Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/1d0171-3307-4531-a73a-146a69b6d8e4/1/9eauA3df97NwCC5fhOP1_2AH-4c.roa
File:                     9eauA3df97NwCC5fhOP1_2AH-4c.roa (raw, json)
Hash identifier:          q3qgChNUxj2AgSjAYWBwdTUjU5yOmc+Ood8C6is6khg=
Subject key identifier:   F5:E6:AE:03:77:5F:F7:B3:70:08:2E:5F:84:E3:F5:FF:60:07:FB:87
Certificate issuer:       /CN=b5a263d18eb5c540f7478825bb72efac6f28f82b
Certificate serial:       018CC56EF05BB56E0781CA7CA226AC92CCC1
Authority key identifier: B5:A2:63:D1:8E:B5:C5:40:F7:47:88:25:BB:72:EF:AC:6F:28:F8:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/taJj0Y61xUD3R4glu3LvrG8o-Cs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/1d0171-3307-4531-a73a-146a69b6d8e4/1/9eauA3df97NwCC5fhOP1_2AH-4c.roa
Signing time:             Mon 01 Jan 2024 14:30:31 +0000
ROA not before:           Mon 01 Jan 2024 14:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12779
IP address blocks:        195.74.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/1d0171-3307-4531-a73a-146a69b6d8e4/1/taJj0Y61xUD3R4glu3LvrG8o-Cs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/1d0171-3307-4531-a73a-146a69b6d8e4/1/taJj0Y61xUD3R4glu3LvrG8o-Cs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/taJj0Y61xUD3R4glu3LvrG8o-Cs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:f0:5b:b5:6e:07:81:ca:7c:a2:26:ac:92:cc:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5a263d18eb5c540f7478825bb72efac6f28f82b
        Validity
            Not Before: Jan  1 14:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5e6ae03775ff7b370082e5f84e3f5ff6007fb87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:cb:a3:88:e6:95:6f:87:00:86:66:b0:d7:18:
                    81:b7:0a:33:5b:92:b8:60:22:1e:20:c1:6f:c3:53:
                    ef:a0:4a:5d:e9:36:56:ed:a6:05:a4:9d:c7:b7:5e:
                    69:4a:19:6a:29:e6:32:93:12:b5:06:76:93:40:88:
                    05:4d:6d:09:20:6c:b5:3f:50:4a:3e:1a:93:f4:f4:
                    46:dc:09:1c:b8:5d:11:18:2f:0e:4c:ef:36:16:fe:
                    4e:41:81:a3:c8:45:06:5c:f2:7b:92:15:b4:9f:01:
                    64:4d:4c:84:9a:c6:d6:13:70:ba:3f:f3:26:da:b2:
                    9c:37:ef:a9:d2:29:7f:7a:8e:37:9e:26:06:07:bf:
                    68:0a:34:16:ee:7c:9b:c4:19:eb:fc:9a:0a:9b:65:
                    e3:66:9d:e7:25:97:9b:03:24:2c:be:92:04:17:5a:
                    4c:fa:0a:0c:7d:db:b6:8a:c5:c7:d1:30:f0:01:e0:
                    86:eb:b0:66:7b:95:5f:fb:9a:12:63:80:8a:92:e8:
                    22:6e:63:d3:98:10:93:9c:0b:f6:67:31:58:b1:07:
                    26:bf:f8:f9:f1:39:62:b1:cb:e8:7f:fd:c0:eb:12:
                    20:9a:1f:4c:5a:68:ee:e4:a4:61:37:28:59:1d:42:
                    fb:b8:e9:ee:d1:0c:32:75:b5:c2:3d:1f:c7:f4:8f:
                    5b:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:E6:AE:03:77:5F:F7:B3:70:08:2E:5F:84:E3:F5:FF:60:07:FB:87
            X509v3 Authority Key Identifier:
                keyid:B5:A2:63:D1:8E:B5:C5:40:F7:47:88:25:BB:72:EF:AC:6F:28:F8:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/taJj0Y61xUD3R4glu3LvrG8o-Cs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1d0171-3307-4531-a73a-146a69b6d8e4/1/9eauA3df97NwCC5fhOP1_2AH-4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1d0171-3307-4531-a73a-146a69b6d8e4/1/taJj0Y61xUD3R4glu3LvrG8o-Cs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.74.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d5:14:17:bf:4e:7d:ef:69:0c:88:34:45:c1:66:e9:dd:34:6e:
         ab:dd:a0:a0:f4:e1:59:74:23:1b:0b:39:26:d4:60:2e:f5:a2:
         51:51:a3:4e:07:51:1f:41:ad:55:6c:7f:94:33:b1:4a:a3:70:
         a2:a8:bb:fe:2f:a6:19:bc:97:be:9f:a9:d4:99:22:d5:51:47:
         e9:d1:da:44:f5:c2:be:55:7f:4a:56:d5:2a:56:3b:0c:54:57:
         bf:7d:f7:f1:03:a3:05:52:91:e3:c4:8a:10:60:22:04:17:ed:
         2e:54:e2:b1:35:9c:6a:a2:44:ba:a0:03:6b:45:4f:19:e2:26:
         63:da:bf:80:a9:af:78:78:dc:2e:0f:ee:d6:e8:de:b7:66:2e:
         29:ec:47:52:cf:f1:e7:0b:33:18:b6:3c:2f:62:34:a7:e4:47:
         a5:88:b5:9e:eb:52:ec:b5:cb:9b:59:f9:52:cd:13:bb:0e:9e:
         69:92:3c:2c:8d:39:1d:c3:dd:db:77:82:0f:65:e8:68:7f:06:
         83:bd:ef:b3:f2:b2:e0:81:e2:22:bf:dd:47:74:ed:b4:d8:de:
         df:cc:c9:c1:53:15:17:96:19:c4:60:a0:5e:80:a3:fe:7b:09:
         97:b2:db:bc:c9:c1:cd:db:6d:03:b6:4d:97:41:49:0c:48:9b:
         c2:f5:3e:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbvBbtW4Hgcp8oiaskszBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1YTI2M2QxOGViNWM1NDBmNzQ3ODgyNWJiNzJlZmFjNmYy
OGY4MmIwHhcNMjQwMTAxMTQzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWU2YWUwMzc3NWZmN2IzNzAwODJlNWY4NGUzZjVmZjYwMDdmYjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzcujiOaVb4cAhmaw1xiBtwozW5K4
YCIeIMFvw1PvoEpd6TZW7aYFpJ3Ht15pShlqKeYykxK1BnaTQIgFTW0JIGy1P1BK
PhqT9PRG3AkcuF0RGC8OTO82Fv5OQYGjyEUGXPJ7khW0nwFkTUyEmsbWE3C6P/Mm
2rKcN++p0il/eo43niYGB79oCjQW7nybxBnr/JoKm2XjZp3nJZebAyQsvpIEF1pM
+goMfdu2isXH0TDwAeCG67Bme5Vf+5oSY4CKkugibmPTmBCTnAv2ZzFYsQcmv/j5
8Tliscvof/3A6xIgmh9MWmju5KRhNyhZHUL7uOnu0QwydbXCPR/H9I9bowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPXmrgN3X/ezcAguX4Tj9f9gB/uHMB8GA1UdIwQY
MBaAFLWiY9GOtcVA90eIJbty76xvKPgrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGFKajBZNjF4VUQzUjRnbHUzTHZyRzhvLUNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC8xZDAxNzEtMzMwNy00NTMxLWE3M2Et
MTQ2YTY5YjZkOGU0LzEvOWVhdUEzZGY5N053Q0M1ZmhPUDFfMkFILTRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC8xZDAxNzEtMzMwNy00NTMxLWE3M2EtMTQ2YTY5YjZkOGU0
LzEvdGFKajBZNjF4VUQzUjRnbHUzTHZyRzhvLUNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0pRMA0G
CSqGSIb3DQEBCwUAA4IBAQDVFBe/Tn3vaQyINEXBZundNG6r3aCg9OFZdCMbCzkm
1GAu9aJRUaNOB1EfQa1VbH+UM7FKo3CiqLv+L6YZvJe+n6nUmSLVUUfp0dpE9cK+
VX9KVtUqVjsMVFe/fffxA6MFUpHjxIoQYCIEF+0uVOKxNZxqokS6oANrRU8Z4iZj
2r+Aqa94eNwuD+7W6N63Zi4p7EdSz/HnCzMYtjwvYjSn5EeliLWe61LstcubWflS
zRO7Dp5pkjwsjTkdw93bd4IPZehofwaDve+z8rLggeIiv91HdO202N7fzMnBUxUX
lhnEYKBegKP+ewmXstu8ycHN220Dtk2XQUkMSJvC9T5u
-----END CERTIFICATE-----