Key Identifier:
                keyid:A7:50:A9:B1:D4:54:94:9F:0B:19:30:35:24:D5:5E:62:5D:F0:BA:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p1CpsdRUlJ8LGTA1JNVeYl3wuks.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/5b4830-7c0f-43d2-bc1f-74016031c238/1/POqrWxeOqiQLVDpCTA9cjzodLjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/5b4830-7c0f-43d2-bc1f-74016031c238/1/p1CpsdRUlJ8LGTA1JNVeYl3wuks.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.245.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:3b:b8:8f:31:c1:35:ed:0d:a1:98:ae:ae:9f:09:97:37:8c:
         8b:22:97:7e:fb:4b:ec:d8:66:03:6a:5c:bd:f7:0e:ff:89:cc:
         c1:c8:00:40:8c:6f:e9:64:e5:8c:0b:1a:80:fc:75:ea:07:46:
         18:33:fc:14:71:a5:ca:6f:05:90:ec:31:d5:13:db:02:a5:fb:
         39:a1:02:58:11:67:c3:77:d9:af:33:a8:e3:c4:7f:dd:a7:8c:
         e1:ea:3a:2b:16:c1:a7:79:a8:36:c9:96:6e:c8:12:49:aa:f4:
         40:6e:33:bf:02:48:5e:18:2b:6f:38:82:94:32:92:62:4b:98:
         54:a4:84:89:3f:f9:a1:26:5e:e8:c2:76:2f:d1:ca:b0:f1:20:
         91:9e:6f:7f:64:34:8f:23:4f:ab:43:46:e5:21:b7:8d:0f:3f:
         7f:2b:60:0a:e9:cf:30:f4:f4:c1:80:77:0f:f1:d9:3b:e1:36:
         9c:b1:94:0e:b8:9b:45:f5:c2:06:43:66:01:30:8e:cb:f2:8b:
         3b:07:57:1d:19:68:4e:84:03:30:fb:56:92:62:31:c8:86:e2:
         44:a4:b6:91:e4:13:e5:68:e0:98:41:33:13:16:02:1c:bf:a9:
         e4:5b:10:c7:83:6a:4e:cb:6c:34:73:02:06:28:6b:f1:7e:07:
         3d:21:ab:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbR4R9L0FMOfJWXX9zHEbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3NTBhOWIxZDQ1NDk0OWYwYjE5MzAzNTI0ZDU1ZTYyNWRm
MGJhNGIwHhcNMjQwMTAxMDAyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2VhYWI1YjE3OGVhYTI0MGI1NDNhNDI0YzBmNWM4ZjNhMWQyZTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgO/kaR1aLmYByIlnPMGfce2TjWUL
aRvHhSl+kZbBUCNE+UukUi9lKqfCllysiSPH3wyx9sUmy8vkfrf13s4OVDdhgpWs
263N37iN4Mi/RlE5sMu/DcjZ1qjPNj0ar6wRR+YilQGJtkXei+begj/lP14fwpX3
hUAf/vhrvBuXoUG2Hnaa2YdSJZ0Dr/NJS0sKdZlOIM9Du3JcTAnmtvvD0lVooqEC
TOz9jrfruUYp6inhtO9V7VMyIUBUQIOAT4jBSZM5Jy96K4e6Pg7Ot9y8b493GYnF
viZK5Pr3X6S47ssNbvJMwtLNHemxxjgfinEOORwPGoXKIeWkif34ZO79MQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDzqq1sXjqokC1Q6QkwPXI86HS40MB8GA1UdIwQY
MBaAFKdQqbHUVJSfCxkwNSTVXmJd8LpLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDFDcHNkUlVsSjhMR1RBMUpOVmVZbDN3dWtzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi81YjQ4MzAtN2MwZi00M2QyLWJjMWYt
NzQwMTYwMzFjMjM4LzEvUE9xcld4ZU9xaVFMVkRwQ1RBOWNqem9kTGpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi81YjQ4MzAtN2MwZi00M2QyLWJjMWYtNzQwMTYwMzFjMjM4
LzEvcDFDcHNkUlVsSjhMR1RBMUpOVmVZbDN3dWtzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/XCMA0G
CSqGSIb3DQEBCwUAA4IBAQCzO7iPMcE17Q2hmK6unwmXN4yLIpd++0vs2GYDaly9
9w7/iczByABAjG/pZOWMCxqA/HXqB0YYM/wUcaXKbwWQ7DHVE9sCpfs5oQJYEWfD
d9mvM6jjxH/dp4zh6jorFsGneag2yZZuyBJJqvRAbjO/AkheGCtvOIKUMpJiS5hU
pISJP/mhJl7ownYv0cqw8SCRnm9/ZDSPI0+rQ0blIbeNDz9/K2AK6c8w9PTBgHcP
8dk74TacsZQOuJtF9cIGQ2YBMI7L8os7B1cdGWhOhAMw+1aSYjHIhuJEpLaR5BPl
aOCYQTMTFgIcv6nkWxDHg2pOy2w0cwIGKGvxfgc9IasN
-----END CERTIFICATE-----