Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/5b4e13-b3dd-4d8a-8e71-cae6c725d92f/1/sMiTe3UspgJYz2lQvTaG6aeBQWg.roa
File:                     sMiTe3UspgJYz2lQvTaG6aeBQWg.roa (raw, json)
Hash identifier:          HIe9+/0zfp5VpTDYTNyVSauvUGKX3tp1ijbgGQzU0Q4=
Subject key identifier:   B0:C8:93:7B:75:2C:A6:02:58:CF:69:50:BD:36:86:E9:A7:81:41:68
Certificate issuer:       /CN=bde6ac28f954e13dcb7db69bc222b785b4d75f2c
Certificate serial:       018CC2DB0CF97C36A35C2919FE151838E9B9
Authority key identifier: BD:E6:AC:28:F9:54:E1:3D:CB:7D:B6:9B:C2:22:B7:85:B4:D7:5F:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/veasKPlU4T3LfbabwiK3hbTXXyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/5b4e13-b3dd-4d8a-8e71-cae6c725d92f/1/sMiTe3UspgJYz2lQvTaG6aeBQWg.roa
Signing time:             Mon 01 Jan 2024 02:29:44 +0000
ROA not before:           Mon 01 Jan 2024 02:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25275
IP address blocks:        195.234.224.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/5b4e13-b3dd-4d8a-8e71-cae6c725d92f/1/veasKPlU4T3LfbabwiK3hbTXXyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/5b4e13-b3dd-4d8a-8e71-cae6c725d92f/1/veasKPlU4T3LfbabwiK3hbTXXyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/veasKPlU4T3LfbabwiK3hbTXXyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:0c:f9:7c:36:a3:5c:29:19:fe:15:18:38:e9:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bde6ac28f954e13dcb7db69bc222b785b4d75f2c
        Validity
            Not Before: Jan  1 02:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0c8937b752ca60258cf6950bd3686e9a7814168
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:7a:ed:20:97:de:65:7b:08:b8:c8:4c:aa:40:
                    86:0f:19:2f:3d:55:97:05:f4:ec:68:d2:aa:b0:c2:
                    1b:34:5b:1b:98:82:fe:c1:df:9d:40:b8:f5:e4:c3:
                    82:1a:9e:6f:5b:c0:c5:ca:73:a4:53:aa:a2:53:7e:
                    cb:a6:52:2c:bf:43:03:37:4c:c2:74:83:14:28:8b:
                    ba:c8:e1:1c:dd:76:35:95:70:73:41:01:c6:95:29:
                    94:51:2d:38:d6:67:48:84:39:0f:52:f2:10:ac:57:
                    46:a6:e5:99:85:6f:bc:2a:90:91:da:bb:bf:ef:4d:
                    ca:ce:e3:98:93:38:18:75:6f:97:c0:41:22:02:77:
                    d9:25:03:19:4f:19:1b:09:38:fb:48:ac:30:31:9f:
                    fc:92:75:22:ed:4e:ef:02:a3:ea:3c:e5:18:83:1d:
                    45:63:7d:9c:00:3e:86:7f:22:55:72:b3:6a:61:14:
                    5b:14:3e:05:9d:4d:f3:77:8b:c1:be:44:62:9f:97:
                    c0:7d:2f:bb:01:80:38:8a:85:1b:7f:0f:12:7f:c7:
                    8c:2d:37:d4:f7:9b:6f:d4:eb:15:b9:17:63:6a:00:
                    51:48:a9:7c:85:c3:aa:3c:c3:30:12:b6:f6:6f:1f:
                    95:a7:43:fd:9a:83:11:a6:88:ad:51:9b:0c:b2:91:
                    2e:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:C8:93:7B:75:2C:A6:02:58:CF:69:50:BD:36:86:E9:A7:81:41:68
            X509v3 Authority Key Identifier:
                keyid:BD:E6:AC:28:F9:54:E1:3D:CB:7D:B6:9B:C2:22:B7:85:B4:D7:5F:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/veasKPlU4T3LfbabwiK3hbTXXyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/5b4e13-b3dd-4d8a-8e71-cae6c725d92f/1/sMiTe3UspgJYz2lQvTaG6aeBQWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/5b4e13-b3dd-4d8a-8e71-cae6c725d92f/1/veasKPlU4T3LfbabwiK3hbTXXyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.234.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         50:30:b7:dd:27:31:bb:09:df:f5:18:39:00:61:84:38:5c:97:
         cd:d8:35:25:85:52:01:d7:ae:6e:1c:49:14:92:f4:a2:be:e3:
         99:51:5a:53:30:44:f4:29:18:ac:ec:15:73:56:53:b6:5b:66:
         96:7f:7e:3b:56:14:99:d5:ac:5e:4d:8a:54:61:e3:18:14:ce:
         c5:5d:48:56:e8:ef:64:67:56:cf:17:ed:7f:6c:72:90:8e:86:
         49:bc:1d:54:54:a5:d2:75:da:7a:e8:99:b6:7c:23:44:82:37:
         74:6d:d3:b8:3f:56:e4:bb:22:09:2e:24:84:dc:50:1f:7e:8a:
         26:ee:5d:c0:4c:f0:7e:63:48:e9:8f:91:42:b8:0b:43:14:e2:
         71:24:9e:2a:eb:ee:2d:a5:dd:83:5f:2d:f4:9c:50:04:5c:d8:
         cc:bf:0e:de:d3:34:86:62:39:10:00:3f:5a:e8:ee:44:ba:6d:
         70:0f:76:39:13:db:4b:53:a7:c2:d9:21:85:32:53:9d:e6:43:
         a5:74:62:a9:6d:5f:4d:1d:36:70:a2:f0:07:45:e6:03:4b:50:
         cf:8f:0f:3f:f1:cd:6e:44:88:30:66:1e:dc:c1:54:42:8f:56:
         85:42:db:09:23:b5:47:7c:39:7f:5c:68:0d:a0:ad:cc:89:b5:
         ff:19:22:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2wz5fDajXCkZ/hUYOOm5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZTZhYzI4Zjk1NGUxM2RjYjdkYjY5YmMyMjJiNzg1YjRk
NzVmMmMwHhcNMjQwMTAxMDIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGM4OTM3Yjc1MmNhNjAyNThjZjY5NTBiZDM2ODZlOWE3ODE0MTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhHrtIJfeZXsIuMhMqkCGDxkvPVWX
BfTsaNKqsMIbNFsbmIL+wd+dQLj15MOCGp5vW8DFynOkU6qiU37LplIsv0MDN0zC
dIMUKIu6yOEc3XY1lXBzQQHGlSmUUS041mdIhDkPUvIQrFdGpuWZhW+8KpCR2ru/
703KzuOYkzgYdW+XwEEiAnfZJQMZTxkbCTj7SKwwMZ/8knUi7U7vAqPqPOUYgx1F
Y32cAD6GfyJVcrNqYRRbFD4FnU3zd4vBvkRin5fAfS+7AYA4ioUbfw8Sf8eMLTfU
95tv1OsVuRdjagBRSKl8hcOqPMMwErb2bx+Vp0P9moMRpoitUZsMspEudwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLDIk3t1LKYCWM9pUL02humngUFoMB8GA1UdIwQY
MBaAFL3mrCj5VOE9y322m8Iit4W0118sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmVhc0tQbFU0VDNMZmJhYndpSzNoYlRYWHl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy81YjRlMTMtYjNkZC00ZDhhLThlNzEt
Y2FlNmM3MjVkOTJmLzEvc01pVGUzVXNwZ0pZejJsUXZUYUc2YWVCUVdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy81YjRlMTMtYjNkZC00ZDhhLThlNzEtY2FlNmM3MjVkOTJm
LzEvdmVhc0tQbFU0VDNMZmJhYndpSzNoYlRYWHl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw+rgMA0G
CSqGSIb3DQEBCwUAA4IBAQBQMLfdJzG7Cd/1GDkAYYQ4XJfN2DUlhVIB165uHEkU
kvSivuOZUVpTMET0KRis7BVzVlO2W2aWf347VhSZ1axeTYpUYeMYFM7FXUhW6O9k
Z1bPF+1/bHKQjoZJvB1UVKXSddp66Jm2fCNEgjd0bdO4P1bkuyIJLiSE3FAffoom
7l3ATPB+Y0jpj5FCuAtDFOJxJJ4q6+4tpd2DXy30nFAEXNjMvw7e0zSGYjkQAD9a
6O5Eum1wD3Y5E9tLU6fC2SGFMlOd5kOldGKpbV9NHTZwovAHReYDS1DPjw8/8c1u
RIgwZh7cwVRCj1aFQtsJI7VHfDl/XGgNoK3MibX/GSL6
-----END CERTIFICATE-----