Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/sFqD8b6-aftnbmPASbHhTEvz60c.roa
File:                     sFqD8b6-aftnbmPASbHhTEvz60c.roa (raw, json)
Hash identifier:          kOLfxySn0gLz2uvo1vrium/qDqDuSpx0HCn+8U+dFng=
Subject key identifier:   B0:5A:83:F1:BE:BE:69:FB:67:6E:63:C0:49:B1:E1:4C:4B:F3:EB:47
Certificate issuer:       /CN=ed30a131718560a34ab3493884e858ec431f6ad1
Certificate serial:       018D02B9645F388F628FFB86F40039AAB3DA
Authority key identifier: ED:30:A1:31:71:85:60:A3:4A:B3:49:38:84:E8:58:EC:43:1F:6A:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7TChMXGFYKNKs0k4hOhY7EMfatE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/sFqD8b6-aftnbmPASbHhTEvz60c.roa
Signing time:             Sat 13 Jan 2024 12:08:40 +0000
ROA not before:           Sat 13 Jan 2024 12:08:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        194.180.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/7TChMXGFYKNKs0k4hOhY7EMfatE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/7TChMXGFYKNKs0k4hOhY7EMfatE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7TChMXGFYKNKs0k4hOhY7EMfatE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:02:b9:64:5f:38:8f:62:8f:fb:86:f4:00:39:aa:b3:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed30a131718560a34ab3493884e858ec431f6ad1
        Validity
            Not Before: Jan 13 12:08:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b05a83f1bebe69fb676e63c049b1e14c4bf3eb47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:2f:c6:e3:ae:59:71:b2:21:85:0f:83:8d:ce:
                    7d:72:83:e8:91:0a:38:85:6e:af:d6:51:9e:3c:50:
                    b9:73:71:c9:25:0f:84:5e:dc:41:22:94:97:d9:4d:
                    7c:8f:1e:3a:b3:d5:84:9a:02:ac:39:dc:13:59:d9:
                    06:a7:a8:fa:3b:b0:0d:e9:78:ed:90:43:dd:7d:49:
                    78:e7:f1:8a:d9:3a:6d:90:67:d1:6c:5a:8a:3f:43:
                    e6:d5:10:63:d1:4f:48:34:0b:8e:59:06:15:fd:53:
                    78:ac:56:0d:dd:4d:6d:d3:3c:34:2b:b7:a7:c9:bc:
                    46:99:2c:e8:4f:9b:f8:0a:86:c9:b8:06:b6:7e:0d:
                    36:04:2f:89:cb:e5:db:07:32:9b:72:6c:60:14:e3:
                    b0:1e:dd:65:c3:b3:d5:dc:b1:65:27:28:59:5b:e3:
                    9d:6b:4c:97:97:ba:6e:ce:04:86:17:d0:ec:fa:15:
                    80:73:a8:b1:74:dd:a4:16:fd:bc:13:80:3f:18:c4:
                    65:6a:f9:c9:52:c1:07:4b:00:2c:cd:34:98:f8:d7:
                    1b:5a:8c:fd:13:06:bd:60:21:77:30:1a:5a:5d:77:
                    ae:ef:8a:5e:d6:75:26:c2:03:17:4e:1b:63:2b:2d:
                    f6:63:57:78:28:06:aa:e5:24:27:f3:06:74:dd:ea:
                    b1:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:5A:83:F1:BE:BE:69:FB:67:6E:63:C0:49:B1:E1:4C:4B:F3:EB:47
            X509v3 Authority Key Identifier:
                keyid:ED:30:A1:31:71:85:60:A3:4A:B3:49:38:84:E8:58:EC:43:1F:6A:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7TChMXGFYKNKs0k4hOhY7EMfatE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/sFqD8b6-aftnbmPASbHhTEvz60c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/7TChMXGFYKNKs0k4hOhY7EMfatE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.180.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:84:bd:bf:dc:c7:b8:64:01:0c:fe:c5:8e:12:47:98:69:5f:
         7c:3c:ba:4c:ba:6a:fd:ae:5c:99:e7:99:73:68:cb:d3:1e:5d:
         8a:33:73:3a:3a:c3:57:5c:be:bb:46:66:44:5f:08:8d:ca:01:
         f7:be:c8:35:ba:89:57:ef:92:42:8a:48:c6:e8:36:c5:4f:4d:
         18:01:d0:66:8d:6e:12:8c:bf:c8:1e:82:4c:65:56:81:c1:d1:
         8e:ea:9b:bc:9c:e2:cc:34:66:87:ae:ca:aa:f5:47:e0:04:3b:
         48:89:9d:07:53:23:76:85:26:3e:4f:c0:40:ac:46:6c:88:53:
         a6:53:6a:8d:25:50:10:48:5a:53:d5:16:07:58:9d:84:53:05:
         86:ea:16:fb:1d:90:6d:43:d8:c3:8b:47:20:2d:12:e0:25:b5:
         aa:38:d6:ae:c4:ad:d9:c7:b7:be:55:72:58:71:00:89:7b:0b:
         30:53:26:41:f2:60:47:5f:4b:6c:f0:cb:e8:3e:03:71:66:86:
         f8:8f:2d:c6:6d:a8:8d:9b:b3:60:23:1a:d9:97:f3:f3:f4:ee:
         b5:b9:40:0e:98:69:05:0d:25:31:ef:31:73:1c:75:e5:e8:3f:
         ef:ec:6b:5c:95:e3:83:d4:b8:8c:fa:ae:ca:c2:48:38:13:ba:
         e3:a9:0f:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0CuWRfOI9ij/uG9AA5qrPaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkMzBhMTMxNzE4NTYwYTM0YWIzNDkzODg0ZTg1OGVjNDMx
ZjZhZDEwHhcNMjQwMTEzMTIwODQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDVhODNmMWJlYmU2OWZiNjc2ZTYzYzA0OWIxZTE0YzRiZjNlYjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjC/G465ZcbIhhQ+Djc59coPokQo4
hW6v1lGePFC5c3HJJQ+EXtxBIpSX2U18jx46s9WEmgKsOdwTWdkGp6j6O7AN6Xjt
kEPdfUl45/GK2TptkGfRbFqKP0Pm1RBj0U9INAuOWQYV/VN4rFYN3U1t0zw0K7en
ybxGmSzoT5v4CobJuAa2fg02BC+Jy+XbBzKbcmxgFOOwHt1lw7PV3LFlJyhZW+Od
a0yXl7puzgSGF9Ds+hWAc6ixdN2kFv28E4A/GMRlavnJUsEHSwAszTSY+NcbWoz9
Ewa9YCF3MBpaXXeu74pe1nUmwgMXThtjKy32Y1d4KAaq5SQn8wZ03eqx6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLBag/G+vmn7Z25jwEmx4UxL8+tHMB8GA1UdIwQY
MBaAFO0woTFxhWCjSrNJOIToWOxDH2rRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1RDaE1YR0ZZS05LczBrNGhPaFk3RU1mYXRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi81YjA3MDItMTZlNy00NjI3LWFlMTkt
NGIzYjFiNjNiNmFiLzEvc0ZxRDhiNi1hZnRuYm1QQVNiSGhURXZ6NjBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi81YjA3MDItMTZlNy00NjI3LWFlMTktNGIzYjFiNjNiNmFi
LzEvN1RDaE1YR0ZZS05LczBrNGhPaFk3RU1mYXRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwrThMA0G
CSqGSIb3DQEBCwUAA4IBAQB8hL2/3Me4ZAEM/sWOEkeYaV98PLpMumr9rlyZ55lz
aMvTHl2KM3M6OsNXXL67RmZEXwiNygH3vsg1uolX75JCikjG6DbFT00YAdBmjW4S
jL/IHoJMZVaBwdGO6pu8nOLMNGaHrsqq9UfgBDtIiZ0HUyN2hSY+T8BArEZsiFOm
U2qNJVAQSFpT1RYHWJ2EUwWG6hb7HZBtQ9jDi0cgLRLgJbWqONauxK3Zx7e+VXJY
cQCJewswUyZB8mBHX0ts8MvoPgNxZob4jy3GbaiNm7NgIxrZl/Pz9O61uUAOmGkF
DSUx7zFzHHXl6D/v7GtcleOD1LiM+q7Kwkg4E7rjqQ8B
-----END CERTIFICATE-----