Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/hyAbQWpFE72UumylCjanfL2JRQc.roa
File:                     hyAbQWpFE72UumylCjanfL2JRQc.roa (raw, json)
Hash identifier:          +dy7aFKe3JUGrvqkUZR+RjP3fCNlYqwq+Y6hFg0Nbhs=
Subject key identifier:   87:20:1B:41:6A:45:13:BD:94:BA:6C:A5:0A:36:A7:7C:BD:89:45:07
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       018CC802046A5CCBA25C9A69234BB079D8C3
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/hyAbQWpFE72UumylCjanfL2JRQc.roa
Signing time:             Tue 02 Jan 2024 02:30:24 +0000
ROA not before:           Tue 02 Jan 2024 02:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34291
IP address blocks:        195.54.10.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:04:6a:5c:cb:a2:5c:9a:69:23:4b:b0:79:d8:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Jan  2 02:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87201b416a4513bd94ba6ca50a36a77cbd894507
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:b5:36:ca:8c:cd:cf:5a:c8:58:78:91:b5:86:
                    3f:b2:cf:60:1a:60:5a:1b:4d:e2:e3:8b:1f:26:4d:
                    ae:d8:c0:80:5a:bf:fc:8b:89:08:5f:dd:8f:99:68:
                    e2:5e:64:a7:d6:85:ea:b0:43:28:0c:be:83:18:ee:
                    7a:4d:63:77:b2:07:64:c7:37:de:47:9f:77:9a:8e:
                    a4:f1:e0:2f:46:55:e4:89:72:a6:ab:52:62:13:9d:
                    7c:ce:ed:06:43:da:c3:49:d9:18:75:cb:81:2e:53:
                    ab:72:7d:06:3f:09:39:bc:6f:c4:09:7c:7b:53:02:
                    49:9a:8f:99:bc:5a:49:2c:6d:b4:93:97:6b:8f:a7:
                    c2:44:79:17:24:b8:31:e1:26:67:ec:6b:d2:de:ae:
                    5a:e8:a6:46:ec:45:f5:6a:ec:fe:ba:0c:90:5c:ae:
                    cc:ca:cb:fc:58:be:00:9f:f8:c2:dc:f6:ad:a4:03:
                    d3:70:ec:b8:0e:19:bf:90:30:3e:f3:66:1f:f5:0f:
                    99:c6:75:bc:ea:df:09:50:76:fb:ab:86:0e:3f:8b:
                    27:ae:87:32:db:af:b8:13:79:d9:9b:cb:84:26:d0:
                    02:b4:93:25:3f:0e:f4:3c:7d:2c:c9:8c:98:9e:e0:
                    a7:03:53:b1:ca:ec:45:59:c3:97:aa:8b:d3:fb:fa:
                    8f:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:20:1B:41:6A:45:13:BD:94:BA:6C:A5:0A:36:A7:7C:BD:89:45:07
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/hyAbQWpFE72UumylCjanfL2JRQc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.54.10.0/23

    Signature Algorithm: sha256WithRSAEncryption
         56:6e:f7:07:dc:f1:c1:69:73:fc:4d:30:1e:77:f1:a3:0e:7e:
         99:fb:02:06:a3:d7:4a:21:c9:32:a2:6f:21:ca:d8:57:e9:a4:
         8d:b2:0a:57:93:cf:f2:af:8a:2b:90:04:4e:00:b4:89:32:4d:
         b2:1c:ef:b1:eb:16:4a:30:19:12:65:27:9a:40:9f:3d:47:46:
         65:af:7f:49:21:b5:7f:ca:40:a2:30:ba:0b:6e:93:bb:c2:86:
         f2:c7:15:15:ca:57:d2:94:23:7b:f7:80:c7:41:5e:8c:e6:08:
         88:db:c3:a3:49:72:86:32:5a:66:99:d3:31:e4:ae:8f:aa:d6:
         47:5c:6c:e9:20:b9:f8:bd:9c:52:f3:bf:ba:65:e1:3c:25:4b:
         f8:9b:9c:81:a1:34:80:b4:9a:eb:76:6d:ee:cc:93:e1:94:05:
         bd:57:a0:69:f4:db:cf:85:2e:db:ff:fc:bb:b4:62:cb:22:7c:
         b0:8d:61:51:3e:82:28:96:16:65:9b:d8:cb:a9:a6:90:93:1c:
         cc:1d:af:5a:9d:00:ce:04:38:07:3f:71:70:f2:26:6d:96:b6:
         e2:b8:16:1e:07:51:fa:1a:c4:00:0e:32:37:07:79:19:9b:a1:
         ba:55:bb:1c:e0:fb:9c:50:3c:33:de:5c:87:09:41:38:15:91:
         14:28:7b:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAgRqXMuiXJppI0uwedjDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQwMTAyMDIzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzIwMWI0MTZhNDUxM2JkOTRiYTZjYTUwYTM2YTc3Y2JkODk0NTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlrU2yozNz1rIWHiRtYY/ss9gGmBa
G03i44sfJk2u2MCAWr/8i4kIX92PmWjiXmSn1oXqsEMoDL6DGO56TWN3sgdkxzfe
R593mo6k8eAvRlXkiXKmq1JiE518zu0GQ9rDSdkYdcuBLlOrcn0GPwk5vG/ECXx7
UwJJmo+ZvFpJLG20k5drj6fCRHkXJLgx4SZn7GvS3q5a6KZG7EX1auz+ugyQXK7M
ysv8WL4An/jC3PatpAPTcOy4Dhm/kDA+82Yf9Q+ZxnW86t8JUHb7q4YOP4snrocy
26+4E3nZm8uEJtACtJMlPw70PH0syYyYnuCnA1OxyuxFWcOXqovT+/qP4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIcgG0FqRRO9lLpspQo2p3y9iUUHMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvaHlBYlFXcEZFNzJVdW15bENqYW5mTDJKUlFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwzYKMA0G
CSqGSIb3DQEBCwUAA4IBAQBWbvcH3PHBaXP8TTAed/GjDn6Z+wIGo9dKIckyom8h
ythX6aSNsgpXk8/yr4orkAROALSJMk2yHO+x6xZKMBkSZSeaQJ89R0Zlr39JIbV/
ykCiMLoLbpO7wobyxxUVylfSlCN794DHQV6M5giI28OjSXKGMlpmmdMx5K6PqtZH
XGzpILn4vZxS87+6ZeE8JUv4m5yBoTSAtJrrdm3uzJPhlAW9V6Bp9NvPhS7b//y7
tGLLInywjWFRPoIolhZlm9jLqaaQkxzMHa9anQDOBDgHP3Fw8iZtlrbiuBYeB1H6
GsQADjI3B3kZm6G6Vbsc4PucUDwz3lyHCUE4FZEUKHsq
-----END CERTIFICATE-----