Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/4a0237-836b-4596-849e-2d423b81df1c/1/w7W-sGG4J0pk7Vp5XIeBttxqUKE.roa
File:                     w7W-sGG4J0pk7Vp5XIeBttxqUKE.roa (raw, json)
Hash identifier:          /4wTCmv7rAWAlFIPvWeJRH3wIxq2LZ4FUaESrnGpC/4=
Subject key identifier:   C3:B5:BE:B0:61:B8:27:4A:64:ED:5A:79:5C:87:81:B6:DC:6A:50:A1
Certificate issuer:       /CN=0648a991805f93d24bbe1edb3e961f5a1d25b248
Certificate serial:       018CC49362A66FEB95490084D71B9F046A11
Authority key identifier: 06:48:A9:91:80:5F:93:D2:4B:BE:1E:DB:3E:96:1F:5A:1D:25:B2:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BkipkYBfk9JLvh7bPpYfWh0lskg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/4a0237-836b-4596-849e-2d423b81df1c/1/w7W-sGG4J0pk7Vp5XIeBttxqUKE.roa
Signing time:             Mon 01 Jan 2024 10:30:42 +0000
ROA not before:           Mon 01 Jan 2024 10:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211409
IP address blocks:        195.20.16.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/4a0237-836b-4596-849e-2d423b81df1c/1/BkipkYBfk9JLvh7bPpYfWh0lskg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/4a0237-836b-4596-849e-2d423b81df1c/1/BkipkYBfk9JLvh7bPpYfWh0lskg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BkipkYBfk9JLvh7bPpYfWh0lskg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 15:21:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:62:a6:6f:eb:95:49:00:84:d7:1b:9f:04:6a:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0648a991805f93d24bbe1edb3e961f5a1d25b248
        Validity
            Not Before: Jan  1 10:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3b5beb061b8274a64ed5a795c8781b6dc6a50a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:c6:41:54:d4:9b:e4:98:85:b0:3b:3e:76:d6:
                    08:91:08:ea:13:5e:54:48:27:16:f6:25:2f:71:55:
                    91:0f:fc:26:a9:5c:d7:7f:f3:b9:ae:74:dc:d3:9f:
                    ad:b7:97:02:fe:58:2f:4a:be:2c:35:44:17:4b:97:
                    33:39:ba:b3:4a:e4:f2:3f:95:b3:d6:17:01:9b:b2:
                    b3:5d:6f:0a:cf:50:9b:90:62:80:e7:a4:4f:18:ab:
                    8b:ee:ec:af:7b:27:f1:78:5d:3e:24:01:51:ad:2f:
                    fe:5a:7b:65:1b:80:37:c9:a7:ba:dc:69:70:12:c0:
                    5c:19:cb:ad:82:ad:70:4f:b0:9f:aa:21:0a:7d:89:
                    b3:18:9e:a2:b1:66:24:57:6e:1f:2f:0d:19:98:76:
                    1b:80:ba:17:d1:f4:f2:ab:f9:93:9c:09:e6:24:ef:
                    40:bd:dc:7b:e3:75:32:66:64:31:db:5d:6a:ff:67:
                    8c:35:b8:90:29:76:e2:07:b0:78:07:fc:f1:a8:b3:
                    b5:c2:fb:06:ab:61:11:8c:b3:3a:dd:67:b9:ad:16:
                    c3:f1:9e:f7:7e:2e:bd:1f:de:79:cd:a4:dd:d1:54:
                    7d:98:e5:1b:f9:d7:f8:4d:c0:f9:8b:73:a9:21:95:
                    ba:fc:96:02:38:82:9d:dd:61:69:60:de:32:ab:ae:
                    fe:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:B5:BE:B0:61:B8:27:4A:64:ED:5A:79:5C:87:81:B6:DC:6A:50:A1
            X509v3 Authority Key Identifier:
                keyid:06:48:A9:91:80:5F:93:D2:4B:BE:1E:DB:3E:96:1F:5A:1D:25:B2:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BkipkYBfk9JLvh7bPpYfWh0lskg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/4a0237-836b-4596-849e-2d423b81df1c/1/w7W-sGG4J0pk7Vp5XIeBttxqUKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/4a0237-836b-4596-849e-2d423b81df1c/1/BkipkYBfk9JLvh7bPpYfWh0lskg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.20.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:1a:c5:b8:a8:f1:ef:a2:32:7e:cc:ef:f0:c9:57:ab:2a:15:
         03:7c:b3:d8:a1:43:07:1d:b9:3a:21:4b:18:b1:6e:fc:22:e9:
         6f:87:91:af:04:59:c1:03:08:de:13:64:d3:ea:32:ac:52:39:
         31:9d:93:81:b4:bd:f9:89:cb:e9:57:9b:84:5a:ba:38:07:96:
         4e:40:b9:2e:b6:c1:49:89:1d:81:3f:8a:44:eb:63:5b:7b:02:
         e8:e9:27:cf:c9:78:94:09:52:a1:6a:17:c4:7f:91:e4:72:9b:
         d4:c9:1b:08:a1:e2:3c:c1:09:b0:a0:da:ce:18:20:2f:18:47:
         d8:f0:84:dc:30:85:a7:25:df:a9:f5:29:e9:0d:34:24:6a:a3:
         8a:f6:b1:df:44:a6:a3:46:61:ee:58:45:82:76:f1:d6:ae:c8:
         f9:51:73:28:aa:6d:ed:bf:1c:e4:35:5a:4b:23:10:f6:b3:dc:
         66:3b:74:9b:9f:09:bb:b8:df:91:ad:32:fc:36:52:8a:1d:8c:
         4c:f4:36:87:0a:5f:60:ba:cb:a2:a2:27:36:1e:31:7d:49:37:
         6d:18:1a:96:cf:db:af:7e:46:f3:f9:49:2a:21:96:aa:c0:13:
         31:b5:f9:ab:9a:aa:4a:2f:6d:2e:81:32:41:31:b6:4d:35:67:
         51:cc:3e:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk2Kmb+uVSQCE1xufBGoRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NDhhOTkxODA1ZjkzZDI0YmJlMWVkYjNlOTYxZjVhMWQy
NWIyNDgwHhcNMjQwMTAxMTAzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2I1YmViMDYxYjgyNzRhNjRlZDVhNzk1Yzg3ODFiNmRjNmE1MGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqsZBVNSb5JiFsDs+dtYIkQjqE15U
SCcW9iUvcVWRD/wmqVzXf/O5rnTc05+tt5cC/lgvSr4sNUQXS5czObqzSuTyP5Wz
1hcBm7KzXW8Kz1CbkGKA56RPGKuL7uyveyfxeF0+JAFRrS/+WntlG4A3yae63Glw
EsBcGcutgq1wT7CfqiEKfYmzGJ6isWYkV24fLw0ZmHYbgLoX0fTyq/mTnAnmJO9A
vdx743UyZmQx211q/2eMNbiQKXbiB7B4B/zxqLO1wvsGq2ERjLM63We5rRbD8Z73
fi69H955zaTd0VR9mOUb+df4TcD5i3OpIZW6/JYCOIKd3WFpYN4yq67+4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMO1vrBhuCdKZO1aeVyHgbbcalChMB8GA1UdIwQY
MBaAFAZIqZGAX5PSS74e2z6WH1odJbJIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmtpcGtZQmZrOUpMdmg3YlBwWWZXaDBsc2tnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC80YTAyMzctODM2Yi00NTk2LTg0OWUt
MmQ0MjNiODFkZjFjLzEvdzdXLXNHRzRKMHBrN1ZwNVhJZUJ0dHhxVUtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC80YTAyMzctODM2Yi00NTk2LTg0OWUtMmQ0MjNiODFkZjFj
LzEvQmtpcGtZQmZrOUpMdmg3YlBwWWZXaDBsc2tnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxQQMA0G
CSqGSIb3DQEBCwUAA4IBAQCSGsW4qPHvojJ+zO/wyVerKhUDfLPYoUMHHbk6IUsY
sW78Iulvh5GvBFnBAwjeE2TT6jKsUjkxnZOBtL35icvpV5uEWro4B5ZOQLkutsFJ
iR2BP4pE62NbewLo6SfPyXiUCVKhahfEf5HkcpvUyRsIoeI8wQmwoNrOGCAvGEfY
8ITcMIWnJd+p9SnpDTQkaqOK9rHfRKajRmHuWEWCdvHWrsj5UXMoqm3tvxzkNVpL
IxD2s9xmO3Sbnwm7uN+RrTL8NlKKHYxM9DaHCl9gusuioic2HjF9STdtGBqWz9uv
fkbz+UkqIZaqwBMxtfmrmqpKL20ugTJBMbZNNWdRzD6w
-----END CERTIFICATE-----