Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/12274e-316b-4f3c-8e6c-dcfeb3f10c86/1/RnSlYPtAKmqOgxw0ibpxcDTBDP8.roa
File:                     RnSlYPtAKmqOgxw0ibpxcDTBDP8.roa (raw, json)
Hash identifier:          nPpG6pleThcmIUFYzUWaiqj2aa1FdZVWDsjeG/WWGWs=
Subject key identifier:   46:74:A5:60:FB:40:2A:6A:8E:83:1C:34:89:BA:71:70:34:C1:0C:FF
Certificate issuer:       /CN=292edce09f112ab2d3ffaf4cb2a38eaf1c1af92e
Certificate serial:       018CC5007CD145A5402BE1CA1F68B230DD41
Authority key identifier: 29:2E:DC:E0:9F:11:2A:B2:D3:FF:AF:4C:B2:A3:8E:AF:1C:1A:F9:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KS7c4J8RKrLT_69MsqOOrxwa-S4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/12274e-316b-4f3c-8e6c-dcfeb3f10c86/1/RnSlYPtAKmqOgxw0ibpxcDTBDP8.roa
Signing time:             Mon 01 Jan 2024 12:29:52 +0000
ROA not before:           Mon 01 Jan 2024 12:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        195.60.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/12274e-316b-4f3c-8e6c-dcfeb3f10c86/1/KS7c4J8RKrLT_69MsqOOrxwa-S4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/12274e-316b-4f3c-8e6c-dcfeb3f10c86/1/KS7c4J8RKrLT_69MsqOOrxwa-S4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KS7c4J8RKrLT_69MsqOOrxwa-S4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:7c:d1:45:a5:40:2b:e1:ca:1f:68:b2:30:dd:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=292edce09f112ab2d3ffaf4cb2a38eaf1c1af92e
        Validity
            Not Before: Jan  1 12:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4674a560fb402a6a8e831c3489ba717034c10cff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:f1:2b:90:3e:b6:8e:83:70:84:69:38:6b:b8:
                    3d:dc:3d:8f:ad:6f:40:86:d6:5a:8f:aa:39:8f:35:
                    3b:6c:f9:47:68:dd:7d:10:90:fd:e2:a1:c9:4f:95:
                    df:cf:4c:8c:fe:c0:03:6a:66:6c:54:18:60:ab:c4:
                    a2:8b:90:a8:b8:b9:73:3d:06:df:01:38:85:dd:e0:
                    b5:3f:da:31:13:a6:a7:c9:11:54:6c:8f:03:10:85:
                    9d:81:69:e8:a6:e0:c8:4a:44:be:14:5b:79:3f:04:
                    14:a4:c9:41:77:b2:a7:41:9d:e9:43:7f:21:71:8a:
                    28:43:0a:32:11:37:36:cf:a2:58:70:0b:10:9d:a5:
                    11:97:50:2f:3b:76:23:1d:46:84:7f:07:e8:97:bd:
                    d4:6d:04:85:41:08:62:2f:79:ff:01:56:f4:39:e6:
                    42:21:b4:74:65:0e:ca:5f:fb:cb:60:ed:48:cc:d5:
                    86:a4:0d:87:5d:fa:e2:0d:83:20:01:42:bb:a4:1a:
                    8a:61:76:e9:82:19:87:55:d6:61:e7:0f:91:ea:44:
                    53:10:95:7f:32:36:d9:c1:56:cb:8a:15:3d:76:fd:
                    70:f2:3d:c5:9a:03:29:3f:94:5a:c6:d6:6f:ef:62:
                    93:d9:42:21:8b:9c:bb:31:3f:34:49:9f:74:47:87:
                    28:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:74:A5:60:FB:40:2A:6A:8E:83:1C:34:89:BA:71:70:34:C1:0C:FF
            X509v3 Authority Key Identifier:
                keyid:29:2E:DC:E0:9F:11:2A:B2:D3:FF:AF:4C:B2:A3:8E:AF:1C:1A:F9:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KS7c4J8RKrLT_69MsqOOrxwa-S4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/12274e-316b-4f3c-8e6c-dcfeb3f10c86/1/RnSlYPtAKmqOgxw0ibpxcDTBDP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/12274e-316b-4f3c-8e6c-dcfeb3f10c86/1/KS7c4J8RKrLT_69MsqOOrxwa-S4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.60.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:69:d2:21:80:98:03:1c:bf:ce:a6:3c:2c:1a:dc:fa:3a:f0:
         e9:c8:7c:a8:dc:12:35:54:f3:d0:55:f3:ef:86:2f:5f:23:4f:
         3a:60:d0:f5:1a:75:66:9b:f6:78:41:57:e1:58:0f:3d:3e:6f:
         49:21:8c:38:33:55:a4:5c:37:da:73:65:da:a2:45:da:0b:05:
         d2:27:8e:41:4e:17:c1:e1:98:e9:9a:49:4a:f9:59:53:bf:8f:
         44:9a:6b:65:fe:fa:d9:67:67:de:b3:98:1d:e4:b7:42:8c:96:
         03:a9:24:5e:ce:09:3a:5c:39:af:20:54:9a:28:b1:7d:6c:7b:
         91:b9:b0:8b:61:b9:a9:da:f2:03:51:b1:3c:41:33:d7:d3:89:
         c0:c3:18:f3:0d:90:1a:de:24:6b:45:e1:6a:8b:13:f6:d7:da:
         79:f6:c7:af:45:c2:67:01:1d:be:02:1e:22:ed:79:08:73:63:
         f3:a8:4f:11:8b:63:9f:9f:8e:fe:72:fc:2d:f7:09:44:33:58:
         0e:30:f9:cf:3d:f9:0d:dc:37:e1:aa:47:b0:6e:f9:ce:04:49:
         40:b3:84:70:e1:a4:47:3a:f9:45:64:48:7c:be:4e:3a:58:69:
         1f:bd:af:6d:9b:6a:ad:a5:39:71:f8:3d:a2:86:07:12:0f:b6:
         7c:25:22:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAHzRRaVAK+HKH2iyMN1BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MmVkY2UwOWYxMTJhYjJkM2ZmYWY0Y2IyYTM4ZWFmMWMx
YWY5MmUwHhcNMjQwMTAxMTIyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Njc0YTU2MGZiNDAyYTZhOGU4MzFjMzQ4OWJhNzE3MDM0YzEwY2ZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfErkD62joNwhGk4a7g93D2PrW9A
htZaj6o5jzU7bPlHaN19EJD94qHJT5Xfz0yM/sADamZsVBhgq8Sii5CouLlzPQbf
ATiF3eC1P9oxE6anyRFUbI8DEIWdgWnopuDISkS+FFt5PwQUpMlBd7KnQZ3pQ38h
cYooQwoyETc2z6JYcAsQnaURl1AvO3YjHUaEfwfol73UbQSFQQhiL3n/AVb0OeZC
IbR0ZQ7KX/vLYO1IzNWGpA2HXfriDYMgAUK7pBqKYXbpghmHVdZh5w+R6kRTEJV/
MjbZwVbLihU9dv1w8j3FmgMpP5RaxtZv72KT2UIhi5y7MT80SZ90R4coMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEZ0pWD7QCpqjoMcNIm6cXA0wQz/MB8GA1UdIwQY
MBaAFCku3OCfESqy0/+vTLKjjq8cGvkuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1M3YzRKOFJLckxUXzY5TXNxT09yeHdhLVM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8xMjI3NGUtMzE2Yi00ZjNjLThlNmMt
ZGNmZWIzZjEwYzg2LzEvUm5TbFlQdEFLbXFPZ3h3MGlicHhjRFRCRFA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS8xMjI3NGUtMzE2Yi00ZjNjLThlNmMtZGNmZWIzZjEwYzg2
LzEvS1M3YzRKOFJLckxUXzY5TXNxT09yeHdhLVM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwzxWMA0G
CSqGSIb3DQEBCwUAA4IBAQBdadIhgJgDHL/OpjwsGtz6OvDpyHyo3BI1VPPQVfPv
hi9fI086YND1GnVmm/Z4QVfhWA89Pm9JIYw4M1WkXDfac2XaokXaCwXSJ45BThfB
4ZjpmklK+VlTv49Emmtl/vrZZ2fes5gd5LdCjJYDqSRezgk6XDmvIFSaKLF9bHuR
ubCLYbmp2vIDUbE8QTPX04nAwxjzDZAa3iRrReFqixP219p59sevRcJnAR2+Ah4i
7XkIc2PzqE8Ri2Ofn47+cvwt9wlEM1gOMPnPPfkN3DfhqkewbvnOBElAs4Rw4aRH
OvlFZEh8vk46WGkfva9tm2qtpTlx+D2ihgcSD7Z8JSJP
-----END CERTIFICATE-----