Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/12274e-316b-4f3c-8e6c-dcfeb3f10c86/1/CnKq68azHBrC6SaHqVEGgRLUDwQ.roa
File:                     CnKq68azHBrC6SaHqVEGgRLUDwQ.roa (raw, json)
Hash identifier:          kBe1yvDF1uIbrfeQ5dIHhwfssij3tWOCGbwbidVpRRA=
Subject key identifier:   0A:72:AA:EB:C6:B3:1C:1A:C2:E9:26:87:A9:51:06:81:12:D4:0F:04
Certificate issuer:       /CN=292edce09f112ab2d3ffaf4cb2a38eaf1c1af92e
Certificate serial:       018CC5007BAA6F0E8D6793851DC43F47FF3D
Authority key identifier: 29:2E:DC:E0:9F:11:2A:B2:D3:FF:AF:4C:B2:A3:8E:AF:1C:1A:F9:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KS7c4J8RKrLT_69MsqOOrxwa-S4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/12274e-316b-4f3c-8e6c-dcfeb3f10c86/1/CnKq68azHBrC6SaHqVEGgRLUDwQ.roa
Signing time:             Mon 01 Jan 2024 12:29:52 +0000
ROA not before:           Mon 01 Jan 2024 12:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12658
IP address blocks:        195.60.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/12274e-316b-4f3c-8e6c-dcfeb3f10c86/1/KS7c4J8RKrLT_69MsqOOrxwa-S4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/12274e-316b-4f3c-8e6c-dcfeb3f10c86/1/KS7c4J8RKrLT_69MsqOOrxwa-S4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KS7c4J8RKrLT_69MsqOOrxwa-S4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 18:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:7b:aa:6f:0e:8d:67:93:85:1d:c4:3f:47:ff:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=292edce09f112ab2d3ffaf4cb2a38eaf1c1af92e
        Validity
            Not Before: Jan  1 12:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a72aaebc6b31c1ac2e92687a951068112d40f04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:43:1a:da:35:b7:36:19:a1:77:10:f0:e7:dd:
                    5b:7a:11:f3:5e:ff:5f:61:3d:3e:68:d2:c0:49:ca:
                    0f:66:a2:40:bb:da:e4:80:fd:1c:90:e8:73:96:05:
                    7c:1e:93:56:48:71:0f:66:7e:4e:61:80:ed:e3:31:
                    cd:82:1d:44:32:f6:c8:45:70:d5:17:ed:06:6b:34:
                    fd:78:f1:6c:86:27:c9:0d:23:6e:63:d1:c2:49:0b:
                    b1:05:8a:cb:52:2e:94:86:a4:1d:b9:86:42:78:bb:
                    a6:52:ca:e1:a7:80:59:eb:cd:76:bc:04:59:14:0b:
                    e9:21:cb:64:5e:52:72:46:96:78:d9:97:86:f0:e2:
                    98:25:a4:42:2c:9c:5a:18:ea:51:15:3a:9e:c4:58:
                    83:87:cb:9b:31:c1:85:49:51:72:b6:1d:64:cc:7d:
                    6f:69:d2:1e:40:6c:2b:d8:a3:c7:ee:ae:5e:4c:43:
                    cf:82:2c:a1:c1:55:da:51:36:23:1a:e3:36:4c:5c:
                    bc:0a:ec:a7:cb:3b:7c:1a:ee:63:c3:2e:ea:4f:06:
                    18:dd:19:80:24:f1:42:f9:6e:82:46:78:c6:1e:6f:
                    63:44:c8:e3:0c:40:29:01:64:a4:94:c9:11:3a:7c:
                    8c:bc:64:74:b2:f9:5e:ad:b5:2f:e1:8a:7e:5a:9a:
                    77:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:72:AA:EB:C6:B3:1C:1A:C2:E9:26:87:A9:51:06:81:12:D4:0F:04
            X509v3 Authority Key Identifier:
                keyid:29:2E:DC:E0:9F:11:2A:B2:D3:FF:AF:4C:B2:A3:8E:AF:1C:1A:F9:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KS7c4J8RKrLT_69MsqOOrxwa-S4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/12274e-316b-4f3c-8e6c-dcfeb3f10c86/1/CnKq68azHBrC6SaHqVEGgRLUDwQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/12274e-316b-4f3c-8e6c-dcfeb3f10c86/1/KS7c4J8RKrLT_69MsqOOrxwa-S4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.60.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:c4:db:c8:b7:bb:73:e3:a7:00:68:0f:c6:a5:c6:76:bb:c2:
         ab:04:6b:00:e4:b8:db:00:eb:95:21:0d:fa:c9:9d:b3:da:b3:
         1c:75:28:04:c6:95:63:bc:d1:9b:1c:96:dd:23:01:bb:87:df:
         0c:f7:4a:81:cc:10:e8:7e:80:d7:20:df:ad:5f:46:05:b9:cb:
         cd:0a:f4:5c:bf:58:64:5c:3e:00:00:d2:29:2d:bc:82:ad:24:
         16:81:4b:5b:ad:22:51:3e:52:74:bd:0f:b5:f0:7c:db:44:7f:
         dc:b0:94:b2:56:22:93:2b:99:a6:42:2b:08:f9:80:a7:3a:8f:
         31:2d:c1:77:6d:cc:8b:40:39:b0:c6:7f:27:9c:7f:52:8f:5a:
         91:08:c8:5d:6f:42:f8:67:f4:5c:19:1e:ff:9f:44:94:7d:c7:
         9b:0e:53:1d:c2:ae:7d:0d:a3:27:c7:b4:e4:9d:73:55:62:6f:
         52:9a:0a:96:d7:1a:f2:a1:fe:04:ab:55:b5:ed:2f:d9:f4:fa:
         79:ba:b4:c4:29:a3:ca:d5:b4:5d:52:ae:9c:5b:e4:cc:16:b2:
         66:12:62:51:d3:7a:d2:85:98:90:1a:98:68:6a:bf:c6:04:22:
         8d:2a:47:e0:71:85:ae:d4:e4:1b:52:ff:6b:90:b7:94:1b:a2:
         e0:95:57:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAHuqbw6NZ5OFHcQ/R/89MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MmVkY2UwOWYxMTJhYjJkM2ZmYWY0Y2IyYTM4ZWFmMWMx
YWY5MmUwHhcNMjQwMTAxMTIyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTcyYWFlYmM2YjMxYzFhYzJlOTI2ODdhOTUxMDY4MTEyZDQwZjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EMa2jW3NhmhdxDw591behHzXv9f
YT0+aNLAScoPZqJAu9rkgP0ckOhzlgV8HpNWSHEPZn5OYYDt4zHNgh1EMvbIRXDV
F+0GazT9ePFshifJDSNuY9HCSQuxBYrLUi6UhqQduYZCeLumUsrhp4BZ6812vARZ
FAvpIctkXlJyRpZ42ZeG8OKYJaRCLJxaGOpRFTqexFiDh8ubMcGFSVFyth1kzH1v
adIeQGwr2KPH7q5eTEPPgiyhwVXaUTYjGuM2TFy8Cuynyzt8Gu5jwy7qTwYY3RmA
JPFC+W6CRnjGHm9jRMjjDEApAWSklMkROnyMvGR0svlerbUv4Yp+Wpp3JQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFApyquvGsxwawukmh6lRBoES1A8EMB8GA1UdIwQY
MBaAFCku3OCfESqy0/+vTLKjjq8cGvkuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1M3YzRKOFJLckxUXzY5TXNxT09yeHdhLVM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8xMjI3NGUtMzE2Yi00ZjNjLThlNmMt
ZGNmZWIzZjEwYzg2LzEvQ25LcTY4YXpIQnJDNlNhSHFWRUdnUkxVRHdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS8xMjI3NGUtMzE2Yi00ZjNjLThlNmMtZGNmZWIzZjEwYzg2
LzEvS1M3YzRKOFJLckxUXzY5TXNxT09yeHdhLVM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwzxWMA0G
CSqGSIb3DQEBCwUAA4IBAQCWxNvIt7tz46cAaA/GpcZ2u8KrBGsA5LjbAOuVIQ36
yZ2z2rMcdSgExpVjvNGbHJbdIwG7h98M90qBzBDofoDXIN+tX0YFucvNCvRcv1hk
XD4AANIpLbyCrSQWgUtbrSJRPlJ0vQ+18HzbRH/csJSyViKTK5mmQisI+YCnOo8x
LcF3bcyLQDmwxn8nnH9Sj1qRCMhdb0L4Z/RcGR7/n0SUfcebDlMdwq59DaMnx7Tk
nXNVYm9SmgqW1xryof4Eq1W17S/Z9Pp5urTEKaPK1bRdUq6cW+TMFrJmEmJR03rS
hZiQGphoar/GBCKNKkfgcYWu1OQbUv9rkLeUG6LglVdf
-----END CERTIFICATE-----