Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/148eca-c39f-4673-886f-ecf82302f726/1/kXdPLTYOi6H-e19peGWV-cUyt8w.roa
File:                     kXdPLTYOi6H-e19peGWV-cUyt8w.roa (raw, json)
Hash identifier:          FijZ8g91wRzPyRUrh9ISY8nQDfiRbwCddpznfAZw0a8=
Subject key identifier:   91:77:4F:2D:36:0E:8B:A1:FE:7B:5F:69:78:65:95:F9:C5:32:B7:CC
Certificate issuer:       /CN=1bde70af153494354946648acd641163e2af1b1d
Certificate serial:       018CC3B6D06694B3062FEA200A836513BCE1
Authority key identifier: 1B:DE:70:AF:15:34:94:35:49:46:64:8A:CD:64:11:63:E2:AF:1B:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G95wrxU0lDVJRmSKzWQRY-KvGx0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/148eca-c39f-4673-886f-ecf82302f726/1/kXdPLTYOi6H-e19peGWV-cUyt8w.roa
Signing time:             Mon 01 Jan 2024 06:29:47 +0000
ROA not before:           Mon 01 Jan 2024 06:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        195.8.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/148eca-c39f-4673-886f-ecf82302f726/1/G95wrxU0lDVJRmSKzWQRY-KvGx0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/148eca-c39f-4673-886f-ecf82302f726/1/G95wrxU0lDVJRmSKzWQRY-KvGx0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G95wrxU0lDVJRmSKzWQRY-KvGx0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:d0:66:94:b3:06:2f:ea:20:0a:83:65:13:bc:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1bde70af153494354946648acd641163e2af1b1d
        Validity
            Not Before: Jan  1 06:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91774f2d360e8ba1fe7b5f69786595f9c532b7cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:04:ed:ea:af:60:85:34:48:19:8c:79:ec:bf:
                    f2:74:2a:31:f1:56:f7:40:ca:2b:1c:73:d5:9d:75:
                    fa:5b:ed:81:72:31:2e:20:0c:3a:ad:bc:ba:05:49:
                    98:dc:7f:ae:b7:aa:4a:6e:63:78:97:ae:4d:5e:11:
                    c4:dc:a2:61:53:5d:fc:44:40:7a:0c:3e:a5:fa:f2:
                    d5:8e:3d:76:24:d5:c6:3d:cb:c2:ce:73:92:48:67:
                    e7:a4:69:a0:4f:64:21:1a:a4:cf:25:c0:5d:af:ba:
                    e0:4a:8f:50:90:8b:44:99:5f:ea:ff:43:e4:26:ba:
                    ab:54:b0:a8:c9:7f:07:e4:3f:4b:90:e9:00:db:38:
                    85:96:25:d0:24:ac:cc:29:cd:6c:4b:39:22:94:22:
                    b0:73:7a:a5:8c:81:03:70:27:28:7d:34:c2:29:98:
                    0a:e1:54:9f:00:ca:38:b0:15:75:68:df:ad:c6:07:
                    05:1c:16:9d:47:5e:c5:85:ee:ab:2c:d5:17:3e:d7:
                    cd:d5:72:12:86:08:af:f1:d4:93:1a:b2:e4:ad:d7:
                    ae:ba:5c:c4:b5:55:e9:d4:ea:fe:8d:62:31:c5:73:
                    11:78:29:7f:33:a3:2f:c3:7a:34:f4:aa:fb:f6:7f:
                    9d:d1:8c:0a:be:f0:ca:e1:4c:5e:56:3f:c0:aa:40:
                    50:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:77:4F:2D:36:0E:8B:A1:FE:7B:5F:69:78:65:95:F9:C5:32:B7:CC
            X509v3 Authority Key Identifier:
                keyid:1B:DE:70:AF:15:34:94:35:49:46:64:8A:CD:64:11:63:E2:AF:1B:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G95wrxU0lDVJRmSKzWQRY-KvGx0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/148eca-c39f-4673-886f-ecf82302f726/1/kXdPLTYOi6H-e19peGWV-cUyt8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/148eca-c39f-4673-886f-ecf82302f726/1/G95wrxU0lDVJRmSKzWQRY-KvGx0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.8.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:8a:f1:b4:6f:08:30:f8:1b:8f:f4:ae:ca:9b:d1:89:48:fc:
         39:ac:00:c5:c8:a9:c8:0a:d2:02:8e:5d:78:fd:64:e1:76:61:
         cf:e1:12:bc:03:1b:33:f5:db:81:dc:49:60:6d:4d:21:f5:61:
         30:0d:b0:e2:74:ef:b3:9b:47:4d:b7:03:cf:44:41:02:83:3a:
         71:74:fd:26:27:55:10:ea:87:89:52:80:2f:1d:9d:d2:58:1d:
         f5:fb:b0:3c:a4:4a:ad:86:ff:81:66:29:2c:cf:f5:a6:e2:a0:
         3f:43:4f:d5:9c:70:12:b1:a0:97:7a:01:68:cf:8c:2a:48:63:
         9c:e1:64:51:95:00:ad:e3:86:09:21:82:d5:cc:3d:41:12:80:
         68:06:76:d4:71:5e:fa:65:d1:da:40:23:0a:94:03:b5:b0:ab:
         8a:6e:e4:d3:34:10:08:c2:93:01:48:ea:ab:c8:96:ac:e1:ab:
         1d:d9:be:f5:37:f7:de:bc:49:1b:61:f3:9a:cc:17:ef:0c:d7:
         f9:e0:f9:14:94:4d:08:e9:38:5a:c7:f4:72:22:e8:93:21:7e:
         71:ab:0d:e8:46:2e:fd:cc:ed:70:b5:8e:5d:ce:9d:2e:c3:16:
         6d:77:e6:00:ad:8f:a1:62:ee:6d:a6:0b:07:d2:b2:b9:69:4c:
         84:85:f9:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDttBmlLMGL+ogCoNlE7zhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiZGU3MGFmMTUzNDk0MzU0OTQ2NjQ4YWNkNjQxMTYzZTJh
ZjFiMWQwHhcNMjQwMTAxMDYyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTc3NGYyZDM2MGU4YmExZmU3YjVmNjk3ODY1OTVmOWM1MzJiN2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmwTt6q9ghTRIGYx57L/ydCox8Vb3
QMorHHPVnXX6W+2BcjEuIAw6rby6BUmY3H+ut6pKbmN4l65NXhHE3KJhU138REB6
DD6l+vLVjj12JNXGPcvCznOSSGfnpGmgT2QhGqTPJcBdr7rgSo9QkItEmV/q/0Pk
JrqrVLCoyX8H5D9LkOkA2ziFliXQJKzMKc1sSzkilCKwc3qljIEDcCcofTTCKZgK
4VSfAMo4sBV1aN+txgcFHBadR17Fhe6rLNUXPtfN1XIShgiv8dSTGrLkrdeuulzE
tVXp1Or+jWIxxXMReCl/M6Mvw3o09Kr79n+d0YwKvvDK4UxeVj/AqkBQMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJF3Ty02Douh/ntfaXhllfnFMrfMMB8GA1UdIwQY
MBaAFBvecK8VNJQ1SUZkis1kEWPirxsdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzk1d3J4VTBsRFZKUm1TS3pXUVJZLUt2R3gwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy8xNDhlY2EtYzM5Zi00NjczLTg4NmYt
ZWNmODIzMDJmNzI2LzEva1hkUExUWU9pNkgtZTE5cGVHV1YtY1V5dDh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy8xNDhlY2EtYzM5Zi00NjczLTg4NmYtZWNmODIzMDJmNzI2
LzEvRzk1d3J4VTBsRFZKUm1TS3pXUVJZLUt2R3gwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwgrMA0G
CSqGSIb3DQEBCwUAA4IBAQCSivG0bwgw+BuP9K7Km9GJSPw5rADFyKnICtICjl14
/WThdmHP4RK8Axsz9duB3ElgbU0h9WEwDbDidO+zm0dNtwPPREECgzpxdP0mJ1UQ
6oeJUoAvHZ3SWB31+7A8pEqthv+BZiksz/Wm4qA/Q0/VnHASsaCXegFoz4wqSGOc
4WRRlQCt44YJIYLVzD1BEoBoBnbUcV76ZdHaQCMKlAO1sKuKbuTTNBAIwpMBSOqr
yJas4asd2b71N/fevEkbYfOazBfvDNf54PkUlE0I6Thax/RyIuiTIX5xqw3oRi79
zO1wtY5dzp0uwxZtd+YArY+hYu5tpgsH0rK5aUyEhfkF
-----END CERTIFICATE-----