Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/cec0uXo8e4jo3UxCCfGWNyPyU_I.roa
File:                     cec0uXo8e4jo3UxCCfGWNyPyU_I.roa (raw, json)
Hash identifier:          BeCwKvCHZHcbwPVClNoCQM1LiO/38iK5SBp3PngDSGc=
Subject key identifier:   71:E7:34:B9:7A:3C:7B:88:E8:DD:4C:42:09:F1:96:37:23:F2:53:F2
Certificate issuer:       /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial:       018CC793558648E7CB9C4F07FB7DD55A7E3A
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/cec0uXo8e4jo3UxCCfGWNyPyU_I.roa
Signing time:             Tue 02 Jan 2024 00:29:30 +0000
ROA not before:           Tue 02 Jan 2024 00:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44225
IP address blocks:        195.244.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:55:86:48:e7:cb:9c:4f:07:fb:7d:d5:5a:7e:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
        Validity
            Not Before: Jan  2 00:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71e734b97a3c7b88e8dd4c4209f1963723f253f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:5f:05:30:3b:1e:5a:70:53:a9:67:9f:dd:4f:
                    d0:55:7f:86:b4:a6:63:39:1f:ec:1d:e0:7e:2e:e8:
                    73:29:4f:37:18:5e:db:b6:34:02:19:51:c6:08:b8:
                    e2:ab:21:2e:b0:c6:47:8d:70:c8:64:fa:83:17:66:
                    c5:32:60:87:c3:46:8e:5b:75:d4:68:a3:86:8f:cd:
                    b8:84:09:6a:a3:13:b4:8f:d7:1d:b8:16:f7:5d:0b:
                    7c:bf:28:53:98:c7:f3:fd:b5:0b:fd:de:c6:6c:50:
                    9b:74:33:a9:f0:87:2f:31:4f:ad:17:41:d9:c8:01:
                    b5:63:5d:ea:56:93:7e:09:bd:34:5d:14:43:d5:5d:
                    09:f4:a3:6f:2e:89:b9:4f:41:00:08:46:ba:50:bd:
                    9a:9c:c4:9c:7e:d0:87:2c:fd:2e:33:6d:a2:30:68:
                    2e:2b:c0:14:8c:ae:37:38:37:5e:8f:50:4b:5e:0e:
                    ac:b3:c9:24:0f:7b:33:a4:50:6c:0d:d8:e3:a0:e3:
                    5e:de:a5:28:47:bc:78:41:a4:9f:58:e6:e9:fa:b9:
                    8d:a7:8e:ff:03:0b:4e:61:d8:14:c1:b1:47:c1:53:
                    ce:9f:2f:23:de:a7:f1:4d:f9:b6:a9:ab:4a:72:b6:
                    02:2b:d9:47:5a:40:f3:20:65:ff:a4:20:19:67:ff:
                    40:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:E7:34:B9:7A:3C:7B:88:E8:DD:4C:42:09:F1:96:37:23:F2:53:F2
            X509v3 Authority Key Identifier:
                keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/cec0uXo8e4jo3UxCCfGWNyPyU_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.244.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:80:e1:e1:19:ed:60:7f:10:a7:0e:b1:11:a9:91:f8:a0:a2:
         6d:44:6c:91:57:a8:d0:81:8b:f9:89:3f:56:df:7d:ab:42:fb:
         7d:00:1e:ec:6a:fc:03:ba:e6:6e:67:4a:5d:c4:b9:bd:3c:3c:
         f8:20:ee:5a:e9:32:f8:fb:f0:e2:cc:63:4f:06:3b:4d:81:a8:
         74:bd:24:c2:02:d2:e1:c4:b2:84:59:db:5c:14:12:b8:56:10:
         3d:e0:0a:fc:95:a9:83:e8:55:01:d8:f8:a3:10:a0:35:39:1d:
         bc:e4:1f:cb:34:da:b0:d9:92:f9:3b:53:00:4b:8c:07:6c:f4:
         03:93:dd:05:06:90:94:91:a6:5b:78:f7:e0:eb:ac:f1:c6:3f:
         19:2e:3b:a4:70:eb:e4:6e:5a:a4:4b:e4:73:47:2f:bf:b0:2e:
         dc:44:aa:6b:f7:21:37:16:88:13:f5:8c:f6:cb:b2:13:09:c5:
         f9:42:58:77:79:5c:f0:f0:9e:1e:b5:91:e3:7a:35:3e:f7:7f:
         34:0c:00:fa:03:10:94:ae:c9:0e:36:4b:13:25:58:24:3c:d7:
         c1:a8:07:ea:d4:22:9c:cf:7e:b6:44:29:2b:ca:e8:ad:87:cb:
         a4:28:11:e5:13:8f:df:97:1d:95:c8:3a:f1:14:63:f3:77:2d:
         4c:f8:8c:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk1WGSOfLnE8H+33VWn46MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NDcwMTc1NjRjNzExYmNiZDU3NjgwYTBkZmQwMGYyYTVk
MDk5ZGIwHhcNMjQwMTAyMDAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWU3MzRiOTdhM2M3Yjg4ZThkZDRjNDIwOWYxOTYzNzIzZjI1M2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg18FMDseWnBTqWef3U/QVX+GtKZj
OR/sHeB+LuhzKU83GF7btjQCGVHGCLjiqyEusMZHjXDIZPqDF2bFMmCHw0aOW3XU
aKOGj824hAlqoxO0j9cduBb3XQt8vyhTmMfz/bUL/d7GbFCbdDOp8IcvMU+tF0HZ
yAG1Y13qVpN+Cb00XRRD1V0J9KNvLom5T0EACEa6UL2anMScftCHLP0uM22iMGgu
K8AUjK43ODdej1BLXg6ss8kkD3szpFBsDdjjoONe3qUoR7x4QaSfWObp+rmNp47/
AwtOYdgUwbFHwVPOny8j3qfxTfm2qatKcrYCK9lHWkDzIGX/pCAZZ/9AJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHHnNLl6PHuI6N1MQgnxljcj8lPyMB8GA1UdIwQY
MBaAFNdHAXVkxxG8vVdoCg39APKl0JnbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjIt
NGYwZThjZTExYTdkLzEvY2VjMHVYbzhlNGpvM1V4Q0NmR1dOeVB5VV9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjItNGYwZThjZTExYTdk
LzEvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/R5MA0G
CSqGSIb3DQEBCwUAA4IBAQC3gOHhGe1gfxCnDrERqZH4oKJtRGyRV6jQgYv5iT9W
332rQvt9AB7savwDuuZuZ0pdxLm9PDz4IO5a6TL4+/DizGNPBjtNgah0vSTCAtLh
xLKEWdtcFBK4VhA94Ar8lamD6FUB2PijEKA1OR285B/LNNqw2ZL5O1MAS4wHbPQD
k90FBpCUkaZbePfg66zxxj8ZLjukcOvkblqkS+RzRy+/sC7cRKpr9yE3FogT9Yz2
y7ITCcX5Qlh3eVzw8J4etZHjejU+9380DAD6AxCUrskONksTJVgkPNfBqAfq1CKc
z362RCkryuith8ukKBHlE4/flx2VyDrxFGPzdy1M+Iz6
-----END CERTIFICATE-----