Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/43c451-e4e9-4859-b985-2d9df4ef5f50/1/zD6mW9ybAuJJLOo1VDLuqLqqZ2I.roa
File:                     zD6mW9ybAuJJLOo1VDLuqLqqZ2I.roa (raw, json)
Hash identifier:          jsrTajcYiWS9v+IrS0azpIUIvvi2tyyM3RZH9wopo14=
Subject key identifier:   CC:3E:A6:5B:DC:9B:02:E2:49:2C:EA:35:54:32:EE:A8:BA:AA:67:62
Certificate issuer:       /CN=d538d7726a5f1f33da15d87e5c8b0e48f50281bf
Certificate serial:       018CC9BCD5C363DCDC3932E5BDACB5116C90
Authority key identifier: D5:38:D7:72:6A:5F:1F:33:DA:15:D8:7E:5C:8B:0E:48:F5:02:81:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1TjXcmpfHzPaFdh-XIsOSPUCgb8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/43c451-e4e9-4859-b985-2d9df4ef5f50/1/zD6mW9ybAuJJLOo1VDLuqLqqZ2I.roa
Signing time:             Tue 02 Jan 2024 10:34:05 +0000
ROA not before:           Tue 02 Jan 2024 10:34:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        195.88.246.0/24 maxlen: 24
                          195.88.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/43c451-e4e9-4859-b985-2d9df4ef5f50/1/1TjXcmpfHzPaFdh-XIsOSPUCgb8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/43c451-e4e9-4859-b985-2d9df4ef5f50/1/1TjXcmpfHzPaFdh-XIsOSPUCgb8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1TjXcmpfHzPaFdh-XIsOSPUCgb8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 04:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:d5:c3:63:dc:dc:39:32:e5:bd:ac:b5:11:6c:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d538d7726a5f1f33da15d87e5c8b0e48f50281bf
        Validity
            Not Before: Jan  2 10:34:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc3ea65bdc9b02e2492cea355432eea8baaa6762
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ea:d8:2e:bd:77:9b:1a:86:e4:04:39:68:8a:
                    fb:79:45:46:ba:09:63:d9:2b:f2:2f:21:9b:73:37:
                    a4:41:09:18:32:3f:a8:84:05:a1:03:b2:87:8a:58:
                    c8:7e:66:b5:f1:85:99:5e:92:49:1d:f2:c2:50:9f:
                    7b:37:1f:b3:6d:f5:e3:27:7f:2b:03:db:01:a5:cf:
                    53:8c:f3:27:b9:44:d0:af:55:13:e2:15:ad:5c:bc:
                    59:37:b9:ce:8a:84:84:1a:e2:31:da:61:8d:7b:48:
                    07:eb:cc:05:30:5e:7c:da:df:59:41:d7:05:ba:32:
                    b6:13:e4:97:ef:ac:88:42:3f:31:9d:2f:b5:b8:f9:
                    18:8b:9c:6a:21:22:65:ce:d8:97:f4:66:6e:61:ec:
                    c0:21:89:61:7e:c8:e8:1d:eb:5a:52:47:bb:50:f1:
                    20:5f:9d:fb:04:33:56:3d:34:b8:df:a3:03:b1:02:
                    0e:5d:4a:32:b5:73:62:eb:92:d2:55:21:23:6c:f3:
                    8f:38:24:bf:d6:73:04:60:2e:fa:e0:45:1e:76:93:
                    58:50:48:e7:2c:4b:85:72:ef:57:24:35:f7:ca:8c:
                    d6:7d:0a:48:37:d9:99:78:76:87:c3:51:64:7d:78:
                    10:6d:37:8f:da:b0:b6:25:e3:d4:8e:4d:d5:85:85:
                    e0:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:3E:A6:5B:DC:9B:02:E2:49:2C:EA:35:54:32:EE:A8:BA:AA:67:62
            X509v3 Authority Key Identifier:
                keyid:D5:38:D7:72:6A:5F:1F:33:DA:15:D8:7E:5C:8B:0E:48:F5:02:81:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1TjXcmpfHzPaFdh-XIsOSPUCgb8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/43c451-e4e9-4859-b985-2d9df4ef5f50/1/zD6mW9ybAuJJLOo1VDLuqLqqZ2I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/43c451-e4e9-4859-b985-2d9df4ef5f50/1/1TjXcmpfHzPaFdh-XIsOSPUCgb8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1c:9f:5f:d4:e1:29:18:1b:eb:60:2b:ed:b4:27:6c:23:bd:25:
         e5:3c:0f:11:89:3b:22:ba:cc:10:02:89:f9:a7:1b:f5:e1:a2:
         53:38:5a:f7:9d:8d:55:72:c1:59:7c:7a:83:fe:fe:26:7b:5e:
         66:0a:9b:90:cb:68:8d:9a:9f:91:40:7a:ad:8d:6a:f5:3e:e6:
         30:77:47:9c:22:45:05:0a:08:6e:cb:a2:74:3a:ff:21:bd:26:
         88:49:64:4a:7d:c2:8e:7a:a1:be:1e:f9:13:94:44:bd:4d:3f:
         5b:e6:7a:10:58:a8:f8:b3:ca:5c:c9:ed:c4:2d:34:a9:ed:79:
         7b:9a:67:70:98:aa:99:77:3b:a7:a1:7a:59:31:cd:25:95:5c:
         f4:a5:d9:fe:65:8e:b0:e1:14:47:d7:99:06:ee:01:6b:93:5e:
         93:33:76:01:41:cc:81:d2:a8:8a:58:53:68:08:4a:da:0c:b6:
         77:5f:2e:76:bc:a0:b0:8c:96:13:24:55:85:dc:92:dd:ee:fb:
         52:49:92:88:81:6b:40:4e:bb:22:6d:41:b6:e6:7e:b6:c4:05:
         f6:f4:ce:29:db:b3:ae:5e:73:61:17:05:71:5f:43:e8:7a:d4:
         42:d6:18:2a:25:13:31:55:47:bb:ea:1c:cb:f4:bb:38:d8:b1:
         82:8c:41:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvNXDY9zcOTLlvay1EWyQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1MzhkNzcyNmE1ZjFmMzNkYTE1ZDg3ZTVjOGIwZTQ4ZjUw
MjgxYmYwHhcNMjQwMTAyMTAzNDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzNlYTY1YmRjOWIwMmUyNDkyY2VhMzU1NDMyZWVhOGJhYWE2NzYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+rYLr13mxqG5AQ5aIr7eUVGuglj
2SvyLyGbczekQQkYMj+ohAWhA7KHiljIfma18YWZXpJJHfLCUJ97Nx+zbfXjJ38r
A9sBpc9TjPMnuUTQr1UT4hWtXLxZN7nOioSEGuIx2mGNe0gH68wFMF582t9ZQdcF
ujK2E+SX76yIQj8xnS+1uPkYi5xqISJlztiX9GZuYezAIYlhfsjoHetaUke7UPEg
X537BDNWPTS436MDsQIOXUoytXNi65LSVSEjbPOPOCS/1nMEYC764EUedpNYUEjn
LEuFcu9XJDX3yozWfQpIN9mZeHaHw1FkfXgQbTeP2rC2JePUjk3VhYXgdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMw+plvcmwLiSSzqNVQy7qi6qmdiMB8GA1UdIwQY
MBaAFNU413JqXx8z2hXYflyLDkj1AoG/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVRqWGNtcGZIelBhRmRoLVhJc09TUFVDZ2I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC80M2M0NTEtZTRlOS00ODU5LWI5ODUt
MmQ5ZGY0ZWY1ZjUwLzEvekQ2bVc5eWJBdUpKTE9vMVZETHVxTHFxWjJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC80M2M0NTEtZTRlOS00ODU5LWI5ODUtMmQ5ZGY0ZWY1ZjUw
LzEvMVRqWGNtcGZIelBhRmRoLVhJc09TUFVDZ2I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw1j2MA0G
CSqGSIb3DQEBCwUAA4IBAQAcn1/U4SkYG+tgK+20J2wjvSXlPA8RiTsiuswQAon5
pxv14aJTOFr3nY1VcsFZfHqD/v4me15mCpuQy2iNmp+RQHqtjWr1PuYwd0ecIkUF
Cghuy6J0Ov8hvSaISWRKfcKOeqG+HvkTlES9TT9b5noQWKj4s8pcye3ELTSp7Xl7
mmdwmKqZdzunoXpZMc0llVz0pdn+ZY6w4RRH15kG7gFrk16TM3YBQcyB0qiKWFNo
CEraDLZ3Xy52vKCwjJYTJFWF3JLd7vtSSZKIgWtATrsibUG25n62xAX29M4p27Ou
XnNhFwVxX0PoetRC1hgqJRMxVUe76hzL9Ls42LGCjEEf
-----END CERTIFICATE-----